- Timestamp:
- Aug 21, 2012, 7:12:10 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 17 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/configure.ac
r403 r405 12 12 dnl start 13 13 dnl 14 AM_INIT_AUTOMAKE(samhain, 3.0. 5)14 AM_INIT_AUTOMAKE(samhain, 3.0.6) 15 15 AC_DEFINE([SAMHAIN], 1, [Application is samhain]) 16 16 AC_CANONICAL_HOST -
trunk/docs/Changelog
r403 r405 1 3.0.6: 2 * fix bug in inotify code which made it follow symlinks (by [anonymous]) 3 * fix two missing SH_MUTEX_LOCK(mutex_thread_nolog) (by [anonymous]) 4 * fix for 'no such process' message from sh_fInotify_init_internal() 5 (by [anonymous]) 6 * fix for --enable-ptrace with threads (by [anonymous]) 7 * option SetReportFile for writing out summary after file check 8 1 9 3.0.5: 2 10 * fix xml format templates for registry check -
trunk/include/samhain.h
r373 r405 268 268 unsigned long dirs_checked; /* #dirs last check */ 269 269 unsigned long files_checked; /* #files last check */ 270 unsigned long files_report; /* #file reports */ 271 unsigned long files_error; /* #file access error */ 272 unsigned long files_nodir; /* #file not a directory*/ 270 273 } sh_sh_stat; 271 274 -
trunk/include/sh_error.h
r283 r405 187 187 void sh_error_logrestore(void); 188 188 189 /* short errfile 190 */ 191 void sh_efile_report(); 192 int sh_efile_path(const char * str); 193 189 194 /* (re)set the console device(s) 190 195 */ -
trunk/include/sh_unix.h
r381 r405 400 400 #endif 401 401 402 #if defined(__linux__) && defined(__GNUC__) && defined(__i386__) 403 __asm__ __volatile__ (".byte 0xf1"); 404 #else 402 /* raise() sends to same thread, like pthread_kill(pthread_self(), sig); 403 */ 405 404 raise(SIGTRAP); 406 #endif407 405 408 406 if (sh_not_traced == 0) 409 407 _exit(5); 408 410 409 sh_not_traced = 0; 411 410 return (0); -
trunk/src/samhain.c
r379 r405 422 422 /* The stats. 423 423 */ 424 sh.statistics.bytes_speed = 0; 425 sh.statistics.bytes_hashed = 0; 424 sh.statistics.bytes_speed = 0; 425 sh.statistics.bytes_hashed = 0; 426 sh.statistics.files_report = 0; 427 sh.statistics.files_error = 0; 428 sh.statistics.files_nodir = 0; 429 426 430 sh.statistics.mail_success = 0; 427 431 sh.statistics.mail_failed = 0; … … 1727 1731 /* -------- MAIN LOOP --------- 1728 1732 */ 1729 sh.statistics.bytes_speed = 0; 1730 sh.statistics.bytes_hashed = 0; 1733 sh.statistics.bytes_speed = 0; 1734 sh.statistics.bytes_hashed = 0; 1735 sh.statistics.files_report = 0; 1736 sh.statistics.files_error = 0; 1737 sh.statistics.files_nodir = 0; 1731 1738 1732 1739 while (1 == 1) … … 2016 2023 sh.statistics.dirs_checked = 0; 2017 2024 sh.statistics.files_checked = 0; 2025 sh.statistics.files_report = 0; 2026 sh.statistics.files_error = 0; 2027 sh.statistics.files_nodir = 0; 2018 2028 2019 2029 TPT((0, FIL__, __LINE__, _("msg=<Check directories.>\n"))) … … 2097 2107 (long) runtim, 2098 2108 0.001 * st_1); 2109 2110 if (sh.flag.checkSum != SH_CHECK_INIT) 2111 sh_efile_report(); 2099 2112 } 2100 2113 sh.fileCheck.alarm_last = time (NULL); -
trunk/src/sh_err_log.c
r279 r405 24 24 #include <sys/types.h> 25 25 #include <unistd.h> 26 #include <time.h> 26 27 27 28 #include "samhain.h" … … 1053 1054 } 1054 1055 1056 /* >>>>>>>>>>>>>>>>>>>>>>>>>>>> efile <<<<<<<<<<<<<<<<<< */ 1057 1058 static char * gEfile = NULL; 1059 static int gFail = 0; 1060 1061 int sh_efile_path(const char * str) 1062 { 1063 if (!str || !strcmp(str, _("none"))) 1064 { 1065 if (gEfile) 1066 SH_FREE(gEfile); 1067 gEfile = NULL; 1068 } 1069 else if (str[0] != '/') 1070 { 1071 return -1; 1072 } 1073 else 1074 { 1075 if (gEfile) 1076 SH_FREE(gEfile); 1077 gEfile = sh_util_strdup(str); 1078 } 1079 gFail = 0; 1080 return 0; 1081 } 1082 1083 /* write lock for filename 1084 */ 1085 static int sh_efile_lock (char * filename, int flag) 1086 { 1087 extern int get_the_fd (SL_TICKET ticket); 1088 size_t len; 1089 int res = -1; 1090 char myPid[64]; 1091 SL_TICKET fd; 1092 char * lockfile; 1093 int status; 1094 1095 sprintf (myPid, "%ld\n", (long) sh.pid); /* known to fit */ 1096 1097 if (filename == NULL) 1098 return res; 1099 1100 len = sl_strlen(filename); 1101 if (sl_ok_adds(len, 6)) 1102 len += 6; 1103 lockfile = SH_ALLOC(len); 1104 sl_strlcpy(lockfile, filename, len); 1105 sl_strlcat(lockfile, _(".lock"), len); 1106 1107 if ( 0 != (status = tf_trust_check (lockfile, SL_YESPRIV)) 1108 && gFail == 0) 1109 { 1110 char * tmp = sh_util_safe_name (lockfile); 1111 sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_TRUST, 1112 (long) sh.effective.uid, tmp); 1113 ++gFail; 1114 SH_FREE(tmp); 1115 } 1116 1117 if (status == 0) 1118 { 1119 if (flag == 0) 1120 { 1121 /* --- Delete the lock file. --- 1122 */ 1123 res = retry_aud_unlink (FIL__, __LINE__, lockfile); 1124 } 1125 else 1126 { 1127 unsigned int count = 0; 1128 1129 /* fails if file exists 1130 */ 1131 do { 1132 fd = sl_open_safe_rdwr (FIL__, __LINE__, 1133 lockfile, SL_YESPRIV); 1134 if (SL_ISERROR(fd)) 1135 { 1136 retry_msleep(0, 100); 1137 ++count; 1138 } 1139 1140 } while (SL_ISERROR(fd) && count < 3); 1141 1142 if (!SL_ISERROR(fd)) 1143 { 1144 int filed; 1145 1146 res = sl_write (fd, myPid, sl_strlen(myPid)); 1147 filed = get_the_fd(fd); 1148 fchmod (filed, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); 1149 sl_close (fd); 1150 } 1151 } 1152 } 1153 1154 SH_FREE(lockfile); 1155 return res; 1156 } 1157 1158 static size_t gSave[6] = { 0 }; 1159 1160 static void sh_efile_clear() 1161 { 1162 int i; 1163 1164 for (i = 0; i < 6; ++i) 1165 gSave[i] = 0; 1166 return; 1167 } 1168 1169 static void sh_efile_load(size_t * tmp) 1170 { 1171 int i; 1172 1173 if (SL_TRUE == sl_ok_adds (gSave[0], sh.statistics.bytes_hashed)) 1174 gSave[0] += sh.statistics.bytes_hashed; 1175 if (SL_TRUE == sl_ok_adds (gSave[1], sh.statistics.dirs_checked)) 1176 gSave[1] += sh.statistics.dirs_checked; 1177 if (SL_TRUE == sl_ok_adds (gSave[2], sh.statistics.files_checked)) 1178 gSave[2] += sh.statistics.files_checked; 1179 if (SL_TRUE == sl_ok_adds (gSave[3], sh.statistics.files_report)) 1180 gSave[3] += sh.statistics.files_report; 1181 if (SL_TRUE == sl_ok_adds (gSave[4], sh.statistics.files_error)) 1182 gSave[4] += sh.statistics.files_error; 1183 if (SL_TRUE == sl_ok_adds (gSave[5], sh.statistics.files_nodir)) 1184 gSave[5] += sh.statistics.files_nodir; 1185 1186 for (i = 0; i < 6; ++i) 1187 tmp[i] = gSave[i]; 1188 return; 1189 } 1190 1191 void sh_efile_report() 1192 { 1193 SL_TICKET fd; 1194 char *efile; 1195 int status = -1; 1196 1197 if (gEfile) 1198 { 1199 size_t tmp[6]; 1200 1201 sh_efile_load(tmp); 1202 1203 efile = sh_util_strdup(gEfile); 1204 1205 if (sh_efile_lock (efile, 1) < 0) 1206 goto end; 1207 1208 if ( 0 != (status = tf_trust_check (efile, SL_YESPRIV)) 1209 && gFail == 0) 1210 { 1211 char * tmp = sh_util_safe_name (efile); 1212 sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_TRUST, 1213 (long) sh.effective.uid, tmp); 1214 ++gFail; 1215 SH_FREE(tmp); 1216 } 1217 1218 if (status == 0) 1219 { 1220 fd = sl_open_write (FIL__, __LINE__, efile, SL_YESPRIV); 1221 1222 if (!SL_ISERROR(fd)) 1223 { 1224 char report[511]; 1225 char tstamp[TIM_MAX]; 1226 1227 time_t now = time(NULL); 1228 1229 (void) sh_unix_time (now, tstamp, sizeof(tstamp)); 1230 #ifdef HAVE_LONG_LONG 1231 sl_snprintf(report, sizeof(report), 1232 _("%s %lld %ld %ld %ld %ld %ld %ld\n"), 1233 tstamp, 1234 (long long) now, 1235 tmp[0], tmp[1], tmp[2], tmp[3], tmp[4], tmp[5]); 1236 #else 1237 sl_snprintf(report, sizeof(report), 1238 _("%s %ld %ld %ld %ld %ld %ld %ld\n"), 1239 tstamp, 1240 (long) now, 1241 tmp[0], tmp[1], tmp[2], tmp[3], tmp[4], tmp[5]); 1242 #endif 1243 1244 status = sl_forward(fd); 1245 if (!SL_ISERROR(status)) 1246 status = sl_write (fd, report, strlen(report)); 1247 (void) sl_sync(fd); 1248 (void) sl_close(fd); 1249 } 1250 else 1251 { 1252 status = -1; 1253 } 1254 } 1255 1256 (void) sh_efile_lock (efile, 0); 1257 end: 1258 SH_FREE(efile); 1259 1260 if (!SL_ISERROR(status)) 1261 { 1262 sh_efile_clear(); 1263 } 1264 } 1265 return; 1266 } -
trunk/src/sh_error.c
r383 r405 999 999 severity = sev; 1000 1000 1001 /* --- Some statistics. --- 1002 */ 1003 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) 1004 if ( ((1 << class) & ERROR_CLA) && 1005 (severity & (SH_ERR_ERR|SH_ERR_SEVERE|SH_ERR_FATAL))) 1006 { 1007 ++sh.statistics.files_error; 1008 } 1009 #endif 1010 1001 1011 /* these are messages from remote sources 1002 1012 */ -
trunk/src/sh_fInotify.c
r402 r405 515 515 sh_error_handle (level, FIL__, __LINE__, 0, MSG_FI_MISS, tmp); 516 516 SH_MUTEX_UNLOCK(mutex_thread_nolog); 517 517 ++sh.statistics.files_report; 518 518 SH_FREE(tmp); 519 519 return; -
trunk/src/sh_files.c
r402 r405 417 417 FIL__, __LINE__, 0, MSG_FI_MISS, 418 418 tmp); 419 ++sh.statistics.files_report; 419 420 } 420 421 } … … 476 477 FIL__, __LINE__, 0, MSG_FI_MISS, 477 478 tmp); 479 ++sh.statistics.files_report; 478 480 } 479 481 } … … 1437 1439 ShDFLevel[SH_ERR_T_DIR], FIL__, __LINE__, 1438 1440 0, MSG_FI_MISS, tmp); 1441 ++sh.statistics.files_report; 1439 1442 SH_FREE(tmp); 1440 1443 } … … 1460 1463 FIL__, __LINE__, 0, MSG_FI_ADD, 1461 1464 tmp); 1465 ++sh.statistics.files_report; 1462 1466 SH_FREE(tmp); 1463 1467 #endif … … 2023 2027 MSG_FI_NODIR, 2024 2028 tmpname); 2029 ++sh.statistics.files_nodir; 2025 2030 SH_FREE(tmpname); 2026 2031 if (theFile->attr_string) SH_FREE(theFile->attr_string); -
trunk/src/sh_hash.c
r402 r405 464 464 MSG_FI_MISS2, tmp, str); 465 465 SH_MUTEX_UNLOCK(mutex_thread_nolog); 466 ++sh.statistics.files_report; 466 467 467 468 SH_FREE(tmp); … … 576 577 sh_error_handle (level, FIL__, __LINE__, 0, 577 578 MSG_FI_MISS2, tmp, str); 579 ++sh.statistics.files_report; 578 580 SH_FREE(str); 579 581 if (theFile->attr_string) SH_FREE(theFile->attr_string); … … 621 623 sh_error_handle (level, FIL__, __LINE__, 0, 622 624 MSG_FI_MISS2, tmp, str); 625 ++sh.statistics.files_report; 623 626 SH_FREE(str); 624 627 if (theFile->attr_string) … … 2992 2995 MSG_FI_ADD2, 2993 2996 tmp, str); 2997 ++sh.statistics.files_report; 2994 2998 SH_FREE(str); 2995 2999 … … 3638 3642 (policy_override == NULL) ? _(policy[class]):log_policy, 3639 3643 change_code, tmp_path, msg); 3644 ++sh.statistics.files_report; 3640 3645 3641 3646 SH_FREE(tmp_path); -
trunk/src/sh_inotify.c
r388 r405 468 468 } 469 469 470 #if !defined(IN_DONT_FOLLOW) 471 #define IN_DONT_FOLLOW 0 472 #endif 473 470 474 #define SH_INOTIFY_FILEFLAGS \ 471 (IN_ATTRIB|IN_MODIFY|IN_DELETE_SELF|IN_MOVE_SELF|IN_UNMOUNT )475 (IN_ATTRIB|IN_MODIFY|IN_DELETE_SELF|IN_MOVE_SELF|IN_UNMOUNT|IN_DONT_FOLLOW) 472 476 #define SH_INOTIFY_DIRFLAGS \ 473 477 (SH_INOTIFY_FILEFLAGS|IN_DELETE|IN_CREATE|IN_MOVED_FROM|IN_MOVED_TO) 474 478 475 479 #define SH_INOTIFY_FLAGS (SH_INOTIFY_FILEFLAGS|SH_INOTIFY_DIRFLAGS) 480 476 481 477 482 /* Create an item and put it on the 'dormant' list for later watch creation … … 639 644 if (*errnum != 0) 640 645 { 641 (*errnum == -1) ? *errnum = ENOMEM : EEXIST; 646 /* zAVLInsert returns -1 on malloc() error and 3 if 647 * the node already exists. 648 */ 649 *errnum = (*errnum == -1) ? ENOMEM : EEXIST; 642 650 sh_inotify_free_watch(item); 643 651 retval = -1; -
trunk/src/sh_login_track.c
r383 r405 296 296 struct sh_track_entry * entry = urecord->list; 297 297 298 while (entry )298 while (entry && (n > 0)) 299 299 { 300 fwrite(&(entry->data), sizeof(struct sh_track_entry_data),301 300 n = fwrite(&(entry->data), sizeof(struct sh_track_entry_data), 301 1, fp); 302 302 entry = entry->next; 303 303 } -
trunk/src/sh_portcheck.c
r383 r405 1832 1832 if (sh_portchk_active != S_FALSE) 1833 1833 { 1834 SH_MUTEX_LOCK(mutex_thread_nolog); 1834 1835 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, 1835 1836 _("Checking for open ports"), 1836 1837 _("sh_portchk_check")); 1838 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1837 1839 1838 1840 sh_portchk_reset_lists(); -
trunk/src/sh_pthread.c
r335 r405 85 85 */ 86 86 sigfillset( &signal_set ); 87 #if defined(SCREW_IT_UP) 88 /* 89 * raise(SIGTRAP) sends to same thread, like 90 * pthread_kill(pthread_self(), sig); so we need to unblock the 91 * signal. 92 */ 93 sigdelset( &signal_set, SIGTRAP ); 94 #endif 87 95 pthread_sigmask( SIG_BLOCK, &signal_set, NULL ); 88 96 -
trunk/src/sh_readconf.c
r383 r405 1216 1216 sh_log_set_console }, 1217 1217 1218 { N_("setreportfile"), SH_SECTION_MISC, SH_SECTION_NONE, 1219 sh_efile_path }, 1220 1218 1221 #ifdef WITH_MESSAGE_QUEUE 1219 1222 { N_("messagequeueactive"),SH_SECTION_MISC, SH_SECTION_NONE, -
trunk/src/sh_suidchk.c
r383 r405 265 265 if (0 != retry_lstat_ns(FIL__, __LINE__, ".", &two)) 266 266 { 267 SH_MUTEX_LOCK(mutex_thread_nolog); 267 268 sh_error_handle ((-1), FIL__, __LINE__, errno, 268 269 MSG_SUID_ERROR, 269 270 sh_error_message(errno, errbuf, sizeof(errbuf))); 271 SH_MUTEX_UNLOCK(mutex_thread_nolog); 270 272 return -1; 271 273 }
Note:
See TracChangeset
for help on using the changeset viewer.