bakabtw/packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Port osiris to -ng

Browse Source 
git-svn-id: svn://svn.openwrt.org/openwrt/packages@4488 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
florian 2006-08-06 13:04:16 +00:00
parent 68dd5b2ca0
commit 8cf02bf1a8
8 changed files with 1037 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
admin/osiris/Makefile Normal file
View File

@ -0,0 +1,60 @@
#
# Copyright (C) 2006 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# $Id$
include $(TOPDIR)/rules.mk
PKG_NAME:=osiris
PKG_VERSION:=4.2.1
PKG_RELEASE:=1
PKG_MD5SUM:=11445f7d8dec737f0be89357f5c5bcae
PKG_SOURCE_URL:=http://www.hostintegrity.com/osiris/data/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_CAT:=zcat
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
include $(INCLUDE_DIR)/package.mk
define Package/osirisd
SECTION:=admin
CATEGORY:=Administration
DEPENDS:=+libopenssl
TITLE:=Host integrity monitoring system (scanning agent)
DESCRIPTION:=an Host Integrity Monitoring System (scanning agent)
URL:=http://www.hostintegrity.com/osiris
endef
define Build/Configure
$(call Build/Configure/Default,--with-osiris-user=root \
--with-root-dir=/var/lib/osiris \
--with-readline=no, ac_cv_openssldir="$(STAGING_DIR)/usr" \
ac_cv_have_accrights_in_msghdr=no \
ac_cv_have_control_in_msghdr=yes)
endef
define Build/Compile
rm -rf $(PKG_INSTALL_DIR)
mkdir -p $(PKG_INSTALL_DIR)
$(MAKE) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
ar=$(TARGET_CROSS)ar \
DESTDIR="$(PKG_INSTALL_DIR)" \
INTERACTIVE=0 \
all install
endef
define Package/osirisd/install
install -d -m0755 $(1)/etc/init.d
install -m0755 ./files/osirisd.init $(1)/etc/init.d/osirisd
install -d -m0755 $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/osirisd $(1)/usr/sbin/
endef
$(eval $(call BuildPackage,osirisd))

23
admin/osiris/files/osirisd.init Normal file
View File

@ -0,0 +1,23 @@
#!/bin/sh
BIN=osirisd
DEFAULT=/etc/default/$BIN
LIB_D=/var/lib/osiris
RUN_D=/var/run
PID_F=$RUN_D/$BIN.pid
[ -f $DEFAULT ] && . $DEFAULT
case $1 in
start)
mkdir -p $LIB_D
mkdir -p $RUN_D
$BIN $OPTIONS
;;
stop)
[ -f $PID_F ] && kill $(cat $PID_F)
;;
*)
echo "usage: $0 (start|stop)"
exit 1
esac
exit $?

22
admin/osiris/patches/01-configure-cross.patch Normal file
View File

@ -0,0 +1,22 @@
--- osiris-4.1.8-orig/configure 2005-04-13 15:22:13.000000000 +0200
+++ osiris-4.1.8-1/configure 2005-04-22 23:11:32.000000000 +0200
@@ -3606,7 +3606,7 @@
esac
-DB_CONFIG_ARGS="--enable-shared=no --enable-static=yes"
+DB_CONFIG_ARGS="--target=${target_alias} --host=${host_alias} --build=${build_alias} --enable-shared=no --enable-static=yes"
case "${OS_NAME}" in
MINGW32*)
--- osiris-4.1.8-orig/configure.ac 2005-04-13 15:22:13.000000000 +0200
+++ osiris-4.1.8-1/configure.ac 2005-04-22 23:11:32.000000000 +0200
@@ -270,7 +270,7 @@
dnl configure local copy of Berkely DB:
-DB_CONFIG_ARGS="--enable-shared=no --enable-static=yes"
+DB_CONFIG_ARGS="--target=${target_alias} --host=${host_alias} --build=${build_alias} --enable-shared=no --enable-static=yes"
case "${OS_NAME}" in
MINGW32*)

68
admin/osiris/patches/02-osirisd-pidfile.patch Normal file
View File

@ -0,0 +1,68 @@
--- osiris-4.1.8-orig/src/osirisd/osirisd.c 2005-04-14 01:00:55.000000000 +0200
+++ osiris-4.1.8-1/src/osirisd/osirisd.c 2005-04-22 23:11:32.000000000 +0200
@@ -218,6 +218,8 @@
#ifdef USE_PRIVSEP
rootpriv_setup_pidfile();
+#else
+ setup_pidfile();
#endif
process();
--- osiris-4.1.8-orig/src/osirisd/rootpriv.c 2005-04-14 00:55:59.000000000 +0200
+++ osiris-4.1.8-1/src/osirisd/rootpriv.c 2005-04-22 23:25:10.000000000 +0200
@@ -35,6 +35,10 @@
#include "logging.h"
#include "rootpriv.h"
+#ifndef WIN32
+extern char pid_file[MAX_PATH_LENGTH];
+#endif
+
#ifdef USE_PRIVSEP
/* this is defined in regex, and sometimes conflicts with stuff */
@@ -80,10 +84,6 @@
extern pid_t child_pid;
extern int rootpriv_pipe[2]; /* socketpair used for rootpriv comm. */
-#ifndef WIN32
-extern char pid_file[MAX_PATH_LENGTH];
-#endif
-
#define INCOMING_ROOT_REQUEST() ( FD_ISSET( rootpriv_pipe[1], &root_read_set ) )
@@ -292,17 +292,6 @@
#endif
}
-void setup_pidfile()
-{
- FILE *pidfile = fopen( pid_file, "wb" );
-
- if( pidfile != NULL )
- {
- fprintf( pidfile, "%ld\n", (long)getpid() );
- fclose( pidfile );
- }
-}
-
void handle_signals()
{
pid_t pid;
@@ -789,3 +778,14 @@
#endif /* USE_PRIVSEP */
+void setup_pidfile()
+{
+ FILE *pidfile = fopen( pid_file, "wb" );
+
+ if( pidfile != NULL )
+ {
+ fprintf( pidfile, "%ld\n", (long)getpid() );
+ fclose( pidfile );
+ }
+}
+

16
admin/osiris/patches/03-openssl-0.9.8+.patch Normal file
View File

@ -0,0 +1,16 @@
diff -ruN osiris-4.1.9-old/src/osirismd/md_control.c osiris-4.1.9-new/src/osirismd/md_control.c
--- osiris-4.1.9-old/src/osirismd/md_control.c 2005-03-24 16:36:07.000000000 +0100
+++ osiris-4.1.9-new/src/osirismd/md_control.c 2006-03-28 01:32:32.000000000 +0200
@@ -3262,9 +3262,9 @@
int index;
char checksum[41];
- SHA_Init( &context );
- SHA_Update( &context, key, (unsigned long)keysize );
- SHA_Final( &( digest[0] ), &context );
+ SHA1_Init( &context );
+ SHA1_Update( &context, key, (unsigned long)keysize );
+ SHA1_Final( &( digest[0] ), &context );
for ( index = 0; index < SHA_DIGEST_LENGTH; index++ )
{

392
admin/osiris/patches/mod_if.patch Normal file
View File

@ -0,0 +1,392 @@
Description: The mod_if module monitors various aspects of network
interfaces for change, including IP, Hardware Address,
broadcast, MTU, metric, and promiscuous mode.
Version: 0.2
diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/Makefile osiris-4.1.9-new/src/osirisd/modules/mod_if/Makefile
--- osiris-4.1.9-old/src/osirisd/modules/mod_if/Makefile 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/Makefile 2005-10-07 02:19:17.000000000 +0200
@@ -0,0 +1,16 @@
+
+include ../Makefile
+
+SRCS=mod_if.c
+OBJS=$(SRCS:.c=.o)
+
+module: ${SRCS} ${OBJS}
+
+INCS=-I../.. -I../../../libosiris -I../../../libfileapi -I../../../..
+
+# meta-rule for compiling any "C" source file.
+$(OBJS): $(SRCS)
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) ${INCLUDES} ${INCS} $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c $(SRCS)
+ cp $@ ..
+
diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/README osiris-4.1.9-new/src/osirisd/modules/mod_if/README
--- osiris-4.1.9-old/src/osirisd/modules/mod_if/README 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/README 2005-10-07 02:19:17.000000000 +0200
@@ -0,0 +1,42 @@
+
+Module: mod_if
+Author: Brian Wotring (brian@hostintegrity.com)
+
+
+
+DESCRIPTION:
+
+The mod_if module is designed originally to monitor the promisc flag
+on network interfaces, but quickly turned into being able to monitor
+various aspects of network interfaces including hardware address,
+IP address, broadcast, MTU, and metric.
+
+This module is somewhat different in that each record is an element
+about a network interface as opposed to one record per interface. This
+will make it easier to add more elements to be monitored, easier to
+filter, and easier to understand alerts.
+
+USE:
+
+To use this module, all that is needed is to include it in the Modules
+block of a scan configuration, e.g.:
+
+ <Modules>
+ ...
+ Include mod_if
+ ...
+ </Modules>
+
+
+PARAMETERS:
+
+There are no parameters for this module.
+
+PLATFORMS:
+
+Currently, this module is only implemented for Linux.
+
+NOTES:
+
+
+
diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/mod_if.c osiris-4.1.9-new/src/osirisd/modules/mod_if/mod_if.c
--- osiris-4.1.9-old/src/osirisd/modules/mod_if/mod_if.c 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/mod_if.c 2005-10-07 02:19:17.000000000 +0200
@@ -0,0 +1,317 @@
+
+/******************************************************************************
+**
+** Copyright (C) 2005 Brian Wotring.
+**
+** This program is free software; you can redistribute it and/or
+** modify it, however, you cannot sell it.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+**
+** You should have received a copy of the license attached to the
+** use of this software. If not, view a current copy of the license
+** file here:
+**
+** http://www.hostintegrity.com/osiris/LICENSE
+**
+******************************************************************************/
+
+/*****************************************************************************
+**
+** File: mod_if.c
+** Date: September 23, 2005
+**
+** Author: Brian Wotring
+** Purpose: platform specific methods for monitoring network devices.
+**
+******************************************************************************/
+
+
+/* CODE USED IN THIS MODULE WAS ORIGINALLY TAKEN FROM:
+*
+* http://mail.nl.linux.org/kernelnewbies/2003-05/msg00090.html
+*/
+
+static const char *MODULE_NAME = "mod_if";
+
+
+#ifndef WIN32
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#ifndef WIN32
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <net/if.h>
+#endif
+
+#include <sys/ioctl.h>
+#include <net/if_arp.h>
+#include <arpa/inet.h>
+
+
+#include "libosiris.h"
+#include "libfileapi.h"
+#include "rootpriv.h"
+#include "common.h"
+#include "version.h"
+
+#include "scanner.h"
+#include "logging.h"
+
+
+#define inaddrr(x) (*(struct in_addr *) &ifr->x[sizeof sa.sin_port])
+#define IFRSIZE ((int)(size * sizeof (struct ifreq)))
+
+void process_if_unix( SCANNER *scanner )
+{
+ unsigned char*u;
+ int sockfd, size = 1;
+ struct ifreq *ifr;
+ struct ifconf ifc;
+ struct sockaddr_in sa;
+
+ SCAN_RECORD_TEXT_1 record;
+
+ /* Make sure we are able to create sockets */
+
+ if ( (sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP)) < 0 )
+ {
+ log_error( "mod_if unable to create socket!" );
+ return;
+ }
+
+ ifc.ifc_len = IFRSIZE;
+ ifc.ifc_req = NULL;
+
+ do
+ {
+ ++size;
+
+ /* realloc buffer size until no overflow occurs */
+
+ if ((ifc.ifc_req = realloc(ifc.ifc_req, IFRSIZE)) == NULL )
+ {
+ log_error( "out of memory!!!" );
+ return;
+ }
+
+ ifc.ifc_len = IFRSIZE;
+
+ if (ioctl(sockfd, SIOCGIFCONF, &ifc))
+ {
+ log_error("ioctl failure: SIOCFIFCONF");
+ return;
+ }
+
+ } while (IFRSIZE <= ifc.ifc_len);
+
+ ifr = ifc.ifc_req;
+
+ for (;(char *) ifr < (char *) ifc.ifc_req + ifc.ifc_len; ++ifr)
+ {
+ if (ifr->ifr_addr.sa_data == (ifr+1)->ifr_addr.sa_data)
+ {
+ continue; /* duplicate, skip it */
+ }
+
+ if (ioctl(sockfd, SIOCGIFFLAGS, ifr))
+ {
+ continue; /* failed to get flags, skip it */
+ }
+
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:IP", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%s", inet_ntoa(inaddrr(ifr_addr.sa_data)));
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+
+ /*
+ * This won't work on HP-UX 10.20 as there's no SIOCGIFHWADDR ioctl. You'll
+ * need to use DLPI or the NETSTAT ioctl on /dev/lan0, etc (and you'll need
+ * to be root to use the NETSTAT ioctl. Also this is deprecated and doesn't
+ * work on 11.00).
+ *
+ * On Digital Unix you can use the SIOCRPHYSADDR ioctl according to an old
+ * utility I have. Also on SGI I think you need to use a raw socket, e.g. s
+ * = socket(PF_RAW, SOCK_RAW, RAWPROTO_SNOOP)
+ *
+ * Dave
+ *
+ * From: David Peter <dave.peter@eu.citrix.com>
+ **/
+
+ if ( ioctl(sockfd, SIOCGIFHWADDR, ifr) == 0 )
+ {
+ /* Select which hardware types to process.
+ **
+ ** See list in system include file included from
+ ** /usr/include/net/if_arp.h (For example, on
+ ** Linux see file /usr/include/linux/if_arp.h to
+ ** get the list.)
+ **/
+
+ switch (ifr->ifr_hwaddr.sa_family)
+ {
+ default:
+ continue;
+
+ case ARPHRD_NETROM:
+ case ARPHRD_ETHER:
+ case ARPHRD_PPP:
+ case ARPHRD_EETHER:
+ case ARPHRD_IEEE802:
+ break;
+ }
+
+ u = (unsigned char *) &ifr->ifr_addr.sa_data;
+
+ /* send record for MAC for this interface */
+
+ if (u[0] + u[1] + u[2] + u[3] + u[4] + u[5])
+ {
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:MAC", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%2.2x.%2.2x.%2.2x.%2.2x.%2.2x.%2.2x",
+ u[0], u[1], u[2], u[3], u[4], u[5]);
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+ }
+ }
+
+ if ( ioctl(sockfd, SIOCGIFNETMASK, ifr) == 0 &&
+ strcmp("255.255.255.255", inet_ntoa(inaddrr(ifr_addr.sa_data))))
+ {
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:NETMASK", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%s", inet_ntoa(inaddrr(ifr_addr.sa_data)));
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+ }
+
+ if (ifr->ifr_flags & IFF_BROADCAST)
+ {
+ if ( ioctl(sockfd, SIOCGIFBRDADDR, ifr) == 0 &&
+ strcmp("0.0.0.0", inet_ntoa(inaddrr(ifr_addr.sa_data))))
+ {
+
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:BROADCAST", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%s",inet_ntoa(inaddrr(ifr_addr.sa_data)));
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+ }
+ }
+
+ /* Added by David Vasil to check for Promiscuous mode */
+
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:PROMISC", ifr->ifr_name );
+
+ if ( ioctl(sockfd, SIOCGIFFLAGS, ifr) == 0 &&
+ ifr->ifr_flags & IFF_PROMISC)
+ {
+ osi_strlcpy( record.data, "ENABLED", sizeof( record.data ) );
+ }
+
+ else
+ {
+ osi_strlcpy( record.data, "DISABLED", sizeof( record.data ) );
+ }
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+
+
+ if ( ioctl(sockfd, SIOCGIFMTU, ifr) == 0 )
+ {
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:MTU", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%u", ifr->ifr_mtu );
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+ }
+
+ if ( ioctl(sockfd, SIOCGIFMETRIC, ifr) == 0 )
+ {
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:METRIC", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%u", ifr->ifr_metric );
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+ }
+ }
+
+ close(sockfd);
+}
+
+void mod_if( SCANNER *scanner )
+{
+#if defined(SYSTEM_LINUX)
+ process_if_unix( scanner );
+#endif
+
+}

213
admin/osiris/patches/mod_nvram.patch Normal file
View File

@ -0,0 +1,213 @@
Description: The mod_nvram module was developed specifically to monitor
configuration settings stored in nvram on Linksys devices.
In the future, this module could be used to monitor other
attributes of similar devices.
Version: 0.1
--- osiris-4.1.8-orig/src/osirisd/modules/mod_nvram/Makefile 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.8-1/src/osirisd/modules/mod_nvram/Makefile 2005-04-22 23:11:32.000000000 +0200
@@ -0,0 +1,16 @@
+
+include ../Makefile
+
+SRCS=mod_nvram.c
+OBJS=$(SRCS:.c=.o)
+
+module: ${SRCS} ${OBJS}
+
+INCS=-I../.. -I../../../libosiris -I../../../libfileapi -I../../../..
+
+# meta-rule for compiling any "C" source file.
+$(OBJS): $(SRCS)
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) ${INCLUDES} ${INCS} $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c $(SRCS)
+ cp $@ ..
+
--- osiris-4.1.8-orig/src/osirisd/modules/mod_nvram/README 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.8-1/src/osirisd/modules/mod_nvram/README 2005-04-22 23:11:32.000000000 +0200
@@ -0,0 +1,40 @@
+
+Module: mod_nvram
+Author: Brian Wotring (brian@shmoo.com)
+
+
+
+DESCRIPTION:
+
+The mod_nvram module reads the key=value pairs stored in nvram. This
+is primarily for Linksys routers, but could be modified to run on
+other systems if necessary. On the routers like the WRT54G, the
+nvram settings hold sensitive information that needs to be monitored.
+The format for the record structure is as follows:
+
+ name:value
+
+USE:
+
+To use this module, all that is needed is to include it in the System
+block of a scan configuration, e.g.:
+
+ <System>
+ ...
+ Include mod_nvram
+ ...
+ </System>
+
+
+PARAMETERS:
+
+There are no parameters for this module.
+
+PLATFORMS:
+
+Currently, only for the Linksys WRT54G and WRT54GS devices.
+
+NOTES:
+
+
+
--- osiris-4.1.8-orig/src/osirisd/modules/mod_nvram/mod_nvram.c 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.8-1/src/osirisd/modules/mod_nvram/mod_nvram.c 2005-04-22 23:11:32.000000000 +0200
@@ -0,0 +1,142 @@
+
+/******************************************************************************
+**
+** This program is free software; you can redistribute it and/or
+** modify it, however, you cannot sell it.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+**
+** You should have received a copy of the license attached to the
+** use of this software. If not, visit www.shmoo.com/osiris for
+** details.
+**
+******************************************************************************/
+
+/*****************************************************************************
+**
+** File: mod_users.c
+** Date: January 1, 2004
+**
+** Author: Brian Wotring
+** Purpose: platform specific methods for reading user file information.
+**
+******************************************************************************/
+
+#include "libosiris.h"
+#include "libfileapi.h"
+#include "rootpriv.h"
+#include "common.h"
+#include "version.h"
+
+#include "scanner.h"
+#include "logging.h"
+
+
+#define NVRAM_PATH "/usr/sbin/nvram"
+#define NVRAM_ARG "show"
+
+static const char *MODULE_NAME = "mod_nvram";
+
+
+void mod_nvram( SCANNER *scanner )
+{
+ int pid;
+ int pc[2];
+ int cp[2];
+ char temp_line[4096];
+ FILE *file;
+ SCAN_RECORD_TEXT_1 record;
+
+ if( pipe(pc) < 0)
+ {
+ log_error( "mod_nvram: error creating pipe!" );
+ return;
+ }
+
+ if( pipe(cp) < 0)
+ {
+ log_error( "mod_nvram: error creating pipe!" );
+ return;
+ }
+
+ /* Create a child to run nvram command. */
+
+ switch( pid = fork() )
+ {
+ case -1:
+ log_error( "nvram: fork error!" );
+ return;
+
+ case 0:
+
+ /* child */
+
+ close(1);
+ dup( cp[1]);
+ close(0);
+ close( pc[1]);
+ close( cp[0]);
+ execl( NVRAM_PATH, NVRAM_PATH, NVRAM_ARG, NULL );
+ exit(0);
+
+ default:
+
+ /* parent */
+
+ close(pc[1]);
+ close(cp[1]);
+
+ file = fdopen( cp[0], "r" );
+
+ for(;;)
+ {
+ char *line;
+ char *key_end;
+
+ line = fgets( temp_line, sizeof( temp_line ), file );
+
+ if( line == NULL)
+ {
+ break;
+ }
+
+ line = trim_white_space( line );
+
+ /* skip commented and empty lines. */
+
+ if( ( line == NULL ) || ( line[0] == '#' ) )
+ {
+ continue;
+ }
+
+ /* locate the username, this is the first item in the colon list. */
+
+ if( ( key_end = strchr( line, '=' ) ) == NULL )
+ {
+ continue;
+ }
+
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ /* user the key as a key/path for this record. */
+
+ (*key_end) = '\0';
+ key_end++;
+ osi_strlcpy( record.name, "nvram:", sizeof( record.name ) );
+ osi_strlcat( record.name, line, sizeof( record.name ) );
+
+ /* now copy in the value into the data portion. */
+ /* and send this record on its way. */
+
+ osi_strlcpy( record.data, key_end, sizeof( record.data ) );
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+ }
+ }
+}
+

243
admin/osiris/patches/mod_uptime.patch Normal file
View File

@ -0,0 +1,243 @@
Description: The mod_uptime module obtains the system boot time value
for comparison with scans.
Version: 0.2
--- osiris-4.1.8-orig/src/osirisd/modules/mod_uptime/Makefile 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.8-1/src/osirisd/modules/mod_uptime/Makefile 2005-04-22 23:11:32.000000000 +0200
@@ -0,0 +1,16 @@
+
+include ../Makefile
+
+SRCS=mod_uptime.c
+OBJS=$(SRCS:.c=.o)
+
+module: ${SRCS} ${OBJS}
+
+INCS=-I../.. -I../../../libosiris -I../../../libfileapi -I../../../..
+
+# meta-rule for compiling any "C" source file.
+$(OBJS): $(SRCS)
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) ${INCLUDES} ${INCS} $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c $(SRCS)
+ cp $@ ..
+
--- osiris-4.1.8-orig/src/osirisd/modules/mod_uptime/README 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.8-1/src/osirisd/modules/mod_uptime/README 2005-04-22 23:11:32.000000000 +0200
@@ -0,0 +1,36 @@
+
+Module: mod_uptime
+Author: Brian Wotring (brian@shmoo.com)
+
+
+
+DESCRIPTION:
+
+The mod_uptime module obtains the system boot time value for comparison
+with scans.
+
+USE:
+
+To use this module, all that is needed is to include it in the System
+block of a scan configuration, e.g.:
+
+ <System>
+ ...
+ Include mod_uptime
+ ...
+ </System>
+
+
+PARAMETERS:
+
+There are no parameters for this module.
+
+PLATFORMS:
+
+Currently, this module is implemented for FreeBSD, OpenBSD,
+Linux, Solaris, and Mac OS X.
+
+NOTES:
+
+
+
--- osiris-4.1.8-orig/src/osirisd/modules/mod_uptime/mod_uptime.c 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.8-1/src/osirisd/modules/mod_uptime/mod_uptime.c 2005-04-22 23:11:32.000000000 +0200
@@ -0,0 +1,178 @@
+
+/******************************************************************************
+**
+** This program is free software; you can redistribute it and/or
+** modify it, however, you cannot sell it.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+**
+** You should have received a copy of the license attached to the
+** use of this software. If not, visit www.shmoo.com/osiris for
+** details.
+**
+******************************************************************************/
+
+/*****************************************************************************
+**
+** File: mod_uptime.c
+** Date: March 22, 2004
+**
+** Author: Brian Wotring
+** Purpose: platform specific methods for obtaining the system boot time.
+**
+******************************************************************************/
+
+#include "libosiris.h"
+#include "libfileapi.h"
+#include "rootpriv.h"
+#include "common.h"
+#include "version.h"
+
+#include "scanner.h"
+#include "logging.h"
+#include "config.h"
+
+#ifdef HAVE_SYS_SYSCTL_H
+#include <sys/sysctl.h>
+#endif
+
+#ifdef SYSTEM_SUNOS
+#include <utmpx.h>
+#endif
+
+#ifdef SYSTEM_LINUX
+#include <utmp.h>
+#endif
+
+#define PROC_FILE "/proc/uptime"
+#define OSI_WTMP_FILE "/var/log/wtmp"
+
+static const char *MODULE_NAME = "mod_uptime";
+
+
+void mod_uptime( SCANNER *scanner )
+{
+ SCAN_RECORD_TEXT_1 record;
+ char *time = NULL;
+ char *temp;
+
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+#if defined(SYSTEM_FREEBSD) || defined(SYSTEM_OPENBSD) || defined(SYSTEM_DARWIN)
+ {
+ time_t t;
+ struct timeval result;
+
+ int request[2] = { CTL_KERN, KERN_BOOTTIME };
+ size_t result_len = sizeof(result);
+
+ if( sysctl( request, 2, &result, &result_len, NULL, 0 ) < 0)
+ {
+ log_error( "unable to obtain uptime value." );
+ return;
+ }
+
+ t = result.tv_sec;
+ time = ctime( &t );
+ }
+
+#elif defined(SYSTEM_SUNOS)
+ {
+ struct utmpx * ent;
+ time_t t;
+
+ while( ( ent = getutxent() ) )
+ {
+ if( !strcmp( "system boot", ent->ut_line ) )
+ {
+ t = ent->ut_tv.tv_sec;
+ time = ctime( &t );
+ }
+ }
+ }
+
+#elif defined(SYSTEM_LINUX)
+ {
+ FILE *fp;
+ time_t t;
+ struct utmp ut;
+
+ char buf[40];
+ char buf2[10];
+ int filecount = 0;
+
+next_file:
+
+ osi_strlcpy( buf, OSI_WTMP_FILE, sizeof( buf ) );
+
+ if( filecount > 0 )
+ {
+ osi_snprintf( buf2, sizeof(buf2), "%d", filecount );
+ osi_strlcat( buf, buf2, sizeof(buf) );
+ }
+
+ fp = osi_fopen( buf, "r", 0 );
+
+ if( fp == NULL )
+ {
+ log_error( "unable to obtain uptime value." );
+ return;
+ }
+
+ while(1)
+ {
+ int rc = fread( &ut, 1, sizeof(ut), fp );
+
+ /* end of file, try next. */
+
+ if( rc == 0 )
+ {
+ filecount++;
+ fclose( fp );
+
+ goto next_file;
+ }
+
+ /* found restart event. */
+
+ if( ( strcmp( ut.ut_name, "reboot" ) == 0 ) ||
+ ( strcmp( ut.ut_name, "shutdown" ) == 0 ) )
+ {
+
+ t = ut.ut_time;
+ time = ctime( &t );
+
+ break;
+ }
+ }
+
+ fclose( fp );
+ }
+#endif
+
+ if( time == NULL )
+ {
+ log_error( "unable to obtain uptime value." );
+ return;
+ }
+
+ /* remove any trailing newline from the ctime() calls. */
+
+ if( ( temp = strchr( time, '\n' ) ) )
+ {
+ (*temp) = '\0';
+ }
+
+ osi_strlcpy( record.name, "uptime", sizeof( record.name ) );
+ osi_strlcpy( record.data, time, sizeof( record.data ) );
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+}
+
+