Date: Mon, 21 Jun 2010 03:20:31 GMT From: Sergio Ligregni <ligregni@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 180027 for review Message-ID: <201006210320.o5L3KVv8034351@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@180027?ac=10 Change 180027 by ligregni@ligPhenom on 2010/06/21 03:19:59 Implemented MD5, the socket work file created, also included a Makefile to simplify development and using Affected files ... .. //depot/projects/soc2010/disaudit/Makefile#1 add .. //depot/projects/soc2010/disaudit/ideas.txt#4 edit .. //depot/projects/soc2010/disaudit/shipd.c#4 edit .. //depot/projects/soc2010/disaudit/shipd.h#4 edit .. //depot/projects/soc2010/disaudit/ssocket_work.c#1 add .. //depot/projects/soc2010/disaudit/ssocket_work.h#1 add Differences ... ==== //depot/projects/soc2010/disaudit/ideas.txt#4 (text+ko) ==== @@ -8,6 +8,7 @@ PARAMETERS (the main idea is to get them from /etc/security/audit_control) disaudit_type:master # none, master, slave, obviouslly depending on this to use the following parameters +disaudit_port:53686 /* SLAVE */ ==== //depot/projects/soc2010/disaudit/shipd.c#4 (text+ko) ==== @@ -28,6 +28,7 @@ /*** INCLUDES ***/ #include "shipd.h" +#include "ssocket_work.h" #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -35,6 +36,7 @@ #include <syslog.h> #include <stdarg.h> #include <sys/types.h> +#include <sys/md5.h> #include <sys/stat.h> /*** DECLARATIONS ***/ @@ -52,6 +54,9 @@ /* Two main things to be set by this variable, if daemonize or not, and the destination of the messages */ int debug; +/* Port number */ +int port_number; + main (int argc, char *argv[]) { char cl_opt; @@ -118,6 +123,7 @@ fscanf(fpars, "%s", master_host); fscanf(fpars, "%d", &panic_level); fscanf(fpars, "%d", &msec_freq); + fscanf(fpars, "%d", &port_number); return 0; } @@ -131,6 +137,10 @@ syslog(LOG_ERR, "%s", message); } +/* + * Look for the last closed trail and + * send it + */ void do_last() { @@ -153,6 +163,11 @@ } } +/* + * Used by do_last() function, this get the last + * closed trail in meaning of lexicographic + * order (that is also a chronological one) + */ int get_last_trail(char *path) { @@ -206,6 +221,12 @@ return 0; } +/* + * When exploring /var/audit/ (or the directory + * where the trails are), not all files are trails + * so we must ensure we will only deal with the ones + * that are trails + */ int is_audit_trail(char *path) { @@ -324,8 +345,11 @@ qsort(trail_paths, n_elements, sizeof(*trail_paths), cmp_trails); for (i=0; i<n_elements; ++i) - if (is_in_master(trail_paths[i])) + { + strcpy(ptr, trail_paths[i]); + if (is_in_master(trail_paths[i], fullpath)) break; + } /* * At this point, the variable i holds the index of the first ok trail in master system @@ -355,6 +379,11 @@ return; } +/* + * Using the audit trail's names advantage, we define + * that an audit trail is older than the other one + * according their lexicographic value + */ int cmp_trails (const void *A, const void *B) { if (strcmp(*((char **)A), *((char **)B)) < 0) @@ -362,9 +391,33 @@ return -1; } -int is_in_master(char *path) +/* + * This function calculates the MD5 checksum for a trail + * and checks if it is on master system using two + * file unique atributes, the name and the checksum, + * the last one for checking file integrity, if the MD5 + * checksums on both systems are not equal, then the function + * will return "false" since an incomplete trail is not valid here. + */ +int is_in_master(char *path, char *fullpath) { - return 0; + char *md5 = (char *) malloc (sizeof(char) * 33); + char message[MAX_PATH_SIZE + 33]; + int ret_val=1; + MD5_CTX context; + + /* Get the MD5 checksum for the file (notice that here we use the fullpath) */ + md5 = MD5File(fullpath, md5); + sprintf(message, "The MD5 checksum for %s is %s", path, md5); + to_log(message); + + /* Included in socket_work.c, this intended to implement SSL later */ + if (do_socket_check_file(master_host, port_number, path, fullpath, md5) == -1) + ret_val = 0; + + free(md5); + + return ret_val; } @@ -408,7 +461,7 @@ if (S_ISDIR(statbuf.st_mode) == 0) /* It's not a directory */ if ( is_audit_trail(dirp->d_name) ) /* It's not other file */ - if ( !is_in_master(dirp->d_name) ) + if ( !is_in_master(dirp->d_name, fullpath) ) if (send_trail(fullpath) == -1) { sprintf(message, "ERROR Sending \"%s\" to %s", fullpath, master_host); ==== //depot/projects/soc2010/disaudit/shipd.h#4 (text+ko) ==== @@ -44,7 +44,7 @@ int send_trail(char *); void do_daemon_date(); int cmp_trails(const void *, const void *); -int is_in_master(char *); +int is_in_master(char *, char *); void do_daemon_all();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006210320.o5L3KVv8034351>