[67] | 1 | /* SAMHAIN file system integrity testing */
|
---|
| 2 | /* Copyright (C) 2006 Rainer Wichmann */
|
---|
| 3 | /* */
|
---|
| 4 | /* This program is free software; you can redistribute it */
|
---|
| 5 | /* and/or modify */
|
---|
| 6 | /* it under the terms of the GNU General Public License as */
|
---|
| 7 | /* published by */
|
---|
| 8 | /* the Free Software Foundation; either version 2 of the License, or */
|
---|
| 9 | /* (at your option) any later version. */
|
---|
| 10 | /* */
|
---|
| 11 | /* This program is distributed in the hope that it will be useful, */
|
---|
| 12 | /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
|
---|
| 13 | /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
|
---|
| 14 | /* GNU General Public License for more details. */
|
---|
| 15 | /* */
|
---|
| 16 | /* You should have received a copy of the GNU General Public License */
|
---|
| 17 | /* along with this program; if not, write to the Free Software */
|
---|
| 18 | /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
|
---|
| 19 |
|
---|
| 20 | /***************************************************************************
|
---|
| 21 | *
|
---|
| 22 | * This file provides a module for samhain to check for hidden/faked/missing
|
---|
| 23 | * processes on the host.
|
---|
| 24 | *
|
---|
| 25 | */
|
---|
| 26 |
|
---|
| 27 | #include "config_xor.h"
|
---|
| 28 |
|
---|
| 29 | #define _XOPEN_SOURCE 500
|
---|
| 30 |
|
---|
| 31 | #include <stdio.h>
|
---|
| 32 | #include <stdlib.h>
|
---|
| 33 | #include <ctype.h>
|
---|
| 34 | #include <string.h>
|
---|
| 35 | #include <sys/types.h>
|
---|
| 36 | #include <dirent.h>
|
---|
| 37 | #include <sys/stat.h>
|
---|
| 38 | #include <signal.h>
|
---|
| 39 | #include <unistd.h>
|
---|
| 40 |
|
---|
| 41 | #ifdef _POSIX_PRIORITY_SCHEDULING
|
---|
| 42 | #include <sched.h>
|
---|
| 43 | #endif
|
---|
| 44 |
|
---|
| 45 | #ifdef HAVE_GETPRIORITY
|
---|
| 46 | #include <errno.h>
|
---|
| 47 | #include <sys/resource.h>
|
---|
| 48 | #endif
|
---|
| 49 |
|
---|
| 50 | #ifdef HAVE_REGEX_H
|
---|
| 51 | #include <regex.h>
|
---|
| 52 | #endif
|
---|
| 53 |
|
---|
| 54 | #include "samhain.h"
|
---|
| 55 | #include "sh_modules.h"
|
---|
| 56 | #include "sh_processcheck.h"
|
---|
| 57 | #include "sh_utils.h"
|
---|
| 58 | #include "sh_error.h"
|
---|
| 59 | #include "sh_extern.h"
|
---|
| 60 |
|
---|
| 61 | #ifdef SH_USE_PROCESSCHECK
|
---|
| 62 |
|
---|
| 63 | #define FIL__ _("sh_processcheck.c")
|
---|
| 64 |
|
---|
| 65 | #ifdef __linux__
|
---|
| 66 | #define HAVE_THREADS
|
---|
| 67 | #endif
|
---|
| 68 |
|
---|
| 69 | /* We won't want to build this into yule
|
---|
| 70 | */
|
---|
| 71 | #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
|
---|
| 72 |
|
---|
| 73 | /* sh_prochk_maxpid is one more than the largest pid
|
---|
| 74 | */
|
---|
| 75 | static size_t sh_prochk_minpid = 0x0001;
|
---|
| 76 | static size_t sh_prochk_maxpid = 0x8000;
|
---|
| 77 | static size_t sh_prochk_size = 0;
|
---|
| 78 |
|
---|
| 79 | static int ShProchkActive = S_TRUE;
|
---|
| 80 | static short * sh_prochk_res = NULL;
|
---|
| 81 |
|
---|
| 82 | static char * sh_prochk_pspath = NULL;
|
---|
| 83 | static char * sh_prochk_psarg = NULL;
|
---|
| 84 |
|
---|
| 85 | #define SH_PROCHK_INTERVAL 300
|
---|
| 86 | static time_t sh_prochk_interval = SH_PROCHK_INTERVAL;
|
---|
| 87 | static int sh_prochk_severity = SH_ERR_SEVERE;
|
---|
| 88 |
|
---|
| 89 |
|
---|
| 90 | static int sh_prochk_set_maxpid (const char * str);
|
---|
| 91 | static int sh_prochk_set_minpid (const char * str);
|
---|
| 92 | static int sh_prochk_set_active (const char *str);
|
---|
| 93 | static int sh_prochk_add_process (const char *str);
|
---|
| 94 | static int sh_prochk_set_pspath (const char *str);
|
---|
| 95 | static int sh_prochk_set_psarg (const char *str);
|
---|
| 96 | static int sh_prochk_set_interval(const char *str);
|
---|
| 97 | static int sh_prochk_set_severity(const char *str);
|
---|
| 98 |
|
---|
| 99 | sh_rconf sh_prochk_table[] = {
|
---|
| 100 | {
|
---|
| 101 | N_("severityprocesscheck"),
|
---|
| 102 | sh_prochk_set_severity,
|
---|
| 103 | },
|
---|
| 104 | {
|
---|
| 105 | N_("processcheckexists"),
|
---|
| 106 | sh_prochk_add_process,
|
---|
| 107 | },
|
---|
| 108 | {
|
---|
| 109 | N_("processcheckactive"),
|
---|
| 110 | sh_prochk_set_active,
|
---|
| 111 | },
|
---|
| 112 | {
|
---|
| 113 | N_("processcheckminpid"),
|
---|
| 114 | sh_prochk_set_minpid,
|
---|
| 115 | },
|
---|
| 116 | {
|
---|
| 117 | N_("processcheckmaxpid"),
|
---|
| 118 | sh_prochk_set_maxpid,
|
---|
| 119 | },
|
---|
| 120 | {
|
---|
| 121 | N_("processcheckpspath"),
|
---|
| 122 | sh_prochk_set_pspath,
|
---|
| 123 | },
|
---|
| 124 | {
|
---|
| 125 | N_("processcheckpsarg"),
|
---|
| 126 | sh_prochk_set_psarg,
|
---|
| 127 | },
|
---|
| 128 | {
|
---|
| 129 | N_("processcheckinterval"),
|
---|
| 130 | sh_prochk_set_interval,
|
---|
| 131 | },
|
---|
| 132 | {
|
---|
| 133 | NULL,
|
---|
| 134 | NULL
|
---|
| 135 | }
|
---|
| 136 | };
|
---|
| 137 |
|
---|
| 138 | #define SH_PROC_MISSING 1
|
---|
| 139 | #define SH_PROC_FAKED 2
|
---|
| 140 | #define SH_PROC_HIDDEN 4
|
---|
| 141 | #define SH_PROC_EXISTS 8
|
---|
| 142 |
|
---|
| 143 | #ifndef HAVE_LSTAT
|
---|
| 144 | #define lstat(x,y) stat(x,y)
|
---|
| 145 | #endif /* HAVE_LSTAT */
|
---|
| 146 |
|
---|
| 147 | static const short SH_PR_PS = 0x0001;
|
---|
| 148 |
|
---|
| 149 | static const short SH_PR_GETSID = 0x0002;
|
---|
| 150 | static const short SH_PR_KILL = 0x0004;
|
---|
| 151 | static const short SH_PR_GETPGID = 0x0008;
|
---|
| 152 |
|
---|
| 153 | static const short SH_PR_LSTAT = 0x0010;
|
---|
| 154 | static const short SH_PR_OPENDIR = 0x0020;
|
---|
| 155 | static const short SH_PR_CHDIR = 0x0040;
|
---|
| 156 | static const short SH_PR_SCHED = 0x0080;
|
---|
| 157 |
|
---|
| 158 | static const short SH_PR_PRIORITY = 0x0100;
|
---|
| 159 |
|
---|
| 160 | static const short SH_PR_PS2 = 0x0200;
|
---|
| 161 | static const short SH_PR_PS_ANY = 0x0400;
|
---|
| 162 | static const short SH_PR_ALL = 0x0800;
|
---|
| 163 | static const short SH_PR_ANY = 0x1000;
|
---|
| 164 |
|
---|
| 165 | struct watchlist {
|
---|
| 166 | char * str;
|
---|
| 167 | unsigned long pid;
|
---|
| 168 | #ifdef HAVE_REGEX_H
|
---|
| 169 | regex_t preg;
|
---|
| 170 | #endif
|
---|
| 171 | int seen;
|
---|
| 172 |
|
---|
| 173 | struct watchlist *next;
|
---|
| 174 | };
|
---|
| 175 |
|
---|
| 176 | static struct watchlist * process_check = NULL;
|
---|
| 177 |
|
---|
| 178 | static struct watchlist * list_missing = NULL;
|
---|
| 179 | static struct watchlist * list_fake = NULL;
|
---|
| 180 | static struct watchlist * list_hidden = NULL;
|
---|
| 181 |
|
---|
| 182 | /* recursively remove all list entries
|
---|
| 183 | */
|
---|
| 184 | static void kill_list (struct watchlist * head)
|
---|
| 185 | {
|
---|
| 186 | if (head->next)
|
---|
| 187 | kill_list (head->next);
|
---|
| 188 |
|
---|
| 189 | if (head->str)
|
---|
| 190 | SH_FREE(head->str);
|
---|
| 191 | SH_FREE(head);
|
---|
| 192 |
|
---|
| 193 | return;
|
---|
| 194 | }
|
---|
| 195 |
|
---|
| 196 |
|
---|
| 197 | /* check the list for old entries; clean out old entries; reset others
|
---|
| 198 | * Return number of non-obsolete entries
|
---|
| 199 | */
|
---|
| 200 | static size_t clean_list (struct watchlist ** head_ptr)
|
---|
| 201 | {
|
---|
| 202 | size_t count = 0;
|
---|
| 203 | struct watchlist * ptr = *head_ptr;
|
---|
| 204 | struct watchlist * pre = *head_ptr;
|
---|
| 205 |
|
---|
| 206 | while (ptr)
|
---|
| 207 | {
|
---|
| 208 | if (ptr->seen == S_FALSE) /* obsolete entry */
|
---|
| 209 | {
|
---|
| 210 | if (ptr == pre) /* at head */
|
---|
| 211 | {
|
---|
| 212 | ptr = pre->next;
|
---|
| 213 | *head_ptr = pre->next;
|
---|
| 214 | if (pre->str)
|
---|
| 215 | SH_FREE(pre->str);
|
---|
| 216 | SH_FREE(pre);
|
---|
| 217 | pre = ptr;
|
---|
| 218 | }
|
---|
| 219 | else
|
---|
| 220 | {
|
---|
| 221 | pre->next = ptr->next;
|
---|
| 222 | if (ptr->str)
|
---|
| 223 | SH_FREE(ptr->str);
|
---|
| 224 | SH_FREE(ptr);
|
---|
| 225 | ptr = pre->next;
|
---|
| 226 | }
|
---|
| 227 | }
|
---|
| 228 | else
|
---|
| 229 | {
|
---|
| 230 | ++count;
|
---|
| 231 | ptr->seen = S_FALSE; /* reset status */
|
---|
| 232 | pre = ptr;
|
---|
| 233 | ptr = ptr->next;
|
---|
| 234 | }
|
---|
| 235 | }
|
---|
| 236 | return count;
|
---|
| 237 | }
|
---|
| 238 |
|
---|
| 239 | /* check if process is in list; if not, add it and return false
|
---|
| 240 | */
|
---|
| 241 | static int is_in_list (struct watchlist ** head_ptr,
|
---|
| 242 | char * str, unsigned long pid)
|
---|
| 243 | {
|
---|
| 244 | struct watchlist * ptr = *head_ptr;
|
---|
| 245 |
|
---|
| 246 | if (str)
|
---|
| 247 | {
|
---|
| 248 | while (ptr)
|
---|
| 249 | {
|
---|
| 250 | if (ptr->str && (0 == strcmp(str, ptr->str)))
|
---|
| 251 | {
|
---|
| 252 | ptr->seen = S_TRUE;
|
---|
| 253 | return S_TRUE;
|
---|
| 254 | }
|
---|
| 255 | ptr = ptr->next;
|
---|
| 256 | }
|
---|
| 257 | }
|
---|
| 258 | else
|
---|
| 259 | {
|
---|
| 260 | while (ptr)
|
---|
| 261 | {
|
---|
| 262 | if (ptr->pid == pid)
|
---|
| 263 | {
|
---|
| 264 | ptr->seen = S_TRUE;
|
---|
| 265 | return S_TRUE;
|
---|
| 266 | }
|
---|
| 267 | ptr = ptr->next;
|
---|
| 268 | }
|
---|
| 269 | }
|
---|
| 270 |
|
---|
| 271 | ptr = SH_ALLOC(sizeof(struct watchlist));
|
---|
| 272 |
|
---|
| 273 | if (str)
|
---|
| 274 | {
|
---|
| 275 | ptr->str = sh_util_strdup(str);
|
---|
| 276 | }
|
---|
| 277 | else
|
---|
| 278 | {
|
---|
| 279 | ptr->str = NULL;
|
---|
| 280 | ptr->pid = pid;
|
---|
| 281 | }
|
---|
| 282 | ptr->next = *head_ptr;
|
---|
| 283 | ptr->seen = S_TRUE;
|
---|
| 284 | *head_ptr = ptr;
|
---|
| 285 |
|
---|
| 286 | return S_FALSE;
|
---|
| 287 | }
|
---|
| 288 |
|
---|
| 289 | static int is_in_watchlist (const char *str, unsigned long num)
|
---|
| 290 | {
|
---|
| 291 | struct watchlist * list = process_check;
|
---|
| 292 |
|
---|
| 293 | while (list)
|
---|
| 294 | {
|
---|
| 295 | #ifdef HAVE_REGEX_H
|
---|
| 296 | if (0 == regexec(&(list->preg), str, 0, NULL, 0))
|
---|
| 297 | {
|
---|
| 298 | list->seen = S_TRUE;
|
---|
| 299 | list->pid = num;
|
---|
| 300 | return S_TRUE;
|
---|
| 301 | }
|
---|
| 302 | #else
|
---|
| 303 | if (strstr(str, list->str))
|
---|
| 304 | {
|
---|
| 305 | list->seen = S_TRUE;
|
---|
| 306 | list->pid = num;
|
---|
| 307 | return S_TRUE;
|
---|
| 308 | }
|
---|
| 309 | #endif
|
---|
| 310 | list = list->next;
|
---|
| 311 | }
|
---|
| 312 | return S_FALSE;
|
---|
| 313 | }
|
---|
| 314 |
|
---|
| 315 | static void check_watchlist (short * res)
|
---|
| 316 | {
|
---|
| 317 | struct watchlist * list = process_check;
|
---|
| 318 | char * tmp;
|
---|
| 319 | size_t indx;
|
---|
| 320 |
|
---|
| 321 | while (list)
|
---|
| 322 | {
|
---|
| 323 | if (list->seen == S_FALSE)
|
---|
| 324 | {
|
---|
| 325 | /* avoid repetition of messages
|
---|
| 326 | */
|
---|
| 327 | if (S_FALSE == is_in_list(&list_missing, list->str, 0))
|
---|
| 328 | {
|
---|
| 329 | sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0,
|
---|
| 330 | MSG_PCK_MISS,
|
---|
| 331 | list->str);
|
---|
| 332 | }
|
---|
| 333 | }
|
---|
| 334 | else
|
---|
| 335 | {
|
---|
| 336 | indx = list->pid - sh_prochk_minpid;
|
---|
| 337 |
|
---|
| 338 | if (list->pid < sh_prochk_maxpid && list->pid >= sh_prochk_minpid &&
|
---|
| 339 | ((res[indx] & SH_PR_ANY) == 0) && /* not found */
|
---|
| 340 | ((res[indx] & SH_PR_PS) != 0) && /* seen in first ps */
|
---|
| 341 | ((res[indx] & SH_PR_PS2) != 0)) /* seen in second ps */
|
---|
| 342 | {
|
---|
| 343 | /* fake process, thus considered missing
|
---|
| 344 | */
|
---|
| 345 | if (S_FALSE == is_in_list(&list_missing, list->str, 0))
|
---|
| 346 | {
|
---|
| 347 | tmp = sh_util_safe_name (list->str);
|
---|
| 348 | sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0,
|
---|
| 349 | MSG_PCK_MISS,
|
---|
| 350 | tmp);
|
---|
| 351 | SH_FREE(tmp);
|
---|
| 352 | }
|
---|
| 353 | }
|
---|
| 354 | list->seen = S_FALSE;
|
---|
| 355 | }
|
---|
| 356 | list = list->next;
|
---|
| 357 | }
|
---|
| 358 | }
|
---|
| 359 |
|
---|
| 360 | /* Add 'str' to the list of watched processes for which
|
---|
| 361 | * existence should be checked.
|
---|
| 362 | */
|
---|
| 363 | int sh_prochk_add_process (const char *str)
|
---|
| 364 | {
|
---|
| 365 | struct watchlist *new;
|
---|
| 366 | int status;
|
---|
| 367 | char errbuf[256];
|
---|
| 368 |
|
---|
| 369 | SL_ENTER(_("sh_prochk_add_process"));
|
---|
| 370 |
|
---|
| 371 | if( str == NULL )
|
---|
| 372 | SL_RETURN(-1, _("sh_prochk_add_process") );
|
---|
| 373 |
|
---|
| 374 | new = SH_ALLOC(sizeof(struct watchlist));
|
---|
| 375 | new->next = process_check;
|
---|
| 376 | new->str = sh_util_strdup(str);
|
---|
| 377 | #ifdef HAVE_REGEX_H
|
---|
| 378 | status = regcomp(&(new->preg), str, REG_NOSUB|REG_EXTENDED);
|
---|
| 379 | if (status != 0)
|
---|
| 380 | {
|
---|
| 381 | regerror(status, &(new->preg), errbuf, sizeof(errbuf));
|
---|
| 382 | sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN,
|
---|
| 383 | errbuf, _("sh_processes_runps"));
|
---|
| 384 | SH_FREE(new->str);
|
---|
| 385 | SH_FREE(new);
|
---|
| 386 | SL_RETURN(-1, _("sh_prochk_add_process") );
|
---|
| 387 | }
|
---|
| 388 | #endif
|
---|
| 389 | new->pid = 0;
|
---|
| 390 | new->seen = S_FALSE;
|
---|
| 391 |
|
---|
| 392 | process_check = new;
|
---|
| 393 | SL_RETURN(0, _("sh_prochk_add_process") );
|
---|
| 394 | }
|
---|
| 395 |
|
---|
| 396 | /* severity
|
---|
| 397 | */
|
---|
| 398 | int sh_prochk_set_severity (const char * c)
|
---|
| 399 | {
|
---|
| 400 | char tmp[32];
|
---|
| 401 | tmp[0] = '='; tmp[1] = '\0';
|
---|
| 402 | sl_strlcat (tmp, c, 32);
|
---|
| 403 | return sh_error_set_level (tmp, &sh_prochk_severity);
|
---|
| 404 | }
|
---|
| 405 |
|
---|
| 406 |
|
---|
| 407 |
|
---|
| 408 | /* Path to ps
|
---|
| 409 | */
|
---|
| 410 | int sh_prochk_set_pspath(const char *str)
|
---|
| 411 | {
|
---|
| 412 | SL_ENTER(_("sh_prochk_set_pspath"));
|
---|
| 413 |
|
---|
| 414 | if (!str && ('/' != str[0]))
|
---|
| 415 | SL_RETURN((-1), _("sh_prochk_set_psarg"));
|
---|
| 416 | if (sh_prochk_pspath)
|
---|
| 417 | SH_FREE(sh_prochk_pspath);
|
---|
| 418 | sh_prochk_pspath = sh_util_strdup (str);
|
---|
| 419 |
|
---|
| 420 | SL_RETURN((0), _("sh_prochk_set_pspath"));
|
---|
| 421 |
|
---|
| 422 | }
|
---|
| 423 |
|
---|
| 424 | /* argument for ps
|
---|
| 425 | */
|
---|
| 426 | int sh_prochk_set_psarg(const char *str)
|
---|
| 427 | {
|
---|
| 428 | SL_ENTER(_("sh_prochk_set_psarg"));
|
---|
| 429 |
|
---|
| 430 | if (sh_prochk_psarg)
|
---|
| 431 | SH_FREE(sh_prochk_psarg);
|
---|
| 432 | sh_prochk_psarg = sh_util_strdup (str);
|
---|
| 433 |
|
---|
| 434 | SL_RETURN((0), _("sh_prochk_set_psarg"));
|
---|
| 435 |
|
---|
| 436 | }
|
---|
| 437 |
|
---|
| 438 |
|
---|
| 439 | /* Decide if we're active.
|
---|
| 440 | */
|
---|
| 441 | int sh_prochk_set_active(const char *str)
|
---|
| 442 | {
|
---|
| 443 | int value;
|
---|
| 444 |
|
---|
| 445 | SL_ENTER(_("sh_prochk_set_active"));
|
---|
| 446 |
|
---|
| 447 | value = sh_util_flagval(str, &ShProchkActive);
|
---|
| 448 |
|
---|
| 449 | SL_RETURN((value), _("sh_prochk_set_active"));
|
---|
| 450 | }
|
---|
| 451 |
|
---|
| 452 | /* Minimum PID
|
---|
| 453 | */
|
---|
| 454 | int sh_prochk_set_minpid(const char * str)
|
---|
| 455 | {
|
---|
| 456 | size_t value;
|
---|
| 457 | char * foo;
|
---|
| 458 | int retval = 0;
|
---|
| 459 |
|
---|
| 460 | SL_ENTER(_("sh_prochk_set_minpid"));
|
---|
| 461 |
|
---|
| 462 | value = (size_t) strtoul(str, &foo, 0);
|
---|
| 463 | if (*foo != '\0')
|
---|
| 464 | retval = -1;
|
---|
| 465 | else
|
---|
| 466 | sh_prochk_minpid = value;
|
---|
| 467 |
|
---|
| 468 | SL_RETURN((retval), _("sh_prochk_set_minpid"));
|
---|
| 469 | }
|
---|
| 470 |
|
---|
| 471 | /* Maximum PID
|
---|
| 472 | */
|
---|
| 473 | static int userdef_maxpid = 0;
|
---|
| 474 |
|
---|
| 475 | int sh_prochk_set_maxpid(const char * str)
|
---|
| 476 | {
|
---|
| 477 | size_t value;
|
---|
| 478 | char * foo;
|
---|
| 479 | int retval = 0;
|
---|
| 480 |
|
---|
| 481 | SL_ENTER(_("sh_prochk_set_maxpid"));
|
---|
| 482 |
|
---|
| 483 | value = (size_t) strtoul(str, &foo, 0);
|
---|
| 484 | if (*foo != '\0') {
|
---|
| 485 | retval = -1;
|
---|
| 486 | } else {
|
---|
| 487 | sh_prochk_maxpid = value + 1;
|
---|
| 488 | userdef_maxpid = 1;
|
---|
| 489 | }
|
---|
| 490 |
|
---|
| 491 | SL_RETURN((retval), _("sh_prochk_set_maxpid"));
|
---|
| 492 | }
|
---|
| 493 |
|
---|
| 494 | int sh_prochk_set_interval (const char * c)
|
---|
| 495 | {
|
---|
| 496 | int retval = 0;
|
---|
| 497 | long val;
|
---|
| 498 |
|
---|
| 499 | SL_ENTER(_("sh_prochk_set_interval"));
|
---|
| 500 | val = strtol (c, (char **)NULL, 10);
|
---|
| 501 | if (val <= 0)
|
---|
| 502 | {
|
---|
| 503 | sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS,
|
---|
| 504 | _("process check interval"), c);
|
---|
| 505 | retval = -1;
|
---|
| 506 | }
|
---|
| 507 |
|
---|
| 508 | val = (val <= 0 ? 60 : val);
|
---|
| 509 |
|
---|
| 510 | sh_prochk_interval = (time_t) val;
|
---|
| 511 | SL_RETURN(0, _("sh_prochk_set_interval"));
|
---|
| 512 | }
|
---|
| 513 |
|
---|
| 514 |
|
---|
| 515 |
|
---|
| 516 | /* Recurse to the end of the list and then free the data as we return
|
---|
| 517 | * back up towards the start, making sure to free any strdupped strings
|
---|
| 518 | */
|
---|
| 519 | static void sh_prochk_free_list(struct watchlist *head)
|
---|
| 520 | {
|
---|
| 521 | if ( head != NULL )
|
---|
| 522 | {
|
---|
| 523 | sh_prochk_free_list(head->next);
|
---|
| 524 | if (head->str)
|
---|
| 525 | SH_FREE(head->str);
|
---|
| 526 | #ifdef HAVE_REGEX_H
|
---|
| 527 | regfree(&(head->preg));
|
---|
| 528 | #endif
|
---|
| 529 | SH_FREE(head);
|
---|
| 530 | }
|
---|
| 531 | return;
|
---|
| 532 | }
|
---|
| 533 |
|
---|
| 534 | #if defined(__linux__)
|
---|
| 535 | #define PROC_PID_MAX _("/proc/sys/kernel/pid_max")
|
---|
| 536 |
|
---|
| 537 | static int proc_max_pid (size_t * procpid)
|
---|
| 538 | {
|
---|
| 539 | unsigned long pid;
|
---|
| 540 | FILE * fd;
|
---|
| 541 | char str[128];
|
---|
| 542 | char * ptr;
|
---|
| 543 |
|
---|
| 544 | SL_ENTER(_("proc_max_pid"));
|
---|
| 545 |
|
---|
| 546 | if (userdef_maxpid != 0)
|
---|
| 547 | SL_RETURN((-1), _("proc_max_pid"));
|
---|
| 548 |
|
---|
| 549 | if (0 == access(PROC_PID_MAX, R_OK))
|
---|
| 550 | {
|
---|
| 551 | if (NULL != (fd = fopen(PROC_PID_MAX, "r")))
|
---|
| 552 | {
|
---|
| 553 | str[0] = '\0';
|
---|
| 554 | fgets(str, 128, fd);
|
---|
| 555 | if (*str != '\0')
|
---|
| 556 | {
|
---|
| 557 | pid = strtoul(str, &ptr, 0);
|
---|
| 558 | if (*ptr == '\0' || *ptr == '\n')
|
---|
| 559 | {
|
---|
| 560 | fclose(fd);
|
---|
| 561 | *procpid = (size_t) pid;
|
---|
| 562 | SL_RETURN(0, _("proc_max_pid"));
|
---|
| 563 | }
|
---|
| 564 | }
|
---|
| 565 | fclose(fd);
|
---|
| 566 | }
|
---|
| 567 | }
|
---|
| 568 | SL_RETURN((-1), _("proc_max_pid"));
|
---|
| 569 | }
|
---|
| 570 | #else
|
---|
| 571 | static int proc_max_pid(size_t * dummy)
|
---|
| 572 | {
|
---|
| 573 | (void) dummy;
|
---|
| 574 | return -1;
|
---|
| 575 | }
|
---|
| 576 | #endif
|
---|
| 577 |
|
---|
| 578 | static void sh_processes_tlist (char * list, size_t len, short res)
|
---|
| 579 | {
|
---|
| 580 | if (res & SH_PR_PS) sl_strlcat(list, _(" ps(initial)"), len);
|
---|
| 581 | if (res & SH_PR_CHDIR) sl_strlcat(list, _(" chdir"), len);
|
---|
| 582 | if (res & SH_PR_OPENDIR) sl_strlcat(list, _(" opendir"), len);
|
---|
| 583 | if (res & SH_PR_LSTAT) sl_strlcat(list, _(" lstat"), len);
|
---|
| 584 | if (res & SH_PR_PRIORITY) sl_strlcat(list, _(" getpriority"), len);
|
---|
| 585 | if (res & SH_PR_SCHED) sl_strlcat(list, _(" sched_getparam"), len);
|
---|
| 586 | if (res & SH_PR_GETSID) sl_strlcat(list, _(" getsid"), len);
|
---|
| 587 | if (res & SH_PR_GETPGID) sl_strlcat(list, _(" getpgid"), len);
|
---|
| 588 | if (res & SH_PR_KILL) sl_strlcat(list, _(" kill"), len);
|
---|
| 589 | if (res & SH_PR_PS2) sl_strlcat(list, _(" ps(final)"), len);
|
---|
| 590 | return;
|
---|
| 591 | }
|
---|
| 592 |
|
---|
| 593 | static short sh_processes_check (pid_t pid, short res)
|
---|
| 594 | {
|
---|
| 595 | int have_checks = 0;
|
---|
| 596 | int need_checks = 0;
|
---|
| 597 | #ifdef HAVE_PROCFS
|
---|
| 598 | char path[128];
|
---|
| 599 | struct stat buf;
|
---|
| 600 | DIR * dir;
|
---|
| 601 | #endif
|
---|
| 602 |
|
---|
| 603 | #if !defined(sun) && !defined(__sun) && !defined(__sun__)
|
---|
| 604 | #ifdef _POSIX_PRIORITY_SCHEDULING
|
---|
| 605 | struct sched_param p;
|
---|
| 606 | #endif
|
---|
| 607 | #endif
|
---|
| 608 |
|
---|
| 609 | if (0 == kill(pid, 0))
|
---|
| 610 | {
|
---|
| 611 | res |= SH_PR_KILL; res |= SH_PR_ANY; ++have_checks;
|
---|
| 612 | ++need_checks;
|
---|
| 613 | }
|
---|
| 614 | else if (errno != EPERM)
|
---|
| 615 | {
|
---|
| 616 | ++need_checks;
|
---|
| 617 | }
|
---|
| 618 |
|
---|
| 619 | #ifdef HAVE_GETPGID
|
---|
| 620 | if ((pid_t)-1 != getpgid(pid))
|
---|
| 621 | {
|
---|
| 622 | res |= SH_PR_GETPGID; res |= SH_PR_ANY; ++have_checks;
|
---|
| 623 | }
|
---|
| 624 | ++need_checks;
|
---|
| 625 | #endif
|
---|
| 626 |
|
---|
| 627 | #ifdef HAVE_GETSID
|
---|
| 628 | if ((pid_t)-1 != getsid(pid))
|
---|
| 629 | {
|
---|
| 630 | res |= SH_PR_GETSID; res |= SH_PR_ANY; ++have_checks;
|
---|
| 631 | }
|
---|
| 632 | ++need_checks;
|
---|
| 633 | #endif
|
---|
| 634 |
|
---|
| 635 | /* sched_getparam() is broken on solaris 10, may segfault in librt
|
---|
| 636 | */
|
---|
| 637 | #if !defined(sun) && !defined(__sun) && !defined(__sun__)
|
---|
| 638 | #ifdef _POSIX_PRIORITY_SCHEDULING
|
---|
| 639 | if (0 == sched_getparam (pid, &p))
|
---|
| 640 | {
|
---|
| 641 | res |= SH_PR_SCHED; res |= SH_PR_ANY; ++have_checks;
|
---|
| 642 | }
|
---|
| 643 | ++need_checks;
|
---|
| 644 | #endif
|
---|
| 645 | #endif
|
---|
| 646 |
|
---|
| 647 | #ifdef HAVE_GETPRIORITY
|
---|
| 648 | errno = 0;
|
---|
| 649 | if (((-1) == getpriority (PRIO_PROCESS, (int) pid)) && (errno == ESRCH));
|
---|
| 650 | else
|
---|
| 651 | {
|
---|
| 652 | res |= SH_PR_PRIORITY; res |= SH_PR_ANY; ++have_checks;
|
---|
| 653 | }
|
---|
| 654 | ++need_checks;
|
---|
| 655 | #endif
|
---|
| 656 |
|
---|
| 657 | #ifdef HAVE_PROCFS
|
---|
| 658 | sl_snprintf (path, sizeof(path), "/proc/%ld", (unsigned long) pid);
|
---|
| 659 |
|
---|
| 660 | if (0 == lstat (path, &buf))
|
---|
| 661 | {
|
---|
| 662 | res |= SH_PR_LSTAT; res |= SH_PR_ANY; ++have_checks;
|
---|
| 663 | }
|
---|
| 664 | ++need_checks;
|
---|
| 665 |
|
---|
| 666 | if (NULL != (dir = opendir(path)))
|
---|
| 667 | {
|
---|
| 668 | res |= SH_PR_OPENDIR; res |= SH_PR_ANY; ++have_checks;
|
---|
| 669 | closedir(dir);
|
---|
| 670 | }
|
---|
| 671 | ++need_checks;
|
---|
| 672 |
|
---|
| 673 | #if !defined(SH_PROFILE)
|
---|
| 674 | if (0 == chdir(path))
|
---|
| 675 | {
|
---|
| 676 | res |= SH_PR_CHDIR; res |= SH_PR_ANY; ++have_checks;
|
---|
| 677 | retry_aud_chdir(FIL__, __LINE__, "/");
|
---|
| 678 | }
|
---|
| 679 | ++need_checks;
|
---|
| 680 | #endif
|
---|
| 681 | #endif
|
---|
| 682 |
|
---|
| 683 | if (have_checks == need_checks)
|
---|
| 684 | {
|
---|
| 685 | res |= SH_PR_ALL;
|
---|
| 686 | }
|
---|
| 687 | return res;
|
---|
| 688 | }
|
---|
| 689 |
|
---|
| 690 | static int sh_processes_readps (FILE * in, short * res,
|
---|
| 691 | char * str, size_t len,
|
---|
| 692 | short flag, pid_t pid)
|
---|
| 693 | {
|
---|
| 694 | int cc;
|
---|
| 695 | unsigned int lnum = 0;
|
---|
| 696 | unsigned long num = 0;
|
---|
| 697 | char c;
|
---|
| 698 | unsigned int pos = 0;
|
---|
| 699 | char tstr[256];
|
---|
| 700 | enum { SKIP_WS, SKIP_WS2, GET_NUM, SKIP_END, GET_NUM2 } line;
|
---|
| 701 |
|
---|
| 702 | SL_ENTER(_("sh_processes_readps"));
|
---|
| 703 |
|
---|
| 704 | if (!in) {
|
---|
| 705 | SL_RETURN((-1), _("sh_processes_readps"));
|
---|
| 706 | }
|
---|
| 707 |
|
---|
| 708 | tstr[(sizeof(tstr)-1)] = '\0';
|
---|
| 709 | tstr[0] = '\0';
|
---|
| 710 | line = SKIP_END; /* Skip 1st line */
|
---|
| 711 |
|
---|
| 712 | do
|
---|
| 713 | {
|
---|
| 714 | cc = fgetc(in);
|
---|
| 715 |
|
---|
| 716 | if (EOF == cc)
|
---|
| 717 | {
|
---|
| 718 | if (feof(in))
|
---|
| 719 | {
|
---|
| 720 | break;
|
---|
| 721 | }
|
---|
| 722 | else if (errno == EAGAIN)
|
---|
| 723 | {
|
---|
| 724 | continue;
|
---|
| 725 | }
|
---|
| 726 | else
|
---|
| 727 | {
|
---|
| 728 | sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, errno, MSG_E_SUBGEN,
|
---|
| 729 | sh_error_message(errno),
|
---|
| 730 | _("sh_processes_readps"));
|
---|
| 731 | break;
|
---|
| 732 | }
|
---|
| 733 | }
|
---|
| 734 |
|
---|
| 735 | c = (char) cc;
|
---|
| 736 |
|
---|
| 737 | if (pos < (sizeof(tstr)-1))
|
---|
| 738 | {
|
---|
| 739 | tstr[pos] = c; ++pos;
|
---|
| 740 | }
|
---|
| 741 |
|
---|
| 742 | switch(line)
|
---|
| 743 | {
|
---|
| 744 | case SKIP_END:
|
---|
| 745 | if (c == '\n')
|
---|
| 746 | {
|
---|
| 747 | tstr[pos-1] = '\0';
|
---|
| 748 | /* fprintf(stderr, "<%ld> %s\n", num, tstr); */
|
---|
| 749 | line = SKIP_WS; pos = 0;
|
---|
| 750 | if (str != NULL && num == (unsigned long) pid)
|
---|
| 751 | sl_strlcpy(str, tstr, len);
|
---|
| 752 | if (lnum != 0)
|
---|
| 753 | is_in_watchlist (tstr, num);
|
---|
| 754 | ++lnum;
|
---|
| 755 | }
|
---|
| 756 | break;
|
---|
| 757 | case SKIP_WS:
|
---|
| 758 | if (isspace(cc))
|
---|
| 759 | break;
|
---|
| 760 | num = 0;
|
---|
| 761 | line = GET_NUM;
|
---|
| 762 | /* fallthrough */
|
---|
| 763 | case GET_NUM:
|
---|
| 764 | if (isdigit(cc))
|
---|
| 765 | {
|
---|
| 766 | num = num * 10 + (c - '0');
|
---|
| 767 | break;
|
---|
| 768 | }
|
---|
| 769 | #ifdef HAVE_THREADS
|
---|
| 770 | num = 0;
|
---|
| 771 | line = SKIP_WS2;
|
---|
| 772 | #else
|
---|
| 773 | if (num < sh_prochk_maxpid && num >= sh_prochk_minpid)
|
---|
| 774 | {
|
---|
| 775 | res[num - sh_prochk_minpid] |= flag;
|
---|
| 776 | }
|
---|
| 777 | line = SKIP_END;
|
---|
| 778 | #endif
|
---|
| 779 | break;
|
---|
| 780 | case SKIP_WS2:
|
---|
| 781 | if (isspace(cc))
|
---|
| 782 | break;
|
---|
| 783 | num = 0;
|
---|
| 784 | line = GET_NUM2;
|
---|
| 785 | /* fallthrough */
|
---|
| 786 | case GET_NUM2:
|
---|
| 787 | if (isdigit(cc))
|
---|
| 788 | {
|
---|
| 789 | num = num * 10 + (c - '0');
|
---|
| 790 | break;
|
---|
| 791 | }
|
---|
| 792 | if (num < sh_prochk_maxpid && num >= sh_prochk_minpid)
|
---|
| 793 | {
|
---|
| 794 | res[num - sh_prochk_minpid] |= flag;
|
---|
| 795 | }
|
---|
| 796 | line = SKIP_END;
|
---|
| 797 | break;
|
---|
| 798 | default:
|
---|
| 799 | SL_RETURN ((-1), _("sh_processes_readps"));
|
---|
| 800 | }
|
---|
| 801 | } while (1);
|
---|
| 802 |
|
---|
| 803 | if (ferror(in))
|
---|
| 804 | {
|
---|
| 805 | SL_RETURN ((-1), _("sh_processes_readps"));
|
---|
| 806 | }
|
---|
| 807 |
|
---|
| 808 | SL_RETURN ((0), _("sh_processes_readps"));
|
---|
| 809 | }
|
---|
| 810 |
|
---|
| 811 | static int sh_processes_runps (short * res, char * str, size_t len,
|
---|
| 812 | short flag, pid_t pid)
|
---|
| 813 | {
|
---|
| 814 | sh_tas_t task;
|
---|
| 815 |
|
---|
| 816 | int status = 0;
|
---|
| 817 | char * p;
|
---|
| 818 | struct sigaction new_act;
|
---|
| 819 | struct sigaction old_act;
|
---|
| 820 | int retval = 0;
|
---|
| 821 |
|
---|
| 822 | SL_ENTER(_("sh_processes_runps"));
|
---|
| 823 |
|
---|
| 824 | sh_ext_tas_init(&task);
|
---|
| 825 | p = sh_unix_getUIDdir (SH_ERR_ERR, task.run_user_uid);
|
---|
| 826 | if (p)
|
---|
| 827 | {
|
---|
| 828 | (void) sh_ext_tas_add_envv (&task, _("HOME"), p);
|
---|
| 829 | }
|
---|
| 830 | (void) sh_ext_tas_add_envv (&task, _("SHELL"),
|
---|
| 831 | _("/bin/sh"));
|
---|
| 832 | (void) sh_ext_tas_add_envv (&task, _("PATH"),
|
---|
| 833 | _("/sbin:/usr/sbin:/bin:/usr/bin"));
|
---|
| 834 | if (sh.timezone != NULL)
|
---|
| 835 | {
|
---|
| 836 | (void) sh_ext_tas_add_envv(&task, "TZ", sh.timezone);
|
---|
| 837 | }
|
---|
| 838 |
|
---|
| 839 | if (!sh_prochk_pspath)
|
---|
| 840 | sh_ext_tas_command(&task, PSPATH);
|
---|
| 841 | else
|
---|
| 842 | sh_ext_tas_command(&task, sh_prochk_pspath);
|
---|
| 843 |
|
---|
| 844 | (void) sh_ext_tas_add_argv(&task, _("ps"));
|
---|
| 845 |
|
---|
| 846 | if (!sh_prochk_psarg)
|
---|
| 847 | {
|
---|
| 848 | #ifdef HAVE_THREADS
|
---|
| 849 | (void) sh_ext_tas_add_argv(&task, _("-eT"));
|
---|
| 850 | #else
|
---|
| 851 | (void) sh_ext_tas_add_argv(&task, PSARG);
|
---|
| 852 | #endif
|
---|
| 853 | }
|
---|
| 854 | else
|
---|
| 855 | {
|
---|
| 856 | (void) sh_ext_tas_add_argv(&task, sh_prochk_psarg);
|
---|
| 857 | }
|
---|
| 858 |
|
---|
| 859 | task.rw = 'r';
|
---|
| 860 | task.fork_twice = S_FALSE;
|
---|
| 861 |
|
---|
| 862 | status = sh_ext_popen(&task);
|
---|
| 863 | if (status != 0)
|
---|
| 864 | {
|
---|
| 865 | sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN,
|
---|
| 866 | _("Could not open pipe"), _("sh_processes_runps"));
|
---|
| 867 | SL_RETURN ((-1), _("sh_processes_runps"));
|
---|
| 868 | }
|
---|
| 869 |
|
---|
| 870 | /* ignore SIGPIPE (instead get EPIPE if connection is closed)
|
---|
| 871 | */
|
---|
| 872 | new_act.sa_handler = SIG_IGN;
|
---|
| 873 | (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act);
|
---|
| 874 |
|
---|
| 875 | /* read from the open pipe
|
---|
| 876 | */
|
---|
| 877 | if (task.pipe != NULL)
|
---|
| 878 | {
|
---|
| 879 | retval = sh_processes_readps (task.pipe, res, str, len, flag, pid);
|
---|
| 880 | }
|
---|
| 881 |
|
---|
| 882 | /* restore old signal handler
|
---|
| 883 | */
|
---|
| 884 | (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &old_act, NULL);
|
---|
| 885 |
|
---|
| 886 | /* close pipe and return exit status
|
---|
| 887 | */
|
---|
| 888 | (void) sh_ext_pclose(&task);
|
---|
| 889 | SL_RETURN ((retval), _("sh_processes_runps"));
|
---|
| 890 | }
|
---|
| 891 |
|
---|
| 892 | static int sh_process_check_int (short * res)
|
---|
| 893 | {
|
---|
| 894 | size_t i, j;
|
---|
| 895 | char tests[512];
|
---|
| 896 |
|
---|
| 897 | pid_t this_pid;
|
---|
| 898 |
|
---|
| 899 | SL_ENTER(_("sh_process_check_int"));
|
---|
| 900 |
|
---|
| 901 | this_pid = getpid();
|
---|
| 902 |
|
---|
| 903 | if (!res)
|
---|
| 904 | {
|
---|
| 905 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
|
---|
| 906 | _("Internal error: NULL argument"),
|
---|
| 907 | _("sh_process_check_int"));
|
---|
| 908 | SL_RETURN ((-1), _("sh_process_check_int"));
|
---|
| 909 | }
|
---|
| 910 |
|
---|
| 911 | sh_processes_runps (res, NULL, 0, SH_PR_PS, 0);
|
---|
| 912 | for (i = sh_prochk_minpid; i != sh_prochk_maxpid; ++i)
|
---|
| 913 | {
|
---|
| 914 | j = i - sh_prochk_minpid;
|
---|
| 915 | res[j] = sh_processes_check ((pid_t) i, res[j]);
|
---|
| 916 | }
|
---|
| 917 | sh_processes_runps (res, NULL, 0, SH_PR_PS2, 0);
|
---|
| 918 |
|
---|
| 919 | /* Evaluate results
|
---|
| 920 | */
|
---|
| 921 | for (i = sh_prochk_minpid; i != sh_prochk_maxpid; ++i)
|
---|
| 922 | {
|
---|
| 923 | /* don't check the current process
|
---|
| 924 | */
|
---|
| 925 | if (i == (size_t) this_pid)
|
---|
| 926 | continue;
|
---|
| 927 |
|
---|
| 928 | j = i - sh_prochk_minpid;
|
---|
| 929 |
|
---|
| 930 | if (((res[j] & SH_PR_PS) != 0) || ((res[j] & SH_PR_PS2) != 0))
|
---|
| 931 | {
|
---|
| 932 | res[j] |= SH_PR_PS_ANY;
|
---|
| 933 | }
|
---|
| 934 | else
|
---|
| 935 | {
|
---|
| 936 | res[j] &= ~SH_PR_PS_ANY;
|
---|
| 937 | }
|
---|
| 938 |
|
---|
| 939 | tests[0] = '\0';
|
---|
| 940 |
|
---|
| 941 | if ((res[j] & SH_PR_ANY) || (res[j] & SH_PR_PS_ANY))
|
---|
| 942 | {
|
---|
| 943 | sh_processes_tlist (tests, sizeof(tests), res[j]);
|
---|
| 944 | /*
|
---|
| 945 | * case 1: in ps and found
|
---|
| 946 | */
|
---|
| 947 | if ((res[j] & SH_PR_PS_ANY) && (res[j] & SH_PR_ANY))
|
---|
| 948 | {
|
---|
| 949 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_PCK_OK,
|
---|
| 950 | (unsigned long) i, tests);
|
---|
| 951 | }
|
---|
| 952 |
|
---|
| 953 | /*
|
---|
| 954 | * case 2: not in ps and found
|
---|
| 955 | */
|
---|
| 956 | else if ((res[j] & SH_PR_PS_ANY) == 0)
|
---|
| 957 | {
|
---|
| 958 | res[j] = sh_processes_check ((pid_t) i, 0);
|
---|
| 959 | /*
|
---|
| 960 | * if still there, it is real and hidden
|
---|
| 961 | */
|
---|
| 962 | if (res[j] & SH_PR_ANY)
|
---|
| 963 | {
|
---|
| 964 | if (S_FALSE == is_in_list(&list_hidden, NULL, i))
|
---|
| 965 | {
|
---|
| 966 | sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0,
|
---|
| 967 | MSG_PCK_HIDDEN,
|
---|
| 968 | (unsigned long) i, tests);
|
---|
| 969 | }
|
---|
| 970 | }
|
---|
| 971 | }
|
---|
| 972 |
|
---|
| 973 | /*
|
---|
| 974 | * case 3: in ps, but not found
|
---|
| 975 | */
|
---|
| 976 | else
|
---|
| 977 | {
|
---|
| 978 | if (((res[j] & SH_PR_PS) != 0) && ((res[j] & SH_PR_PS2) != 0))
|
---|
| 979 | {
|
---|
| 980 | if (S_FALSE == is_in_list(&list_fake, NULL, i))
|
---|
| 981 | {
|
---|
| 982 | sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0,
|
---|
| 983 | MSG_PCK_FAKE,
|
---|
| 984 | (unsigned long) i, tests);
|
---|
| 985 | }
|
---|
| 986 | }
|
---|
| 987 | }
|
---|
| 988 | }
|
---|
| 989 | } /* loop end */
|
---|
| 990 |
|
---|
| 991 | check_watchlist (res);
|
---|
| 992 |
|
---|
| 993 | SL_RETURN (0, _("sh_process_check_int"));
|
---|
| 994 | }
|
---|
| 995 |
|
---|
| 996 | /* Initialise.
|
---|
| 997 | */
|
---|
| 998 | int sh_prochk_init(void)
|
---|
| 999 | {
|
---|
| 1000 | SL_ENTER(_("sh_prochk_init"));
|
---|
| 1001 |
|
---|
| 1002 | (void) proc_max_pid (&sh_prochk_maxpid);
|
---|
| 1003 |
|
---|
| 1004 | if (sh_prochk_minpid > sh_prochk_maxpid)
|
---|
| 1005 | ShProchkActive = S_FALSE;
|
---|
| 1006 |
|
---|
| 1007 | /* We need to free anything allocated by the configuration functions if
|
---|
| 1008 | * we find that the module is to be left inactive - otherwise _reconf()
|
---|
| 1009 | * won't quite work.
|
---|
| 1010 | */
|
---|
| 1011 | if( ShProchkActive == S_FALSE )
|
---|
| 1012 | {
|
---|
| 1013 | sh_prochk_free_list(process_check);
|
---|
| 1014 | process_check = NULL;
|
---|
| 1015 | SL_RETURN(-1, _("sh_prochk_init"));
|
---|
| 1016 | }
|
---|
| 1017 |
|
---|
| 1018 | sh_prochk_size = sh_prochk_maxpid - sh_prochk_minpid;
|
---|
| 1019 |
|
---|
| 1020 | sh_prochk_res = SH_ALLOC(sizeof(short) * sh_prochk_size);
|
---|
| 1021 | memset (sh_prochk_res, 0, sizeof(short) * sh_prochk_size);
|
---|
| 1022 |
|
---|
| 1023 | SL_RETURN(0, _("sh_prochk_init"));
|
---|
| 1024 | }
|
---|
| 1025 |
|
---|
| 1026 |
|
---|
| 1027 | int sh_prochk_timer(time_t tcurrent)
|
---|
| 1028 | {
|
---|
| 1029 | static time_t lastcheck = 0;
|
---|
| 1030 |
|
---|
| 1031 | SL_ENTER(_("sh_prochk_timer"));
|
---|
| 1032 | if ((time_t) (tcurrent - lastcheck) >= sh_prochk_interval)
|
---|
| 1033 | {
|
---|
| 1034 | lastcheck = tcurrent;
|
---|
| 1035 | SL_RETURN((-1), _("sh_prochk_timer"));
|
---|
| 1036 | }
|
---|
| 1037 | SL_RETURN(0, _("sh_prochk_timer"));
|
---|
| 1038 | }
|
---|
| 1039 |
|
---|
| 1040 | int sh_prochk_check(void)
|
---|
| 1041 | {
|
---|
| 1042 | int status = 0;
|
---|
| 1043 |
|
---|
| 1044 | SL_ENTER(_("sh_prochk_check"));
|
---|
| 1045 |
|
---|
| 1046 | if( ShProchkActive != S_FALSE )
|
---|
| 1047 | {
|
---|
| 1048 | sh_error_handle((-1), FIL__, __LINE__, 0, MSG_PCK_CHECK,
|
---|
| 1049 | (unsigned long) sh_prochk_minpid,
|
---|
| 1050 | (unsigned long) (sh_prochk_maxpid-1));
|
---|
| 1051 | status = sh_process_check_int(sh_prochk_res);
|
---|
| 1052 | if (status != 0)
|
---|
| 1053 | ShProchkActive = S_FALSE;
|
---|
| 1054 |
|
---|
| 1055 | /* clean out old entries which are not marked
|
---|
| 1056 | * as missing/hidden/fake anymore
|
---|
| 1057 | */
|
---|
| 1058 | clean_list (&list_missing);
|
---|
| 1059 | clean_list (&list_hidden);
|
---|
| 1060 | clean_list (&list_fake);
|
---|
| 1061 | }
|
---|
| 1062 |
|
---|
| 1063 | SL_RETURN(status, _("sh_prochk_check"));
|
---|
| 1064 | }
|
---|
| 1065 |
|
---|
| 1066 | /* Free our lists and the associated memory
|
---|
| 1067 | */
|
---|
| 1068 | int sh_prochk_cleanup(void)
|
---|
| 1069 | {
|
---|
| 1070 | SL_ENTER(_("sh_prochk_cleanup"));
|
---|
| 1071 |
|
---|
| 1072 | sh_prochk_reconf();
|
---|
| 1073 |
|
---|
| 1074 | if (list_missing) {
|
---|
| 1075 | kill_list(list_missing);
|
---|
| 1076 | list_missing = NULL;
|
---|
| 1077 | }
|
---|
| 1078 | if (list_hidden) {
|
---|
| 1079 | kill_list(list_hidden);
|
---|
| 1080 | list_hidden = NULL;
|
---|
| 1081 | }
|
---|
| 1082 | if (list_fake) {
|
---|
| 1083 | kill_list(list_fake);
|
---|
| 1084 | list_fake = NULL;
|
---|
| 1085 | }
|
---|
| 1086 |
|
---|
| 1087 | SL_RETURN(0, _("sh_prochk_cleanup"));
|
---|
| 1088 | }
|
---|
| 1089 |
|
---|
| 1090 | /* Free our lists and the associated memory
|
---|
| 1091 | */
|
---|
| 1092 | int sh_prochk_reconf(void)
|
---|
| 1093 | {
|
---|
| 1094 | SL_ENTER(_("sh_prochk_reconf"));
|
---|
| 1095 |
|
---|
| 1096 | userdef_maxpid = 0;
|
---|
| 1097 | sh_prochk_maxpid = 0x8000;
|
---|
| 1098 | sh_prochk_minpid = 0x0000;
|
---|
| 1099 | sh_prochk_interval = SH_PROCHK_INTERVAL;
|
---|
| 1100 |
|
---|
| 1101 | sh_prochk_free_list(process_check);
|
---|
| 1102 | process_check = NULL;
|
---|
| 1103 | if (sh_prochk_res != NULL)
|
---|
| 1104 | SH_FREE(sh_prochk_res);
|
---|
| 1105 | sh_prochk_res = NULL;
|
---|
| 1106 |
|
---|
| 1107 | if (sh_prochk_psarg)
|
---|
| 1108 | SH_FREE(sh_prochk_psarg);
|
---|
| 1109 | sh_prochk_psarg = NULL;
|
---|
| 1110 | if (sh_prochk_pspath)
|
---|
| 1111 | SH_FREE(sh_prochk_pspath);
|
---|
| 1112 | sh_prochk_pspath = NULL;
|
---|
| 1113 |
|
---|
| 1114 | SL_RETURN(0, _("sh_prochk_reconf"));
|
---|
| 1115 | }
|
---|
| 1116 |
|
---|
| 1117 | /* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */
|
---|
| 1118 | #endif
|
---|
| 1119 |
|
---|
| 1120 | /* #ifdef SH_USE_PROCESSCHECK */
|
---|
| 1121 | #endif
|
---|
| 1122 |
|
---|
| 1123 |
|
---|
| 1124 | #ifdef SH_CUTEST
|
---|
| 1125 | #include "CuTest.h"
|
---|
| 1126 |
|
---|
| 1127 | void Test_processcheck_watchlist_ok (CuTest *tc) {
|
---|
| 1128 | #if defined(SH_USE_PROCESSCHECK) && (defined(SH_WITH_CLIENT) || defined(SH_STANDALONE))
|
---|
| 1129 | CuAssertTrue(tc, 0 == sh_prochk_add_process("init"));
|
---|
| 1130 | CuAssertTrue(tc,
|
---|
| 1131 | S_TRUE == is_in_watchlist(" 1 ? 00:00:00 init", 0));
|
---|
| 1132 | CuAssertTrue(tc,
|
---|
| 1133 | S_FALSE == is_in_watchlist(" 1 ? 00:00:00 flix", 0));
|
---|
| 1134 | CuAssertTrue(tc,
|
---|
| 1135 | S_TRUE == is_in_watchlist("25218 ? SNs 0:01 /usr/sbin/init -k start -DSSL", 0));
|
---|
| 1136 | CuAssertTrue(tc,
|
---|
| 1137 | S_FALSE == is_in_watchlist("25218 ? SNs 0:01 /usr/sbin/apache2 -k start -DSSL", 0));
|
---|
| 1138 |
|
---|
| 1139 |
|
---|
| 1140 | sh_prochk_free_list(process_check);
|
---|
| 1141 | process_check = NULL;
|
---|
| 1142 | CuAssertTrue(tc, S_FALSE == is_in_watchlist("init", 0));
|
---|
| 1143 |
|
---|
| 1144 | CuAssertTrue(tc, 0 == sh_prochk_add_process("init"));
|
---|
| 1145 | CuAssertTrue(tc, 0 == sh_prochk_add_process("ssh"));
|
---|
| 1146 | CuAssertTrue(tc, 0 == sh_prochk_add_process("syslog"));
|
---|
| 1147 | CuAssertTrue(tc, S_TRUE == is_in_watchlist("init", 0));
|
---|
| 1148 | CuAssertTrue(tc, S_TRUE == is_in_watchlist("ssh", 0));
|
---|
| 1149 | CuAssertTrue(tc, S_TRUE == is_in_watchlist("syslog", 0));
|
---|
| 1150 |
|
---|
| 1151 | sh_prochk_free_list(process_check);
|
---|
| 1152 | process_check = NULL;
|
---|
| 1153 | CuAssertTrue(tc, S_FALSE == is_in_watchlist("init", 0));
|
---|
| 1154 | CuAssertTrue(tc, S_FALSE == is_in_watchlist("ssh", 0));
|
---|
| 1155 | CuAssertTrue(tc, S_FALSE == is_in_watchlist("syslog", 0));
|
---|
| 1156 | #else
|
---|
| 1157 | (void) tc; /* fix compiler warning */
|
---|
| 1158 | #endif
|
---|
| 1159 | return;
|
---|
| 1160 | }
|
---|
| 1161 |
|
---|
| 1162 | void Test_processcheck_listhandle_ok (CuTest *tc) {
|
---|
| 1163 | #if defined(SH_USE_PROCESSCHECK) && (defined(SH_WITH_CLIENT) || defined(SH_STANDALONE))
|
---|
| 1164 | CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "init", 0));
|
---|
| 1165 | CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "init", 0));
|
---|
| 1166 | CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "foobar", 0));
|
---|
| 1167 | CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "foobar", 0));
|
---|
| 1168 |
|
---|
| 1169 | if (list_missing)
|
---|
| 1170 | kill_list(list_missing);
|
---|
| 1171 | list_missing = NULL;
|
---|
| 1172 |
|
---|
| 1173 | CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "init", 0));
|
---|
| 1174 | CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "init", 0));
|
---|
| 1175 | CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "foobar", 0));
|
---|
| 1176 | CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "foobar", 0));
|
---|
| 1177 |
|
---|
| 1178 | if (list_missing)
|
---|
| 1179 | kill_list(list_missing);
|
---|
| 1180 | list_missing = NULL;
|
---|
| 1181 |
|
---|
| 1182 | CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "init", 0));
|
---|
| 1183 | CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "init", 0));
|
---|
| 1184 | CuAssertTrue(tc, S_FALSE == is_in_list(&list_missing, "foobar", 0));
|
---|
| 1185 | CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "foobar", 0));
|
---|
| 1186 |
|
---|
| 1187 | CuAssertTrue(tc, 2 == clean_list(&list_missing));
|
---|
| 1188 | CuAssertPtrNotNull(tc, list_missing);
|
---|
| 1189 |
|
---|
| 1190 | CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "init", 0));
|
---|
| 1191 | CuAssertTrue(tc, S_TRUE == is_in_list(&list_missing, "foobar", 0));
|
---|
| 1192 |
|
---|
| 1193 | CuAssertTrue(tc, 2 == clean_list(&list_missing));
|
---|
| 1194 | CuAssertPtrNotNull(tc, list_missing);
|
---|
| 1195 |
|
---|
| 1196 | CuAssertTrue(tc, 0 == clean_list(&list_missing));
|
---|
| 1197 | CuAssertTrue(tc, NULL == list_missing);
|
---|
| 1198 | #else
|
---|
| 1199 | (void) tc; /* fix compiler warning */
|
---|
| 1200 | #endif
|
---|
| 1201 | return;
|
---|
| 1202 | }
|
---|
| 1203 |
|
---|
| 1204 |
|
---|
| 1205 | /* #ifdef SH_CUTEST */
|
---|
| 1206 | #endif
|
---|
| 1207 |
|
---|