- Timestamp:
- Apr 30, 2010, 11:55:18 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 24 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Makefile.in
r275 r279 136 136 $(srcsrc)/sh_mem.c $(srcsrc)/sh_entropy.c \ 137 137 $(srcsrc)/sh_forward.c $(srcsrc)/sh_modules.c \ 138 $(srcsrc)/sh_utmp.c $(srcsrc)/sh_ kern.c \138 $(srcsrc)/sh_utmp.c $(srcsrc)/sh_login_track.c $(srcsrc)/sh_kern.c \ 139 139 $(srcsrc)/sh_suidchk.c $(srcsrc)/sh_srp.c \ 140 140 $(srcsrc)/sh_fifo.c $(srcsrc)/sh_tools.c \ … … 170 170 samhain.o sh_unix.o sh_utils.o sh_error.o \ 171 171 sh_getopt.o sh_readconf.o sh_filter.o \ 172 sh_hash.o sh_mail.o sh_nmail.o sh_mem.o \172 sh_hash.o sh_mail.o sh_nmail.o sh_mem.o sh_login_track.o \ 173 173 sh_entropy.o sh_forward.o sh_modules.o sh_utmp.o sh_kern.o \ 174 174 sh_suidchk.o sh_srp.o sh_fifo.o sh_tools.o sh_html.o sh_gpg.o \ … … 1233 1233 exit 1; \ 1234 1234 fi 1235 1236 # -- NEW -- 1237 samhain_kmem.ko: $(srcsrc)/samhain_kmem.c 1238 @test -d m_comp || mkdir m_comp; \ 1239 echo "KVERSION := \$$(shell uname -r)" > m_comp/Makefile;\ 1240 echo "KSOURCE ?= /lib/modules/\$$(KVERSION)/build" >> m_comp/Makefile;\ 1241 echo "obj-m := samhain_kmem.o" >> m_comp/Makefile;\ 1242 echo ".PHONY: modules install clean modules_add" >> m_comp/Makefile;\ 1243 echo "install : modules_add" >> m_comp/Makefile;\ 1244 echo "modules modules_install clean:" >> m_comp/Makefile;\ 1245 echo "T\$$(MAKE) -C \$$(KSOURCE) \$$@ SUBDIRS=\$$(CURDIR) KBUILD_VERBOSE=2" | tr T '\t' >> m_comp/Makefile;\ 1246 cp config.h m_comp/; \ 1247 cp $(srcsrc)/samhain_kmem.c m_comp/; \ 1248 cd m_comp && $(MAKE) modules 1249 @if test -f m_comp/samhain_kmem.ko; then \ 1250 cp -p m_comp/samhain_kmem.ko samhain_kmem.ko; \ 1251 rm -rf m_comp/; \ 1252 else \ 1253 echo "Kernel module samhain_kmem.ko not build"; \ 1254 exit 1; \ 1255 fi 1256 1235 1257 1236 1258 # -- NEW -- … … 1743 1765 sh_log_repeat.o: $(srcsrc)/sh_log_repeat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h 1744 1766 sh_log_parse_generic.o: $(srcsrc)/sh_log_parse_generic.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h 1767 sh_login_track.o: $(srcsrc)/sh_login_track.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_tools.h $(srcinc)/sh_error_min.h $(srcinc)/CuTest.h $(srcinc)/CuTest.h -
trunk/configure.ac
r277 r279 12 12 dnl start 13 13 dnl 14 AM_INIT_AUTOMAKE(samhain, 2. 6.4)14 AM_INIT_AUTOMAKE(samhain, 2.7.0) 15 15 AC_DEFINE([SAMHAIN], 1, [Application is samhain]) 16 16 AC_CANONICAL_HOST … … 63 63 i*86*) 64 64 AC_DEFINE(HOST_IS_I86LINUX) 65 ;; 66 x86_64) 67 AC_DEFINE([HOST_IS_64LINUX], 1, [Define if host OS is 64bit Linux]) 65 68 ;; 66 69 *) … … 2020 2023 ] 2021 2024 ) 2022 AC_SUBST(lkm_inc) 2023 AC_SUBST(sh_lkm) 2024 AC_SUBST(sh_insmod_cmd) 2025 2025 2026 AC_SUBST(install_name) 2026 2027 AC_SUBST(INSTALL_NAME) … … 2064 2065 kernelversion=`uname -r` 2065 2066 AC_DEFINE_UNQUOTED(SH_KERNEL_VERSION, _("${kernelversion}"), [Define the kernel version]) 2067 2066 2068 if test "x${withval}" != "xyes"; then 2067 2069 systemmap="${withval}" 2068 2070 fi 2071 2069 2072 if test "x${cross_compiling}" = xyes; then 2070 2073 : … … 2072 2075 LIBS="$LIBS -lkvm" 2073 2076 sh_libkvm="-lkvm" 2074 elif test -f "${systemmap}"; then 2075 : 2077 elif test -f "${systemmap}"; then 2078 if test -f /dev/kmem; then 2079 : 2080 else 2081 # need kernel module 2082 2083 if test -f /lib/modules/${kernelversion}/build/include/linux/kernel.h; then 2084 lkm_inc="-I/lib/modules/${kernelversion}/build/include" 2085 else 2086 AC_MSG_WARN([--enable-khide: /lib/modules/${kernelversion}/build/include/linux not found]) 2087 AC_MSG_WARN([--enable-khide: You may need to install the kernel-source]) 2088 AC_MSG_WARN([--enable-khide: headers for the currently-running kernel.]) 2089 fi 2090 2091 AC_MSG_CHECKING([for vmlist_lock]) 2092 sh_vmlist_lock=`egrep ['[bdBD] vmlist_lock$'] ${systemmap} | awk '{print $1}'` 2093 if test x"$sh_vmlist_lock" = x; then 2094 AC_MSG_RESULT(no) 2095 else 2096 sh_vmlist_lock="0x${sh_vmlist_lock}" 2097 AC_MSG_RESULT([${sh_vmlist_lock}]) 2098 AC_DEFINE_UNQUOTED(SH_VMLIST_LOCK, ${sh_vmlist_lock}, [The address of the vmlist spinlock]) 2099 fi 2100 2101 AC_MSG_CHECKING([for vmlist]) 2102 sh_vmlist_lock=`egrep ['[bdBD] vmlist$'] ${systemmap} | awk '{print $1}'` 2103 if test x"$sh_vmlist" = x; then 2104 AC_MSG_RESULT(no) 2105 else 2106 sh_vmlist="0x${sh_vmlist}" 2107 AC_MSG_RESULT([${sh_vmlist}]) 2108 AC_DEFINE_UNQUOTED(SH_VMLIST, ${sh_vmlist}, [The address of the vmlist]) 2109 fi 2110 2111 sh_lkm="${sh_lkm} samhain_kmem.ko" 2112 echo "${sh_insmod_cmd}" | grep 'no kernel module' >/dev/null 2113 if [ $? -eq 0 ]; then 2114 sh_insmod_cmd="modprobe ${install_name}_kmem" 2115 else 2116 sh_insmod_cmd="modprobe ${install_name}_kmem; ${sh_insmod_cmd}" 2117 fi 2118 fi 2076 2119 else 2077 2120 AC_MSG_ERROR([Option --with-kcheck=systemmap cannot be used, because system map ${systemmap} does not exist.]) … … 2080 2123 ] 2081 2124 ) 2125 2126 AC_SUBST(lkm_inc) 2127 AC_SUBST(sh_lkm) 2128 AC_SUBST(sh_insmod_cmd) 2129 2082 2130 AC_SUBST(systemmap) 2083 2131 AC_SUBST(sh_libkvm) -
trunk/depend.dep
r275 r279 82 82 sh_log_repeat.o: $(srcsrc)/sh_log_repeat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h 83 83 sh_log_parse_generic.o: $(srcsrc)/sh_log_parse_generic.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h 84 sh_login_track.o: $(srcsrc)/sh_login_track.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_tools.h $(srcinc)/sh_error_min.h $(srcinc)/CuTest.h $(srcinc)/CuTest.h -
trunk/depend.sum
r275 r279 1 3 153250771 3825914950 -
trunk/docs/Changelog
r277 r279 1 2.7.0: 2 * sh_utmp.c, sh_login_track.c: additional login checks 3 * sh_unix.c: use SIGTTIN as alternative for SIGABRT 4 (SIGABRT seems not to work on AIX, reported by Peter) 5 * sh_utmp.c: fix compile error without pthreads (inotify_watch used) 6 * sh_kern.c, kern_head.c: fix some 64bit issues 7 * dnmalloc.c: fix compiler warning (ignored ret value) 8 * Fix LSB init script for kernel module 9 * samhain_kmem kernel module for /proc/kmem added 10 1 11 2.6.4: 2 3 4 5 6 12 * Don't read proc_root_iops in sh_kern.c (Problem report 13 by H. R.) 14 * Logfile check can check output of shell commands 15 * Use data directory as default for logfile checkpoints 16 * Fix broken checkpoint save/restore for logfiles 7 17 8 18 2.6.3: -
trunk/include/kern_head.h
r92 r279 1 1 2 3 /* x86_64 sys_call_table for kernel 2.4.x 4 * generated from 2.6.33 unistd_64.h 5 * grep ^__SYSCALL unistd_64.h | \ 6 * sed s/.*,[[:blank:]]// | sed 's/)//' | \ 7 * awk 'BEGIN{n = 0;}{ printf " %-32s /%c %03d %c/\n", \ 8 * sprintf("\"%s\",", $1), "*", n, "*"; ++n; }' 9 * 10 */ 11 char * syscalls_64[] = { 12 "sys_read", /* 000 */ 13 "sys_write", /* 001 */ 14 "sys_open", /* 002 */ 15 "sys_close", /* 003 */ 16 "sys_newstat", /* 004 */ 17 "sys_newfstat", /* 005 */ 18 "sys_newlstat", /* 006 */ 19 "sys_poll", /* 007 */ 20 "sys_lseek", /* 008 */ 21 "sys_mmap", /* 009 */ 22 "sys_mprotect", /* 010 */ 23 "sys_munmap", /* 011 */ 24 "sys_brk", /* 012 */ 25 "sys_rt_sigaction", /* 013 */ 26 "sys_rt_sigprocmask", /* 014 */ 27 "stub_rt_sigreturn", /* 015 */ 28 "sys_ioctl", /* 016 */ 29 "sys_pread64", /* 017 */ 30 "sys_pwrite64", /* 018 */ 31 "sys_readv", /* 019 */ 32 "sys_writev", /* 020 */ 33 "sys_access", /* 021 */ 34 "sys_pipe", /* 022 */ 35 "sys_select", /* 023 */ 36 "sys_sched_yield", /* 024 */ 37 "sys_mremap", /* 025 */ 38 "sys_msync", /* 026 */ 39 "sys_mincore", /* 027 */ 40 "sys_madvise", /* 028 */ 41 "sys_shmget", /* 029 */ 42 "sys_shmat", /* 030 */ 43 "sys_shmctl", /* 031 */ 44 "sys_dup", /* 032 */ 45 "sys_dup2", /* 033 */ 46 "sys_pause", /* 034 */ 47 "sys_nanosleep", /* 035 */ 48 "sys_getitimer", /* 036 */ 49 "sys_alarm", /* 037 */ 50 "sys_setitimer", /* 038 */ 51 "sys_getpid", /* 039 */ 52 "sys_sendfile64", /* 040 */ 53 "sys_socket", /* 041 */ 54 "sys_connect", /* 042 */ 55 "sys_accept", /* 043 */ 56 "sys_sendto", /* 044 */ 57 "sys_recvfrom", /* 045 */ 58 "sys_sendmsg", /* 046 */ 59 "sys_recvmsg", /* 047 */ 60 "sys_shutdown", /* 048 */ 61 "sys_bind", /* 049 */ 62 "sys_listen", /* 050 */ 63 "sys_getsockname", /* 051 */ 64 "sys_getpeername", /* 052 */ 65 "sys_socketpair", /* 053 */ 66 "sys_setsockopt", /* 054 */ 67 "sys_getsockopt", /* 055 */ 68 "stub_clone", /* 056 */ 69 "stub_fork", /* 057 */ 70 "stub_vfork", /* 058 */ 71 "stub_execve", /* 059 */ 72 "sys_exit", /* 060 */ 73 "sys_wait4", /* 061 */ 74 "sys_kill", /* 062 */ 75 "sys_uname", /* 063 */ 76 "sys_semget", /* 064 */ 77 "sys_semop", /* 065 */ 78 "sys_semctl", /* 066 */ 79 "sys_shmdt", /* 067 */ 80 "sys_msgget", /* 068 */ 81 "sys_msgsnd", /* 069 */ 82 "sys_msgrcv", /* 070 */ 83 "sys_msgctl", /* 071 */ 84 "sys_fcntl", /* 072 */ 85 "sys_flock", /* 073 */ 86 "sys_fsync", /* 074 */ 87 "sys_fdatasync", /* 075 */ 88 "sys_truncate", /* 076 */ 89 "sys_ftruncate", /* 077 */ 90 "sys_getdents", /* 078 */ 91 "sys_getcwd", /* 079 */ 92 "sys_chdir", /* 080 */ 93 "sys_fchdir", /* 081 */ 94 "sys_rename", /* 082 */ 95 "sys_mkdir", /* 083 */ 96 "sys_rmdir", /* 084 */ 97 "sys_creat", /* 085 */ 98 "sys_link", /* 086 */ 99 "sys_unlink", /* 087 */ 100 "sys_symlink", /* 088 */ 101 "sys_readlink", /* 089 */ 102 "sys_chmod", /* 090 */ 103 "sys_fchmod", /* 091 */ 104 "sys_chown", /* 092 */ 105 "sys_fchown", /* 093 */ 106 "sys_lchown", /* 094 */ 107 "sys_umask", /* 095 */ 108 "sys_gettimeofday", /* 096 */ 109 "sys_getrlimit", /* 097 */ 110 "sys_getrusage", /* 098 */ 111 "sys_sysinfo", /* 099 */ 112 "sys_times", /* 100 */ 113 "sys_ptrace", /* 101 */ 114 "sys_getuid", /* 102 */ 115 "sys_syslog", /* 103 */ 116 "sys_getgid", /* 104 */ 117 "sys_setuid", /* 105 */ 118 "sys_setgid", /* 106 */ 119 "sys_geteuid", /* 107 */ 120 "sys_getegid", /* 108 */ 121 "sys_setpgid", /* 109 */ 122 "sys_getppid", /* 110 */ 123 "sys_getpgrp", /* 111 */ 124 "sys_setsid", /* 112 */ 125 "sys_setreuid", /* 113 */ 126 "sys_setregid", /* 114 */ 127 "sys_getgroups", /* 115 */ 128 "sys_setgroups", /* 116 */ 129 "sys_setresuid", /* 117 */ 130 "sys_getresuid", /* 118 */ 131 "sys_setresgid", /* 119 */ 132 "sys_getresgid", /* 120 */ 133 "sys_getpgid", /* 121 */ 134 "sys_setfsuid", /* 122 */ 135 "sys_setfsgid", /* 123 */ 136 "sys_getsid", /* 124 */ 137 "sys_capget", /* 125 */ 138 "sys_capset", /* 126 */ 139 "sys_rt_sigpending", /* 127 */ 140 "sys_rt_sigtimedwait", /* 128 */ 141 "sys_rt_sigqueueinfo", /* 129 */ 142 "sys_rt_sigsuspend", /* 130 */ 143 "stub_sigaltstack", /* 131 */ 144 "sys_utime", /* 132 */ 145 "sys_mknod", /* 133 */ 146 "sys_ni_syscall", /* 134 */ 147 "sys_personality", /* 135 */ 148 "sys_ustat", /* 136 */ 149 "sys_statfs", /* 137 */ 150 "sys_fstatfs", /* 138 */ 151 "sys_sysfs", /* 139 */ 152 "sys_getpriority", /* 140 */ 153 "sys_setpriority", /* 141 */ 154 "sys_sched_setparam", /* 142 */ 155 "sys_sched_getparam", /* 143 */ 156 "sys_sched_setscheduler", /* 144 */ 157 "sys_sched_getscheduler", /* 145 */ 158 "sys_sched_get_priority_max", /* 146 */ 159 "sys_sched_get_priority_min", /* 147 */ 160 "sys_sched_rr_get_interval", /* 148 */ 161 "sys_mlock", /* 149 */ 162 "sys_munlock", /* 150 */ 163 "sys_mlockall", /* 151 */ 164 "sys_munlockall", /* 152 */ 165 "sys_vhangup", /* 153 */ 166 "sys_modify_ldt", /* 154 */ 167 "sys_pivot_root", /* 155 */ 168 "sys_sysctl", /* 156 */ 169 "sys_prctl", /* 157 */ 170 "sys_arch_prctl", /* 158 */ 171 "sys_adjtimex", /* 159 */ 172 "sys_setrlimit", /* 160 */ 173 "sys_chroot", /* 161 */ 174 "sys_sync", /* 162 */ 175 "sys_acct", /* 163 */ 176 "sys_settimeofday", /* 164 */ 177 "sys_mount", /* 165 */ 178 "sys_umount", /* 166 */ 179 "sys_swapon", /* 167 */ 180 "sys_swapoff", /* 168 */ 181 "sys_reboot", /* 169 */ 182 "sys_sethostname", /* 170 */ 183 "sys_setdomainname", /* 171 */ 184 "stub_iopl", /* 172 */ 185 "sys_ioperm", /* 173 */ 186 "sys_ni_syscall", /* 174 */ 187 "sys_init_module", /* 175 */ 188 "sys_delete_module", /* 176 */ 189 "sys_ni_syscall", /* 177 */ 190 "sys_ni_syscall", /* 178 */ 191 "sys_quotactl", /* 179 */ 192 "sys_nfsservctl", /* 180 */ 193 "sys_ni_syscall", /* 181 */ 194 "sys_ni_syscall", /* 182 */ 195 "sys_ni_syscall", /* 183 */ 196 "sys_ni_syscall", /* 184 */ 197 "sys_ni_syscall", /* 185 */ 198 "sys_gettid", /* 186 */ 199 "sys_readahead", /* 187 */ 200 "sys_setxattr", /* 188 */ 201 "sys_lsetxattr", /* 189 */ 202 "sys_fsetxattr", /* 190 */ 203 "sys_getxattr", /* 191 */ 204 "sys_lgetxattr", /* 192 */ 205 "sys_fgetxattr", /* 193 */ 206 "sys_listxattr", /* 194 */ 207 "sys_llistxattr", /* 195 */ 208 "sys_flistxattr", /* 196 */ 209 "sys_removexattr", /* 197 */ 210 "sys_lremovexattr", /* 198 */ 211 "sys_fremovexattr", /* 199 */ 212 "sys_tkill", /* 200 */ 213 "sys_time", /* 201 */ 214 "sys_futex", /* 202 */ 215 "sys_sched_setaffinity", /* 203 */ 216 "sys_sched_getaffinity", /* 204 */ 217 "sys_ni_syscall", /* 205 */ 218 "sys_io_setup", /* 206 */ 219 "sys_io_destroy", /* 207 */ 220 "sys_io_getevents", /* 208 */ 221 "sys_io_submit", /* 209 */ 222 "sys_io_cancel", /* 210 */ 223 "sys_ni_syscall", /* 211 */ 224 "sys_lookup_dcookie", /* 212 */ 225 "sys_epoll_create", /* 213 */ 226 "sys_ni_syscall", /* 214 */ 227 "sys_ni_syscall", /* 215 */ 228 "sys_remap_file_pages", /* 216 */ 229 "sys_getdents64", /* 217 */ 230 "sys_set_tid_address", /* 218 */ 231 "sys_restart_syscall", /* 219 */ 232 "sys_semtimedop", /* 220 */ 233 "sys_fadvise64", /* 221 */ 234 "sys_timer_create", /* 222 */ 235 "sys_timer_settime", /* 223 */ 236 "sys_timer_gettime", /* 224 */ 237 "sys_timer_getoverrun", /* 225 */ 238 "sys_timer_delete", /* 226 */ 239 "sys_clock_settime", /* 227 */ 240 "sys_clock_gettime", /* 228 */ 241 "sys_clock_getres", /* 229 */ 242 "sys_clock_nanosleep", /* 230 */ 243 "sys_exit_group", /* 231 */ 244 "sys_epoll_wait", /* 232 */ 245 "sys_epoll_ctl", /* 233 */ 246 "sys_tgkill", /* 234 */ 247 "sys_utimes", /* 235 */ 248 "sys_ni_syscall", /* 236 */ 249 "sys_mbind", /* 237 */ 250 "sys_set_mempolicy", /* 238 */ 251 "sys_get_mempolicy", /* 239 */ 252 "sys_mq_open", /* 240 */ 253 "sys_mq_unlink", /* 241 */ 254 "sys_mq_timedsend", /* 242 */ 255 "sys_mq_timedreceive", /* 243 */ 256 "sys_mq_notify", /* 244 */ 257 "sys_mq_getsetattr", /* 245 */ 258 "sys_kexec_load", /* 246 */ 259 "sys_waitid", /* 247 */ 260 "sys_add_key", /* 248 */ 261 "sys_request_key", /* 249 */ 262 "sys_keyctl", /* 250 */ 263 "sys_ioprio_set", /* 251 */ 264 "sys_ioprio_get", /* 252 */ 265 "sys_inotify_init", /* 253 */ 266 "sys_inotify_add_watch", /* 254 */ 267 "sys_inotify_rm_watch", /* 255 */ 268 "sys_migrate_pages", /* 256 */ 269 "sys_openat", /* 257 */ 270 "sys_mkdirat", /* 258 */ 271 "sys_mknodat", /* 259 */ 272 "sys_fchownat", /* 260 */ 273 "sys_futimesat", /* 261 */ 274 "sys_newfstatat", /* 262 */ 275 "sys_unlinkat", /* 263 */ 276 "sys_renameat", /* 264 */ 277 "sys_linkat", /* 265 */ 278 "sys_symlinkat", /* 266 */ 279 "sys_readlinkat", /* 267 */ 280 "sys_fchmodat", /* 268 */ 281 "sys_faccessat", /* 269 */ 282 "sys_pselect6", /* 270 */ 283 "sys_ppoll", /* 271 */ 284 "sys_unshare", /* 272 */ 285 "sys_set_robust_list", /* 273 */ 286 "sys_get_robust_list", /* 274 */ 287 "sys_splice", /* 275 */ 288 "sys_tee", /* 276 */ 289 "sys_sync_file_range", /* 277 */ 290 "sys_vmsplice", /* 278 */ 291 "sys_move_pages", /* 279 */ 292 "sys_utimensat", /* 280 */ 293 "sys_epoll_pwait", /* 281 */ 294 "sys_signalfd", /* 282 */ 295 "sys_timerfd_create", /* 283 */ 296 "sys_eventfd", /* 284 */ 297 "sys_fallocate", /* 285 */ 298 "sys_timerfd_settime", /* 286 */ 299 "sys_timerfd_gettime", /* 287 */ 300 "sys_accept4", /* 288 */ 301 "sys_signalfd4", /* 289 */ 302 "sys_eventfd2", /* 290 */ 303 "sys_epoll_create1", /* 291 */ 304 "sys_dup3", /* 292 */ 305 "sys_pipe2", /* 293 */ 306 "sys_inotify_init1", /* 294 */ 307 "sys_preadv", /* 295 */ 308 "sys_pwritev", /* 296 */ 309 "sys_rt_tgsigqueueinfo", /* 297 */ 310 "sys_perf_event_open", /* 298 */ 311 "sys_recvmmsg", /* 299 */ 312 NULL 313 }; 2 314 3 315 /* i386 sys_call_table for kernel 2.4.x 4 316 */ 5 char * callz_2p4[] = {6 "sys_ ni_syscall", /* 0 - old setup() system call*/317 char * syscalls_32[] = { 318 "sys_restart_syscall", /* 0 - old setup() system call*/ 7 319 "sys_exit", 8 320 "sys_fork", … … 21 333 "sys_chmod", /* 15 */ 22 334 "sys_lchown16", 23 "sys_ ni_syscall", /* old break syscall holder */335 "sys_break", 24 336 "sys_stat", 25 337 "sys_lseek", … … 35 347 "sys_pause", 36 348 "sys_utime", /* 30 */ 37 "sys_ ni_syscall", /* old stty syscall holder */38 "sys_ ni_syscall", /* old gtty syscall holder */349 "sys_stty", 350 "sys_gtty", 39 351 "sys_access", 40 352 "sys_nice", 41 "sys_ ni_syscall", /* 35 */ /* old ftime syscall holder*/353 "sys_ftime", /* 35 */ 42 354 "sys_sync", 43 355 "sys_kill", … … 48 360 "sys_pipe", 49 361 "sys_times", 50 "sys_ ni_syscall", /* old prof syscall holder */362 "sys_prof", 51 363 "sys_brk", /* 45 */ 52 364 "sys_setgid16", … … 56 368 "sys_getegid16", /* 50 */ 57 369 "sys_acct", 58 "sys_umount ", /* recycled never used phys() */59 "sys_ ni_syscall", /* old lock syscall holder */370 "sys_umount2", 371 "sys_lock", 60 372 "sys_ioctl", 61 373 "sys_fcntl", /* 55 */ 62 "sys_ ni_syscall", /* old mpx syscall holder */374 "sys_mpx", 63 375 "sys_setpgid", 64 "sys_ ni_syscall", /* old ulimit syscall holder */376 "sys_ulimit", 65 377 "sys_olduname", 66 378 "sys_umask", /* 60 */ … … 80 392 "sys_sethostname", 81 393 "sys_setrlimit", /* 75 */ 82 "sys_ old_getrlimit",394 "sys_getrlimit", 83 395 "sys_getrusage", 84 396 "sys_gettimeofday", … … 102 414 "sys_getpriority", 103 415 "sys_setpriority", 104 "sys_ ni_syscall", /* old profil syscall holder */416 "sys_profil", 105 417 "sys_statfs", 106 418 "sys_fstatfs", /* 100 */ … … 113 425 "sys_newlstat", 114 426 "sys_newfstat", 115 "sys_ uname",427 "sys_olduname", 116 428 "sys_iopl", /* 110 */ 117 429 "sys_vhangup", 118 "sys_ ni_syscall", /* old idle system call */430 "sys_idle", 119 431 "sys_vm86old", 120 432 "sys_wait4", … … 141 453 "sys_sysfs", /* 135 */ 142 454 "sys_personality", 143 "sys_ ni_syscall", /* for afs_syscall */455 "sys_afs_syscall", 144 456 "sys_setfsuid16", 145 457 "sys_setfsgid16", … … 153 465 "sys_getsid", 154 466 "sys_fdatasync", 155 "sys_ sysctl",467 "sys__sysctl", 156 468 "sys_mlock", /* 150 */ 157 469 "sys_munlock", … … 168 480 "sys_nanosleep", 169 481 "sys_mremap", 170 "sys_setresuid 16",171 "sys_getresuid 16", /* 165 */482 "sys_setresuid", 483 "sys_getresuid", /* 165 */ 172 484 "sys_vm86", 173 485 "sys_query_module", 174 486 "sys_poll", 175 487 "sys_nfsservctl", 176 "sys_setresgid 16", /* 170 */177 "sys_getresgid 16",488 "sys_setresgid", /* 170 */ 489 "sys_getresgid", 178 490 "sys_prctl", 179 491 "sys_rt_sigreturn", … … 195 507 "sys_putpmsg", /* streams2 */ 196 508 "sys_vfork", /* 190 */ 197 "sys_ getrlimit",509 "sys_ugetrlimit", 198 510 "sys_mmap2", 199 511 "sys_truncate64", … … 202 514 "sys_lstat64", 203 515 "sys_fstat64", 204 "sys_lchown ",205 "sys_getuid ",206 "sys_getgid ", /* 200 */207 "sys_geteuid ",208 "sys_getegid ",209 "sys_setreuid ",210 "sys_setregid ",211 "sys_getgroups ", /* 205 */212 "sys_setgroups ",213 "sys_fchown ",214 "sys_setresuid ",215 "sys_getresuid ",216 "sys_setresgid ", /* 210 */217 "sys_getresgid ",218 "sys_chown ",219 "sys_setuid ",220 "sys_setgid ",221 "sys_setfsuid ", /* 215 */222 "sys_setfsgid ",516 "sys_lchown32", 517 "sys_getuid32", 518 "sys_getgid32", /* 200 */ 519 "sys_geteuid32", 520 "sys_getegid32", 521 "sys_setreuid32", 522 "sys_setregid32", 523 "sys_getgroups32", /* 205 */ 524 "sys_setgroups32", 525 "sys_fchown32", 526 "sys_setresuid32", 527 "sys_getresuid32", 528 "sys_setresgid32", /* 210 */ 529 "sys_getresgid32", 530 "sys_chown32", 531 "sys_setuid32", 532 "sys_setgid32", 533 "sys_setfsuid32", /* 215 */ 534 "sys_setfsgid32", 223 535 "sys_pivot_root", 224 536 "sys_mincore", … … 226 538 "sys_getdents64", /* 220 */ 227 539 "sys_fcntl64", 228 "sys_tux", /* reserved for TUX */540 "sys_tux", /* reserved for TUX, unused */ 229 541 "sys_security", 230 542 "sys_gettid", … … 277 589 "sys_utimes", 278 590 "sys_fadvise64_64", 279 "sys_vserver", 591 "sys_vserver", /* last 2.4 */ 592 "sys_mbind", 593 "sys_get_mempolicy", /* 275 */ 594 "sys_set_mempolicy", 595 "sys_mq_open", 596 "sys_mq_unlink", 597 "sys_mq_timedsend", 598 "sys_mq_timedreceive", /* 280 */ 599 "sys_mq_notify", 600 "sys_mq_getsetattr", 601 "sys_kexec_load", 602 "sys_waitid", 603 "sys_sys_setaltroot", /* 285 */ 604 "sys_add_key", 605 "sys_request_key", 606 "sys_keyctl", 607 "sys_ioprio_set", 608 "sys_ioprio_get", /* 290 */ 609 "sys_inotify_init", 610 "sys_inotify_add_watch", 611 "sys_inotify_rm_watch", 612 "sys_migrate_pages", 613 "sys_openat", /* 295 */ 614 "sys_mkdirat", 615 "sys_mknodat", 616 "sys_fchownat", 617 "sys_futimesat", 618 "sys_fstatat64", /* 300 */ 619 "sys_unlinkat", 620 "sys_renameat", 621 "sys_linkat", 622 "sys_symlinkat", 623 "sys_readlinkat", /* 305 */ 624 "sys_fchmodat", 625 "sys_faccessat", 626 "sys_pselect6", 627 "sys_ppoll", 628 "sys_unshare", /* 310 */ 629 "sys_set_robust_list", 630 "sys_get_robust_list", 631 "sys_splice", 632 "sys_sync_file_range", 633 "sys_tee", /* 315 */ 634 "sys_vmsplice", 635 "sys_move_pages", 636 "sys_getcpu", 637 "sys_epoll_pwait", 638 "sys_utimensat", /* 320 */ 639 "sys_signalfd", 640 "sys_timerfd_create", 641 "sys_eventfd", 642 "sys_fallocate", /* last 2.6.24 */ 643 "sys_timerfd_settime", /* 325 */ 644 "sys_timerfd_gettime", 645 "sys_signalfd4", 646 "sys_eventfd2", 647 "sys_epoll_create1", 648 "sys_dup3", /* 330 */ 649 "sys_pipe2", 650 "sys_inotify_init1", /* end 2.6.27 */ 651 "sys_preadv", 652 "sys_pwritev", /* end 2.6.30 */ 653 "sys_rt_tgsigqueueinfo", /* 335 */ 654 "sys_perf_event_open", /* end 2.6.31 */ 655 "sys_recvmmsg", 280 656 NULL 281 657 }; 282 658 283 659 284 285 /* i386 sys_call_table for kernel 2.2.x286 */287 char * callz_2p2[]={288 "sys_ni_syscall", /* 0 */289 "sys_exit",290 "sys_fork",291 "sys_read",292 "sys_write",293 "sys_open", /* 5 */294 "sys_close",295 "sys_waitpid",296 "sys_creat",297 "sys_link",298 "sys_unlink", /* 10 */299 "sys_execve",300 "sys_chdir",301 "sys_time",302 "sys_mknod",303 "sys_chmod", /* 15 */304 "sys_lchown",305 "sys_ni_syscall",306 "sys_stat",307 "sys_lseek",308 "sys_getpid", /* 20 */309 "sys_mount",310 "sys_oldumount",311 "sys_setuid",312 "sys_getuid",313 "sys_stime", /* 25 */314 "sys_ptrace",315 "sys_alarm",316 "sys_fstat",317 "sys_pause",318 "sys_utime", /* 30 */319 "sys_ni_syscall",320 "sys_ni_syscall",321 "sys_access",322 "sys_nice",323 "sys_ni_syscall", /* 35 */324 "sys_sync",325 "sys_kill",326 "sys_rename",327 "sys_mkdir",328 "sys_rmdir", /* 40 */329 "sys_dup",330 "sys_pipe",331 "sys_times",332 "sys_ni_syscall",333 "sys_brk", /* 45 */334 "sys_setgid",335 "sys_getgid",336 "sys_signal",337 "sys_geteuid",338 "sys_getegid", /* 50 */339 "sys_acct",340 "sys_umount",341 "sys_ni_syscall",342 "sys_ioctl",343 "sys_fcntl", /* 55 */344 "sys_ni_syscall",345 "sys_setpgid",346 "sys_ni_syscall",347 "sys_olduname",348 "sys_umask", /* 60 */349 "sys_chroot",350 "sys_ustat",351 "sys_dup2",352 "sys_getppid",353 "sys_getpgrp", /* 65 */354 "sys_setsid",355 "sys_sigaction",356 "sys_sgetmask",357 "sys_ssetmask",358 "sys_setreuid", /* 70 */359 "sys_setregid",360 "sys_sigsuspend",361 "sys_sigpending",362 "sys_sethostname",363 "sys_setrlimit", /* 75 */364 "sys_getrlimit",365 "sys_getrusage",366 "sys_gettimeofday",367 "sys_settimeofday",368 "sys_getgroups", /* 80 */369 "sys_setgroups",370 "old_select",371 "sys_symlink",372 "sys_lstat",373 "sys_readlink", /* 85 */374 "sys_uselib",375 "sys_swapon",376 "sys_reboot",377 "old_readdir",378 "old_mmap", /* 90 */379 "sys_munmap",380 "sys_truncate",381 "sys_ftruncate",382 "sys_fchmod",383 "sys_fchown", /* 95 */384 "sys_getpriority",385 "sys_setpriority",386 "sys_ni_syscall",387 "sys_statfs",388 "sys_fstatfs", /* 100 */389 "sys_ioperm",390 "sys_socketcall",391 "sys_syslog",392 "sys_setitimer",393 "sys_getitimer", /* 105 */394 "sys_newstat",395 "sys_newlstat",396 "sys_newfstat",397 "sys_uname",398 "sys_iopl", /* 110 */399 "sys_vhangup",400 "sys_idle",401 "sys_vm86old",402 "sys_wait4",403 "sys_swapoff", /* 115 */404 "sys_sysinfo",405 "sys_ipc",406 "sys_fsync",407 "sys_sigreturn",408 "sys_clone", /* 120 */409 "sys_setdomainname",410 "sys_newuname",411 "sys_modify_ldt",412 "sys_adjtimex",413 "sys_mprotect", /* 125 */414 "sys_sigprocmask",415 "sys_create_module",416 "sys_init_module",417 "sys_delete_module",418 "sys_get_kernel_syms", /* 130 */419 "sys_quotactl",420 "sys_getpgid",421 "sys_fchdir",422 "sys_bdflush",423 "sys_sysfs", /* 135 */424 "sys_personality",425 "sys_ni_syscall",426 "sys_setfsuid",427 "sys_setfsgid",428 "sys_llseek", /* 140 */429 "sys_getdents",430 "sys_select",431 "sys_flock",432 "sys_msync",433 "sys_readv", /* 145 */434 "sys_writev",435 "sys_getsid",436 "sys_fdatasync",437 "sys_sysctl",438 "sys_mlock", /* 150 */439 "sys_munlock",440 "sys_mlockall",441 "sys_munlockall",442 "sys_sched_setparam",443 "sys_sched_getparam", /* 155 */444 "sys_sched_setscheduler",445 "sys_sched_getscheduler",446 "sys_sched_yield",447 "sys_sched_get_priority_max",448 "sys_sched_get_priority_min", /* 160 */449 "sys_sched_rr_get_interval",450 "sys_nanosleep",451 "sys_mremap",452 "sys_setresuid",453 "sys_getresuid", /* 165 */454 "sys_vm86",455 "sys_query_module",456 "sys_poll",457 "sys_nfsservctl",458 "sys_setresgid", /* 170 */459 "sys_getresgid",460 "sys_prctl",461 "sys_rt_sigreturn",462 "sys_rt_sigaction",463 "sys_rt_sigprocmask", /* 175 */464 "sys_rt_sigpending",465 "sys_rt_sigtimedwait",466 "sys_rt_sigqueueinfo",467 "sys_rt_sigsuspend",468 "sys_pread", /* 180 */469 "sys_pwrite",470 "sys_chown",471 "sys_getcwd",472 "sys_capget",473 "sys_capset", /* 185 */474 "sys_sigaltstack",475 "sys_sendfile",476 "sys_ni_syscall",477 "sys_ni_syscall",478 "sys_vfork", /* 190 */479 NULL480 };481 660 482 661 /* i386 sys_call_table for openbsd -
trunk/include/sh_cat.h
r265 r279 130 130 MSG_UT_ROT, 131 131 132 MSG_UT_BAD, 133 MSG_UT_FIRST, 134 MSG_UT_OUTLIER, 132 135 #endif 133 136 -
trunk/include/sh_error.h
r265 r279 121 121 int sh_log_set_facility (const char * c); 122 122 123 /* map heartbeat messages 124 */ 125 int sh_log_set_stamp_priority (const char * c); 126 123 127 /* define message header 124 128 */ -
trunk/include/sh_utmp.h
r149 r279 19 19 20 20 extern sh_rconf sh_utmp_table[]; 21 22 /* >> Login tracking << */ 23 24 /* 'yes', 'no', 'paranoid' */ 25 int sh_login_set_siglevel (const char * c); 26 27 /* 'yes', 'no', 'domain' */ 28 int sh_login_set_checklevel (const char * c); 29 30 /* 'always' 'never' workdays(..) sunday(..) */ 31 int sh_login_set_def_allow (const char * c); 32 33 /* user:'always' 'never' workdays(..) */ 34 int sh_login_set_user_allow (const char * c); 35 36 /* Reset everything to defaults. */ 37 void sh_login_reset (void); 38 21 39 #endif 22 40 -
trunk/init/samhain.startLSB.in
r1 r279 89 89 ${DAEMON} start 90 90 ERRNUM=$? 91 # 92 # The hiding kernel module 93 # 94 if [ $ERRNUM -eq 0 ]; then 95 @sh_insmod_cmd@ 96 fi 97 # 91 98 SH_ACT="started" 92 99 ;; -
trunk/scripts/redhat_i386.client.spec.in
r68 r279 78 78 # after the package is installed 79 79 install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}/etc 80 install -m 640 -o 0 -g 0 samhain_ hide.o ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_hide.o81 install -m 640 -o 0 -g 0 samhain_ erase.o ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_erase.o80 install -m 640 -o 0 -g 0 samhain_kmem.ko ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_kmem.ko 81 install -m 640 -o 0 -g 0 samhain_hide.ko ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_hide.ko 82 82 install -m 700 -o 0 -g 0 samhain_setpwd ${RPM_BUILD_ROOT}/usr/local/sbin/samhain_setpwd 83 83 -
trunk/src/dnmalloc.c
r237 r279 309 309 char * i3 = "): "; 310 310 char * i5 = "\n"; 311 int res = 0; 311 312 312 313 iov[0].iov_base = i1; iov[0].iov_len = strlen(i1); … … 314 315 iov[2].iov_base = i3; iov[2].iov_len = strlen(i3); 315 316 iov[3].iov_base = (char*) error; iov[3].iov_len = strlen(error); 316 iov[4].iov_base = i5; iov[4].iov_len = strlen(i5); 317 writev(STDERR_FILENO, iov, 5); 317 iov[4].iov_base = i5; iov[4].iov_len = strlen(i5); 318 do { 319 res = writev(STDERR_FILENO, iov, 5); 320 } while (res < 0 && errno == EINTR); 318 321 #else 319 322 fputs("assertion failed (", stderr); -
trunk/src/kern_head.c
r96 r279 7 7 #include "config.h" 8 8 9 #if def HOST_IS_I86LINUX9 #if defined(HOST_IS_I86LINUX) || defined(HOST_IS_64LINUX) 10 10 #define SH_IDT_TABLE 11 11 #endif … … 73 73 static unsigned char system_call_code[SYS_CODE_SIZE]; 74 74 75 #define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c)) 76 75 77 static int kmem_read (int fd, unsigned long addr, unsigned char * buf, int len) 76 78 { … … 105 107 106 108 if (verbose) 107 fprintf(stderr, 108 "kmem_mmap: read() from /dev/kmem failed, now trying mmap()\n"); 109 fprintf(stderr, "kmem_mmap: read() failed, now trying mmap()\n"); 109 110 110 111 sz = getpagesize(); /* unistd.h */ … … 141 142 142 143 fd = open ("/dev/kmem", O_RDONLY); 144 143 145 if (fd < 0) 144 146 { 145 perror("read_kcode: open /dev/kmem"); 146 return -1; 147 } 147 if (0 != access("/proc/kmem", R_OK)) 148 { 149 perror("read_kcode: access /proc/kmem"); 150 151 fprintf(stderr, "\n"); 152 153 fprintf(stderr, "NOTE: kern_head: apparently you have no /dev/kmem, and the samhain_kmem module is not loaded\n"); 154 fprintf(stderr, " If you get this message, then proceed as follows:\n"); 155 fprintf(stderr, " $ make samhain_kmem.ko\n"); 156 fprintf(stderr, " $ sudo insmod samhain_kmem.ko; sudo ./kern_head > sh_ks.h; sudo rmmod samhain_kmem\n"); 157 fprintf(stderr, " $ make\n\n"); 158 exit (EXIT_FAILURE); 159 } 160 fd = open ("/proc/kmem", O_RDONLY); 161 } 162 163 if (fd < 0) 164 { 165 perror("read_kcode: open /dev/kmem and /proc/kmem"); 166 return -1; 167 } 168 148 169 if (kmem_mmap(fd, addr, buf, len) < 0) 149 170 { … … 151 172 return -1; 152 173 } 174 153 175 close (fd); 176 154 177 return 0; 155 178 } … … 203 226 { 204 227 FILE * fp; 205 char buf[512], addr[ 16], * p;228 char buf[512], addr[32], * p; 206 229 unsigned long retval = 0; 230 #if defined(__x86_64__) || defined(__amd64__) 231 int off = 8; 232 #else 233 int off = 0; 234 #endif 207 235 208 236 fp = fopen (systemmap, "r"); … … 216 244 while (fgets(buf, 512, fp) != NULL) 217 245 { 218 if (buf[9 ] != flag)246 if (buf[9+off] != flag) 219 247 continue; 220 248 … … 223 251 *p = '\0'; 224 252 225 if (0 != strcmp(&buf[11 ], symbol))253 if (0 != strcmp(&buf[11+off], symbol)) 226 254 continue; 227 255 228 256 addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; 229 strncat(&addr[2], buf, 8 );257 strncat(&addr[2], buf, 8+off); 230 258 231 259 retval = strtoul(addr, NULL, 0); … … 247 275 { 248 276 FILE * fp; 249 char buf[512], addr[ 16], name[128];277 char buf[512], addr[32], name[128]; 250 278 int i, j, count = 0, maxcall = 0; 279 #if defined(__x86_64__) || defined(__amd64__) 280 int off = 8; 281 #else 282 int off = 0; 283 #endif 251 284 252 285 fp = fopen (SYSTEMMAP, "r"); … … 266 299 { 267 300 268 if ( ( (buf[9 ] == 'D') || (buf[9] == 'd') ||269 (buf[9 ] == 'R') || (buf[9] == 'r')) &&270 0 == strncmp("sys_call_table", &buf[11 ], 14))301 if ( ( (buf[9+off] == 'D') || (buf[9+off] == 'd') || 302 (buf[9+off] == 'R') || (buf[9+off] == 'r')) && 303 0 == strncmp("sys_call_table", &buf[11+off], 14)) 271 304 { 272 305 printf("/* found sys_call_table */\n"); … … 274 307 */ 275 308 addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; 276 strncat(&addr[2], buf, 8); 277 addr[10] = '\0'; 309 strncat(&addr[2], buf, 8+off); 310 addr[10+off] = '\0'; 311 278 312 sh_sys_call.addr_sys_call_table = strtoul(addr, NULL, 0); 279 313 if (sh_sys_call.addr_sys_call_table == ULONG_MAX) … … 288 322 } 289 323 290 if (buf[9 ] != 'T')324 if (buf[9+off] != 'T') 291 325 continue; 292 326 293 if (0 == strncmp("system_call", &buf[11 ], 11))327 if (0 == strncmp("system_call", &buf[11+off], 11)) 294 328 { 295 329 printf("/* found system_call */\n"); … … 297 331 */ 298 332 addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; 299 strncat(&addr[2], buf, 8 );300 addr[10 ] = '\0';333 strncat(&addr[2], buf, 8+off); 334 addr[10+off] = '\0'; 301 335 addr_system_call = strtoul(addr, NULL, 0); 302 336 if (addr_system_call == ULONG_MAX) … … 308 342 309 343 310 if ( (buf[11]!='s' || buf[12]!='y' || buf[13]!='s' || buf[14]!='_') && 311 (buf[11]!='o' || buf[12]!='l' || buf[13]!='d' || buf[14]!='_')) 344 if ( (buf[11+off]!='s' || buf[12+off]!='y' || 345 buf[13+off]!='s' || buf[14+off]!='_') && 346 (buf[11+off]!='o' || buf[12+off]!='l' || 347 buf[13+off]!='d' || buf[14+off]!='_')) 312 348 continue; 313 349 314 350 for (i = 0; i < num; ++i) 315 351 { 316 for (j = 0; j < 12 8; ++j)352 for (j = 0; j < 127; ++j) 317 353 { 318 if (buf[11+ j] == '\n' || buf[11+j] == '\0')354 if (buf[11+off+j] == '\n' || buf[11+off+j] == '\0') 319 355 { 320 356 name[j] = '\0'; 321 357 break; 322 358 } 323 name[j] = buf[11+ j];359 name[j] = buf[11+off+j]; 324 360 } 325 361 … … 331 367 */ 332 368 addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0'; 333 strncat(&addr[2], buf, 8 );334 addr[10 ] = '\0';369 strncat(&addr[2], buf, 8+off); 370 addr[10+off] = '\0'; 335 371 sh_smap[i].addr = strtoul(addr, NULL, 0); 336 372 if (sh_smap[i].addr == ULONG_MAX) … … 347 383 } 348 384 fclose(fp); 385 349 386 if ((count > 0) && (maxcall > 0)) 350 387 return maxcall+1; … … 357 394 { 358 395 int i, count, maxcall, qq; 359 int which = 4;360 int two_six_seventeen_plus = 0;361 396 smap_entry sh_smap[SH_MAXCALLS]; 362 397 struct utsname utbuf; … … 368 403 369 404 unsigned long addr_ni_syscall = 0; 405 406 int major, minor, micro, is64 = 0; 370 407 371 408 if (argc > 1) … … 396 433 } 397 434 398 if (strncmp(p, "2.2", 3) == 0) 399 which = 2; 400 else if (strncmp(p, "2.4", 3) == 0) 401 which = 4; 402 else if (strncmp(p, "2.6", 3) == 0) 403 { 404 which = 6; 405 if (17 >= atoi (&p[4])) 406 { 407 two_six_seventeen_plus = 1; 408 } 409 } 410 else 435 if (3 != sscanf(p, "%d.%d.%d", &major, &minor, µ)) 436 { 437 perror("kern_head: sscanf"); 438 exit (EXIT_FAILURE); 439 } 440 441 if (minor != 4 && minor != 6) 411 442 { 412 443 fprintf(stderr, "kern_head: kernel %s not supported\n", p); … … 418 449 utbuf.machine[3] != '6') 419 450 { 420 fprintf(stderr, "kern_head: machine %s not supported\n", utbuf.machine); 421 exit (EXIT_FAILURE); 451 if (0 != strcmp(utbuf.machine, "x86_64")) 452 { 453 fprintf(stderr, "kern_head: machine %s not supported\n", utbuf.machine); 454 exit (EXIT_FAILURE); 455 } 456 else 457 { 458 is64 = 1; 459 } 422 460 } 423 461 … … 428 466 fprintf(stderr, "NOTE: kern_head: must run as 'root' (need to read from /dev/kmem)\n"); 429 467 fprintf(stderr, " If you get this message, then proceed as follows:\n"); 430 fprintf(stderr, " $ su\n"); 431 fprintf(stderr, " $ ./kern_head > sh_ks.h\n"); 432 fprintf(stderr, " $ exit\n"); 468 fprintf(stderr, " $ sudo ./kern_head > sh_ks.h\n"); 433 469 fprintf(stderr, " $ make\n\n"); 434 470 exit (EXIT_FAILURE); … … 438 474 printf("#define SH_KERN_CALLS_H\n\n"); 439 475 440 printf("\n/* Kernel %s, machine %s -- use table %s*/\n\n",476 printf("\n/* Kernel %s, machine %s, %d bit -- use table callz_2p4 */\n\n", 441 477 p, utbuf.machine, 442 ( which == 2) ? "callz_2p2" : "callz_2p4");443 478 (is64 == 0) ? 32 : 64, 479 (is64 == 0) ? "syscalls_32" : "syscalls_64"); 444 480 445 481 /* initiate the system call table 446 482 */ 447 for (i = 0; i < SH_MAXCALLS; ++i)448 { 449 if (which == 2)450 { 451 if ( callz_2p2[i] == NULL)483 if (is64 == 0) 484 { 485 for (i = 0; i < SH_MAXCALLS; ++i) 486 { 487 if (syscalls_32[i] == NULL) 452 488 break; 453 strcpy(sh_smap[i].name, callz_2p2[i]); 454 } 455 else 456 { 457 if (callz_2p4[i] == NULL) 489 strcpy(sh_smap[i].name, syscalls_32[i]); 490 sh_smap[i].addr = 0UL; 491 } 492 if (minor == 6) /* fix syscall map for 2.6 */ 493 { 494 strcpy(sh_smap[0].name, "sys_restart_syscall"); 495 strcpy(sh_smap[180].name, "sys_pread64"); 496 strcpy(sh_smap[181].name, "sys_pwrite64"); 497 } 498 } 499 else /* x86_64 */ 500 { 501 for (i = 0; i < SH_MAXCALLS; ++i) 502 { 503 if (syscalls_64[i] == NULL) 458 504 break; 459 strcpy(sh_smap[i].name, callz_2p4[i]); 460 } 461 sh_smap[i].addr = 0UL; 462 } 463 464 if (which == 6) /* fix syscall map for 2.6 */ 465 { 466 strcpy(sh_smap[0].name, "sys_restart_syscall"); 467 strcpy(sh_smap[180].name, "sys_pread64"); 468 strcpy(sh_smap[181].name, "sys_pwrite64"); 469 } 505 strcpy(sh_smap[i].name, syscalls_64[i]); 506 sh_smap[i].addr = 0UL; 507 } 508 } 509 470 510 count = i; 471 511 472 /* get the actual number of the highest syscall sand use no more.512 /* get the actual number of the highest syscall and use no more. 473 513 * get sys_call_table and system_call 474 514 */ … … 480 520 exit (EXIT_FAILURE); 481 521 } 522 482 523 if (addr_system_call == 0L) 483 524 { … … 502 543 } 503 544 } 504 if (which < 6) 545 546 if (minor < 6) 505 547 { 506 548 maxcall = (maxcall > 256) ? 256 : maxcall; … … 622 664 } 623 665 624 if (two_six_seventeen_plus == 1) { 625 printf("#define TWO_SIX_SEVENTEEN_PLUS 1\n\n"); 626 } 666 if (KERNEL_VERSION(major,minor,micro) >= KERNEL_VERSION(2,6,17)) 667 { 668 printf("#define TWO_SIX_SEVENTEEN_PLUS 1\n\n"); 669 } 627 670 628 671 printf("#endif\n"); -
trunk/src/sh_cat.c
r265 r279 121 121 { MSG_UT_LG3C, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, 122 122 { MSG_UT_ROT, SH_ERR_WARN, RUN, N_("msg=\"Logfile size decreased\" path=\"%s\"")}, 123 124 { MSG_UT_BAD, SH_ERR_SEVERE, EVENT, N_("msg=\"Login at disallowed time\" userid=\"%s\" host=\"%s\" time=\"%s\"")}, 125 { MSG_UT_FIRST, SH_ERR_SEVERE, EVENT, N_("msg=\"First login from this host\" userid=\"%s\" host=\"%s\" time=\"%s\"")}, 126 { MSG_UT_OUTLIER, SH_ERR_SEVERE, EVENT, N_("msg=\"Login time outlier\" userid=\"%s\" host=\"%s\" time=\"%s\"")}, 123 127 124 128 #endif … … 454 458 { MSG_UT_ROT, SH_ERR_WARN, RUN, N_("msg=<Logfile size decreased>, path=<%s>")}, 455 459 460 { MSG_UT_BAD, SH_ERR_SEVERE, EVENT, N_("msg=<Login at disallowed time> userid=<%s> host=<%s> time=<%s>")}, 461 { MSG_UT_FIRST, SH_ERR_SEVERE, EVENT, N_("msg=<First login from this host> userid=<%s> host=<%s> time=<%s>")}, 462 { MSG_UT_OUTLIER, SH_ERR_SEVERE, EVENT, N_("msg=<Login time outlier> userid=<%s> host=<%s> time=<%s>")}, 456 463 #endif 457 464 -
trunk/src/sh_err_log.c
r248 r279 377 377 key[0] = '\0'; 378 378 379 while (s l_strlen(key) < KEY_LEN )379 while (strlen(key) < KEY_LEN ) 380 380 { 381 381 if (key[0] != '\n' && key[0] != '\0') -
trunk/src/sh_err_syslog.c
r170 r279 131 131 } 132 132 133 133 static int sh_stamp_priority = LOG_ERR; 134 135 /* set priority for heartbeat messages 136 */ 137 int sh_log_set_stamp_priority (const char * c) 138 { 139 int retval = 0; 140 141 if (0 == strcmp(c, _("LOG_DEBUG"))) { sh_stamp_priority = LOG_DEBUG; } 142 else if (0 == strcmp(c, _("LOG_INFO"))) { sh_stamp_priority = LOG_INFO; } 143 else if (0 == strcmp(c, _("LOG_NOTICE"))) { sh_stamp_priority = LOG_NOTICE;} 144 else if (0 == strcmp(c, _("LOG_WARNING"))) { sh_stamp_priority = LOG_WARNING;} 145 else if (0 == strcmp(c, _("LOG_ERR"))) { sh_stamp_priority = LOG_ERR; } 146 else if (0 == strcmp(c, _("LOG_CRIT"))) { sh_stamp_priority = LOG_CRIT; } 147 else if (0 == strcmp(c, _("LOG_ALERT"))) { sh_stamp_priority = LOG_ALERT; } 148 #ifdef LOG_EMERG 149 else if (0 == strcmp(c, _("LOG_EMERG"))) { sh_stamp_priority = LOG_EMERG; } 150 #endif 151 else { retval = -1; } 152 153 return retval; 154 } 134 155 135 156 /* syslog error message … … 154 175 else if (severity == SH_ERR_NOTICE) priority = LOG_NOTICE; 155 176 else if (severity == SH_ERR_WARN) priority = LOG_WARNING; 156 else if (severity == SH_ERR_STAMP) priority = LOG_ERR;177 else if (severity == SH_ERR_STAMP) priority = sh_stamp_priority; 157 178 else if (severity == SH_ERR_ERR) priority = LOG_ERR; 158 179 else if (severity == SH_ERR_SEVERE) priority = LOG_CRIT; -
trunk/src/sh_hash.c
r252 r279 1805 1805 sl_write (pushdata_fd, _(" Date "), 6); 1806 1806 (void) sh_unix_time(0, timestring, sizeof(timestring)); 1807 sl_write (pushdata_fd, timestring, s l_strlen(timestring));1807 sl_write (pushdata_fd, timestring, strlen(timestring)); 1808 1808 sl_write (pushdata_fd, "\n", 1); 1809 1809 } else { -
trunk/src/sh_kern.c
r277 r279 137 137 */ 138 138 #ifdef SH_SYS_CALL_TABLE 139 static unsigned intkaddr = SH_SYS_CALL_TABLE;139 static unsigned long kaddr = SH_SYS_CALL_TABLE; 140 140 #else 141 static unsigned intkaddr = 0;141 static unsigned long kaddr = 0; 142 142 #endif 143 143 … … 268 268 #ifdef HOST_IS_LINUX 269 269 270 #ifndef KERNEL_VERSION 271 #define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c)) 272 #endif 273 270 274 /* 271 275 * Interrupt Descriptor Table … … 281 285 static char * sh_strseg(unsigned short segment) 282 286 { 287 static int flip = 0; 288 static char one[32]; 289 static char two[32]; 290 283 291 switch (segment) { 284 292 #ifdef __KERNEL_CS … … 299 307 #endif 300 308 default: 301 return _("unknown"); 309 if (flip == 0) 310 { 311 snprintf(one, sizeof(one), "%hX", segment); 312 flip = 1; 313 return one; 314 } 315 else 316 { 317 snprintf(two, sizeof(two), "%hX", segment); 318 flip = 0; 319 return two; 320 } 302 321 } 303 322 } … … 550 569 unsigned int kmem_code_table[SH_KERN_SIZ][2]; 551 570 552 unsigned char buf[6];553 unsigned short idt_size;554 unsigned long idt_addr;555 556 571 unsigned char new_system_call_code[SH_KERN_SCC]; 557 572 … … 620 635 * and read the content into the global array sh_idt_table[] 621 636 */ 622 __asm__ volatile ("sidt %0": "=m" (buf)); 623 idt_size = *((unsigned short *) &buf[0]); 624 idt_addr = *((unsigned long *) &buf[2]); 625 idt_size = (idt_size + 1)/8; 637 struct { 638 char pad[6]; 639 unsigned short size; 640 unsigned long addr; 641 } idt; 642 643 __asm__ volatile ("sidt %0": "=m" (idt.size)); 644 645 idt.size = (idt.size + 1)/8; 626 646 627 if (idt _size > SH_MAXIDT)628 idt _size = SH_MAXIDT;647 if (idt.size > SH_MAXIDT) 648 idt.size = SH_MAXIDT; 629 649 630 650 memset(sh_idt_table, '\0', SH_MAXIDT*8); 631 if (sh_kern_read_data (kd, idt _addr,632 (unsigned char *) sh_idt_table, idt _size*8))651 if (sh_kern_read_data (kd, idt.addr, 652 (unsigned char *) sh_idt_table, idt.size*8)) 633 653 status = -5; 634 654 } … … 660 680 } 661 681 /* 2.6.21 (((2) << 16) + ((6) << 8) + (21)) */ 662 #if SH_KERNEL_NUMBER < 132629682 #if SH_KERNEL_NUMBER < KERNEL_VERSION(2,6,21) 663 683 if(status == 0) 664 684 { … … 669 689 } 670 690 #else 671 memset(&proc_root_inode, '\0', sizeof(proc_root_inode));691 memset(&proc_root_inode, '\0', sizeof(proc_root_inode)); 672 692 #endif 673 693 … … 1062 1082 static void check_proc_root (struct sh_kernel_info * kinfo) 1063 1083 { 1064 struct proc_dir_entry proc_root_dir; 1084 struct proc_dir_entry proc_root_dir; 1085 struct inode_operations * proc_root_inode_op = NULL; 1065 1086 1066 1087 /* 2.6.21 (((2) << 16) + ((6) << 8) + (21)) */ 1067 #if SH_KERNEL_NUMBER < 1326291088 #if SH_KERNEL_NUMBER < KERNEL_VERSION(2,6,21) 1068 1089 struct inode_operations proc_root_inode; 1069 1090 … … 1080 1101 1081 1102 memcpy (&proc_root_dir, &(kinfo->proc_root_dir), sizeof(struct proc_dir_entry)); 1082 if ( (((unsigned int) * &proc_root_dir.proc_iops) != proc_root_iops) 1083 && (proc_root_dir.size != proc_root_iops) 1084 && (((unsigned int) * &proc_root_dir.proc_fops) != proc_root_iops) 1085 ) 1103 1104 if (((unsigned long) * &proc_root_dir.proc_iops) == proc_root_iops) 1105 { 1106 proc_root_inode_op = (struct inode_operations *) &(proc_root_dir.proc_iops); 1107 } 1108 else if (proc_root_dir.size == proc_root_iops) 1109 { 1110 proc_root_inode_op = (struct inode_operations *) &(proc_root_dir.size); 1111 } 1112 else if ((unsigned long) * &proc_root_dir.proc_fops == proc_root_iops) 1113 { 1114 proc_root_inode_op = (struct inode_operations *) &(proc_root_dir.proc_fops); 1115 } 1116 1117 if (!proc_root_inode_op) 1086 1118 { 1087 1119 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_KERN_PROC, … … 1365 1397 if (kd < 0) 1366 1398 { 1399 kd = aud_open(FIL__, __LINE__, SL_YESPRIV, _("/proc/kmem"), O_RDONLY, 0); 1400 } 1401 1402 if (kd < 0) 1403 { 1367 1404 status = errno; 1368 1405 sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, -
trunk/src/sh_port2proc.c
r252 r279 322 322 /* returns the command and fills the 'user' array 323 323 */ 324 static char * port2proc_query(char * file, int proto, struct in_addr * saddr, int sport, 324 static char * port2proc_query(char * file, int proto, 325 struct in_addr * saddr, int sport, 325 326 unsigned long * pid, char * user, size_t userlen) 326 327 { -
trunk/src/sh_readconf.c
r272 r279 255 255 sh.host.release, sh.host.machine); 256 256 257 if (sl_strncmp (p, myident, s l_strlen(myident)) == 0257 if (sl_strncmp (p, myident, strlen(myident)) == 0 258 258 #ifdef HAVE_REGEX_H 259 259 || sh_util_regcmp (p, myident) == 0 … … 1202 1202 sh_log_set_facility }, 1203 1203 1204 { N_("syslogmapstampto"), SH_SECTION_LOG, SH_SECTION_MISC, 1205 sh_log_set_stamp_priority }, 1206 1204 1207 { N_("mactype"), SH_SECTION_MISC, SH_SECTION_NONE, 1205 1208 sh_util_sigtype }, -
trunk/src/sh_unix.c
r265 r279 670 670 sig_force_check = 1; 671 671 #endif 672 #ifdef SIGTTIN 673 if (mysignal == SIGTTIN) 674 sig_fresh_trail = 1; 675 #endif 672 676 #ifdef SIGABRT 673 677 if (mysignal == SIGABRT) … … 837 841 retry_sigaction(FIL__, __LINE__, SIGTSTP, &ignact, &oldact); 838 842 #endif 839 #ifdef SIGTTIN 840 retry_sigaction(FIL__, __LINE__, SIGTTIN, &ignact, &oldact); 841 #endif 843 842 844 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) 843 845 #ifdef SIGTTOU … … 847 849 retry_sigaction(FIL__, __LINE__, SIGTTOU, &ignact, &oldact); 848 850 #endif 851 #ifdef SIGTTIN 852 if (goDaemon == 1) 853 retry_sigaction(FIL__, __LINE__, SIGTTIN, &act2, &oldact); 854 else 855 retry_sigaction(FIL__, __LINE__, SIGTTIN, &ignact, &oldact); 856 #endif 849 857 #else 850 858 #ifdef SIGTTOU 851 859 retry_sigaction(FIL__, __LINE__, SIGTTOU, &ignact, &oldact); 860 #endif 861 #ifdef SIGTTIN 862 retry_sigaction(FIL__, __LINE__, SIGTTIN, &ignact, &oldact); 852 863 #endif 853 864 #endif … … 3128 3139 SL_RETURN(0, _("sh_unix_getinfo_attr")); 3129 3140 } 3130 #else3131 static3132 int sh_unix_getinfo_attr (char * name,3133 unsigned long * flags,3134 char * c_attr,3135 int fd, struct stat * buf)3136 {3137 return 0;3138 }3139 3141 3140 3142 /* defined(__linux__) || defined(HAVE_STAT_FLAGS) */ … … 3905 3907 theFile->attributes = 0; 3906 3908 3909 #if (defined(__linux__) && (defined(HAVE_LINUX_EXT2_FS_H) || defined(HAVE_EXT2FS_EXT2_FS_H))) || defined(HAVE_STAT_FLAGS) 3907 3910 if (theFile->c_mode[0] != 'c' && theFile->c_mode[0] != 'b' && 3908 3911 theFile->c_mode[0] != 'l' ) … … 3910 3913 &theFile->attributes, theFile->c_attributes, 3911 3914 fd, &buf); 3915 #endif 3912 3916 #endif 3913 3917 -
trunk/src/sh_utmp.c
r262 r279 225 225 }, 226 226 { 227 N_("logincheckfirst"), 228 sh_login_set_checklevel 229 }, 230 { 231 N_("logincheckoutlier"), 232 sh_login_set_siglevel 233 }, 234 { 235 N_("logincheckdate"), 236 sh_login_set_def_allow 237 }, 238 { 239 N_("logincheckuserdate"), 240 sh_login_set_user_allow 241 }, 242 { 227 243 NULL, 228 244 NULL … … 237 253 ShUtmpActive = S_TRUE; 238 254 ShUtmpInterval = 300; 255 256 sh_login_reset(); 239 257 return; 240 258 } … … 498 516 int sh_utmp_init (struct mod_type * arg) 499 517 { 518 #if !defined(HAVE_PTHREAD) 519 (void) arg; 520 #endif 500 521 if (ShUtmpActive == BAD) 501 522 return SH_MOD_FAILED; … … 548 569 init_done = 0; 549 570 571 #if defined(HAVE_PTHREAD) 550 572 sh_inotify_remove(&inotify_watch); 573 #endif 551 574 552 575 SL_RETURN( (0), _("sh_utmp_end")); … … 557 580 { 558 581 set_defaults(); 582 #if defined(HAVE_PTHREAD) 559 583 sh_inotify_remove(&inotify_watch); 584 #endif 560 585 return 0; 561 586 } … … 1206 1231 } 1207 1232 1233 extern void sh_ltrack_check(struct SH_UTMP_S * ut); 1208 1234 1209 1235 static void sh_utmp_login_morechecks(struct SH_UTMP_S * ut) 1210 1236 { 1211 if (ut) 1212 return; 1237 sh_ltrack_check(ut); 1213 1238 return; 1214 1239 } … … 1216 1241 static void sh_utmp_logout_morechecks(struct log_user * user) 1217 1242 { 1218 if (user) 1219 return; 1243 (void) user; 1220 1244 return; 1221 1245 } -
trunk/src/slib.c
r272 r279 16 16 #endif 17 17 18 #include <sys/types.h> 19 #include <sys/stat.h> 18 20 #include <unistd.h> 19 #include <sys/stat.h>20 #include <sys/types.h>21 21 #include <fcntl.h> 22 22 #include <signal.h> … … 259 259 else 260 260 sl_strlcpy(tmp, fmt, 256); 261 retval = s l_strlen(tmp);261 retval = strlen(tmp); 262 262 if (retval > 0 && tmp[retval-1] == '\n') 263 263 tmp[retval-1] = '\0'; … … 274 274 sprintf (val, _("[%2d] "), trace_level); 275 275 sl_strlcat (msg, val, 256); 276 sl_vsnprintf (&msg[s l_strlen(msg)], 255, tmp, ap);276 sl_vsnprintf (&msg[strlen(msg)], 255, tmp, ap); 277 277 sl_snprintf (tmp, 255, _(" \t - File %c%s%c at line %d"), 278 278 0x22, file, 0x22, line); -
trunk/test/testcompile.sh
r257 r279 378 378 fi 379 379 # 380 [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; SMATCH=""; export SMATCH; } 381 # 380 382 ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-process-check --enable-port-check --enable-static > /dev/null 2>> test_log 381 383 # … … 386 388 let "num = num + 1" >/dev/null 387 389 run_uno $? $num || let "numfail = numfail + 1" >/dev/null 388 390 # 391 [ -z "${SMATCH_CC}" ] || { CC="${SMATCH_CC}"; export CC; SMATCH="${SAVE_SMATCH}"; export SMATCH; } 389 392 # 390 393 # test standalone compilation
Note:
See TracChangeset
for help on using the changeset viewer.