Truncate title to make it more good looking in menuconfig

[packages.git] / admin / osiris / patches / mod_if.patch

Description:    The mod_if module monitors various aspects of network 
                interfaces for change, including IP, Hardware Address, 
                broadcast, MTU, metric, and promiscuous mode.
Version:        0.2

diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/Makefile osiris-4.1.9-new/src/osirisd/modules/mod_if/Makefile
--- osiris-4.1.9-old/src/osirisd/modules/mod_if/Makefile        1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/Makefile        2005-10-07 02:19:17.000000000 +0200
@@ -0,0 +1,16 @@
+
+include ../Makefile
+
+SRCS=mod_if.c
+OBJS=$(SRCS:.c=.o)
+
+module: ${SRCS} ${OBJS}
+
+INCS=-I../.. -I../../../libosiris -I../../../libfileapi -I../../../..
+
+# meta-rule for compiling any "C" source file.
+$(OBJS): $(SRCS)
+       $(CC) $(DEFS) $(DEFAULT_INCLUDES) ${INCLUDES} ${INCS} $(AM_CPPFLAGS) \
+       $(CPPFLAGS) $(AM_CFLAGS)  $(CFLAGS) -c $(SRCS)
+       cp $@ ..
+
diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/README osiris-4.1.9-new/src/osirisd/modules/mod_if/README
--- osiris-4.1.9-old/src/osirisd/modules/mod_if/README  1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/README  2005-10-07 02:19:17.000000000 +0200
@@ -0,0 +1,42 @@
+
+Module: mod_if
+Author: Brian Wotring (brian@hostintegrity.com)
+
+
+
+DESCRIPTION:
+
+The mod_if module is designed originally to monitor the promisc flag
+on network interfaces, but quickly turned into being able to monitor
+various aspects of network interfaces including hardware address,
+IP address, broadcast, MTU, and metric.
+
+This module is somewhat different in that each record is an element
+about a network interface as opposed to one record per interface. This
+will make it easier to add more elements to be monitored, easier to
+filter, and easier to understand alerts.
+
+USE:
+
+To use this module, all  that is needed is to include it in the Modules
+block of a scan configuration, e.g.:
+
+    <Modules>
+    ...
+    Include mod_if
+    ...
+    </Modules>
+
+
+PARAMETERS:
+
+There are no parameters for this module.
+
+PLATFORMS:
+
+Currently, this module is only implemented for Linux.    
+
+NOTES:
+
+
+
diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/mod_if.c osiris-4.1.9-new/src/osirisd/modules/mod_if/mod_if.c
--- osiris-4.1.9-old/src/osirisd/modules/mod_if/mod_if.c        1970-01-01 01:00:00.000000000 +0100
+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/mod_if.c        2005-10-07 02:19:17.000000000 +0200
@@ -0,0 +1,317 @@
+\r
+/******************************************************************************\r
+**\r
+**  Copyright (C) 2005 Brian Wotring.\r
+**\r
+**  This program is free software; you can redistribute it and/or\r
+**  modify it, however, you cannot sell it.\r
+**\r
+**  This program is distributed in the hope that it will be useful,\r
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of\r
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\r
+**\r
+**  You should have received a copy of the license attached to the\r
+**  use of this software.  If not, view a current copy of the license\r
+**  file here:\r
+**\r
+**      http://www.hostintegrity.com/osiris/LICENSE\r
+**\r
+******************************************************************************/\r
+\r
+/*****************************************************************************\r
+**\r
+**  File:    mod_if.c\r
+**  Date:    September 23, 2005\r
+**\r
+**  Author:  Brian Wotring\r
+**  Purpose: platform specific methods for monitoring network devices.\r
+**\r
+******************************************************************************/\r
+\r
+\r
+/* CODE USED IN THIS MODULE WAS ORIGINALLY TAKEN FROM: \r
+*\r
+*   http://mail.nl.linux.org/kernelnewbies/2003-05/msg00090.html\r
+*/\r
+\r
+static const char *MODULE_NAME = "mod_if";\r
+\r
+\r
+#ifndef WIN32\r
+#include "config.h"\r
+#endif\r
+\r
+#include <stdio.h>\r
+#include <stdlib.h>\r
+\r
+#ifndef WIN32\r
+#include <unistd.h>\r
+#include <string.h>\r
+#include <errno.h>\r
+\r
+#include <sys/socket.h>\r
+#include <sys/types.h>\r
+#include <net/if.h>\r
+#endif\r
+\r
+#include <sys/ioctl.h>\r
+#include <net/if_arp.h>\r
+#include <arpa/inet.h>\r
+\r
+\r
+#include "libosiris.h"\r
+#include "libfileapi.h"\r
+#include "rootpriv.h"\r
+#include "common.h"\r
+#include "version.h"\r
+\r
+#include "scanner.h"\r
+#include "logging.h"\r
+\r
+\r
+#define inaddrr(x) (*(struct in_addr *) &ifr->x[sizeof sa.sin_port])\r
+#define IFRSIZE   ((int)(size * sizeof (struct ifreq)))\r
+\r
+void process_if_unix( SCANNER *scanner )\r
+{\r
+    unsigned char*u;\r
+    int    sockfd, size  = 1;\r
+    struct ifreq *ifr;\r
+    struct ifconf ifc;\r
+    struct sockaddr_in sa;\r
+\r
+    SCAN_RECORD_TEXT_1 record;\r
+\r
+    /* Make sure we are able to create sockets */\r
+    \r
+    if ( (sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP)) < 0 )\r
+    {\r
+        log_error( "mod_if unable to create socket!" );\r
+        return;\r
+    }\r
+\r
+    ifc.ifc_len = IFRSIZE;\r
+    ifc.ifc_req = NULL;\r
+\r
+    do\r
+    {\r
+        ++size;\r
+\r
+        /* realloc buffer size until no overflow occurs  */\r
+        \r
+        if ((ifc.ifc_req = realloc(ifc.ifc_req, IFRSIZE)) == NULL )\r
+        {\r
+            log_error( "out of memory!!!" );\r
+            return;\r
+        }\r
+\r
+        ifc.ifc_len = IFRSIZE;\r
+\r
+        if (ioctl(sockfd, SIOCGIFCONF, &ifc))\r
+        {\r
+            log_error("ioctl failure: SIOCFIFCONF");\r
+            return;\r
+        }\r
+\r
+    } while (IFRSIZE <= ifc.ifc_len);\r
+\r
+    ifr = ifc.ifc_req;\r
+\r
+    for (;(char *) ifr < (char *) ifc.ifc_req + ifc.ifc_len; ++ifr)\r
+    {\r
+        if (ifr->ifr_addr.sa_data == (ifr+1)->ifr_addr.sa_data)\r
+        {\r
+            continue;  /* duplicate, skip it */\r
+        }\r
+\r
+        if (ioctl(sockfd, SIOCGIFFLAGS, ifr))\r
+        {\r
+            continue;  /* failed to get flags, skip it */\r
+        }\r
+\r
+        initialize_scan_record( (SCAN_RECORD *)&record,\r
+                                SCAN_RECORD_TYPE_TEXT_1 );\r
+\r
+        osi_strlcpy( record.module_name, MODULE_NAME,\r
+                     sizeof( record.module_name ) );\r
+\r
+        osi_snprintf( record.name, sizeof( record.name ),\r
+                      "if:%s:IP", ifr->ifr_name );\r
+\r
+        osi_snprintf( record.data, sizeof( record.data ),\r
+                      "%s", inet_ntoa(inaddrr(ifr_addr.sa_data)));\r
+\r
+        send_scan_data( scanner, (SCAN_RECORD *)&record );\r
+\r
+    /*\r
+     * This won't work on HP-UX 10.20 as there's no SIOCGIFHWADDR ioctl. You'll\r
+     * need to use DLPI or the NETSTAT ioctl on /dev/lan0, etc (and you'll need\r
+     *  to be root to use the NETSTAT ioctl. Also this is deprecated and doesn't\r
+     *     work on 11.00).\r
+     *\r
+     * On Digital Unix you can use the SIOCRPHYSADDR ioctl according to an old\r
+     * utility I have. Also on SGI I think you need to use a raw socket, e.g. s\r
+     * = socket(PF_RAW, SOCK_RAW, RAWPROTO_SNOOP)\r
+     *\r
+     * Dave\r
+     *\r
+     * From: David Peter <dave.peter@eu.citrix.com>\r
+     **/\r
+\r
+        if ( ioctl(sockfd, SIOCGIFHWADDR, ifr) == 0 )\r
+        {\r
+            /* Select which  hardware types to process.\r
+             **\r
+             **    See list in system include file included from\r
+             **    /usr/include/net/if_arp.h  (For example, on\r
+             **    Linux see file /usr/include/linux/if_arp.h to\r
+             **    get the list.)\r
+             **/\r
+\r
+            switch (ifr->ifr_hwaddr.sa_family)\r
+            {\r
+                default:\r
+                    continue;\r
+\r
+                case  ARPHRD_NETROM:\r
+                case  ARPHRD_ETHER:\r
+                case  ARPHRD_PPP:\r
+                case  ARPHRD_EETHER:\r
+                case  ARPHRD_IEEE802:\r
+                    break;\r
+            }\r
+\r
+            u = (unsigned char *) &ifr->ifr_addr.sa_data;\r
+\r
+            /* send record for MAC for this interface */\r
+\r
+            if (u[0] + u[1] + u[2] + u[3] + u[4] + u[5])\r
+            {\r
+                initialize_scan_record( (SCAN_RECORD *)&record,\r
+                                    SCAN_RECORD_TYPE_TEXT_1 );\r
+\r
+                osi_strlcpy( record.module_name, MODULE_NAME,\r
+                         sizeof( record.module_name ) );\r
+\r
+                osi_snprintf( record.name, sizeof( record.name ),\r
+                    "if:%s:MAC", ifr->ifr_name );\r
+\r
+                osi_snprintf( record.data, sizeof( record.data ),\r
+                        "%2.2x.%2.2x.%2.2x.%2.2x.%2.2x.%2.2x",\r
+                        u[0], u[1], u[2], u[3], u[4], u[5]);\r
+\r
+                send_scan_data( scanner, (SCAN_RECORD *)&record );\r
+            }\r
+        }\r
+\r
+        if ( ioctl(sockfd, SIOCGIFNETMASK, ifr) == 0 &&\r
+             strcmp("255.255.255.255", inet_ntoa(inaddrr(ifr_addr.sa_data))))\r
+        {\r
+            initialize_scan_record( (SCAN_RECORD *)&record,\r
+                                SCAN_RECORD_TYPE_TEXT_1 );\r
+\r
+            osi_strlcpy( record.module_name, MODULE_NAME,\r
+                         sizeof( record.module_name ) );\r
+\r
+            osi_snprintf( record.name, sizeof( record.name ),\r
+                "if:%s:NETMASK", ifr->ifr_name );\r
+\r
+            osi_snprintf( record.data, sizeof( record.data ),\r
+                "%s", inet_ntoa(inaddrr(ifr_addr.sa_data)));\r
+\r
+            send_scan_data( scanner, (SCAN_RECORD *)&record );\r
+        }\r
+\r
+        if (ifr->ifr_flags & IFF_BROADCAST)\r
+        {\r
+            if ( ioctl(sockfd, SIOCGIFBRDADDR, ifr) == 0 &&\r
+                 strcmp("0.0.0.0", inet_ntoa(inaddrr(ifr_addr.sa_data))))\r
+            {\r
+\r
+                initialize_scan_record( (SCAN_RECORD *)&record,\r
+                                        SCAN_RECORD_TYPE_TEXT_1 );\r
+\r
+                osi_strlcpy( record.module_name, MODULE_NAME,\r
+                     sizeof( record.module_name ) );\r
+\r
+                osi_snprintf( record.name, sizeof( record.name ),\r
+                    "if:%s:BROADCAST", ifr->ifr_name );\r
+\r
+                osi_snprintf( record.data, sizeof( record.data ),\r
+                    "%s",inet_ntoa(inaddrr(ifr_addr.sa_data)));\r
+\r
+                send_scan_data( scanner, (SCAN_RECORD *)&record );\r
+            }\r
+        }\r
+\r
+        /* Added by David Vasil to check for Promiscuous mode */\r
+\r
+        initialize_scan_record( (SCAN_RECORD *)&record,\r
+                                SCAN_RECORD_TYPE_TEXT_1 );\r
+\r
+        osi_strlcpy( record.module_name, MODULE_NAME,\r
+                     sizeof( record.module_name ) );\r
+\r
+\r
+        osi_snprintf( record.name, sizeof( record.name ),\r
+                      "if:%s:PROMISC", ifr->ifr_name );\r
+\r
+        if ( ioctl(sockfd, SIOCGIFFLAGS, ifr) == 0 &&\r
+             ifr->ifr_flags & IFF_PROMISC)\r
+        {\r
+            osi_strlcpy( record.data, "ENABLED", sizeof( record.data ) );\r
+        }\r
+\r
+        else\r
+        {\r
+            osi_strlcpy( record.data, "DISABLED", sizeof( record.data ) );\r
+        }\r
+\r
+        send_scan_data( scanner, (SCAN_RECORD *)&record );\r
+\r
+\r
+        if ( ioctl(sockfd, SIOCGIFMTU, ifr) == 0 )\r
+        {\r
+            initialize_scan_record( (SCAN_RECORD *)&record,\r
+                                    SCAN_RECORD_TYPE_TEXT_1 );\r
+\r
+            osi_strlcpy( record.module_name, MODULE_NAME,\r
+                         sizeof( record.module_name ) );\r
+\r
+            osi_snprintf( record.name, sizeof( record.name ),\r
+                "if:%s:MTU", ifr->ifr_name );\r
+\r
+            osi_snprintf( record.data, sizeof( record.data ),\r
+                "%u", ifr->ifr_mtu );\r
+\r
+            send_scan_data( scanner, (SCAN_RECORD *)&record );\r
+        }\r
+\r
+        if ( ioctl(sockfd, SIOCGIFMETRIC, ifr) == 0 )\r
+        {\r
+            initialize_scan_record( (SCAN_RECORD *)&record,\r
+                                    SCAN_RECORD_TYPE_TEXT_1 );\r
+\r
+            osi_strlcpy( record.module_name, MODULE_NAME,\r
+                         sizeof( record.module_name ) );\r
+\r
+            osi_snprintf( record.name, sizeof( record.name ),\r
+                "if:%s:METRIC", ifr->ifr_name );\r
+\r
+            osi_snprintf( record.data, sizeof( record.data ),\r
+                "%u", ifr->ifr_metric );\r
+\r
+            send_scan_data( scanner, (SCAN_RECORD *)&record );\r
+        }\r
+    }\r
+\r
+    close(sockfd);\r
+}\r
+\r
+void mod_if( SCANNER *scanner )\r
+{\r
+#if defined(SYSTEM_LINUX)\r
+    process_if_unix( scanner );\r
+#endif\r
+\r
+}\r