Changeset 180
- Timestamp:
- Sep 23, 2008, 6:55:45 PM (16 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Makefile.in
r171 r180 150 150 $(srcsrc)/sh_userfiles.c $(srcsrc)/sh_prelude.c \ 151 151 $(srcsrc)/sh_prelink.c $(srcsrc)/sh_static.c \ 152 $(srcsrc)/sh_portcheck.c \152 $(srcsrc)/sh_portcheck.c $(srcsrc)/sh_port2proc.c\ 153 153 $(srcsrc)/sh_processcheck.c $(srcsrc)/sh_prelude_old.c \ 154 154 $(srcsrc)/sh_pthread.c $(srcsrc)/sh_string.c \ … … 167 167 zAVLTree.o sh_socket.o sh_ignore.o sh_prelude.o \ 168 168 sh_mounts.o sh_userfiles.o sh_prelink.o sh_static.o \ 169 sh_processcheck.o sh_portcheck.o sh_p relude_old.o \169 sh_processcheck.o sh_portcheck.o sh_port2proc.o sh_prelude_old.o \ 170 170 sh_pthread.o sh_string.o dnmalloc.o 171 171 … … 1714 1714 dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h 1715 1715 t-test1.o: $(srcsrc)/t-test1.c Makefile config.h $(srcinc)/malloc.h 1716 sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error_min.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h -
trunk/depend.dep
r172 r180 68 68 dnmalloc-portable.o: $(srcsrc)/dnmalloc-portable.c Makefile config.h 69 69 dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h 70 sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error_min.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h -
trunk/depend.sum
r172 r180 1 1366887748 1 2749055739 -
trunk/docs/Changelog
r177 r180 1 2.4.6a: 1 2.4.7: 2 * sh_forward.c: increase TIME_OUT_DEF to 900 secs 3 * dnmalloc.c: initialize rc in dnmalloc_fork_child(), 4 reported by B. Podlipnik 5 6 2.4.6a (09-10-2008): 2 7 * fix compile problem on Fedora 9 (reported by pierpaolo), 3 8 'struct ucred' in sh_socket.c requires _GNU_SOURCE -
trunk/src/dnmalloc.c
r174 r180 1509 1509 } 1510 1510 void dnmalloc_fork_child(void) { 1511 int rc ;1511 int rc = 0; 1512 1512 #ifdef __GLIBC__ 1513 1513 if (dnmalloc_use_mutex) -
trunk/src/sh_cat.c
r170 r180 135 135 #ifdef SH_USE_PORTCHECK 136 136 { MSG_PORT_MISS, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceMissing] %s\"")}, 137 { MSG_PORT_NEW, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceNew] %s\" ")},138 { MSG_PORT_RESTART,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceRestarted] %s\" ")},139 { MSG_PORT_NEWPORT,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServicePortSwitch] %s\" ")},137 { MSG_PORT_NEW, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceNew] %s\" path=\"%s\" userid=\"%s\"")}, 138 { MSG_PORT_RESTART,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceRestarted] %s\" path=\"%s\" userid=\"%s\"")}, 139 { MSG_PORT_NEWPORT,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServicePortSwitch] %s\" path=\"%s\" userid=\"%s\"")}, 140 140 #endif 141 141 … … 453 453 #ifdef SH_USE_PORTCHECK 454 454 { MSG_PORT_MISS, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServiceMissing] %s>")}, 455 { MSG_PORT_NEW, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServiceNew] %s> ")},456 { MSG_PORT_RESTART,SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServiceRestarted] %s> ")},457 { MSG_PORT_NEWPORT,SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServicePortSwitch] %s> ")},455 { MSG_PORT_NEW, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServiceNew] %s> path=<%s> userid=<%s>")}, 456 { MSG_PORT_RESTART,SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServiceRestarted] %s> path=<%s> userid=<%s>")}, 457 { MSG_PORT_NEWPORT,SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServicePortSwitch] %s> path=<%s> userid=<%s>")}, 458 458 #endif 459 459 -
trunk/src/sh_portcheck.c
r171 r180 135 135 136 136 static int sh_portchk_severity = SH_ERR_SEVERE; 137 138 extern char * sh_port2proc_query(int proto, struct in_addr * saddr, int sport, 139 char * user, size_t userlen); 140 extern int sh_port2proc_prepare(); 141 137 142 #endif 138 143 … … 509 514 if (!portent) 510 515 { 516 char * path; 517 char user[USER_MAX]; 518 511 519 snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"), 512 520 inet_ntoa(haddr), port, SH_PROTO_STR(proto), service); … … 515 523 inet_ntoa(haddr), port, SH_PROTO_STR(proto), service); 516 524 #else 525 path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user)); 517 526 SH_MUTEX_LOCK(mutex_thread_nolog); 518 527 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 519 MSG_PORT_NEW, errbuf );528 MSG_PORT_NEW, errbuf, path, user); 520 529 SH_MUTEX_UNLOCK(mutex_thread_nolog); 530 SH_FREE(path); 521 531 #endif 522 532 /* … … 527 537 else if (portent->status == SH_PORT_MISS && portent->flag != SH_PORT_IGN) 528 538 { 539 char * path; 540 char user[USER_MAX]; 541 529 542 snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s), was %d/%s"), 530 543 inet_ntoa(haddr), port, SH_PROTO_STR(proto), service, portent->port, SH_PROTO_STR(proto)); … … 532 545 fprintf(stderr, _("service: %s\n"), errbuf); 533 546 #else 547 path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user)); 534 548 SH_MUTEX_LOCK(mutex_thread_nolog); 535 549 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 536 MSG_PORT_RESTART, errbuf );550 MSG_PORT_RESTART, errbuf, path, user); 537 551 SH_MUTEX_UNLOCK(mutex_thread_nolog); 552 SH_FREE(path); 538 553 #endif 539 554 … … 542 557 else if (port != portent->port && (-1) != portent->port) 543 558 { 559 char * path; 560 char user[USER_MAX]; 561 544 562 snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s), was %d/%s"), 545 563 inet_ntoa(haddr), port, SH_PROTO_STR(proto), service, portent->port, SH_PROTO_STR(proto)); … … 547 565 fprintf(stderr, _("service: %s\n"), errbuf); 548 566 #else 567 path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user)); 549 568 SH_MUTEX_LOCK(mutex_thread_nolog); 550 569 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 551 MSG_PORT_NEWPORT, errbuf );570 MSG_PORT_NEWPORT, errbuf, path, user); 552 571 SH_MUTEX_UNLOCK(mutex_thread_nolog); 572 SH_FREE(path); 553 573 #endif 554 574 portent->port = port; … … 564 584 if (!portent) 565 585 { 586 char * path; 587 char user[USER_MAX]; 588 566 589 snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"), 567 590 inet_ntoa(haddr), port, SH_PROTO_STR(proto), check_services(port, proto)); … … 570 593 inet_ntoa(haddr), port, SH_PROTO_STR(proto), check_services(port, proto)); 571 594 #else 595 path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user)); 572 596 SH_MUTEX_LOCK(mutex_thread_nolog); 573 597 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 574 MSG_PORT_NEW, errbuf );598 MSG_PORT_NEW, errbuf, path, user); 575 599 SH_MUTEX_UNLOCK(mutex_thread_nolog); 600 SH_FREE(path); 576 601 #endif 577 602 … … 582 607 else if (portent->status == SH_PORT_MISS && portent->flag != SH_PORT_IGN) 583 608 { 609 char * path; 610 char user[USER_MAX]; 611 584 612 snprintf (errbuf, sizeof(errbuf), _("port: %s:%d/%s (%s)"), 585 613 inet_ntoa(haddr), port, SH_PROTO_STR(proto), check_services(port, proto)); … … 587 615 fprintf(stderr, _("port : %s\n"), errbuf); 588 616 #else 617 path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user)); 589 618 SH_MUTEX_LOCK(mutex_thread_nolog); 590 619 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 591 MSG_PORT_RESTART, errbuf );620 MSG_PORT_RESTART, errbuf, path, user); 592 621 SH_MUTEX_UNLOCK(mutex_thread_nolog); 622 SH_FREE(path); 593 623 #endif 594 624 … … 1482 1512 #endif 1483 1513 } 1514 1515 sh_port2proc_prepare(); 1516 1484 1517 if (sh_portchk_check_udp == 1) 1485 1518 sh_portchk_scan_ports_udp(min_port, -1); 1486 1519 sh_portchk_scan_ports_tcp(min_port, -1); 1520 1521 1487 1522 sh_portchk_check_list (&portlist_tcp, IPPROTO_TCP, SH_PORT_REPORT); 1488 1523 if (sh_portchk_check_udp == 1) 1489 1524 sh_portchk_check_list (&portlist_udp, IPPROTO_UDP, SH_PORT_REPORT); 1525 1490 1526 } 1491 1527 SH_MUTEX_UNLOCK(mutex_port_check); -
trunk/src/sh_prelude.c
r170 r180 700 700 idmef_address_t *address; 701 701 idmef_node_t *node; 702 idmef_user_t *user; 703 idmef_process_t *process; 702 704 idmef_service_t *service; 703 705 idmef_source_t *source = idmef_alert_get_next_source(alert, NULL); … … 847 849 848 850 SH_FREE( new ); 851 852 ptr = get_value(msg, _("user"), NULL); 853 854 if ( ptr ) { 855 856 ret = idmef_source_new_user(source, &user); 857 if ( ret < 0 ) { 858 free(ptr); 859 return ret; 860 } 861 862 ret = idmef_user_new_ident(user, &str); 863 if ( ret < 0 ) { 864 free(ptr); 865 return ret; 866 } 867 prelude_string_set_nodup(str, ptr); 868 } 869 870 ptr = get_value(msg, _("path"), NULL); 871 872 if ( ptr ) { 873 874 /* 875 * In term of IDMEF, this is the full path, 876 * including the name. 877 */ 878 ret = idmef_source_new_process(source, &process); 879 if ( ret < 0 ) { 880 free(ptr); 881 return ret; 882 } 883 884 ret = idmef_process_new_path(process, &str); 885 if ( ret < 0 ) { 886 free(ptr); 887 return ret; 888 } 889 prelude_string_set_nodup(str, ptr); 890 891 ptr = strrchr(ptr, '/'); 892 if ( ptr ) { 893 ret = idmef_process_new_name(process, &str); 894 if ( ret == 0 ) { 895 prelude_string_set_dup(str, ptr + 1); 896 } 897 } 898 } 849 899 850 900 return 0;
Note:
See TracChangeset
for help on using the changeset viewer.