update osiris to v4.2.0, add mod_if module, add short desc to mod_* patches, fix openssl-related build issue (could break compatibility).

SVN-Revision: 3515
This commit is contained in:
Nicolas Thill 2006-03-28 00:05:52 +00:00
parent 21a54709f0
commit d5eb9d6d91
7 changed files with 420 additions and 2 deletions

View File

@ -3,9 +3,9 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=osiris PKG_NAME:=osiris
PKG_VERSION:=4.1.9 PKG_VERSION:=4.2.0
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_MD5SUM:=a8e3720b05a8dc5d257a7effb6d68224 PKG_MD5SUM:=ad30995660e506ee6d1d6460601f6107
PKG_SOURCE_URL:=http://www.hostintegrity.com/osiris/data/ PKG_SOURCE_URL:=http://www.hostintegrity.com/osiris/data/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz

View File

@ -0,0 +1,16 @@
diff -ruN osiris-4.1.9-old/src/osirismd/md_control.c osiris-4.1.9-new/src/osirismd/md_control.c
--- osiris-4.1.9-old/src/osirismd/md_control.c 2005-03-24 16:36:07.000000000 +0100
+++ osiris-4.1.9-new/src/osirismd/md_control.c 2006-03-28 01:32:32.000000000 +0200
@@ -3262,9 +3262,9 @@
int index;
char checksum[41];
- SHA_Init( &context );
- SHA_Update( &context, key, (unsigned long)keysize );
- SHA_Final( &( digest[0] ), &context );
+ SHA1_Init( &context );
+ SHA1_Update( &context, key, (unsigned long)keysize );
+ SHA1_Final( &( digest[0] ), &context );
for ( index = 0; index < SHA_DIGEST_LENGTH; index++ )
{

View File

@ -0,0 +1,392 @@
Description: The mod_if module monitors various aspects of network
interfaces for change, including IP, Hardware Address,
broadcast, MTU, metric, and promiscuous mode.
Version: 0.2
diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/Makefile osiris-4.1.9-new/src/osirisd/modules/mod_if/Makefile
--- osiris-4.1.9-old/src/osirisd/modules/mod_if/Makefile 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/Makefile 2005-10-07 02:19:17.000000000 +0200
@@ -0,0 +1,16 @@
+
+include ../Makefile
+
+SRCS=mod_if.c
+OBJS=$(SRCS:.c=.o)
+
+module: ${SRCS} ${OBJS}
+
+INCS=-I../.. -I../../../libosiris -I../../../libfileapi -I../../../..
+
+# meta-rule for compiling any "C" source file.
+$(OBJS): $(SRCS)
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) ${INCLUDES} ${INCS} $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c $(SRCS)
+ cp $@ ..
+
diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/README osiris-4.1.9-new/src/osirisd/modules/mod_if/README
--- osiris-4.1.9-old/src/osirisd/modules/mod_if/README 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/README 2005-10-07 02:19:17.000000000 +0200
@@ -0,0 +1,42 @@
+
+Module: mod_if
+Author: Brian Wotring (brian@hostintegrity.com)
+
+
+
+DESCRIPTION:
+
+The mod_if module is designed originally to monitor the promisc flag
+on network interfaces, but quickly turned into being able to monitor
+various aspects of network interfaces including hardware address,
+IP address, broadcast, MTU, and metric.
+
+This module is somewhat different in that each record is an element
+about a network interface as opposed to one record per interface. This
+will make it easier to add more elements to be monitored, easier to
+filter, and easier to understand alerts.
+
+USE:
+
+To use this module, all that is needed is to include it in the Modules
+block of a scan configuration, e.g.:
+
+ <Modules>
+ ...
+ Include mod_if
+ ...
+ </Modules>
+
+
+PARAMETERS:
+
+There are no parameters for this module.
+
+PLATFORMS:
+
+Currently, this module is only implemented for Linux.
+
+NOTES:
+
+
+
diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/mod_if.c osiris-4.1.9-new/src/osirisd/modules/mod_if/mod_if.c
--- osiris-4.1.9-old/src/osirisd/modules/mod_if/mod_if.c 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/mod_if.c 2005-10-07 02:19:17.000000000 +0200
@@ -0,0 +1,317 @@
+
+/******************************************************************************
+**
+** Copyright (C) 2005 Brian Wotring.
+**
+** This program is free software; you can redistribute it and/or
+** modify it, however, you cannot sell it.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+**
+** You should have received a copy of the license attached to the
+** use of this software. If not, view a current copy of the license
+** file here:
+**
+** http://www.hostintegrity.com/osiris/LICENSE
+**
+******************************************************************************/
+
+/*****************************************************************************
+**
+** File: mod_if.c
+** Date: September 23, 2005
+**
+** Author: Brian Wotring
+** Purpose: platform specific methods for monitoring network devices.
+**
+******************************************************************************/
+
+
+/* CODE USED IN THIS MODULE WAS ORIGINALLY TAKEN FROM:
+*
+* http://mail.nl.linux.org/kernelnewbies/2003-05/msg00090.html
+*/
+
+static const char *MODULE_NAME = "mod_if";
+
+
+#ifndef WIN32
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#ifndef WIN32
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <net/if.h>
+#endif
+
+#include <sys/ioctl.h>
+#include <net/if_arp.h>
+#include <arpa/inet.h>
+
+
+#include "libosiris.h"
+#include "libfileapi.h"
+#include "rootpriv.h"
+#include "common.h"
+#include "version.h"
+
+#include "scanner.h"
+#include "logging.h"
+
+
+#define inaddrr(x) (*(struct in_addr *) &ifr->x[sizeof sa.sin_port])
+#define IFRSIZE ((int)(size * sizeof (struct ifreq)))
+
+void process_if_unix( SCANNER *scanner )
+{
+ unsigned char*u;
+ int sockfd, size = 1;
+ struct ifreq *ifr;
+ struct ifconf ifc;
+ struct sockaddr_in sa;
+
+ SCAN_RECORD_TEXT_1 record;
+
+ /* Make sure we are able to create sockets */
+
+ if ( (sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP)) < 0 )
+ {
+ log_error( "mod_if unable to create socket!" );
+ return;
+ }
+
+ ifc.ifc_len = IFRSIZE;
+ ifc.ifc_req = NULL;
+
+ do
+ {
+ ++size;
+
+ /* realloc buffer size until no overflow occurs */
+
+ if ((ifc.ifc_req = realloc(ifc.ifc_req, IFRSIZE)) == NULL )
+ {
+ log_error( "out of memory!!!" );
+ return;
+ }
+
+ ifc.ifc_len = IFRSIZE;
+
+ if (ioctl(sockfd, SIOCGIFCONF, &ifc))
+ {
+ log_error("ioctl failure: SIOCFIFCONF");
+ return;
+ }
+
+ } while (IFRSIZE <= ifc.ifc_len);
+
+ ifr = ifc.ifc_req;
+
+ for (;(char *) ifr < (char *) ifc.ifc_req + ifc.ifc_len; ++ifr)
+ {
+ if (ifr->ifr_addr.sa_data == (ifr+1)->ifr_addr.sa_data)
+ {
+ continue; /* duplicate, skip it */
+ }
+
+ if (ioctl(sockfd, SIOCGIFFLAGS, ifr))
+ {
+ continue; /* failed to get flags, skip it */
+ }
+
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:IP", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%s", inet_ntoa(inaddrr(ifr_addr.sa_data)));
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+
+ /*
+ * This won't work on HP-UX 10.20 as there's no SIOCGIFHWADDR ioctl. You'll
+ * need to use DLPI or the NETSTAT ioctl on /dev/lan0, etc (and you'll need
+ * to be root to use the NETSTAT ioctl. Also this is deprecated and doesn't
+ * work on 11.00).
+ *
+ * On Digital Unix you can use the SIOCRPHYSADDR ioctl according to an old
+ * utility I have. Also on SGI I think you need to use a raw socket, e.g. s
+ * = socket(PF_RAW, SOCK_RAW, RAWPROTO_SNOOP)
+ *
+ * Dave
+ *
+ * From: David Peter <dave.peter@eu.citrix.com>
+ **/
+
+ if ( ioctl(sockfd, SIOCGIFHWADDR, ifr) == 0 )
+ {
+ /* Select which hardware types to process.
+ **
+ ** See list in system include file included from
+ ** /usr/include/net/if_arp.h (For example, on
+ ** Linux see file /usr/include/linux/if_arp.h to
+ ** get the list.)
+ **/
+
+ switch (ifr->ifr_hwaddr.sa_family)
+ {
+ default:
+ continue;
+
+ case ARPHRD_NETROM:
+ case ARPHRD_ETHER:
+ case ARPHRD_PPP:
+ case ARPHRD_EETHER:
+ case ARPHRD_IEEE802:
+ break;
+ }
+
+ u = (unsigned char *) &ifr->ifr_addr.sa_data;
+
+ /* send record for MAC for this interface */
+
+ if (u[0] + u[1] + u[2] + u[3] + u[4] + u[5])
+ {
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:MAC", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%2.2x.%2.2x.%2.2x.%2.2x.%2.2x.%2.2x",
+ u[0], u[1], u[2], u[3], u[4], u[5]);
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+ }
+ }
+
+ if ( ioctl(sockfd, SIOCGIFNETMASK, ifr) == 0 &&
+ strcmp("255.255.255.255", inet_ntoa(inaddrr(ifr_addr.sa_data))))
+ {
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:NETMASK", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%s", inet_ntoa(inaddrr(ifr_addr.sa_data)));
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+ }
+
+ if (ifr->ifr_flags & IFF_BROADCAST)
+ {
+ if ( ioctl(sockfd, SIOCGIFBRDADDR, ifr) == 0 &&
+ strcmp("0.0.0.0", inet_ntoa(inaddrr(ifr_addr.sa_data))))
+ {
+
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:BROADCAST", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%s",inet_ntoa(inaddrr(ifr_addr.sa_data)));
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+ }
+ }
+
+ /* Added by David Vasil to check for Promiscuous mode */
+
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:PROMISC", ifr->ifr_name );
+
+ if ( ioctl(sockfd, SIOCGIFFLAGS, ifr) == 0 &&
+ ifr->ifr_flags & IFF_PROMISC)
+ {
+ osi_strlcpy( record.data, "ENABLED", sizeof( record.data ) );
+ }
+
+ else
+ {
+ osi_strlcpy( record.data, "DISABLED", sizeof( record.data ) );
+ }
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+
+
+ if ( ioctl(sockfd, SIOCGIFMTU, ifr) == 0 )
+ {
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:MTU", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%u", ifr->ifr_mtu );
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+ }
+
+ if ( ioctl(sockfd, SIOCGIFMETRIC, ifr) == 0 )
+ {
+ initialize_scan_record( (SCAN_RECORD *)&record,
+ SCAN_RECORD_TYPE_TEXT_1 );
+
+ osi_strlcpy( record.module_name, MODULE_NAME,
+ sizeof( record.module_name ) );
+
+ osi_snprintf( record.name, sizeof( record.name ),
+ "if:%s:METRIC", ifr->ifr_name );
+
+ osi_snprintf( record.data, sizeof( record.data ),
+ "%u", ifr->ifr_metric );
+
+ send_scan_data( scanner, (SCAN_RECORD *)&record );
+ }
+ }
+
+ close(sockfd);
+}
+
+void mod_if( SCANNER *scanner )
+{
+#if defined(SYSTEM_LINUX)
+ process_if_unix( scanner );
+#endif
+
+}

View File

@ -1,3 +1,9 @@
Description: The mod_nvram module was developed specifically to monitor
configuration settings stored in nvram on Linksys devices.
In the future, this module could be used to monitor other
attributes of similar devices.
Version: 0.1
--- osiris-4.1.8-orig/src/osirisd/modules/mod_nvram/Makefile 1970-01-01 01:00:00.000000000 +0100 --- osiris-4.1.8-orig/src/osirisd/modules/mod_nvram/Makefile 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.8-1/src/osirisd/modules/mod_nvram/Makefile 2005-04-22 23:11:32.000000000 +0200 +++ osiris-4.1.8-1/src/osirisd/modules/mod_nvram/Makefile 2005-04-22 23:11:32.000000000 +0200
@@ -0,0 +1,16 @@ @@ -0,0 +1,16 @@

View File

@ -1,3 +1,7 @@
Description: The mod_uptime module obtains the system boot time value
for comparison with scans.
Version: 0.2
--- osiris-4.1.8-orig/src/osirisd/modules/mod_uptime/Makefile 1970-01-01 01:00:00.000000000 +0100 --- osiris-4.1.8-orig/src/osirisd/modules/mod_uptime/Makefile 1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.8-1/src/osirisd/modules/mod_uptime/Makefile 2005-04-22 23:11:32.000000000 +0200 +++ osiris-4.1.8-1/src/osirisd/modules/mod_uptime/Makefile 2005-04-22 23:11:32.000000000 +0200
@@ -0,0 +1,16 @@ @@ -0,0 +1,16 @@