source: trunk/src/sh_prelude.c@ 296

Last change on this file since 296 was 290, checked in by katerina, 15 years ago

Fixes for tickets #215, #216, #217, #218, version bumped to 2.7.2
File size: 43.4 KB
Line 
1/*
2 *
3 * Copyright (C) 2005 Yoann Vandoorselaere, Prelude IDS Technologies
4 * Rainer Wichmann
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2, or (at your option)
9 * any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; see the file COPYING. If not, write to
18 * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
19 *
20 */
21
22/*
23 * 28/04/2005 : R.W.:
24 * move libprelude 0.8 code to seperate file
25 *
26 * 23/04/2005 : R.W.:
27 * include libprelude 0.9 code from Yoann Vandoorselaere
28 */
29
30
31/*
32 * for strptime()
33 */
34#define _GNU_SOURCE 1
35
36#include "config_xor.h"
37
38#include <stdio.h>
39#include <string.h>
40#include <sys/types.h>
41
42#if TIME_WITH_SYS_TIME
43
44# include <sys/time.h>
45# include <time.h>
46
47#else
48
49# if HAVE_SYS_TIME_H
50# include <sys/time.h>
51# else
52# include <time.h>
53# endif
54
55#endif
56
57#include <unistd.h>
58#include <syslog.h>
59#include <pwd.h>
60
61int sh_argc_store;
62char ** sh_argv_store;
63
64#if defined(HAVE_LIBPRELUDE)
65
66
67/*
68 * _() macros are samhain specific; they are used to replace string
69 * constants at runtime. This is part of the samhain stealth mode
70 * (fill string constants with encoded strings, decode at runtime).
71 */
72#define FIL__ _("sh_prelude.c")
73
74
75#include <libprelude/idmef.h>
76#include <libprelude/prelude.h>
77
78/*
79 * includes for samhain-specific functions (sl_strstr, sh_error_handle)
80 */
81#include "samhain.h"
82#include "sh_cat.h"
83#include "sh_error_min.h"
84#include "sh_prelude.h"
85#define SH_NEED_PWD_GRP 1
86#include "sh_static.h"
87char * sh_util_strdup (const char * str) SH_GNUC_MALLOC;
88/*
89 * When SH_USE_XML is set, value are formated using name="value".
90 * Otherwise, value is formatted using the format name=<value>.
91 */
92#ifdef SH_USE_XML
93# define VALUE_DELIM_START '"'
94# define VALUE_DELIM_END '"'
95#else
96# define VALUE_DELIM_START '<'
97# define VALUE_DELIM_END '>'
98#endif
99
100#define IDMEF_ANALYZER_MODEL _("Samhain")
101#define IDMEF_ANALYZER_CLASS _("Integrity Checker")
102#define IDMEF_ANALYZER_VERSION VERSION
103#define IDMEF_ANALYZER_MANUFACTURER _("http://www.la-samhna.de/samhain/")
104
105
106
107/*
108 * 0 = not initialized; -1 = failed; 1 = initialized
109 */
110static int initialized = 0;
111static int ready_for_init = 0;
112
113static char *profile = NULL;
114static prelude_client_t *client = NULL;
115
116static int severity_map[1 + (unsigned int) IDMEF_IMPACT_SEVERITY_HIGH] = {
117 /* 0: unused (?) */ 0,
118 /* 1: INFO */ 0,
119 /* 2: LOW */ SH_ERR_ALL|SH_ERR_INFO,
120 /* 3: MEDIUM */ SH_ERR_NOTICE|SH_ERR_WARN|SH_ERR_STAMP|SH_ERR_ERR,
121 /* 4: HIGH */ SH_ERR_SEVERE|SH_ERR_FATAL
122};
123
124/* returns 0/tiger, 1/sha1, or 2/md5
125 */
126extern int sh_tiger_get_hashtype(void);
127
128static void clear_and_set (int setpos, int flag)
129{
130 unsigned int i;
131 /* clear everywhere, and set at correct position */
132 for (i = 1; i < (1 + (unsigned int) IDMEF_IMPACT_SEVERITY_HIGH); ++i)
133 severity_map[i] &= ~flag;
134 severity_map[setpos] |= flag;
135 return;
136}
137
138static int set_prelude_severity_int (const char * str, int prelude_sev)
139{
140 char * p;
141 char * dup = strdup (str);
142#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
143 char * saveptr;
144#endif
145
146 if (!dup)
147 return -1;
148
149#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
150 p = strtok_r (dup, ", \t", &saveptr);
151#else
152 p = strtok (dup, ", \t");
153#endif
154 if (p) {
155 do {
156 if (0 == strcmp (p, _("alert")))
157 clear_and_set (prelude_sev, SH_ERR_FATAL);
158 else if (0 == strcmp (p, _("crit")))
159 clear_and_set (prelude_sev, SH_ERR_SEVERE);
160 else if (0 == strcmp (p, _("err")))
161 clear_and_set (prelude_sev, SH_ERR_ERR);
162 else if (0 == strcmp (p, _("mark")))
163 clear_and_set (prelude_sev, SH_ERR_STAMP);
164 else if (0 == strcmp (p, _("warn")))
165 clear_and_set (prelude_sev, SH_ERR_WARN);
166 else if (0 == strcmp (p, _("notice")))
167 clear_and_set (prelude_sev, SH_ERR_NOTICE);
168 else if (0 == strcmp (p, _("debug")))
169 clear_and_set (prelude_sev, SH_ERR_ALL);
170 else if (0 == strcmp (p, _("info")))
171 clear_and_set (prelude_sev, SH_ERR_INFO);
172 else {
173 free (dup);
174 return -1;
175 }
176#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
177 p = strtok_r (NULL, ", \t", &saveptr);
178#else
179 p = strtok (NULL, ", \t");
180#endif
181 } while (p);
182 }
183 free(dup);
184 return 0;
185}
186
187int sh_prelude_map_info (const char * str)
188{
189 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_INFO));
190}
191int sh_prelude_map_low (const char * str)
192{
193 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_LOW));
194}
195int sh_prelude_map_medium (const char * str)
196{
197 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_MEDIUM));
198}
199int sh_prelude_map_high (const char * str)
200{
201 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_HIGH));
202}
203
204static idmef_impact_severity_t map_severity (int sam_sev)
205{
206 int i;
207 int max = 1 + (unsigned int) IDMEF_IMPACT_SEVERITY_HIGH;
208 idmef_impact_severity_t retval = IDMEF_IMPACT_SEVERITY_MEDIUM;
209
210 for (i = 0; i < max; ++i) {
211 if (severity_map[i] & sam_sev) {
212 retval = (idmef_impact_severity_t) i;
213 }
214 }
215 return retval;
216}
217
218static char *do_get_value(char *ptr, char delim_start, char delim_end)
219{
220 char *ret = NULL;
221#if defined(SH_WITH_SERVER)
222 int delim_start_count = 0;
223 int found = 0;
224#endif
225
226 ptr = strchr(ptr, delim_start);
227 if ( ! ptr )
228 return NULL;
229
230 ret = ++ptr;
231#if defined(SH_WITH_SERVER)
232 while ((*ptr != '\0') && (!found)){
233 if (*ptr == delim_end) {
234 if (delim_start_count == 0)
235 found = 1;
236 delim_start_count--;
237 }
238 else if (*ptr == delim_start)
239 delim_start_count++;
240 ptr++;
241 }
242 ptr = (found) ? ptr-1 : NULL ;
243#else
244 ptr = strchr(ptr, delim_end);
245#endif
246 if ( ! ptr )
247 return NULL;
248
249 *ptr = '\0';
250 ret = strdup(ret);
251 *ptr = delim_end;
252
253 return ret;
254}
255
256
257
258static char *get_value(char *msg, const char *toktmp, const char *toksuffix)
259{
260 char *ptr, tok[128];
261
262 snprintf(tok, sizeof(tok), "%s%s=", toktmp, (toksuffix) ? toksuffix : "");
263
264 ptr = strstr(msg, tok);
265 if ( ! ptr )
266 return NULL;
267
268 return do_get_value(ptr, VALUE_DELIM_START, VALUE_DELIM_END);
269}
270
271
272
273static char *get_time_value(char *msg, const char *toktmp, const char *toksuffix)
274{
275
276 char *ret, *ptr, tok[128];
277
278 snprintf(tok, sizeof(tok), "%s%s=", toktmp, (toksuffix) ? toksuffix : "");
279
280 ptr = strstr(msg, tok);
281 if ( ! ptr )
282 return NULL;
283
284#ifndef SH_USE_XML
285 ret = do_get_value(ptr, '[', ']');
286#else
287 ret = do_get_value(ptr, VALUE_DELIM_START, VALUE_DELIM_END);
288#endif
289
290 return ret;
291}
292
293
294
295
296#if 0
297void debug_print_message(idmef_message_t *msg)
298{
299 int ret;
300 prelude_io_t *fd;
301
302 ret = prelude_io_new(&fd);
303 if ( ret < 0 )
304 return;
305
306 prelude_io_set_file_io(fd, stderr);
307 idmef_message_print(idmef, fd);
308
309 prelude_io_destroy(fd);
310}
311#endif
312
313
314
315static int idmef_time_from_samhain(idmef_time_t **time, const char *str)
316{
317 int ret;
318 char *ptr;
319 time_t utc;
320 struct tm lt;
321
322 /*
323 * Samhain stamp are encoded in UTC.
324 */
325 ptr = strptime(str, _("%Y-%m-%dT%H:%M:%S"), &lt);
326 if ( ! ptr ) {
327 sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
328 _("could not format Samhain time"), _("idmef_time_from_samhain"));
329 return -1;
330 }
331
332 utc = prelude_timegm(&lt);
333
334 ret = idmef_time_new_from_time(time, &utc);
335 if ( ret < 0 )
336 return ret;
337
338 return 0;
339}
340
341/* flawfinder: ignore *//* is part of name, not access() */
342static void get_access_info(idmef_file_access_t *access, char * mode, int pos, int mpos)
343{
344 int got = 0;
345 int ret;
346 prelude_string_t *str;
347
348 do {
349 if ( mode[pos] == 'r' ) {
350 /* flawfinder: ignore *//* is part of name, not access() */
351 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND);
352 if ( ret < 0 )
353 return;
354 prelude_string_set_dup(str, _("read"));
355 ++got;
356 }
357 else if ( mode[pos] == 'w' ) {
358 /* flawfinder: ignore *//* is part of name, not access() */
359 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND);
360 if ( ret < 0 )
361 return;
362 prelude_string_set_dup(str, _("write"));
363 ++got;
364 }
365 else if ( mode[pos] == 'x' || mode[pos] == 's' || mode[pos] == 't') {
366 /* flawfinder: ignore *//* is part of name, not access() */
367 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND);
368 if ( ret < 0 )
369 return;
370
371 if ( mode[pos] == 'x' && mode[0] == 'd' )
372 prelude_string_set_dup(str, _("search"));
373
374 else if ( mode[pos] == 'x' || mode[pos] == 't' )
375 prelude_string_set_dup(str, _("execute"));
376
377 else /* 's' */
378 prelude_string_set_dup(str, _("executeAs"));
379 ++got;
380 }
381 ++pos;
382 } while (pos <= mpos);
383
384 if ( got == 0 ) {
385 /* flawfinder: ignore *//* is part of name, not access() */
386 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND);
387 if ( ret < 0 )
388 return;
389 prelude_string_set_dup(str, _("noAccess"));
390 }
391 return;
392}
393
394
395static void get_file_infos(idmef_target_t *target, char *msg,
396 idmef_file_category_t category)
397{
398 int ret;
399 int hashtype = 0;
400 char *ptr;
401 idmef_time_t *time;
402 idmef_file_t *file;
403 idmef_inode_t *inode;
404 prelude_string_t *str;
405 idmef_checksum_t *checksum;
406 idmef_file_access_t *access; /* flawfinder: ignore */
407 idmef_user_id_t *userid;
408 const char *suffix = (category == IDMEF_FILE_CATEGORY_CURRENT) ? "_new" : "_old";
409 char *mode = NULL;
410
411 ret = idmef_target_new_file(target, &file, IDMEF_LIST_APPEND);
412 if ( ret < 0 )
413 return;
414 idmef_file_set_category(file, category);
415
416 ptr = get_value(msg, _("path"), NULL);
417 if ( ptr ) {
418 /*
419 * In term of IDMEF, this is the full path,
420 * including the name.
421 */
422 ret = idmef_file_new_path(file, &str);
423 if ( ret < 0 ) {
424 free(ptr);
425 return;
426 }
427 prelude_string_set_nodup(str, ptr);
428
429 ptr = strrchr(ptr, '/');
430 if ( ptr ) {
431 ret = idmef_file_new_name(file, &str);
432 if ( ret == 0 ) {
433 prelude_string_set_dup(str, ptr + 1);
434 }
435 }
436 }
437
438 ptr = get_value(msg, _("size"), suffix);
439 if ( ptr ) {
440 idmef_file_set_data_size(file, strtoul(ptr, NULL, 10));
441 free(ptr);
442 }
443
444 ptr = get_time_value(msg, _("mtime"), suffix);
445 if ( ptr ) {
446 ret = idmef_time_from_samhain(&time, ptr);
447 if ( ret == 0 ) {
448 idmef_file_set_modify_time(file, time);
449 }
450 free(ptr);
451 }
452
453 ptr = get_time_value(msg, _("ctime"), suffix);
454 if ( ptr ) {
455 ret = idmef_time_from_samhain(&time, ptr);
456 if ( ret == 0 ) {
457 idmef_file_set_create_time(file, time);
458 }
459 free(ptr);
460 }
461
462 ptr = get_value(msg, _("inode"), suffix);
463 if ( ptr ) {
464 ret = idmef_file_new_inode(file, &inode);
465 if ( ret == 0 ) {
466 char * dev = get_value(msg, _("dev"), suffix);
467 if (dev) {
468 char * q = strchr(dev, ',');
469 if (*q) {
470 *q = '\0'; ++q;
471 idmef_inode_set_major_device(inode, strtoul(dev, NULL, 0));
472 idmef_inode_set_minor_device(inode, strtoul( q, NULL, 0));
473 }
474 free(dev);
475 }
476 idmef_inode_set_number(inode, strtoul(ptr, NULL, 10));
477 }
478 free(ptr);
479 }
480
481 ptr = get_value(msg, _("chksum"), suffix);
482 if ( ptr ) {
483 ret = idmef_file_new_checksum(file, &checksum, IDMEF_LIST_APPEND);
484 if ( ret < 0 ) {
485 free(ptr);
486 goto get_mode;
487 }
488
489 hashtype = sh_tiger_get_hashtype();
490
491 if (hashtype == 0)
492 idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_TIGER);
493
494 else if (hashtype == 1)
495 idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_SHA1);
496
497 else if (hashtype == 2)
498 idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_MD5);
499
500 else
501 idmef_checksum_set_algorithm(checksum, IDMEF_CHECKSUM_ALGORITHM_TIGER);
502
503
504 ret = idmef_checksum_new_value(checksum, &str);
505 if ( ret < 0 ) {
506 free(ptr);
507 goto get_mode;
508 }
509
510 /* will be freed on destroy()
511 */
512 prelude_string_set_nodup(str, ptr);
513 }
514
515 get_mode:
516
517 mode = get_value(msg, _("mode"), suffix);
518 if ( mode ) {
519 /* flawfinder: ignore *//* is part of name, not access() */
520 ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND);
521 if ( ret < 0 )
522 goto get_owner;
523
524 /* flawfinder: ignore *//* is part of name, not access() */
525 ret = idmef_file_access_new_user_id(access, &userid);
526 if ( ret < 0 )
527 goto get_owner;
528 idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_OTHER_PRIVS);
529
530 /* flawfinder: ignore *//* is part of name, not access() */
531 get_access_info ( access, mode, 7, 9 );
532 }
533
534 get_owner:
535
536 ptr = get_value(msg, _("owner"), suffix);
537 if ( ptr ) {
538 char * uid;
539
540 /* flawfinder: ignore *//* is part of name, not access() */
541 ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND);
542 if ( ret < 0 ) {
543 free(ptr);
544 goto get_group;
545 }
546
547 /* flawfinder: ignore *//* is part of name, not access() */
548 ret = idmef_file_access_new_user_id(access, &userid);
549 if ( ret < 0 ) {
550 free(ptr);
551 goto get_group;
552 }
553 idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_USER_PRIVS);
554
555 ret = idmef_user_id_new_name(userid, &str);
556 if ( ret < 0 ) {
557 free(ptr);
558 goto get_group;
559 }
560 prelude_string_set_nodup(str, ptr);
561
562 uid = get_value(msg, _("iowner"), suffix);
563 if ( ! uid )
564 goto get_group;
565
566 idmef_user_id_set_number(userid, strtoul(uid, NULL, 0));
567
568 if ( mode ) {
569 /* flawfinder: ignore *//* is part of name, not access() */
570 get_access_info ( access, mode, 1, 3 );
571 }
572
573 free(uid);
574 /* Don't free(ptr) because of prelude_string_set_nodup(str, ptr) */
575 }
576
577 get_group:
578
579 ptr = get_value(msg, _("group"), suffix);
580 if ( ptr ) {
581 char *gid;
582
583 /* flawfinder: ignore *//* is part of name, not access() */
584 ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND);
585 if ( ret < 0 ) {
586 free(ptr);
587 goto mode_free;
588 }
589
590 ret = idmef_file_access_new_user_id(access, &userid);/* flawfinder: ignore *//* is part of name, not access() */
591 if ( ret < 0 ) {
592 free(ptr);
593 goto mode_free;
594 }
595
596 idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_GROUP_PRIVS);
597
598 ret = idmef_user_id_new_name(userid, &str);
599 if ( ret < 0 ) {
600 free(ptr);
601 goto mode_free;
602 }
603
604 prelude_string_set_nodup(str, ptr);
605
606 gid = get_value(msg, _("igroup"), suffix);
607 if ( ! gid )
608 goto mode_free;
609
610 idmef_user_id_set_number(userid, strtoul(gid, NULL, 0));
611
612 if ( mode ) {
613 get_access_info ( access, mode, 4, 6 ); /* flawfinder: ignore */
614 }
615
616 free(gid);
617 /* Don't free(ptr) because of prelude_string_set_nodup(str, ptr) */
618 }
619
620 mode_free:
621
622 if ( mode ) {
623 free ( mode );
624 }
625
626 return;
627}
628
629
630
631static int map_policy_to_class(char *msg, unsigned long msgid, idmef_impact_t *impact, prelude_string_t *out)
632{
633 char *ptr;
634 int ret, i;
635 struct tbl {
636 unsigned int msgid;
637 const char *name;
638 idmef_impact_type_t type;
639 } tbl[] = {
640
641#ifdef SH_USE_UTMP
642 { MSG_UT_LG1X, N_("User Login"), IDMEF_IMPACT_TYPE_USER },
643 { MSG_UT_LG1A, N_("User Login"), IDMEF_IMPACT_TYPE_USER },
644 { MSG_UT_LG1B, N_("User Login"), IDMEF_IMPACT_TYPE_USER },
645 { MSG_UT_LG2X, N_("Multiple User Login"), IDMEF_IMPACT_TYPE_USER },
646 { MSG_UT_LG2A, N_("Multiple User Login"), IDMEF_IMPACT_TYPE_USER },
647 { MSG_UT_LG2B, N_("Multiple User Login"), IDMEF_IMPACT_TYPE_USER },
648 { MSG_UT_LG3X, N_("User Logout"), IDMEF_IMPACT_TYPE_USER },
649 { MSG_UT_LG3A, N_("User Logout"), IDMEF_IMPACT_TYPE_USER },
650 { MSG_UT_LG3B, N_("User Logout"), IDMEF_IMPACT_TYPE_USER },
651 { MSG_UT_LG3C, N_("User Logout"), IDMEF_IMPACT_TYPE_USER },
652#endif
653
654#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE)
655 { MSG_FI_MISS, N_("File Missing"), IDMEF_IMPACT_TYPE_FILE },
656 { MSG_FI_MISS2, N_("File Missing"), IDMEF_IMPACT_TYPE_FILE },
657 { MSG_FI_ADD, N_("File Added"), IDMEF_IMPACT_TYPE_FILE },
658 { MSG_FI_ADD2, N_("File Added"), IDMEF_IMPACT_TYPE_FILE },
659 { MSG_FI_CHAN, N_("File Modified"), IDMEF_IMPACT_TYPE_FILE },
660 { MSG_FI_NODIR, N_("File found where directory was expected"), IDMEF_IMPACT_TYPE_FILE },
661#endif
662
663#ifdef SH_USE_KERN
664 { MSG_KERN_POLICY, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER },
665 { MSG_KERN_POL_CO, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER },
666 { MSG_KERN_PROC, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER },
667 { MSG_KERN_GATE, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER },
668 { MSG_KERN_IDT, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER },
669 { MSG_KERN_SYSCALL, N_("Kernel Modified"), IDMEF_IMPACT_TYPE_OTHER },
670#endif
671
672#ifdef SH_USE_PORTCHECK
673 { MSG_PORT_MISS, N_("Service closed"), IDMEF_IMPACT_TYPE_OTHER },
674 { MSG_PORT_NEW, N_("Service opened"), IDMEF_IMPACT_TYPE_OTHER },
675 { MSG_PORT_RESTART, N_("Service restarted"), IDMEF_IMPACT_TYPE_OTHER },
676 { MSG_PORT_NEWPORT, N_("Service restarted"), IDMEF_IMPACT_TYPE_OTHER },
677#endif
678
679#ifdef SH_USE_SUIDCHK
680 { MSG_SUID_POLICY, N_("SUID/SGID File Detected"), IDMEF_IMPACT_TYPE_FILE },
681#endif
682 /*
683 * This must be the last table entry
684 */
685 { 0, NULL, IDMEF_IMPACT_TYPE_OTHER },
686 };
687
688 for ( i = 0; tbl[i].name != NULL; i++ ) {
689 if ( tbl[i].msgid != msgid )
690 continue;
691
692 idmef_impact_set_type(impact, tbl[i].type);
693 return prelude_string_cat(out, _(tbl[i].name));
694 }
695
696 /* some other message
697 */
698 ptr = get_value(msg, _("msg"), NULL);
699 if ( ! ptr ) {
700 sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
701 _("could not format Samhain message"), _("map_policy_to_class"));
702 return -1;
703 }
704
705#if defined(SH_WITH_SERVER)
706 /* when using yule, theres a msg=<... msg=<...> >*/
707 while ( (msg = get_value(ptr, _("msg"), NULL)) ) {
708 free(ptr);
709 ptr = msg;
710 }
711#endif
712
713 ret = prelude_string_cat(out, ptr);
714 free(ptr);
715
716 return ret;
717}
718
719
720#ifdef SH_USE_PORTCHECK
721static int get_service_info(char *msg, idmef_alert_t *alert)
722{
723 int ret;
724 long port;
725 char *ptr, *new, *tmp, *ip, *srv, *protocol, *end;
726 prelude_string_t *str;
727 idmef_address_t *address;
728 idmef_node_t *node;
729 idmef_user_t *user;
730 idmef_process_t *process;
731 idmef_service_t *service;
732 idmef_source_t *source = idmef_alert_get_next_source(alert, NULL);
733 struct passwd *pw;
734#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
735 struct passwd pwd;
736 char * buffer;
737#endif
738
739 new = sh_util_strdup(msg);
740
741 ptr = strstr(new, _("port: "));
742 if ( ! ptr ) {
743 sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
744 _("malformed Samhain port check message"), _("get_service_info"));
745 SH_FREE( new );
746 return -1;
747 }
748
749 ptr += 6; /* skip 'port: ', position on first byte of interface */
750 tmp = strchr(ptr, ':');
751 if ( ! tmp ) {
752 sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
753 _("malformed Samhain port check message (no port)"), _("get_service_info"));
754 SH_FREE( new );
755 return -1;
756 }
757 *tmp = '\0';
758
759 /* Get interface
760 */
761 ip = strdup(ptr);
762 if ( ip ) {
763 if ( ! source ) {
764 ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);
765 if ( ret < 0 ) {
766 free(ip);
767 SH_FREE( new );
768 return ret;
769 }
770 }
771
772 ret = idmef_source_new_node(source, &node);
773 if ( ret < 0 ) {
774 free(ip);
775 SH_FREE( new );
776 return ret;
777 }
778
779 ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND);
780 if ( ret < 0 ) {
781 free(ip);
782 SH_FREE( new );
783 return ret;
784 }
785
786 ret = idmef_address_new_address(address, &str);
787 if ( ret < 0 ) {
788 free(ip);
789 SH_FREE( new );
790 return ret;
791 }
792
793 prelude_string_set_nodup(str, ip);
794 }
795
796 ptr = tmp;
797 ++ptr;
798 tmp = strchr(ptr, '/');
799 if ( ! tmp ) {
800 sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
801 _("malformed Samhain port check message (no protocol)"), _("get_service_info"));
802 SH_FREE( new );
803 return -1;
804 }
805 *tmp = '\0';
806
807 /* Get port number
808 */
809 port = strtol(ptr, &end, 0);
810 if ( *ptr && *end == '\0' && port >= 0 && port < 65536) {
811
812 char * tmpw;
813
814 if ( ! source ) {
815 ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);
816 if ( ret < 0 ) {
817 SH_FREE( new );
818 return ret;
819 }
820 }
821
822 ret = idmef_source_new_service(source, &service);
823 if ( ret < 0 ) {
824 SH_FREE( new );
825 return ret;
826 }
827
828 idmef_service_set_port(service, port);
829
830 ret = idmef_service_new_protocol(service, &str);
831 if ( ret < 0 ) {
832 SH_FREE( new );
833 return ret;
834 }
835
836 ++tmp;
837 if (*tmp) {
838 char * tmpw = tmp;
839 char tmpw_store;
840 while (*tmpw && !isblank((int) *tmpw)) ++tmpw;
841 tmpw_store = *tmpw; *tmpw = '\0';
842 protocol = strdup(tmp);
843 *tmpw = tmpw_store;
844 prelude_string_set_nodup(str, protocol);
845 }
846
847 }
848
849 ptr = tmp;
850 ++ptr;
851 ptr = strchr(ptr, '(');
852 if ( ! ptr ) {
853 sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
854 _("malformed Samhain port check message (no service)"), _("get_service_info"));
855 SH_FREE( new );
856 return -1;
857 }
858 ++ptr;
859 tmp = strchr(ptr, ')');
860 if ( ! tmp ) {
861 sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
862 _("malformed Samhain port check message (service not closed)"), _("get_service_info"));
863 SH_FREE( new );
864 return -1;
865 }
866 *tmp = '\0';
867
868 /* Get service
869 */
870 srv = strdup(ptr);
871 if ( srv ) {
872 if ( ! source ) {
873 ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);
874 if ( ret < 0 ) {
875 free(srv);
876 SH_FREE( new );
877 return ret;
878 }
879 }
880
881 if ( ! service ) {
882 ret = idmef_source_new_service(source, &service);
883 if ( ret < 0 ) {
884 free(srv);
885 SH_FREE( new );
886 return ret;
887 }
888 }
889
890 ret = idmef_service_new_name(service, &str);
891 if ( ret < 0 ) {
892 free(srv);
893 SH_FREE( new );
894 return ret;
895 }
896
897 prelude_string_set_nodup(str, srv);
898 }
899
900 SH_FREE( new );
901
902 ptr = get_value(msg, _("userid"), NULL);
903
904 if ( ptr ) {
905
906 idmef_user_id_t * user_id;
907
908 ret = idmef_source_new_user(source, &user);
909 if ( ret < 0 ) {
910 free(ptr);
911 return ret;
912 }
913
914 idmef_user_set_category(user, IDMEF_USER_CATEGORY_APPLICATION);
915
916 ret = idmef_user_new_user_id(user, &user_id, IDMEF_LIST_APPEND);
917 if ( ret < 0 ) {
918 free(ptr);
919 return ret;
920 }
921
922 idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_CURRENT_USER);
923
924#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
925 buffer = SH_ALLOC(SH_PWBUF_SIZE);
926 sh_getpwnam_r(ptr, &pwd, buffer, SH_PWBUF_SIZE, &pw);
927#else
928 pw = sh_getpwnam(ptr);
929#endif
930 if ( pw )
931 idmef_user_id_set_number(user_id, pw->pw_uid);
932
933 ret = idmef_user_id_new_name(user_id, &str);
934 if ( ret < 0 ) {
935 free(ptr);
936#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
937 SH_FREE(buffer);
938#endif
939 return ret;
940 }
941 prelude_string_set_nodup(str, ptr);
942
943#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
944 SH_FREE(buffer);
945#endif
946 }
947
948
949 ptr = get_value(msg, _("path"), NULL);
950 tmp = get_value(msg, _("pid"), NULL);
951
952 if ( ptr ) {
953
954 /*
955 * In term of IDMEF, this is the full path,
956 * including the name.
957 */
958 ret = idmef_source_new_process(source, &process);
959 if ( ret < 0 ) {
960 free(ptr);
961 return ret;
962 }
963
964 ret = idmef_process_new_path(process, &str);
965 if ( ret < 0 ) {
966 free(ptr);
967 return ret;
968 }
969 prelude_string_set_nodup(str, ptr);
970
971
972 if ( NULL != strrchr(ptr, '/') ) {
973 ret = idmef_process_new_name(process, &str);
974 if ( ret == 0 ) {
975 ptr = strrchr(ptr, '/');
976 prelude_string_set_dup(str, ptr + 1);
977 }
978 } else {
979 ret = idmef_process_new_name(process, &str);
980 if ( ret == 0 ) {
981 prelude_string_set_dup(str, ptr);
982 }
983 }
984
985 idmef_process_set_pid(process, strtoul(tmp, NULL, 0));
986 }
987
988 if (tmp)
989 free(tmp);
990
991 return 0;
992}
993#endif
994
995static int get_login_info(char *msg, idmef_alert_t *alert)
996{
997 int ret;
998 char *ptr, *ip;
999 idmef_user_t *user;
1000 idmef_node_t *node;
1001 struct passwd *pw;
1002#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1003 struct passwd pwd;
1004 char * buffer;
1005#endif
1006 prelude_string_t *str;
1007 idmef_user_id_t *user_id;
1008 idmef_address_t *address;
1009 idmef_target_t *target = idmef_alert_get_next_target(alert, NULL);
1010 idmef_source_t *source = idmef_alert_get_next_source(alert, NULL);
1011
1012 ip = ptr = get_value(msg, _("ip"), NULL);
1013 if ( ptr ) {
1014 if ( ! source ) {
1015 ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);
1016 if ( ret < 0 ) {
1017 free(ptr);
1018 return ret;
1019 }
1020 }
1021
1022 ret = idmef_source_new_node(source, &node);
1023 if ( ret < 0 ) {
1024 free(ptr);
1025 return ret;
1026 }
1027
1028 ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND);
1029 if ( ret < 0 ) {
1030 free(ptr);
1031 return ret;
1032 }
1033
1034 ret = idmef_address_new_address(address, &str);
1035 if ( ret < 0 ) {
1036 free(ptr);
1037 return ret;
1038 }
1039
1040 prelude_string_set_nodup(str, ptr);
1041 }
1042
1043 ptr = get_value(msg, _("host"), NULL);
1044 if ( ptr ) {
1045 if ( ip && strcmp(ptr, ip) == 0 )
1046 free(ptr);
1047 else {
1048 if ( ! source ) {
1049 ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);
1050 if ( ret < 0 ) {
1051 free(ptr);
1052 return ret;
1053 }
1054 }
1055
1056 ret = idmef_source_new_node(source, &node);
1057 if ( ret < 0 ) {
1058 free(ptr);
1059 return ret;
1060 }
1061
1062 ret = idmef_node_new_name(node, &str);
1063 if ( ret < 0 ) {
1064 free(ptr);
1065 return ret;
1066 }
1067
1068 prelude_string_set_nodup(str, ptr);
1069 }
1070 }
1071
1072 ptr = get_value(msg, _("name"), NULL);
1073 if ( ptr ) {
1074 ret = idmef_target_new_user(target, &user);
1075 if ( ret < 0 ) {
1076 free(ptr);
1077 return ret;
1078 }
1079
1080 idmef_user_set_category(user, IDMEF_USER_CATEGORY_OS_DEVICE);
1081
1082 ret = idmef_user_new_user_id(user, &user_id, IDMEF_LIST_APPEND);
1083 if ( ret < 0 ) {
1084 free(ptr);
1085 return ret;
1086 }
1087
1088 idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_TARGET_USER);
1089
1090#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1091 buffer = SH_ALLOC(SH_PWBUF_SIZE);
1092 sh_getpwnam_r(ptr, &pwd, buffer, SH_PWBUF_SIZE, &pw);
1093#else
1094 pw = sh_getpwnam(ptr);
1095#endif
1096 if ( pw )
1097 idmef_user_id_set_number(user_id, pw->pw_uid);
1098
1099 ret = idmef_user_id_new_name(user_id, &str);
1100 if ( ret < 0 ) {
1101 free(ptr);
1102#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1103 SH_FREE(buffer);
1104#endif
1105 return ret;
1106 }
1107 prelude_string_set_nodup(str, ptr);
1108
1109 ptr = get_value(msg, _("tty"), NULL);
1110 if ( ptr ) {
1111 ret = idmef_user_id_new_tty(user_id, &str);
1112 if ( ret < 0 ) {
1113 free(ptr);
1114#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1115 SH_FREE(buffer);
1116#endif
1117 return ret;
1118 }
1119
1120 prelude_string_set_nodup(str, ptr);
1121 }
1122#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1123 SH_FREE(buffer);
1124#endif
1125 }
1126
1127 ptr = get_time_value(msg, _("time"), NULL);
1128 if ( ptr ) {
1129 idmef_time_t *time;
1130
1131 ret = idmef_time_from_samhain(&time, ptr);
1132 free(ptr);
1133
1134 if ( ret < 0 )
1135 return ret;
1136
1137 idmef_alert_set_detect_time(alert, time);
1138 }
1139
1140 return 0;
1141}
1142
1143
1144static int node_set_address(idmef_node_t *node, const char *addr)
1145{
1146 int ret;
1147 prelude_string_t *prelude_str;
1148 idmef_address_t *idmef_addr;
1149
1150 ret = prelude_string_new(&prelude_str);
1151 if ( ret < 0 )
1152 goto err;
1153
1154 ret = prelude_string_set_ref(prelude_str, addr);
1155 if ( ret < 0 )
1156 goto err;
1157
1158 ret = idmef_address_new(&idmef_addr);
1159 if ( ret < 0 )
1160 goto err;
1161
1162 idmef_address_set_category(idmef_addr, IDMEF_ADDRESS_CATEGORY_IPV4_ADDR);
1163 idmef_address_set_address(idmef_addr, prelude_str);
1164 idmef_node_set_address(node, idmef_addr, 0);
1165
1166 return 0;
1167 err:
1168 return -1;
1169}
1170
1171
1172
1173static int samhain_alert_prelude(int priority, int sh_class,
1174 char *message, unsigned long msgid, char * inet_peer_ip)
1175{
1176 int ret;
1177 idmef_time_t *time;
1178 idmef_alert_t *alert;
1179 idmef_message_t *idmef;
1180 idmef_classification_t *classification;
1181 idmef_assessment_t *assessment;
1182 idmef_additional_data_t *data;
1183 idmef_impact_t *impact;
1184 idmef_target_t *target;
1185 idmef_confidence_t *confidence;
1186 prelude_string_t *str;
1187#if defined(SH_WITH_SERVER)
1188 idmef_node_t *node;
1189#endif
1190
1191 if ( !client || sh_class == STAMP)
1192 return 0;
1193
1194 ret = idmef_message_new(&idmef);
1195 if ( ret < 0 )
1196 goto err;
1197
1198 ret = idmef_message_new_alert(idmef, &alert);
1199 if ( ret < 0 )
1200 goto err;
1201
1202 idmef_alert_set_analyzer(alert, idmef_analyzer_ref(prelude_client_get_analyzer(client)), IDMEF_LIST_PREPEND);
1203
1204 ret = idmef_time_new_from_gettimeofday(&time);
1205 if ( ret < 0 )
1206 goto err;
1207 idmef_alert_set_detect_time(alert, time);
1208
1209 ret = idmef_time_new_from_gettimeofday(&time);
1210 if ( ret < 0 )
1211 goto err;
1212 idmef_alert_set_create_time(alert, time);
1213
1214 ret = idmef_alert_new_classification(alert, &classification);
1215 if ( ret < 0 )
1216 goto err;
1217
1218 ret = idmef_alert_new_target(alert, &target, IDMEF_LIST_APPEND);
1219 if ( ret < 0 )
1220 goto err;
1221
1222 idmef_target_set_decoy(target, IDMEF_TARGET_DECOY_NO);
1223
1224#if defined(SH_WITH_SERVER)
1225 if ( inet_peer_ip != NULL){
1226 ret = idmef_target_new_node(target, &node);
1227 if ( ret < 0 )
1228 goto err;
1229
1230 ret = node_set_address(node, inet_peer_ip);
1231 if ( ret < 0 )
1232 goto err;
1233
1234 idmef_target_set_node(target, idmef_node_ref(node));
1235 }
1236 else
1237#endif
1238 if ( idmef_analyzer_get_node(prelude_client_get_analyzer(client)) ) {
1239 idmef_node_ref(idmef_analyzer_get_node(prelude_client_get_analyzer(client)));
1240 idmef_target_set_node(target, idmef_analyzer_get_node(prelude_client_get_analyzer(client)));
1241 }
1242
1243 if ( strstr(message, _("path=")) ) {
1244#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE)
1245 if ( msgid != MSG_FI_ADD && msgid != MSG_FI_ADD2 )
1246 get_file_infos(target, message, IDMEF_FILE_CATEGORY_ORIGINAL);
1247#endif
1248
1249 get_file_infos(target, message, IDMEF_FILE_CATEGORY_CURRENT);
1250 }
1251
1252 ret = idmef_alert_new_assessment(alert, &assessment);
1253 if ( ret < 0 )
1254 goto err;
1255
1256 ret = idmef_assessment_new_impact(assessment, &impact);
1257 if ( ret < 0 )
1258 goto err;
1259
1260 ret = idmef_classification_new_text(classification, &str);
1261 if ( ret < 0 )
1262 goto err;
1263
1264 ret = get_login_info(message, alert);
1265 if ( ret < 0 )
1266 goto err;
1267
1268#ifdef SH_USE_PORTCHECK
1269 if (msgid == MSG_PORT_MISS || msgid == MSG_PORT_NEW || msgid == MSG_PORT_RESTART || msgid == MSG_PORT_NEWPORT) {
1270 ret = get_service_info(message, alert);
1271 if ( ret < 0 )
1272 goto err;
1273 }
1274#endif
1275
1276 map_policy_to_class(message, msgid, impact, str);
1277
1278#if 0
1279 if ( priority == SH_ERR_SEVERE || priority == SH_ERR_FATAL )
1280 idmef_impact_set_severity(impact, IDMEF_IMPACT_SEVERITY_HIGH);
1281
1282 else if ( priority == SH_ERR_ALL || priority == SH_ERR_INFO || priority == SH_ERR_NOTICE )
1283 idmef_impact_set_severity(impact, IDMEF_IMPACT_SEVERITY_LOW);
1284
1285 else
1286 idmef_impact_set_severity(impact, IDMEF_IMPACT_SEVERITY_MEDIUM);
1287#endif
1288 idmef_impact_set_severity(impact, map_severity(priority));
1289
1290 idmef_impact_set_completion(impact, IDMEF_IMPACT_COMPLETION_SUCCEEDED);
1291
1292 ret = idmef_assessment_new_confidence(assessment, &confidence);
1293 if ( ret < 0 )
1294 goto err;
1295
1296 idmef_confidence_set_rating(confidence, IDMEF_CONFIDENCE_RATING_HIGH);
1297
1298 ret = idmef_alert_new_additional_data(alert, &data, IDMEF_LIST_APPEND);
1299 if ( ret < 0 )
1300 goto err;
1301
1302 ret = idmef_additional_data_new_meaning(data, &str);
1303 if ( ret < 0 )
1304 goto err;
1305
1306 prelude_string_set_dup(str, _("Message generated by Samhain"));
1307 idmef_additional_data_set_type(data, IDMEF_ADDITIONAL_DATA_TYPE_STRING);
1308 idmef_additional_data_set_string_ref(data, message);
1309
1310 /* debug_print_message(idmef); */
1311
1312 prelude_client_send_idmef(client, idmef);
1313 idmef_message_destroy(idmef);
1314
1315 return 0;
1316
1317 err:
1318 idmef_message_destroy(idmef);
1319 return -1;
1320}
1321
1322
1323int sh_prelude_alert(int priority, int sh_class, char *message, long msgflags, unsigned long msgid, char *inet_peer_ip)
1324{
1325 int ret;
1326
1327 (void) msgflags; /* fix compiler warning */
1328
1329 if ( initialized < 1 )
1330 return -1;
1331
1332 ret = samhain_alert_prelude(priority, sh_class, message, msgid, inet_peer_ip);
1333 if ( ret < 0 ) {
1334 sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1335 _("Problem with IDMEF for prelude-ids support: alert lost"),
1336 _("sh_prelude_alert"));
1337 }
1338
1339 return ret;
1340}
1341
1342
1343
1344int sh_prelude_set_profile(const char *arg)
1345{
1346 if ( profile ) {
1347 free(profile);
1348 profile = NULL;
1349 }
1350
1351 if ( arg ) {
1352 profile = strdup(arg);
1353 if ( ! profile )
1354 return -1;
1355 }
1356
1357 return 0;
1358}
1359
1360/* Allow initialization of prelude; to be called
1361 * after forking the daemon. Delays heartbeat
1362 * start after config read until it is safe.
1363 */
1364void sh_prelude_reset(void)
1365{
1366 extern void sh_error_init_prelude();
1367
1368 ready_for_init = 1;
1369 sh_error_init_prelude();
1370 return;
1371}
1372
1373
1374
1375void sh_prelude_stop(void)
1376{
1377 if (initialized < 1)
1378 return;
1379
1380 if (sh.flag.isdaemon == S_TRUE)
1381 prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_FAILURE);
1382 else
1383 prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS);
1384
1385 client = NULL;
1386
1387 prelude_deinit();
1388
1389 initialized = 0;
1390 return;
1391}
1392
1393
1394
1395int sh_prelude_init(void)
1396{
1397 int ret;
1398 prelude_string_t *str;
1399 idmef_analyzer_t *analyzer;
1400 prelude_client_flags_t flags;
1401#ifdef SH_NOFAILOVER
1402 prelude_connection_pool_t *pool;
1403 prelude_connection_pool_flags_t conn_flags;
1404#endif
1405
1406 if (ready_for_init == 0)
1407 return initialized;
1408
1409 if (initialized > 0)
1410 return initialized;
1411
1412 prelude_thread_init(NULL);
1413 prelude_init(&sh_argc_store, sh_argv_store);
1414
1415 ret = prelude_client_new(&client, profile ? profile : _("samhain"));
1416 if ( ret < 0 ) {
1417 sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1418 _("Failed to initialize Prelude"), _("sh_prelude_init"));
1419 initialized = -1;
1420 return -1;
1421 }
1422
1423 /*
1424 * Enable automatic heartbeat sending.
1425 */
1426 flags = prelude_client_get_flags(client);
1427 ret = prelude_client_set_flags(client, flags | PRELUDE_CLIENT_FLAGS_ASYNC_TIMER);
1428
1429 analyzer = prelude_client_get_analyzer(client);
1430
1431 ret = idmef_analyzer_new_model(analyzer, &str);
1432 prelude_string_set_dup(str, IDMEF_ANALYZER_MODEL);
1433
1434 ret = idmef_analyzer_new_class(analyzer, &str);
1435 prelude_string_set_dup(str, IDMEF_ANALYZER_CLASS);
1436
1437 ret = idmef_analyzer_new_version(analyzer, &str);
1438 prelude_string_set_dup(str, IDMEF_ANALYZER_VERSION);
1439
1440#ifdef SH_NOFAILOVER
1441 pool = prelude_client_get_connection_pool(client);
1442 conn_flags = prelude_connection_pool_get_flags(pool);
1443
1444 conn_flags &= ~PRELUDE_CONNECTION_POOL_FLAGS_FAILOVER;
1445 prelude_connection_pool_set_flags(pool, conn_flags);
1446#endif
1447
1448 ret = prelude_client_start(client);
1449 if ( ret < 0 ) {
1450 prelude_perror(ret, _("error starting prelude client"));
1451
1452 if ( prelude_client_is_setup_needed(ret) )
1453 prelude_client_print_setup_error(client);
1454
1455 sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN,
1456 _("Failed to start Prelude"), _("sh_prelude_init"));
1457 initialized = -1;
1458 return -1;
1459 }
1460
1461 initialized = 1;
1462 return 1;
1463}
1464
1465/* HAVE_LIBPRELUDE_9 */
1466#endif
1467
Note: See TracBrowser for help on using the repository browser.