Changeset 206
- Timestamp:
- Jan 8, 2009, 10:08:45 PM (16 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/docs/Changelog
r205 r206 1 1 2.5.2: 2 * fix reporting of user for open ports to prelude 3 * report process pid for open ports 2 4 * replace _exit() by raise(SIGKILL) b/o pthread problem 3 5 * new option LooseDirCheck ([false]/true), request by -
trunk/src/sh_cat.c
r192 r206 135 135 #ifdef SH_USE_PORTCHECK 136 136 { MSG_PORT_MISS, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceMissing] %s\"")}, 137 { MSG_PORT_NEW, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceNew] %s\" path=\"%s\" userid=\"%s\"")},138 { MSG_PORT_RESTART,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceRestarted] %s\" path=\"%s\" userid=\"%s\"")},139 { MSG_PORT_NEWPORT,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServicePortSwitch] %s\" path=\"%s\" userid=\"%s\"")},137 { MSG_PORT_NEW, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceNew] %s\" path=\"%s\" pid=\"%lu\" userid=\"%s\"")}, 138 { MSG_PORT_RESTART,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceRestarted] %s\" path=\"%s\" pid=\"%lu\" userid=\"%s\"")}, 139 { MSG_PORT_NEWPORT,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServicePortSwitch] %s\" path=\"%s\" pid=\"%lu\" userid=\"%s\"")}, 140 140 #endif 141 141 … … 464 464 #ifdef SH_USE_PORTCHECK 465 465 { MSG_PORT_MISS, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServiceMissing] %s>")}, 466 { MSG_PORT_NEW, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServiceNew] %s> path=<%s> userid=<%s>")},467 { MSG_PORT_RESTART,SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServiceRestarted] %s> path=<%s> userid=<%s>")},468 { MSG_PORT_NEWPORT,SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServicePortSwitch] %s> path=<%s> userid=<%s>")},466 { MSG_PORT_NEW, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServiceNew] %s> path=<%s> pid=<%lu> userid=<%s>")}, 467 { MSG_PORT_RESTART,SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServiceRestarted] %s> path=<%s> pid=<%lu> userid=<%s>")}, 468 { MSG_PORT_NEWPORT,SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [ServicePortSwitch] %s> path=<%s> pid=<%lu> userid=<%s>")}, 469 469 #endif 470 470 -
trunk/src/sh_port2proc.c
r199 r206 311 311 /* returns the command and fills the 'user' array 312 312 */ 313 char * sh_port2proc_query(int proto, struct in_addr * saddr, int sport, 313 char * sh_port2proc_query(int proto, struct in_addr * saddr, int sport, unsigned long * pid, 314 314 char * user, size_t userlen) 315 315 { … … 320 320 else 321 321 fd = fopen("/proc/net/udp", "r"); 322 323 *pid = 0; 322 324 323 325 if (fd) … … 345 347 { 346 348 fclose(fd); 349 *pid = (unsigned long) new->pid; 347 350 if (new->path) 348 351 { … … 363 366 } 364 367 err_out: 365 sl_strlcpy(user, " 0", userlen);368 sl_strlcpy(user, "-", userlen); 366 369 return sh_util_strdup("-"); 367 370 } … … 750 753 751 754 char * sh_port2proc_query(int proto, struct in_addr * saddr, int sport, 752 char * user, size_t userlen)755 unsigned long * pid, char * user, size_t userlen) 753 756 { 754 757 int n, hash; … … 756 759 struct in_addr * haddr; 757 760 struct sock * s; 761 762 *pid = 0; 758 763 759 764 for (xf = xfiles, n = 0; n < nxfiles; ++n, ++xf) { … … 796 801 struct sock_store try; 797 802 803 *pid = xf->xf_pid; 804 798 805 try.pid = xf->xf_pid; 799 806 try.path = NULL; … … 862 869 863 870 char * sh_port2proc_query(int proto, struct in_addr * saddr, int sport, 864 char * user, size_t userlen)871 unsigned long * pid, char * user, size_t userlen) 865 872 { 866 873 (void) proto; … … 868 875 (void) sport; 869 876 877 *pid = 0; 878 870 879 sl_strlcpy(user, "-", userlen); 871 880 return sh_util_strdup("-"); -
trunk/src/sh_portcheck.c
r180 r206 137 137 138 138 extern char * sh_port2proc_query(int proto, struct in_addr * saddr, int sport, 139 char * user, size_t userlen);139 unsigned long * pid, char * user, size_t userlen); 140 140 extern int sh_port2proc_prepare(); 141 141 … … 515 515 { 516 516 char * path; 517 unsigned long qpid; 517 518 char user[USER_MAX]; 518 519 … … 523 524 inet_ntoa(haddr), port, SH_PROTO_STR(proto), service); 524 525 #else 525 path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user));526 path = sh_port2proc_query(proto, &haddr, port, &qpid, user, sizeof(user)); 526 527 SH_MUTEX_LOCK(mutex_thread_nolog); 527 528 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 528 MSG_PORT_NEW, errbuf, path, user);529 MSG_PORT_NEW, errbuf, path, qpid, user); 529 530 SH_MUTEX_UNLOCK(mutex_thread_nolog); 530 531 SH_FREE(path); … … 538 539 { 539 540 char * path; 541 unsigned long qpid; 540 542 char user[USER_MAX]; 541 543 … … 545 547 fprintf(stderr, _("service: %s\n"), errbuf); 546 548 #else 547 path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user));549 path = sh_port2proc_query(proto, &haddr, port, &qpid, user, sizeof(user)); 548 550 SH_MUTEX_LOCK(mutex_thread_nolog); 549 551 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 550 MSG_PORT_RESTART, errbuf, path, user);552 MSG_PORT_RESTART, errbuf, path, qpid, user); 551 553 SH_MUTEX_UNLOCK(mutex_thread_nolog); 552 554 SH_FREE(path); … … 558 560 { 559 561 char * path; 562 unsigned long qpid; 560 563 char user[USER_MAX]; 561 564 … … 565 568 fprintf(stderr, _("service: %s\n"), errbuf); 566 569 #else 567 path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user));570 path = sh_port2proc_query(proto, &haddr, port, &qpid, user, sizeof(user)); 568 571 SH_MUTEX_LOCK(mutex_thread_nolog); 569 572 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 570 MSG_PORT_NEWPORT, errbuf, path, user);573 MSG_PORT_NEWPORT, errbuf, path, qpid, user); 571 574 SH_MUTEX_UNLOCK(mutex_thread_nolog); 572 575 SH_FREE(path); … … 585 588 { 586 589 char * path; 590 unsigned long qpid; 587 591 char user[USER_MAX]; 588 592 … … 593 597 inet_ntoa(haddr), port, SH_PROTO_STR(proto), check_services(port, proto)); 594 598 #else 595 path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user));599 path = sh_port2proc_query(proto, &haddr, port, &qpid, user, sizeof(user)); 596 600 SH_MUTEX_LOCK(mutex_thread_nolog); 597 601 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 598 MSG_PORT_NEW, errbuf, path, user);602 MSG_PORT_NEW, errbuf, path, qpid, user); 599 603 SH_MUTEX_UNLOCK(mutex_thread_nolog); 600 604 SH_FREE(path); … … 608 612 { 609 613 char * path; 614 unsigned long qpid; 610 615 char user[USER_MAX]; 611 616 … … 615 620 fprintf(stderr, _("port : %s\n"), errbuf); 616 621 #else 617 path = sh_port2proc_query(proto, &haddr, port, user, sizeof(user));622 path = sh_port2proc_query(proto, &haddr, port, &qpid, user, sizeof(user)); 618 623 SH_MUTEX_LOCK(mutex_thread_nolog); 619 624 sh_error_handle(sh_portchk_severity, FIL__, __LINE__, 0, 620 MSG_PORT_RESTART, errbuf, path, user);625 MSG_PORT_RESTART, errbuf, path, qpid, user); 621 626 SH_MUTEX_UNLOCK(mutex_thread_nolog); 622 627 SH_FREE(path); -
trunk/src/sh_prelude.c
r181 r206 696 696 int ret; 697 697 long port; 698 char *ptr, *new, *tmp, *ip, *srv, * end;698 char *ptr, *new, *tmp, *ip, *srv, *protocol, *end; 699 699 prelude_string_t *str; 700 700 idmef_address_t *address; … … 704 704 idmef_service_t *service; 705 705 idmef_source_t *source = idmef_alert_get_next_source(alert, NULL); 706 struct passwd *pw; 707 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 708 struct passwd pwd; 709 char buffer[SH_PWBUF_SIZE]; 710 #endif 706 711 707 712 new = sh_util_strdup(msg); … … 778 783 if ( *ptr && *end == '\0' && port >= 0 && port < 65536) { 779 784 785 char * tmpw; 786 780 787 if ( ! source ) { 781 788 ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND); 782 789 if ( ret < 0 ) { 783 free(srv);784 790 SH_FREE( new ); 785 791 return ret; … … 789 795 ret = idmef_source_new_service(source, &service); 790 796 if ( ret < 0 ) { 791 free(srv);792 797 SH_FREE( new ); 793 798 return ret; … … 795 800 796 801 idmef_service_set_port(service, port); 802 803 ret = idmef_service_new_protocol(service, &str); 804 if ( ret < 0 ) { 805 SH_FREE( new ); 806 return ret; 807 } 808 809 ++tmp; 810 if (*tmp) { 811 char * tmpw = tmp; 812 char tmpw_store; 813 while (*tmpw && !isblank((int) *tmpw)) ++tmpw; 814 tmpw_store = *tmpw; *tmpw = '\0'; 815 protocol = strdup(tmp); 816 *tmpw = tmpw_store; 817 prelude_string_set_nodup(str, protocol); 818 } 819 797 820 } 798 821 … … 850 873 SH_FREE( new ); 851 874 852 ptr = get_value(msg, _("user "), NULL);875 ptr = get_value(msg, _("userid"), NULL); 853 876 854 877 if ( ptr ) { 855 878 879 idmef_user_id_t * user_id; 880 856 881 ret = idmef_source_new_user(source, &user); 857 882 if ( ret < 0 ) { … … 860 885 } 861 886 862 ret = idmef_user_new_ident(user, &str); 863 if ( ret < 0 ) { 864 free(ptr); 865 return ret; 866 } 887 idmef_user_set_category(user, IDMEF_USER_CATEGORY_APPLICATION); 888 889 ret = idmef_user_new_user_id(user, &user_id, IDMEF_LIST_APPEND); 890 if ( ret < 0 ) { 891 free(ptr); 892 return ret; 893 } 894 895 idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_CURRENT_USER); 896 897 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) 898 sh_getpwnam_r(ptr, &pwd, buffer, sizeof(buffer), &pw); 899 #else 900 pw = sh_getpwnam(ptr); 901 #endif 902 if ( pw ) 903 idmef_user_id_set_number(user_id, pw->pw_uid); 904 905 ret = idmef_user_id_new_name(user_id, &str); 906 if ( ret < 0 ) { 907 free(ptr); 908 return ret; 909 } 867 910 prelude_string_set_nodup(str, ptr); 911 868 912 } 869 913 870 914 ptr = get_value(msg, _("path"), NULL); 915 tmp = get_value(msg, _("pid"), NULL); 871 916 872 917 if ( ptr ) { … … 889 934 prelude_string_set_nodup(str, ptr); 890 935 891 ptr = strrchr(ptr, '/');892 if ( ptr) {936 937 if ( NULL != strrchr(ptr, '/') ) { 893 938 ret = idmef_process_new_name(process, &str); 894 939 if ( ret == 0 ) { 940 ptr = strrchr(ptr, '/'); 895 941 prelude_string_set_dup(str, ptr + 1); 896 942 } 897 } 898 } 943 } else { 944 ret = idmef_process_new_name(process, &str); 945 if ( ret == 0 ) { 946 prelude_string_set_dup(str, ptr); 947 } 948 } 949 950 idmef_process_set_pid(process, strtoul(tmp, NULL, 0)); 951 } 952 953 if (tmp) 954 free(tmp); 899 955 900 956 return 0; -
trunk/test/testrun_1b.sh
r170 r206 242 242 rm -f $PW_DIR/test_log_prelude 243 243 244 [ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } 244 245 "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & 245 246 PID=$! … … 266 267 if [ $tmp -lt 1 ]; then 267 268 [ -z "$verbose" ] || log_msg_fail "/etc"; 269 kill $PID 270 return 1 268 271 fi 269 272 tmp=`egrep 'Classification text: Checking' test_log_prelude 2>/dev/null | wc -l` 270 273 if [ $tmp -lt 1 ]; then 271 274 [ -z "$verbose" ] || log_msg_fail "checking"; 275 kill $PID 276 return 1 272 277 fi 273 278 # … … 276 281 if [ $tmp -lt 1 ]; then 277 282 [ -z "$verbose" ] || log_msg_fail "service"; 283 kill $PID 284 return 1 278 285 fi 279 286 tmp=`egrep 'Service: port=5500' test_log_prelude 2>/dev/null | wc -l` 280 287 if [ $tmp -lt 1 ]; then 281 288 [ -z "$verbose" ] || log_msg_fail "port 5500"; 289 kill $PID 290 return 1 282 291 fi 283 292 fi -
trunk/test/testrun_1e.sh
r179 r206 23 23 export BUILDOPTS 24 24 25 MAXTEST=4; export MAXTEST 25 MAXTEST=5; export MAXTEST 26 27 PORTPOLICY_5=" 28 [ReadOnly] 29 file=${BASE} 30 [PortCheck] 31 PortCheckActive = yes 32 PortCheckUDP = no 33 PortCheckInterface = 127.0.0.1 34 " 35 36 chk_portdata_5 () { 37 one_sec_sleep 38 39 if [ -z "$PM" ]; then 40 log_skip 5 $MAXTEST 'prelude-manager not found in $PATH' 41 elif [ -z "$doall" ]; then 42 log_skip 5 $MAXTEST 'logging to prelude (or use --really-all)' 43 else 44 tmp=`egrep 'Service: port=5500 .unknown. protocol=tcp' test_log_prelude 2>/dev/null | wc -l` 45 if [ $tmp -lt 1 ]; then 46 [ -z "$verbose" ] || log_msg_fail "port 5500"; 47 [ -z "$quiet" ] && log_fail 5 ${MAXTEST}; 48 return 1 49 fi 50 # 51 [ -z "$quiet" ] && log_ok 5 ${MAXTEST}; 52 fi 53 return 0 54 } 55 56 refine_portpolicy_5 () 57 { 58 echo "PortCheckIgnore=2026/tcp" >>"${RCFILE}" 59 echo "PortCheckIgnore=2027/udp" >>"${RCFILE}" 60 echo "PortCheckIgnore=2028/tcp" >>"${RCFILE}" 61 echo "PortCheckIgnore=2029/udp" >>"${RCFILE}" 62 } 26 63 27 64 PORTPOLICY_4=" … … 147 184 eval echo '"$'"PORTPOLICY_$1"'"' >>"${RCFILE}" 148 185 } 186 187 run_check_prelude() 188 { 189 ./samhain -t check -p none -l info --set-prelude-severity=info --prelude --server-addr 127.0.0.1:5500 >/dev/null 190 191 if test x$? = x0; then 192 193 ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" 194 195 if [ $? -ne 0 ]; then 196 [ -z "$quiet" ] && log_msg_fail "mv logfile..."; 197 return 1 198 fi 199 [ -z "$verbose" ] || log_msg_ok "check..."; 200 else 201 [ -z "$quiet" ] && log_msg_fail "check..."; 202 return 1 203 fi 204 } 205 149 206 150 207 testrun_internal_1e () … … 209 266 rm -f "$LOGFILE" 210 267 # 211 if [ $errval -eq 0 ]; then 212 run_check 213 check_err $? ${tcount}; errval=$? 214 fi 268 PRELUDEPID=0 269 # 270 if test ${tcount} -eq 5; 271 then 272 273 PM=`find_path prelude-manager` 274 275 if [ -z "$PM" ]; then 276 if [ $errval -eq 0 ]; then 277 run_check 278 check_err $? ${tcount}; errval=$? 279 fi 280 elif [ -z "$doall" ]; then 281 if [ $errval -eq 0 ]; then 282 run_check 283 check_err $? ${tcount}; errval=$? 284 fi 285 else 286 # 287 # 288 ${TOP_SRCDIR}/configure ${BUILDOPTS} --with-prelude 289 # 290 # 291 if test x$? = x0; then 292 [ -z "$verbose" ] || log_msg_ok "configure..."; 293 $MAKE >/dev/null 2>&1 294 if test x$? = x0; then 295 [ -z "$verbose" ] || log_msg_ok "make..."; 296 else 297 [ -z "$quiet" ] && log_msg_fail "make..."; 298 return 1 299 fi 300 301 else 302 [ -z "$quiet" ] && log_msg_fail "configure..."; 303 return 1 304 fi 305 # 306 # 307 if ! test -d /var/run/prelude-manager 308 then 309 [ -z "$verbose" ] || log_msg_ok "create /var/run/prelude-manager..."; 310 sudo mkdir /var/run/prelude-manager 311 sudo chown prelude:rainer /var/run/prelude-manager 312 sudo chmod 770 /var/run/prelude-manager 313 fi 314 if ! test -d /var/spool/prelude/samhain/global 315 then 316 [ -z "$verbose" ] || log_msg_ok "create /var/spool/prelude/samhain/global..."; 317 sudo mkdir -p /var/spool/prelude/samhain/global 318 sudo chown prelude:rainer /var/spool/prelude/samhain/global 319 sudo chmod 770 /var/spool/prelude/samhain/global 320 fi 321 322 # 323 # 324 [ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } 325 "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & 326 PRELUDEPID=$! 327 # 328 # 329 five_sec_sleep 330 # 331 # 332 if [ $errval -eq 0 ]; then 333 run_check_prelude 334 check_err $? ${tcount}; errval=$? 335 fi 336 fi 337 338 else 339 if [ $errval -eq 0 ]; then 340 run_check 341 check_err $? ${tcount}; errval=$? 342 fi 343 fi 344 # 215 345 if [ $errval -eq 0 ]; then 216 346 eval chk_portdata_${tcount} … … 219 349 # 220 350 if [ $errval -eq 0 ]; then 221 [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; 351 if test ${tcount} -ne 5; then 352 [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; 353 fi 222 354 fi 223 355 let "tcount = tcount + 1" >/dev/null 224 356 POLICY=`eval echo '"$'"PORTPOLICY_$tcount"'"'` 357 358 if test $PRELUDEPID -ne 0; 359 then 360 kill $PRELUDEPID 361 fi 362 225 363 done 226 364
Note:
See TracChangeset
for help on using the changeset viewer.