- Location:
- /trunk
- Files:
-
- 11 edited
-
docs/Changelog (modified) (1 diff)
-
dsys/comINSTALL (modified) (6 diffs)
-
dsys/funcINSTALL (modified) (2 diffs)
-
man/samhain.8 (modified) (2 diffs)
-
scripts/samhainadmin.pl.in (modified) (9 diffs)
-
src/sh_calls.c (modified) (1 diff)
-
src/sh_database.c (modified) (5 diffs)
-
src/sh_forward.c (modified) (1 diff)
-
src/sh_hash.c (modified) (2 diffs)
-
src/sh_kern.c (modified) (4 diffs)
-
src/sh_prelude.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
/trunk/docs/Changelog
r1 r3 1 1 2 2.1.1: 3 * sh_calls.c: protect sh_calls_set_bind_addr against overriding 4 * comINSTALL, updateDB: use locking 5 * samhainadmin.pl: use locking 2 6 * fix typos in samhainrc.solaris (noticed by Robby Cauwerts) 3 7 * improve zAVLSearch (remove redundant strcmp) 4 * use AVL tree in sh_files.c instead of linked list ( scales way better)8 * use AVL tree in sh_files.c instead of linked list (better scaling) 5 9 * fix bug with suidcheck (no update/check in one-shot mode with 6 10 schedule instead of check interval; noticed by R. Rati) -
/trunk/dsys/comINSTALL
r1 r3 340 340 #--------------------------------------------------------------------- 341 341 342 instlock="${yule_conf}.lockdir"; 343 trap "rm -rf ${instlock}" 1 2 13 15 344 345 if test x"$simulate" = x0 346 then 347 # 348 # A lockfile will not work, because 'root' can write anyway. 349 # However, 'mkdir' an existing directory will fail even for root 350 # 351 until (umask 222; mkdir "${instlock}") 2>/dev/null # test & set 352 do 353 printINFO "Waiting for lock" 354 sleep 1 355 done 356 fi 357 342 358 Replace=`"${yule_exec}" -P "${is_passwd}" | sed s%HOSTNAME%${host}%g` 343 359 if test "x$Replace" = x 344 360 then 361 rm -rf "${instlock}" 345 362 printFATAL "Could not execute ${yule_exec} -P ${is_passwd}." 346 363 fi … … 356 373 then 357 374 Seen=y 358 echo "$Replace" >>"$tmpF" || printFATAL "Cannot write new server configuration." 375 echo "$Replace" >>"$tmpF" 376 if [ $? -ne 0 ]; then 377 rm -rf "${instlock}" 378 printFATAL "Cannot write new server configuration." 379 fi 359 380 fi 360 381 else … … 363 384 : 364 385 else 365 echo "$line" >>"$tmpF" || printFATAL "Cannot write new server configuration." 386 echo "$line" >>"$tmpF" 387 if [ $? -ne 0 ]; then 388 rm -rf "${instlock}" 389 printFATAL "Cannot write new server configuration." 390 fi 366 391 fi 367 392 fi … … 380 405 if test x"$simulate" = x0 381 406 then 382 ageFILE "${yule_conf}" || printFATAL "Could not backup ${yule_conf}." 383 rm -f "${yule_conf}" && { cp "$tmpF" "${yule_conf}" || printFATAL "Could not write new server config. Backup is ${yule_conf}.1"; } 384 chown ${rcfile_owner}:${rcfile_group} "${yule_conf}" || printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_conf}" 385 chmod ${rcfile_perm} "${yule_conf}" || printFATAL "Could not chmod ${rcfile_perm} ${yule_conf}" 407 ageFILE "${yule_conf}" 408 if [ $? -ne 0 ]; then 409 rm -rf "${instlock}" 410 printFATAL "Could not backup ${yule_conf}" 411 fi 412 413 rm -f "${yule_conf}" && cp "$tmpF" "${yule_conf}" 414 if [ $? -ne 0 ]; then 415 rm -rf "${instlock}" 416 printFATAL "Could not write new server config. Backup is ${yule_conf}.1" 417 fi 418 419 chown ${rcfile_owner}:${rcfile_group} "${yule_conf}" 420 if [ $? -ne 0 ]; then 421 rm -rf "${instlock}" 422 printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_conf}" 423 fi 424 425 chmod ${rcfile_perm} "${yule_conf}" 426 if [ $? -ne 0 ]; then 427 rm -rf "${instlock}" 428 printFATAL "Could not chmod ${rcfile_perm} ${yule_conf}" 429 fi 386 430 else 387 431 printINFO "Backup and update ${yule_conf}" … … 423 467 sleep 5 424 468 # 469 rm -rf "${instlock}" 425 470 else 426 471 printINFO "Reloading server configuration." … … 428 473 429 474 printLOG "Server configuration updated and reloaded." 475 430 476 431 477 #--------------------------------------------------------------------- -
/trunk/dsys/funcINSTALL
r1 r3 91 91 DATABASE="${basedir}/${defdatabase}" 92 92 fi 93 94 updlock="${DATABASE}.lockdir" 95 trap "rm -rf ${updlock}" 1 2 13 15 96 97 # 98 # A lockfile will not work, because 'root' can write anyway. 99 # However, 'mkdir' an existing directory will fail even for root 100 # 101 until (umask 222; mkdir "${updlock}") 2>/dev/null # test & set 102 do 103 printINFO "Waiting for lock" 104 sleep 1 105 done 106 93 107 94 108 IDATE=`date +"%Y-%m-%d %H:%M:%S"` … … 223 237 fi 224 238 225 chown ${rcfile_owner}:${rcfile_group} "${DATABASE}" || printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${DATABASE}" 226 chmod ${rcfile_perm} "${DATABASE}" || printFATAL "Could not chmod ${rcfile_perm} ${DATABASE}" 227 239 chown ${rcfile_owner}:${rcfile_group} "${DATABASE}" 240 if [ $? -ne 0 ]; then 241 rm -rf "${instlock}" 242 printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${DATABASE}" 243 fi 244 chmod ${rcfile_perm} "${DATABASE}" 245 if [ $? -ne 0 ]; then 246 rm -rf "${instlock}" 247 printFATAL "Could not chmod ${rcfile_perm} ${DATABASE}" 248 fi 249 250 rm -rf "${updlock}" 228 251 } 229 252 -
/trunk/man/samhain.8
r1 r3 14 14 { 15 15 .I \-t update|\-\-set\-checksum\-test=update 16 } [\- r DEPTH|\-\-recursion=DEPTH] [log-options]16 } [\-D | \-\-daemon | \-\-foreground] [\-\-forever] [\-r DEPTH|\-\-recursion=DEPTH] [log-options] 17 17 18 18 .B samhain … … 195 195 [\-r DEPTH|\-\-recursion=DEPTH] 196 196 Set the (global) recursion depth. 197 .TP 198 [\-D|\-\-daemon] 199 Run as daemon. File checks are performed as specified by the timing 200 options in the configuration file. Updates are saved after each file check. 201 .TP 202 [\-\-foreground] 203 Run in the foreground. This will cause samhain to exit after the update, 204 unless the option 205 .I "\-\-forever" 206 is used. 207 .TP 208 [\-\-forever] 209 If not running as daemon, do not exit after finishing the update, but 210 loop forever, and perform checks with corresponding database updates 211 according to the timing options in the 212 configuration file. 197 213 198 214 .PP -
/trunk/scripts/samhainadmin.pl.in
r1 r3 23 23 use Getopt::Long; 24 24 use File::Basename; 25 use File::Copy; 25 26 use File::stat; 26 27 use File::Temp qw/ tempfile tempdir unlink0 /; 27 28 use IO::Handle; 29 use Fcntl qw(:DEFAULT :flock); 28 30 29 31 File::Temp->safe_level( File::Temp::HIGH ); … … 36 38 my $return_from_sign = 0; 37 39 my $no_print_examine = 0; 40 my $no_remove_lock = 0; 38 41 my $base = basename($0); 39 42 … … 42 45 my $daemon = "@sbindir@/@install_name@"; 43 46 my $gpg = "@mygpg@"; 47 48 $cfgfile =~ s/^REQ_FROM_SERVER//; 49 $datafile =~ s/^REQ_FROM_SERVER//; 44 50 45 51 $gpg = "gpg" if ($gpg eq ""); … … 186 192 187 193 my $dir = tempdir( CLEANUP => 1 ); 188 $filename = $dir . "/exa_jhfdbilw ";194 $filename = $dir . "/exa_jhfdbilw." . $$; 189 195 open $fh, ">$filename" or die "Cannot open $filename"; 190 196 autoflush $fh 1; … … 281 287 open FH, "<$file1" or die "Cannot open file $file1 for read: $!"; 282 288 if (!($file1 =~ /^\-$/)) { 289 flock(FH, LOCK_EX) unless ($no_remove_lock == 1); 283 290 my $dir = tempdir( CLEANUP => 1 ) or die "Tempdir failed"; 284 $filename = $dir . "/rem_iqegBCQb ";291 $filename = $dir . "/rem_iqegBCQb." . $$; 285 292 open $fh, ">$filename" or die "Cannot open $filename"; 286 293 $stats = stat($file1); … … 313 320 } 314 321 if (!($file1 =~ /^\-$/)) { 315 my $command = "cp $filename $file1"; 316 system ($command) == 0 317 or die "system $command failed: $?"; 322 copy("$filename", "$file1") 323 or die "Copy $filename to $file1 failed: $!"; 318 324 chmod $stats->mode, $file1; 319 325 chown $stats->uid, $stats->gid, $file1; 326 flock(FH, LOCK_UN) unless ($no_remove_lock == 1); 327 close FH; 320 328 } 321 329 unlink0( $fh, $filename ) or die "Cannot unlink $filename safely"; … … 386 394 if ($file1 =~ /^\-$/) { 387 395 my $dir = tempdir( CLEANUP => 1 ) or die "Tempdir failed"; 388 $filename1 = $dir . "/sig_vs8827sd ";396 $filename1 = $dir . "/sig_vs8827sd." . $$; 389 397 open $fh1, ">$filename1" or die "Cannot open $filename1"; 390 398 $flag1 = 1; … … 419 427 $fileout = '-'; 420 428 } else { 429 open (LOCKFILE, "<$file1") or die "Cannot open $file1: $!"; 430 flock(LOCKFILE, LOCK_EX); 421 431 $no_print_examine = 1; 432 $no_remove_lock = 1; 422 433 if (examine() < 2) { 423 434 remove(); 424 435 } 425 436 $fileout = $file1 . ".asc"; 426 $stats = stat($file1); 437 $stats = stat($file1) 438 or die "No file $file1: $!"; 427 439 } 428 440 … … 446 458 die ("Signed file is smaller than unsigned file") 447 459 unless ($st_new->size > $st_old->size); 448 system ("mv $fileout $file2") == 0449 or die " system mv $fileout $file2 failed: $?";460 move("$fileout", "$file2") 461 or die "Move $fileout to $file2 failed: $!"; 450 462 chmod $stats->mode, $file2; 451 463 chown $stats->uid, $stats->gid, $file2; 464 flock(LOCKFILE, LOCK_UN); 452 465 } 453 466 -
/trunk/src/sh_calls.c
r1 r3 138 138 int sh_calls_set_bind_addr (char * str) 139 139 { 140 static int reject = 0; 141 142 if (reject == 1) 143 return (0); 144 145 if (sh.flag.opts == S_TRUE) 146 reject = 1; 147 140 148 if (0 == /*@-unrecog@*/inet_aton(str, &bind_addr)/*@+unrecog@*/) 141 149 { -
/trunk/src/sh_database.c
r1 r3 38 38 #include "sh_error.h" 39 39 #include "sh_utils.h" 40 41 extern int safe_logger (int signal, int method, pid_t thepid); 40 42 41 43 #undef FIL__ … … 1009 1011 { 1010 1012 int status = 0; 1011 c har* p;1013 const char * p; 1012 1014 static MYSQL * db_conn = NULL; 1013 1015 static SH_TIMEOUT sh_timer = { 0, 3600, S_TRUE }; … … 1447 1449 retv = S_FALSE; 1448 1450 } 1451 else if (*p == '\"' && escp == 0) 1452 { 1453 retv = S_FALSE; 1454 } 1449 1455 else 1450 1456 { … … 1453 1459 ++p; 1454 1460 } 1461 if (escp == 1) 1462 retv = S_FALSE; 1455 1463 return retv; 1456 1464 } … … 1546 1554 1547 1555 if (S_FALSE == is_escaped(&p[j+2])) { 1556 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, 1557 _("Message not properly escaped"), 1558 _("sh_database_parse")); 1548 1559 SL_RETURN(NULL, _("sh_database_parse")); 1549 1560 } -
/trunk/src/sh_forward.c
r1 r3 1944 1944 SL_RET0(_("free_client")); 1945 1945 } 1946 1947 extern int safe_logger (int signal, int method, pid_t thepid); 1946 1948 1947 1949 int sh_forward_register_client (char * str) -
/trunk/src/sh_hash.c
r1 r3 653 653 { 654 654 sh_file_t * p; 655 sh_file_t * q; 655 656 int key; 656 657 … … 674 675 strlen(s->fullpath) == strlen(p->fullpath)) 675 676 { 676 SH_FREE(s->fullpath); 677 if(s->linkpath) 678 SH_FREE(s->linkpath); 677 q = p->next; 678 SH_FREE(p->fullpath); 679 if(p->linkpath) 680 SH_FREE(p->linkpath); 681 memcpy(p, s, sizeof(sh_file_t)); 682 p->next = q; 679 683 SH_FREE(s); 680 684 s = NULL; -
/trunk/src/sh_kern.c
r1 r3 859 859 * Stored(old) is system_call_code[] 860 860 */ 861 if (sh.flag.checkSum == SH_CHECK_INIT )861 if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) 862 862 { 863 863 store0 = 0; store1 = 0; store2 = 0; … … 935 935 * Stored(old) is sh_syscalls[] array. 936 936 */ 937 if (sh.flag.checkSum == SH_CHECK_INIT )937 if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) 938 938 { 939 939 for (i = 0; i < SH_MAXCALLS; ++i) … … 1125 1125 if (ShKernIDT == S_TRUE) 1126 1126 { 1127 if (sh.flag.checkSum == SH_CHECK_INIT )1127 if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) 1128 1128 { 1129 1129 datasize = 8; … … 1447 1447 * Stored(old) is sh_syscalls[] array. 1448 1448 */ 1449 if (sh.flag.checkSum == SH_CHECK_INIT )1449 if (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.update == S_TRUE) 1450 1450 { 1451 1451 for (i = 0; i < SH_MAXCALLS; ++i) -
/trunk/src/sh_prelude.c
r1 r3 795 795 796 796 if ( strstr(message, _("path=")) ) { 797 #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) 797 798 if ( msgid != MSG_FI_ADD && msgid != MSG_FI_ADD2 ) 798 799 get_file_infos(target, message, IDMEF_FILE_CATEGORY_ORIGINAL); 800 #endif 799 801 800 802 get_file_infos(target, message, IDMEF_FILE_CATEGORY_CURRENT);
Note:
See TracChangeset
for help on using the changeset viewer.
