Context Navigation

source: trunk/include/sh_unix.h@ 19

Last change on this file since 19 was 19, checked in by rainer, 19 years ago
Rewrite of test suite, checksum for growing logs, fix for minor bug with dead client detection.
File size: 8.7 KB

Line
1	/* SAMHAIN file system integrity testing */
2	/* Copyright (C) 1999 Rainer Wichmann */
3	/* */
4	/* This program is free software; you can redistribute it */
5	/* and/or modify */
6	/* it under the terms of the GNU General Public License as */
7	/* published by */
8	/* the Free Software Foundation; either version 2 of the License, or */
9	/* (at your option) any later version. */
10	/* */
11	/* This program is distributed in the hope that it will be useful, */
12	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14	/* GNU General Public License for more details. */
15	/* */
16	/* You should have received a copy of the GNU General Public License */
17	/* along with this program; if not, write to the Free Software */
18	/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20
21
22	#ifndef SH_UNIX_H
23	#define SH_UNIX_H
24
25	#include <limits.h>
26	#include <unistd.h>
27	#include "samhain.h"
28	#include "sh_error.h"
29
30
31	typedef enum {
32	SH_ISLOG,
33	SH_ISFILE,
34	SH_ISDIR,
35	SH_ISDATA
36	} ShOpenType;
37
38	typedef enum {
39	SH_DATA_RAW,
40	SH_DATA_LINE
41	} ShDataType;
42
43	typedef enum {
44	SH_FILE_REGULAR,
45	SH_FILE_SYMLINK,
46	SH_FILE_DIRECTORY,
47	SH_FILE_CDEV,
48	SH_FILE_BDEV,
49	SH_FILE_FIFO,
50	SH_FILE_SOCKET,
51	SH_FILE_UNKNOWN
52	} ShFileType;
53
54	/* -- Attributes to check. --
55	*/
56
57	/* checksum */
58	#define MODI_CHK (1 << 0)
59	/* link */
60	#define MODI_LNK (1 << 1)
61	/* inode */
62	#define MODI_INO (1 << 2)
63	/* user */
64	#define MODI_USR (1 << 3)
65	/* group */
66	#define MODI_GRP (1 << 4)
67	/* mtime */
68	#define MODI_MTM (1 << 5)
69	/* ctime */
70	#define MODI_CTM (1 << 6)
71	/* atime */
72	#define MODI_ATM (1 << 7)
73	/* size */
74	#define MODI_SIZ (1 << 8)
75	/* file mode */
76	#define MODI_MOD (1 << 9)
77	/* hardlinks */
78	#define MODI_HLN (1 << 10)
79	/* device num */
80	#define MODI_RDEV (1 << 11)
81	/* size may grow */
82	#define MODI_SGROW (1 << 12)
83	/* use prelink */
84	#define MODI_PREL (1 << 13)
85
86	#define MASK_ALLIGNORE_ 0
87	extern unsigned long mask_ALLIGNORE;
88	#define MASK_ATTRIBUTES_ (MODI_MOD\|MODI_USR\|MODI_GRP\|MODI_RDEV)
89	extern unsigned long mask_ATTRIBUTES;
90	#define MASK_LOGFILES_ (MASK_ATTRIBUTES_\|MODI_HLN\|MODI_LNK\|MODI_INO)
91	extern unsigned long mask_LOGFILES;
92	#define MASK_LOGGROW_ (MASK_LOGFILES_\|MODI_SIZ\|MODI_SGROW\|MODI_CHK)
93	extern unsigned long mask_LOGGROW;
94	#define MASK_READONLY_ (MASK_LOGFILES_\|MODI_CHK\|MODI_SIZ\|MODI_MTM\|MODI_CTM)
95	extern unsigned long mask_READONLY;
96	#define MASK_NOIGNORE_ (MASK_LOGFILES_\|MODI_CHK\|MODI_SIZ\|MODI_ATM\|MODI_MTM)
97	extern unsigned long mask_NOIGNORE;
98	#define MASK_USER_ (MASK_READONLY_\|MODI_ATM)
99	extern unsigned long mask_USER0;
100	extern unsigned long mask_USER1;
101	/* like READONLY, but without MTM,CTM,SIZ,INO, abd with PREL)
102	*/
103	#define MASK_PRELINK_ (MASK_ATTRIBUTES_\|MODI_HLN\|MODI_LNK\|MODI_CHK\|MODI_PREL)
104	extern unsigned long mask_PRELINK;
105
106	typedef struct file_struct {
107	unsigned long check_mask;
108	int reported;
109	char fullpath[PATH_MAX];
110	ShFileType type;
111	dev_t dev;
112	ino_t ino;
113	mode_t mode;
114	nlink_t hardlinks;
115	#if defined(__linux__) \|\| defined(HAVE_STAT_FLAGS)
116	unsigned long attributes;
117	char c_attributes[16];
118	#endif
119	char c_mode[11];
120	uid_t owner;
121	char c_owner[USER_MAX+2];
122	gid_t group;
123	char c_group[GROUP_MAX+2];
124	dev_t rdev;
125	off_t size;
126	unsigned long blksize;
127	unsigned long blocks;
128	time_t atime;
129	time_t mtime;
130	time_t ctime;
131
132	char linkpath[PATH_MAX];
133	mode_t linkmode;
134	char link_c_mode[11];
135	int linkisok;
136	} file_type;
137
138	/* mlock utilities
139	*/
140	int sh_unix_mlock(char * file, int line, void * addr, size_t len);
141	int sh_unix_munlock(void * addr, size_t len);
142	int sh_unix_count_mlock();
143
144	/* chroot directory
145	*/
146	int sh_unix_set_chroot(char * str);
147
148	/* whether to use localtime for file timesatams in logs
149	*/
150	int sh_unix_uselocaltime (char * c);
151
152	/* set I/O limit
153	*/
154	int sh_unix_set_io_limit (char * c);
155	void sh_unix_io_pause ();
156
157	/* get file type
158	*/
159	int sh_unix_get_ftype(char * fullpath);
160
161	/* reset masks for policies
162	*/
163	int sh_unix_maskreset();
164
165	/* return true if database is remote
166	*/
167	int file_is_remote ();
168
169	/* return the path to the configuration/database file
170	*/
171	char * file_path(char what, char flag);
172
173	/* return current time as unsigned long
174	*/
175	unsigned long sh_unix_longtime (void);
176
177	/* close all files >= fd, except possibly one
178	*/
179	void sh_unix_closeall (int fd, int except);
180
181
182	/* write lock for filename
183	*/
184	int sh_unix_write_lock_file(char * filename);
185
186	/* rm lock(s) for log file(s)
187	*/
188	int sh_unix_rm_lock_file(char * filename);
189
190	/* write the PID file
191	*/
192	int sh_unix_write_pid_file();
193
194	/* rm the PID file
195	*/
196	int sh_unix_rm_pid_file();
197
198
199	/* checksum of own binary
200	*/
201	int sh_unix_self_hash (char * c);
202
203	/* return BAD on failure
204	*/
205	int sh_unix_self_check (void);
206
207	/* add a trusted user to the list
208	*/
209	int tf_add_trusted_user(char *);
210
211	/* check a file
212	*/
213	int tf_trust_check (char * file, int mode);
214
215	/* initialize group vector
216	*/
217	#ifdef HOST_IS_OSF
218	int sh_unix_initgroups ( char * in_user, gid_t in_gid);
219	#else
220	int sh_unix_initgroups (const char * in_user, gid_t in_gid);
221	#endif
222	int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid);
223
224	/* set the timeserver address
225	*/
226	int sh_unix_settimeserver (char * address);
227	void reset_count_dev_time(void);
228
229	/* lock the key
230	*/
231	void sh_unix_memlock(void);
232
233	/* deamon mode
234	*/
235	int sh_unix_setdeamon (char * dummy);
236	int sh_unix_setnodeamon(char * dummy);
237
238	/* Test whether file exists
239	*/
240	int sh_unix_file_stat(char * path);
241
242	/* test whether file exists with proper attributes
243	*/
244	int sh_unix_file_exists(int fd);
245
246	/* local host
247	*/
248	void sh_unix_localhost(void);
249
250	/* check whether /proc exists and is a proc filesystem
251	*/
252	int sh_unix_test_proc(void);
253
254	/* check whether a directory is secure
255	* (no symlink in path, not world-writeable)
256	*/
257	/* int sh_unix_is_secure_dir (ShErrLevel level, char * tmp); */
258
259	/* obtain file info
260	*/
261	int sh_unix_getinfo (int level, char * filename, file_type * theFile,
262	char * fileHash, int flagrel);
263
264	/* read file, return length read
265	*/
266	int sh_unix_getline (SL_TICKET fd, char * line, int sizeofline);
267
268	/* call with goDaemon == 1 to make daemon process
269	*/
270	int sh_unix_init(int goDaemon);
271
272	/* for local time use thetime = 0
273	*/
274	/@owned@/ char * sh_unix_time (time_t thetime);
275
276	/* convert to GMT time
277	*/
278	char * sh_unix_gmttime (time_t thetime);
279
280	/* effective user info
281	*/
282	int sh_unix_getUser (void);
283
284	/* get home directory
285	*/
286	char * sh_unix_getUIDdir (int level, uid_t uid);
287
288
289	#ifdef HAVE_GETTIMEOFDAY
290	unsigned long sh_unix_notime (void);
291	#endif
292
293	/* check whether a directory
294	*/
295	int sh_unix_isdir (char * dirName, int level);
296
297	#ifdef SH_STEALTH
298	int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len);
299	void sh_unix_xor_code (char * str, int len);
300	#endif
301
302	#if defined(SCREW_IT_UP)
303	/* for raise()
304	*/
305	#include <signal.h>
306	#include <errno.h>
307
308	void sh_sigtrap_handler (int signum);
309	extern volatile int sh_not_traced;
310
311	#ifdef HAVE_GETTIMEOFDAY
312	#if TIME_WITH_SYS_TIME
313	#include <sys/time.h>
314	#include <time.h>
315	#else
316	#if HAVE_SYS_TIME_H
317	#include <sys/time.h>
318	#else
319	#include <time.h>
320	#endif
321	#endif
322	extern struct timeval save_tv;
323	#endif
324
325	static inline
326	int sh_sigtrap_prepare()
327	{
328	struct sigaction act_trap;
329	int val_retry;
330	act_trap.sa_handler = &sh_sigtrap_handler; /* signal action */
331	act_trap.sa_flags = 0; /* init sa_flags */
332	sigemptyset ( &act_trap.sa_mask ); /* set an empty mask */
333	do {
334	val_retry = sigaction(SIGTRAP, &act_trap, NULL);
335	} while (val_retry < 0 && errno == EINTR);
336	return 0;
337	}
338
339	/@unused@/ static inline
340	int sh_derr(void)
341	{
342	sh_not_traced = 0;
343
344	#ifdef HAVE_GETTIMEOFDAY
345	gettimeofday(&save_tv, NULL);
346	#endif
347
348	#if defined(__linux__) && defined(__GNUC__) && defined(__i386__)
349	__asm__ __volatile__ ("int $0x03");
350	#else
351	raise(SIGTRAP);
352	#endif
353
354	if (sh_not_traced == 0)
355	_exit(5);
356	sh_not_traced = 0;
357	return (0);
358	}
359
360	#else
361
362	/@unused@/ static inline
363	int sh_derr(void)
364	{
365	return 0;
366	}
367	/* #if defined(SCREW_IT_UP) */
368	#endif
369
370	#endif
371
372

Note: See TracBrowser for help on using the repository browser.

Download in other formats: