Skip to content

Commit

Permalink
Print checksums of databases in verbose level >= 2
Browse files Browse the repository at this point in the history
* added new 'database_attrs' option
* closes feature request 1502032
  • Loading branch information
hvhaugwitz committed May 20, 2013
1 parent 2465bd4 commit 0568748
Show file tree
Hide file tree
Showing 12 changed files with 202 additions and 79 deletions.
5 changes: 5 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
2013-05-20 Hannes von Haugwitz <[email protected]>
* Print checksums of databases in verbose level 2 or higher (closes
feature request 1502032)
* Added new 'database_attrs' option

2013-05-18 Hannes von Haugwitz <[email protected]>
* configure.in: removed check for 'libcrypt'
* Renamed 'detailed_init_report' option to 'report_detailed_init'
Expand Down
2 changes: 2 additions & 0 deletions NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,13 @@ Version 0.16 (NOT_YET_RELEASED)
* Enabled summarize_changes by default
* Compare database entries just once
* Added new root_prefix option
* Added new database_attrs option
* Added new report_detailed_init option
* Added new report_base16 option
* Wrap attribute values instead of cut them off
* Side-by-side output of acl and xattrs values
* Use '|' to separate the old value from the new one
* Print checksums of databases in verbose level 2 or higher
* Print added or removed attributes of changed entries if forced
via report_attributes
* Print details about added and removed entries in verbose level 7
Expand Down
8 changes: 8 additions & 0 deletions doc/aide.conf.5.in
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,14 @@ first is used. The default value is "@prefix@/etc/aide.db.new".
.IP "database_new"
The url from which the other database for \-\-compare is read.
There is no default for this one.
.IP "database_attrs"
The attributes of the (uncompressed) database files which are to be added to
the final report in verbose level 2 or higher. Only checksum attributes are
supported. To disable set
.I database_attrs
to
.RB ' E '.
By default all compiled in checksums are added to the report.
.IP "verbose"
The level of messages that is output. This value can be 0-255
inclusive. This parameter can only be given once. Value from the first
Expand Down
6 changes: 3 additions & 3 deletions include/db.h
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
/* aide, Advanced Intrusion Detection Environment
*
* Copyright (C) 1999-2002,2004,2005 Rami Lehti, Pablo Virolainen,
* Richard van den Berg
* Copyright (C) 1999-2002,2004,2005,2013 Rami Lehti, Pablo Virolainen,
* Richard van den Berg, Hannes von Haugwitz
* $Header$
*
* This program is free software; you can redistribute it and/or
Expand Down Expand Up @@ -33,7 +33,7 @@ int db_writespec(db_config*);

int db_writeline(db_line*,db_config*);

int db_close(db_config*);
void db_close();

void free_db_line(db_line* dl);

Expand Down
102 changes: 55 additions & 47 deletions include/db_config.h
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/* aide, Advanced Intrusion Detection Environment
*
* Copyright (C) 1999-2002,2004-2006,2010-2012 Rami Lehti, Pablo Virolainen,
* Copyright (C) 1999-2002,2004-2006,2010-2013 Rami Lehti, Pablo Virolainen,
* Richard van den Berg, Hannes von Haugwitz
* $Header$
*
Expand Down Expand Up @@ -252,6 +252,52 @@ extern const int db_aliasvalue[db_alias_size];

#include "seltree.h"

typedef struct db_line {
byte* md5;
byte* sha1;
byte* rmd160;
byte* tiger;

byte* sha256;
byte* sha512;

byte* crc32; /* MHASH only */
byte* haval;
byte* gost;
byte* crc32b;
byte* whirlpool;

acl_type* acl;
/* Something here.. */

mode_t perm;
mode_t perm_o; /* Permission for tree traverse */
uid_t uid;
gid_t gid;
time_t atime;
time_t ctime;
time_t mtime;
AIDE_INO_TYPE inode;
nlink_t nlink;

AIDE_OFF_TYPE size;
AIDE_OFF_TYPE size_o; /* ... */
AIDE_BLKCNT_TYPE bcount;
char* filename;
char* fullpath;
char* linkname;

char *cntx;

xattrs_type* xattrs;

unsigned long e2fsattrs;

/* Attributes .... */
DB_ATTR_TYPE attr;

} db_line;

typedef struct db_config {

url_t* db_in_url;
Expand All @@ -265,6 +311,14 @@ typedef struct db_config {

int config_check;

struct md_container *mdc_in;
struct md_container *mdc_out;

struct db_line *line_db_in;
struct db_line *line_db_out;

DB_ATTR_TYPE db_attrs;

#ifdef WITH_ZLIB
gzFile db_gzin;
gzFile db_gznew;
Expand Down Expand Up @@ -360,52 +414,6 @@ typedef struct db_config {

} db_config;

typedef struct db_line {
byte* md5;
byte* sha1;
byte* rmd160;
byte* tiger;

byte* sha256;
byte* sha512;

byte* crc32; /* MHASH only */
byte* haval;
byte* gost;
byte* crc32b;
byte* whirlpool;

acl_type* acl;
/* Something here.. */

mode_t perm;
mode_t perm_o; /* Permission for tree traverse */
uid_t uid;
gid_t gid;
time_t atime;
time_t ctime;
time_t mtime;
AIDE_INO_TYPE inode;
nlink_t nlink;

AIDE_OFF_TYPE size;
AIDE_OFF_TYPE size_o; /* ... */
AIDE_BLKCNT_TYPE bcount;
char* filename;
char* fullpath;
char* linkname;

char *cntx;

xattrs_type* xattrs;

unsigned long e2fsattrs;

/* Attributes .... */
DB_ATTR_TYPE attr;

} db_line;

#ifdef WITH_PSQL
#include "libpq-fe.h"

Expand Down
21 changes: 19 additions & 2 deletions src/aide.c
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/* aide, Advanced Intrusion Detection Environment
*
* Copyright (C) 1999-2006,2010-2012 Rami Lehti, Pablo Virolainen, Mike
* Copyright (C) 1999-2006,2010-2013 Rami Lehti, Pablo Virolainen, Mike
* Markley, Richard van den Berg, Hannes von Haugwitz
* $Header$
*
Expand Down Expand Up @@ -316,6 +316,23 @@ static void setdefaults_before_config()
conf->db_new=NULL;
conf->db_out_url=NULL;
conf->db_out=NULL;

conf->mdc_in=NULL;
conf->mdc_out=NULL;

conf->line_db_in=NULL;
conf->line_db_out=NULL;

conf->db_attrs = 0;
#if defined(WITH_MHASH) || defined(WITH_GCRYPT)
conf->db_attrs |= DB_MD5|DB_TIGER|DB_HAVAL|DB_CRC32|DB_SHA1|DB_RMD160|DB_SHA256|DB_SHA512;
#ifdef WITH_MHASH
conf->db_attrs |= DB_GOST;
#ifdef HAVE_MHASH_WHIRLPOOL
conf->db_attrs |= DB_WHIRLPOOL;
#endif
#endif
#endif

#ifdef WITH_ZLIB
conf->db_gzin=0;
Expand Down Expand Up @@ -584,7 +601,7 @@ int main(int argc,char**argv)
}

populate_tree(conf->tree);
db_close(conf);
db_close();

exit(gen_report(conf->tree));

Expand Down
9 changes: 9 additions & 0 deletions src/commandconf.c
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
#include "db_config.h"
#include "gen_list.h"
#include "symboltable.h"
#include "md.h"
#include "util.h"
#include "base64.h"
/*for locale support*/
Expand Down Expand Up @@ -239,6 +240,7 @@ int db_input_wrapper(char* buf, int max_size, int db)
#ifdef WITH_ZLIB
gzFile* db_gzp=NULL;
#endif
struct md_container *mdc;
switch(db) {
case DB_OLD: {
#ifdef WITH_CURL
Expand Down Expand Up @@ -282,6 +284,9 @@ int db_input_wrapper(char* buf, int max_size, int db)
case url_https:
case url_ftp: {
retval=url_fread(buf,1,max_size,(URL_FILE *)*db_filep);
if ((mdc = (db == DB_OLD ? conf->mdc_in : conf->mdc_out))) {
update_md(mdc, buf, retval);
}
break;
}
default:
Expand Down Expand Up @@ -354,6 +359,10 @@ int db_input_wrapper(char* buf, int max_size, int db)
#endif /* WITH_MHASH */
#endif /* WITH_ZLIB */

if ((mdc = (db == DB_OLD ? conf->mdc_in : conf->mdc_out))) {
update_md(mdc, buf, retval);
}

#ifdef WITH_MHASH
if(*domd){
if(!*md){
Expand Down
23 changes: 21 additions & 2 deletions src/compare_db.c
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,7 @@ static char* get_file_type_string(mode_t mode) {
#ifdef S_IFDOOR
case S_IFDOOR: return _("Door");
#endif
case 0: return NULL;
default: return _("Unknown file type");
}
}
Expand Down Expand Up @@ -461,7 +462,12 @@ static void print_dbline_attributes(db_line* oline, db_line* nline, DB_ATTR_TYPE
int length = sizeof(details_attributes)/sizeof(DB_ATTR_TYPE);
int p = (width_details-(width_details%2?13:14))/2;
DB_ATTR_TYPE attrs;
error(2,"\n%s: %s\n",get_file_type_string((nline==NULL?oline:nline)->perm),(nline==NULL?oline:nline)->filename);
error(2,"\n");
char *file_type = get_file_type_string((nline==NULL?oline:nline)->perm);
if (file_type) {
error(2,"%s: ", file_type);
}
error(2,"%s\n", (nline==NULL?oline:nline)->filename);
attrs=(~(ignored_attrs))&(report_attrs|changed_attrs)&((oline==NULL?0:oline->attr)|(nline==NULL?0:nline->attr));
for (j=0; j < length; ++j) {
if (details_attributes[j]&attrs) {
Expand Down Expand Up @@ -618,13 +624,25 @@ static void print_report_header() {
}
}

static void print_report_databases() {
if (conf->verbose_level>=2 && (conf->line_db_in || conf->line_db_out)) {
error(2,(char*)report_top_format,_("The attributes of the (uncompressed) database(s)"));
if (conf->line_db_in) {
print_attributes_removed_node(conf->line_db_in);
}
if (conf->line_db_out) {
print_attributes_removed_node(conf->line_db_out);
}
}
}

static void print_report_footer()
{
char *time = malloc(time_string_len * sizeof (char));
int run_time = (int) difftime(conf->end_time, conf->start_time);

strftime(time, time_string_len, time_format, localtime(&(conf->end_time)));
error(2,_("\nEnd timestamp: %s (run time: %dm %ds)\n"), time, run_time/60, run_time%60);
error(2,_("\n\nEnd timestamp: %s (run time: %dm %ds)\n"), time, run_time/60, run_time%60);
free(time); time=NULL;
}

Expand Down Expand Up @@ -691,6 +709,7 @@ int gen_report(seltree* node) {
print_report_details(node);
}
}
print_report_databases();
conf->end_time=time(&(conf->end_time));
print_report_footer();

Expand Down
8 changes: 7 additions & 1 deletion src/conf_lex.l
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ EX [" "\t]*
#define YYDEBUG

/*
* Copyright (C) 1999-2002,2004-2006,2010-2012 Rami Lehti, Pablo
* Copyright (C) 1999-2002,2004-2006,2010-2013 Rami Lehti, Pablo
* Virolainen, Richard van den Berg, Hannes von Haugwitz
* $Header$
* This program is free software; you can redistribute it and/or
Expand Down Expand Up @@ -307,6 +307,12 @@ int var_in_conflval=0;
return (TDATABASE_NEW);
}

^[\t\ ]*"database_attrs"{E} {
error(230,"%li:database_attrs =\n",conf_lineno);
BEGIN EXPR;
return (TDATABASE_ATTRS);
}

^[\t\ ]*"warn_dead_symlinks"{E} {
error(230,"%li:warn_dead_symlinks =\n",conf_lineno);
BEGIN CONFVALHUNT;
Expand Down
14 changes: 12 additions & 2 deletions src/conf_yacc.y
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
%{

/*
* Copyright (C) 1999-2006,2010-2012 Rami Lehti, Pablo Virolainen,
* Copyright (C) 1999-2006,2010-2013 Rami Lehti, Pablo Virolainen,
* Richard van den Berg, Hannes von Haugwitz
* $Header$
* This program is free software; you can redistribute it and/or
Expand Down Expand Up @@ -81,6 +81,7 @@ extern long conf_lineno;
%token TDATABASE
%token TDATABASE_OUT
%token TDATABASE_NEW
%token TDATABASE_ATTRS
%token TREPORT_URL
%token TGZIPDBOUT
%token TROOT_PREFIX
Expand Down Expand Up @@ -152,7 +153,7 @@ lines : lines line | ;

line : rule | equrule | negrule | definestmt | undefstmt
| ifdefstmt | ifndefstmt | ifhoststmt | ifnhoststmt
| groupdef | db_in | db_out | db_new | verbose | report_detailed_init | config_version
| groupdef | db_in | db_out | db_new | db_attrs | verbose | report_detailed_init | config_version
| report | gzipdbout | root_prefix | report_base16 | recursion_stopper | warn_dead_symlinks | grouped
| summarize_changes | acl_no_symlink_follow | beginconfigstmt | endconfigstmt
| TEOF {
Expand Down Expand Up @@ -268,6 +269,15 @@ verbose : TVERBOSE TSTRING { do_verbdef($2); };

report : TREPORT_URL TSTRING { do_repurldef($2); } ;

db_attrs : TDATABASE_ATTRS expr {
DB_ATTR_TYPE attr;
if((attr = $2&(~DB_HASHES))){
error(0, "%li: invalid attribute(s) in database_attrs: %llx\n", conf_lineno-1, attr);
YYABORT;
}
conf->db_attrs=$2;
} ;

beginconfigstmt : TBEGIN_CONFIG TSTRING {
#ifdef WITH_MHASH
conf->do_configmd=1;
Expand Down
Loading

0 comments on commit 0568748

Please sign in to comment.