- Location:
- /trunk
- Files:
-
- 11 edited
-
docs/Changelog (modified) (1 diff)
-
dsys/comINSTALL (modified) (6 diffs)
-
dsys/funcINSTALL (modified) (2 diffs)
-
man/samhain.8 (modified) (2 diffs)
-
scripts/samhainadmin.pl.in (modified) (9 diffs)
-
src/sh_calls.c (modified) (1 diff)
-
src/sh_database.c (modified) (5 diffs)
-
src/sh_forward.c (modified) (1 diff)
-
src/sh_hash.c (modified) (2 diffs)
-
src/sh_kern.c (modified) (4 diffs)
-
src/sh_prelude.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
/trunk/docs/Changelog
r3 r1 1 2 1 2.1.1: 3 * sh_calls.c: protect sh_calls_set_bind_addr against overriding4 * comINSTALL, updateDB: use locking5 * samhainadmin.pl: use locking6 2 * fix typos in samhainrc.solaris (noticed by Robby Cauwerts) 7 3 * improve zAVLSearch (remove redundant strcmp) 8 * use AVL tree in sh_files.c instead of linked list ( better scaling)4 * use AVL tree in sh_files.c instead of linked list (scales way better) 9 5 * fix bug with suidcheck (no update/check in one-shot mode with 10 6 schedule instead of check interval; noticed by R. Rati) -
/trunk/dsys/comINSTALL
r3 r1 340 340 #--------------------------------------------------------------------- 341 341 342 instlock="${yule_conf}.lockdir";343 trap "rm -rf ${instlock}" 1 2 13 15344 345 if test x"$simulate" = x0346 then347 #348 # A lockfile will not work, because 'root' can write anyway.349 # However, 'mkdir' an existing directory will fail even for root350 #351 until (umask 222; mkdir "${instlock}") 2>/dev/null # test & set352 do353 printINFO "Waiting for lock"354 sleep 1355 done356 fi357 358 342 Replace=`"${yule_exec}" -P "${is_passwd}" | sed s%HOSTNAME%${host}%g` 359 343 if test "x$Replace" = x 360 344 then 361 rm -rf "${instlock}"362 345 printFATAL "Could not execute ${yule_exec} -P ${is_passwd}." 363 346 fi … … 373 356 then 374 357 Seen=y 375 echo "$Replace" >>"$tmpF" 376 if [ $? -ne 0 ]; then 377 rm -rf "${instlock}" 378 printFATAL "Cannot write new server configuration." 379 fi 358 echo "$Replace" >>"$tmpF" || printFATAL "Cannot write new server configuration." 380 359 fi 381 360 else … … 384 363 : 385 364 else 386 echo "$line" >>"$tmpF" 387 if [ $? -ne 0 ]; then 388 rm -rf "${instlock}" 389 printFATAL "Cannot write new server configuration." 390 fi 365 echo "$line" >>"$tmpF" || printFATAL "Cannot write new server configuration." 391 366 fi 392 367 fi … … 405 380 if test x"$simulate" = x0 406 381 then 407 ageFILE "${yule_conf}" 408 if [ $? -ne 0 ]; then 409 rm -rf "${instlock}" 410 printFATAL "Could not backup ${yule_conf}" 411 fi 412 413 rm -f "${yule_conf}" && cp "$tmpF" "${yule_conf}" 414 if [ $? -ne 0 ]; then 415 rm -rf "${instlock}" 416 printFATAL "Could not write new server config. Backup is ${yule_conf}.1" 417 fi 418 419 chown ${rcfile_owner}:${rcfile_group} "${yule_conf}" 420 if [ $? -ne 0 ]; then 421 rm -rf "${instlock}" 422 printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_conf}" 423 fi 424 425 chmod ${rcfile_perm} "${yule_conf}" 426 if [ $? -ne 0 ]; then 427 rm -rf "${instlock}" 428 printFATAL "Could not chmod ${rcfile_perm} ${yule_conf}" 429 fi 382 ageFILE "${yule_conf}" || printFATAL "Could not backup ${yule_conf}." 383 rm -f "${yule_conf}" && { cp "$tmpF" "${yule_conf}" || printFATAL "Could not write new server config. Backup is ${yule_conf}.1"; } 384 chown ${rcfile_owner}:${rcfile_group} "${yule_conf}" || printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_conf}" 385 chmod ${rcfile_perm} "${yule_conf}" || printFATAL "Could not chmod ${rcfile_perm} ${yule_conf}" 430 386 else 431 387 printINFO "Backup and update ${yule_conf}" … … 467 423 sleep 5 468 424 # 469 rm -rf "${instlock}"470 425 else 471 426 printINFO "Reloading server configuration." … … 473 428 474 429 printLOG "Server configuration updated and reloaded." 475 476 430 477 431 #--------------------------------------------------------------------- -
/trunk/dsys/funcINSTALL
r3 r1 91 91 DATABASE="${basedir}/${defdatabase}" 92 92 fi 93 94 updlock="${DATABASE}.lockdir"95 trap "rm -rf ${updlock}" 1 2 13 1596 97 #98 # A lockfile will not work, because 'root' can write anyway.99 # However, 'mkdir' an existing directory will fail even for root100 #101 until (umask 222; mkdir "${updlock}") 2>/dev/null # test & set102 do103 printINFO "Waiting for lock"104 sleep 1105 done106 107 93 108 94 IDATE=`date +"%Y-%m-%d %H:%M:%S"` … … 237 223 fi 238 224 239 chown ${rcfile_owner}:${rcfile_group} "${DATABASE}" 240 if [ $? -ne 0 ]; then 241 rm -rf "${instlock}" 242 printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${DATABASE}" 243 fi 244 chmod ${rcfile_perm} "${DATABASE}" 245 if [ $? -ne 0 ]; then 246 rm -rf "${instlock}" 247 printFATAL "Could not chmod ${rcfile_perm} ${DATABASE}" 248 fi 249 250 rm -rf "${updlock}" 225 chown ${rcfile_owner}:${rcfile_group} "${DATABASE}" || printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${DATABASE}" 226 chmod ${rcfile_perm} "${DATABASE}" || printFATAL "Could not chmod ${rcfile_perm} ${DATABASE}" 227 251 228 } 252 229 -
/trunk/man/samhain.8
r3 r1 14 14 { 15 15 .I \-t update|\-\-set\-checksum\-test=update 16 } [\- D | \-\-daemon | \-\-foreground] [\-\-forever] [\-r DEPTH|\-\-recursion=DEPTH] [log-options]16 } [\-r DEPTH|\-\-recursion=DEPTH] [log-options] 17 17 18 18 .B samhain … … 195 195 [\-r DEPTH|\-\-recursion=DEPTH] 196 196 Set the (global) recursion depth. 197 .TP198 [\-D|\-\-daemon]199 Run as daemon. File checks are performed as specified by the timing200 options in the configuration file. Updates are saved after each file check.201 .TP202 [\-\-foreground]203 Run in the foreground. This will cause samhain to exit after the update,204 unless the option205 .I "\-\-forever"206 is used.207 .TP208 [\-\-forever]209 If not running as daemon, do not exit after finishing the update, but210 loop forever, and perform checks with corresponding database updates211 according to the timing options in the212 configuration file.213 197 214 198 .PP -
/trunk/scripts/samhainadmin.pl.in
r3 r1 23 23 use Getopt::Long; 24 24 use File::Basename; 25 use File::Copy;26 25 use File::stat; 27 26 use File::Temp qw/ tempfile tempdir unlink0 /; 28 27 use IO::Handle; 29 use Fcntl qw(:DEFAULT :flock);30 28 31 29 File::Temp->safe_level( File::Temp::HIGH ); … … 38 36 my $return_from_sign = 0; 39 37 my $no_print_examine = 0; 40 my $no_remove_lock = 0;41 38 my $base = basename($0); 42 39 … … 45 42 my $daemon = "@sbindir@/@install_name@"; 46 43 my $gpg = "@mygpg@"; 47 48 $cfgfile =~ s/^REQ_FROM_SERVER//;49 $datafile =~ s/^REQ_FROM_SERVER//;50 44 51 45 $gpg = "gpg" if ($gpg eq ""); … … 192 186 193 187 my $dir = tempdir( CLEANUP => 1 ); 194 $filename = $dir . "/exa_jhfdbilw ." . $$;188 $filename = $dir . "/exa_jhfdbilw"; 195 189 open $fh, ">$filename" or die "Cannot open $filename"; 196 190 autoflush $fh 1; … … 287 281 open FH, "<$file1" or die "Cannot open file $file1 for read: $!"; 288 282 if (!($file1 =~ /^\-$/)) { 289 flock(FH, LOCK_EX) unless ($no_remove_lock == 1);290 283 my $dir = tempdir( CLEANUP => 1 ) or die "Tempdir failed"; 291 $filename = $dir . "/rem_iqegBCQb ." . $$;284 $filename = $dir . "/rem_iqegBCQb"; 292 285 open $fh, ">$filename" or die "Cannot open $filename"; 293 286 $stats = stat($file1); … … 320 313 } 321 314 if (!($file1 =~ /^\-$/)) { 322 copy("$filename", "$file1") 323 or die "Copy $filename to $file1 failed: $!"; 315 my $command = "cp $filename $file1"; 316 system ($command) == 0 317 or die "system $command failed: $?"; 324 318 chmod $stats->mode, $file1; 325 319 chown $stats->uid, $stats->gid, $file1; 326 flock(FH, LOCK_UN) unless ($no_remove_lock == 1);327 close FH;328 320 } 329 321 unlink0( $fh, $filename ) or die "Cannot unlink $filename safely"; … … 394 386 if ($file1 =~ /^\-$/) { 395 387 my $dir = tempdir( CLEANUP => 1 ) or die "Tempdir failed"; 396 $filename1 = $dir . "/sig_vs8827sd ." . $$;388 $filename1 = $dir . "/sig_vs8827sd"; 397 389 open $fh1, ">$filename1" or die "Cannot open $filename1"; 398 390 $flag1 = 1; … … 427 419 $fileout = '-'; 428 420 } else { 429 open (LOCKFILE, "<$file1") or die "Cannot open $file1: $!";430 flock(LOCKFILE, LOCK_EX);431 421 $no_print_examine = 1; 432 $no_remove_lock = 1;433 422 if (examine() < 2) { 434 423 remove(); 435 424 } 436 425 $fileout = $file1 . ".asc"; 437 $stats = stat($file1) 438 or die "No file $file1: $!"; 426 $stats = stat($file1); 439 427 } 440 428 … … 458 446 die ("Signed file is smaller than unsigned file") 459 447 unless ($st_new->size > $st_old->size); 460 move("$fileout", "$file2")461 or die " Move $fileout to $file2 failed: $!";448 system ("mv $fileout $file2") == 0 449 or die "system mv $fileout $file2 failed: $?"; 462 450 chmod $stats->mode, $file2; 463 451 chown $stats->uid, $stats->gid, $file2; 464 flock(LOCKFILE, LOCK_UN);465 452 } 466 453 -
/trunk/src/sh_calls.c
r3 r1 138 138 int sh_calls_set_bind_addr (char * str) 139 139 { 140 static int reject = 0;141 142 if (reject == 1)143 return (0);144 145 if (sh.flag.opts == S_TRUE)146 reject = 1;147 148 140 if (0 == /*@-unrecog@*/inet_aton(str, &bind_addr)/*@+unrecog@*/) 149 141 { -
/trunk/src/sh_database.c
r3 r1 38 38 #include "sh_error.h" 39 39 #include "sh_utils.h" 40 41 extern int safe_logger (int signal, int method, pid_t thepid);42 40 43 41 #undef FIL__ … … 1011 1009 { 1012 1010 int status = 0; 1013 c onst char* p;1011 char * p; 1014 1012 static MYSQL * db_conn = NULL; 1015 1013 static SH_TIMEOUT sh_timer = { 0, 3600, S_TRUE }; … … 1449 1447 retv = S_FALSE; 1450 1448 } 1451 else if (*p == '\"' && escp == 0)1452 {1453 retv = S_FALSE;1454 }1455 1449 else 1456 1450 { … … 1459 1453 ++p; 1460 1454 } 1461 if (escp == 1)1462 retv = S_FALSE;1463 1455 return retv; 1464 1456 } … … 1554 1546 1555 1547 if (S_FALSE == is_escaped(&p[j+2])) { 1556 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,1557 _("Message not properly escaped"),1558 _("sh_database_parse"));1559 1548 SL_RETURN(NULL, _("sh_database_parse")); 1560 1549 } -
/trunk/src/sh_forward.c
r3 r1 1944 1944 SL_RET0(_("free_client")); 1945 1945 } 1946 1947 extern int safe_logger (int signal, int method, pid_t thepid);1948 1946 1949 1947 int sh_forward_register_client (char * str) -
/trunk/src/sh_hash.c
r3 r1 653 653 { 654 654 sh_file_t * p; 655 sh_file_t * q;656 655 int key; 657 656 … … 675 674 strlen(s->fullpath) == strlen(p->fullpath)) 676 675 { 677 q = p->next; 678 SH_FREE(p->fullpath); 679 if(p->linkpath) 680 SH_FREE(p->linkpath); 681 memcpy(p, s, sizeof(sh_file_t)); 682 p->next = q; 676 SH_FREE(s->fullpath); 677 if(s->linkpath) 678 SH_FREE(s->linkpath); 683 679 SH_FREE(s); 684 680 s = NULL; -
/trunk/src/sh_kern.c
r3 r1 859 859 * Stored(old) is system_call_code[] 860 860 */ 861 if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE)861 if (sh.flag.checkSum == SH_CHECK_INIT) 862 862 { 863 863 store0 = 0; store1 = 0; store2 = 0; … … 935 935 * Stored(old) is sh_syscalls[] array. 936 936 */ 937 if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE)937 if (sh.flag.checkSum == SH_CHECK_INIT) 938 938 { 939 939 for (i = 0; i < SH_MAXCALLS; ++i) … … 1125 1125 if (ShKernIDT == S_TRUE) 1126 1126 { 1127 if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE)1127 if (sh.flag.checkSum == SH_CHECK_INIT) 1128 1128 { 1129 1129 datasize = 8; … … 1447 1447 * Stored(old) is sh_syscalls[] array. 1448 1448 */ 1449 if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE)1449 if (sh.flag.checkSum == SH_CHECK_INIT) 1450 1450 { 1451 1451 for (i = 0; i < SH_MAXCALLS; ++i) -
/trunk/src/sh_prelude.c
r3 r1 795 795 796 796 if ( strstr(message, _("path=")) ) { 797 #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE)798 797 if ( msgid != MSG_FI_ADD && msgid != MSG_FI_ADD2 ) 799 798 get_file_infos(target, message, IDMEF_FILE_CATEGORY_ORIGINAL); 800 #endif801 799 802 800 get_file_infos(target, message, IDMEF_FILE_CATEGORY_CURRENT);
Note:
See TracChangeset
for help on using the changeset viewer.
