Changeset 422

Timestamp:

Dec 21, 2012, 7:56:16 PM (12 years ago)

Author:

katerina

Message:

Fix for tickets #326, #327.

Location:

trunk

Files:

• configure.ac (modified) (1 diff)
• docs/Changelog (modified) (1 diff)
• src/samhain.c (modified) (2 diffs)
• src/sh_getopt.c (modified) (1 diff)
• src/sh_ipvx.c (modified) (1 diff)
• src/sh_registry.c (modified) (5 diffs)

trunk/configure.ac

@@ -12 +12 @@
 dnl start
 dnl
-AM_INIT_AUTOMAKE(samhain, 3.0.8)
+AM_INIT_AUTOMAKE(samhain, 3.0.9)
 AC_DEFINE([SAMHAIN], 1, [Application is samhain])
 AC_CANONICAL_HOST

trunk/docs/Changelog

@@ -1 +1 @@
 3.0.9:
+        * Fixed a Cygwin compile warning
+        * Change logic in samhain.c to make sure inotify doesn't cause
+          excessive full scans
+        * Add option IgnoreTimestampsOnly in Windows registry check (ignore
+          changes if only timestamp has changed)
         * Fix the probe command (misses clients if their startup message
           has been missed)

trunk/src/samhain.c

@@ -1988 +1988 @@
        */
       if      (sh.flag.checkSum == SH_CHECK_INIT ||
-               (sh.flag.inotify & SH_INOTIFY_DOSCAN) != 0 ||
                (sh.flag.checkSum == SH_CHECK_CHECK &&
                 (sh.flag.isdaemon == S_FALSE && sh.flag.loop == S_FALSE)))
@@ -1997 +1996 @@
         }
       else if (sh.flag.checkSum == SH_CHECK_CHECK || 
+               (sh.flag.inotify & SH_INOTIFY_DOSCAN) != 0 ||
                (sh.flag.update == S_TRUE && 
                 (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)))

trunk/src/sh_getopt.c

@@ -562 +562 @@
   if (num > 0) fputc (',', stdout);
   fputs (_(" logfile monitor"), stdout); ++num;
+#endif
+#if defined(USE_REGISTRY_CHECK)
+  if (num > 0) fputc ('\n', stdout);
+  fputs (_(" Windows registry"), stdout); ++num;
 #endif
   if (num == 0)

trunk/src/sh_ipvx.c

@@ -87 +87 @@
 int sh_ipvx_isany (struct sh_sockaddr * a)
 {
+#if defined(HOST_IS_CYGWIN)
+  /* 
+   * Cygwin implementation gives 'missing braces around initializer'
+   * warning, thus replace it with correct version.
+   */
+#undef IN6ADDR_ANY_INIT
+#define IN6ADDR_ANY_INIT { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } }
+#endif
+
 #if defined(USE_IPVX)
   struct in6_addr anyaddr = IN6ADDR_ANY_INIT; 

trunk/src/sh_registry.c

@@ -58 +58 @@
 static int sh_reg_add_stop (const char *s);
 static int sh_reg_add_ign (const char *s);
+static int sh_reg_ign_time (const char *s);
 
 #define STOP_FALSE  0
@@ -77 +78 @@
     },
     {
+        N_("ignoretimestamponly"),
+        sh_reg_ign_time,
+    },
+    {
         N_("singlekey"),
         sh_reg_add_key,
@@ -105 +110 @@
 static time_t   sh_reg_check_interval = SH_REGISTRY_INTERVAL;
 static int      sh_reg_check_severity = SH_ERR_SEVERE;
+static int      ShRegIgnTime          = S_FALSE;
 
 struct regkeylist {
@@ -128 +134 @@
 
   SL_RETURN((value), _("sh_reg_set_active"));
+}
+
+static int sh_reg_ign_time(const char *s) 
+{
+  int value;
+    
+  SL_ENTER(_("sh_reg_ign_time"));
+
+  value = sh_util_flagval(s, &ShRegIgnTime);
+
+  SL_RETURN((value), _("sh_reg_ign_time"));
 }
 
@@ -710 +727 @@
           doUpdate = S_TRUE;
         }
-      else if (save.val0 != totalSize || 
-               ((time_t) save.val1) != fTime || 
+      else if (save.val0 != totalSize ||  
                save.val2 != cSubKeys ||
                save.val3 != cValues ||
-               0 != strcmp(save.checksum, hashbuf))
+               0 != strcmp(save.checksum, hashbuf) || 
+               ( (((time_t) save.val1) != fTime) && (ShRegIgnTime == S_FALSE)) )
         {
           /* Change detected */