|
|
6ac4f1 |
diff -up ./doc/aide.conf.5.in.syslog_format ./doc/aide.conf.5.in
|
|
|
6ac4f1 |
--- ./doc/aide.conf.5.in.syslog_format 2016-07-25 22:58:12.000000000 +0200
|
|
|
6ac4f1 |
+++ ./doc/aide.conf.5.in 2018-09-27 19:09:09.697371212 +0200
|
|
|
6ac4f1 |
@@ -57,6 +57,25 @@ inclusive. This parameter can only be gi
|
|
|
6ac4f1 |
occurrence is used. If \-\-verbose or \-V is used then the value from that
|
|
|
6ac4f1 |
is used. The default is 5. If verbosity is 20 then additional report
|
|
|
6ac4f1 |
output is written when doing \-\-check, \-\-update or \-\-compare.
|
|
|
6ac4f1 |
+.IP "syslog_format"
|
|
|
6ac4f1 |
+Valid values are yes,true,no and false. This option enables new syslog format
|
|
|
6ac4f1 |
+which is suitable for logging. Every change is logged as one simple line. This option
|
|
|
6ac4f1 |
+changes verbose level to 0 and prints everything that was changed. It is suggested
|
|
|
6ac4f1 |
+to use this option with "report_url=syslog:...". Default value is "false/no".
|
|
|
6ac4f1 |
+Maximum size of message is 1KB which is limitation of syslog call. If message is
|
|
|
6ac4f1 |
+greater than limit, message will be truncated.
|
|
|
6ac4f1 |
+Option summarize_changes has no impact for this format.
|
|
|
6ac4f1 |
+.nf
|
|
|
6ac4f1 |
+.eo
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+Output always starts with:
|
|
|
6ac4f1 |
+"AIDE found differences between database and filesystem!!"
|
|
|
6ac4f1 |
+And it is followed by summary:
|
|
|
6ac4f1 |
+summary;total_number_of_files=1000;added_files=0;removed_files=0;changed_files=1
|
|
|
6ac4f1 |
+And finally there are logs about changes:
|
|
|
6ac4f1 |
+dir=/usr/sbin;Mtime_old=0000-00-00 00:00:00;Mtime_new=0000-00-00 00:00:00;...
|
|
|
6ac4f1 |
+.ec
|
|
|
6ac4f1 |
+.fi
|
|
|
6ac4f1 |
.IP "report_url"
|
|
|
6ac4f1 |
The url that the output is written to. There can be multiple instances
|
|
|
6ac4f1 |
of this parameter. Output is written to all of them. The default is
|
|
|
6ac4f1 |
diff -up ./include/db_config.h.syslog_format ./include/db_config.h
|
|
|
6ac4f1 |
--- ./include/db_config.h.syslog_format 2016-07-25 22:56:55.000000000 +0200
|
|
|
6ac4f1 |
+++ ./include/db_config.h 2018-09-27 19:09:09.697371212 +0200
|
|
|
6ac4f1 |
@@ -311,6 +311,7 @@ typedef struct db_config {
|
|
|
6ac4f1 |
FILE* db_out;
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
int config_check;
|
|
|
6ac4f1 |
+ int syslog_format;
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
struct md_container *mdc_in;
|
|
|
6ac4f1 |
struct md_container *mdc_out;
|
|
|
6ac4f1 |
diff -up ./src/aide.c.syslog_format ./src/aide.c
|
|
|
6ac4f1 |
--- ./src/aide.c.syslog_format 2018-09-27 19:09:09.695371197 +0200
|
|
|
6ac4f1 |
+++ ./src/aide.c 2018-09-27 19:09:09.698371220 +0200
|
|
|
6ac4f1 |
@@ -283,6 +283,7 @@ static void setdefaults_before_config()
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
/* Setting some defaults */
|
|
|
6ac4f1 |
+ conf->syslog_format=0;
|
|
|
6ac4f1 |
conf->report_db=0;
|
|
|
6ac4f1 |
conf->tree=NULL;
|
|
|
6ac4f1 |
conf->config_check=0;
|
|
|
6ac4f1 |
@@ -495,6 +496,10 @@ static void setdefaults_after_config()
|
|
|
6ac4f1 |
if(conf->verbose_level==-1){
|
|
|
6ac4f1 |
conf->verbose_level=5;
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
+ if(conf->syslog_format==1){
|
|
|
6ac4f1 |
+ conf->verbose_level=0;
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
diff -up ./src/compare_db.c.syslog_format ./src/compare_db.c
|
|
|
6ac4f1 |
--- ./src/compare_db.c.syslog_format 2016-07-25 22:56:55.000000000 +0200
|
|
|
6ac4f1 |
+++ ./src/compare_db.c 2018-09-27 19:09:09.698371220 +0200
|
|
|
6ac4f1 |
@@ -110,7 +110,7 @@ const DB_ATTR_TYPE details_attributes[]
|
|
|
6ac4f1 |
#endif
|
|
|
6ac4f1 |
};
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
-const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size (>)"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512")
|
|
|
6ac4f1 |
+const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512")
|
|
|
6ac4f1 |
#ifdef WITH_MHASH
|
|
|
6ac4f1 |
, _("CRC32"), _("HAVAL"), _("GOST"), _("CRC32B"), _("WHIRLPOOL")
|
|
|
6ac4f1 |
#endif
|
|
|
6ac4f1 |
@@ -269,12 +269,19 @@ static int xattrs2array(xattrs_type* xat
|
|
|
6ac4f1 |
if ((len == xattrs->ents[num - 1].vsz) || ((len == (xattrs->ents[num - 1].vsz - 1)) && !val[len])) {
|
|
|
6ac4f1 |
length = 8 + width + strlen(xattrs->ents[num - 1].key) + strlen(val);
|
|
|
6ac4f1 |
(*values)[num]=malloc(length *sizeof(char));
|
|
|
6ac4f1 |
- snprintf((*values)[num], length , "[%.*zd] %s = %s", width, num, xattrs->ents[num - 1].key, val);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ char * fmt = "[%.*zd] %s = %s";
|
|
|
6ac4f1 |
+ if (conf->syslog_format) fmt = "[%.*zd]%s=%s"; // its smaller so it has to be enough space allocated.
|
|
|
6ac4f1 |
+ snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
} else {
|
|
|
6ac4f1 |
val = encode_base64(xattrs->ents[num - 1].val, xattrs->ents[num - 1].vsz);
|
|
|
6ac4f1 |
length = 10 + width + strlen(xattrs->ents[num - 1].key) + strlen(val);
|
|
|
6ac4f1 |
(*values)[num]=malloc( length *sizeof(char));
|
|
|
6ac4f1 |
- snprintf((*values)[num], length , "[%.*zd] %s <=> %s", width, num, xattrs->ents[num - 1].key, val);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ char * fmt = "[%.*zd] %s <=> %s";
|
|
|
6ac4f1 |
+ if (conf->syslog_format) fmt = "[%.*zd]%s<=>%s"; // its smaller so it has to be enough space allocated.
|
|
|
6ac4f1 |
+ snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val);
|
|
|
6ac4f1 |
free(val);
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
@@ -302,6 +309,26 @@ static int acl2array(acl_type* acl, char
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
if (acl->acl_a || acl->acl_d) {
|
|
|
6ac4f1 |
int j, k, i;
|
|
|
6ac4f1 |
+ if (conf->syslog_format) {
|
|
|
6ac4f1 |
+ *values = malloc(2 * sizeof(char*));
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ char *A, *D = "<NONE>";
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ if (acl->acl_a) { A = acl->acl_a; }
|
|
|
6ac4f1 |
+ if (acl->acl_d) { D = acl->acl_d; }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ (*values)[0] = (char*) malloc(strlen(A) + 3); // "A:" and \0
|
|
|
6ac4f1 |
+ snprintf((*values)[0], strlen(A) + 3, "A:%s", A);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ (*values)[1] = (char*) malloc(strlen(D) + 3); // "D:" and \0
|
|
|
6ac4f1 |
+ snprintf((*values)[1], strlen(D) + 3, "D:%s", D);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ i = 0; while ( (*values)[0][i] ) { if ( (*values)[0][i]=='\n') { (*values)[0][i] = ' '; } i++; }
|
|
|
6ac4f1 |
+ i = 0; while ( (*values)[1][i] ) { if ( (*values)[1][i]=='\n') { (*values)[1][i] = ' '; } i++; }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ return 2;
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
if (acl->acl_a) { i = 0; while (acl->acl_a[i]) { if (acl->acl_a[i++]=='\n') { n++; } } }
|
|
|
6ac4f1 |
if (acl->acl_d) { i = 0; while (acl->acl_d[i]) { if (acl->acl_d[i++]=='\n') { n++; } } }
|
|
|
6ac4f1 |
*values = malloc(n * sizeof(char*));
|
|
|
6ac4f1 |
@@ -338,25 +365,25 @@ static char* e2fsattrs2string(unsigned l
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
static char* get_file_type_string(mode_t mode) {
|
|
|
6ac4f1 |
switch (mode & S_IFMT) {
|
|
|
6ac4f1 |
- case S_IFREG: return _("File");
|
|
|
6ac4f1 |
- case S_IFDIR: return _("Directory");
|
|
|
6ac4f1 |
+ case S_IFREG: return conf->syslog_format ? "file" : _("File");
|
|
|
6ac4f1 |
+ case S_IFDIR: return conf->syslog_format ? "dir" : _("Directory");
|
|
|
6ac4f1 |
#ifdef S_IFIFO
|
|
|
6ac4f1 |
- case S_IFIFO: return _("FIFO");
|
|
|
6ac4f1 |
+ case S_IFIFO: return conf->syslog_format ? "fifo" : _("FIFO");
|
|
|
6ac4f1 |
#endif
|
|
|
6ac4f1 |
- case S_IFLNK: return _("Link");
|
|
|
6ac4f1 |
- case S_IFBLK: return _("Block device");
|
|
|
6ac4f1 |
- case S_IFCHR: return _("Character device");
|
|
|
6ac4f1 |
+ case S_IFLNK: return conf->syslog_format ? "link" : _("Link");
|
|
|
6ac4f1 |
+ case S_IFBLK: return conf->syslog_format ? "blockd" : _("Block device");
|
|
|
6ac4f1 |
+ case S_IFCHR: return conf->syslog_format ? "chard" : _("Character device");
|
|
|
6ac4f1 |
#ifdef S_IFSOCK
|
|
|
6ac4f1 |
- case S_IFSOCK: return _("Socket");
|
|
|
6ac4f1 |
+ case S_IFSOCK: return conf->syslog_format ? "socket" : _("Socket");
|
|
|
6ac4f1 |
#endif
|
|
|
6ac4f1 |
#ifdef S_IFDOOR
|
|
|
6ac4f1 |
- case S_IFDOOR: return _("Door");
|
|
|
6ac4f1 |
+ case S_IFDOOR: return conf->syslog_format ? "door" : _("Door");
|
|
|
6ac4f1 |
#endif
|
|
|
6ac4f1 |
#ifdef S_IFPORT
|
|
|
6ac4f1 |
- case S_IFPORT: return _("Port");
|
|
|
6ac4f1 |
+ case S_IFPORT: return conf->syslog_format ? "port" : _("Port");
|
|
|
6ac4f1 |
#endif
|
|
|
6ac4f1 |
case 0: return NULL;
|
|
|
6ac4f1 |
- default: return _("Unknown file type");
|
|
|
6ac4f1 |
+ default: return conf->syslog_format ? "unknown" : _("Unknown file type");
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
@@ -554,6 +581,51 @@ static void print_dbline_attributes(db_l
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+static void print_dbline_attributes_syslog(db_line* oline, db_line* nline, DB_ATTR_TYPE
|
|
|
6ac4f1 |
+ changed_attrs, DB_ATTR_TYPE force_attrs) {
|
|
|
6ac4f1 |
+ char **ovalue, **nvalue;
|
|
|
6ac4f1 |
+ int onumber, nnumber, i, j;
|
|
|
6ac4f1 |
+ int length = sizeof(details_attributes)/sizeof(DB_ATTR_TYPE);
|
|
|
6ac4f1 |
+ DB_ATTR_TYPE attrs;
|
|
|
6ac4f1 |
+ char *file_type = get_file_type_string((nline==NULL?oline:nline)->perm);
|
|
|
6ac4f1 |
+ if (file_type) {
|
|
|
6ac4f1 |
+ error(0,"%s=", file_type);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ error(0,"%s", (nline==NULL?oline:nline)->filename);
|
|
|
6ac4f1 |
+ attrs=force_attrs|(~(ignored_changed_attrs)&changed_attrs);
|
|
|
6ac4f1 |
+ for (j=0; j < length; ++j) {
|
|
|
6ac4f1 |
+ if (details_attributes[j]&attrs) {
|
|
|
6ac4f1 |
+ onumber=get_attribute_values(details_attributes[j], oline, &ovalue);
|
|
|
6ac4f1 |
+ nnumber=get_attribute_values(details_attributes[j], nline, &nvalue);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ if (details_attributes[j] == DB_ACL || details_attributes[j] == DB_XATTRS) {
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ error(0, ";%s_old=|", details_string[j]);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ for (i = 0 ; i < onumber ; i++) {
|
|
|
6ac4f1 |
+ error(0, "%s|", ovalue[i]);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ error(0, ";%s_new=|", details_string[j]);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ for (i = 0 ; i < nnumber ; i++) {
|
|
|
6ac4f1 |
+ error(0, "%s|", nvalue[i]);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ } else {
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ error(0, ";%s_old=%s;%s_new=%s", details_string[j], *ovalue, details_string[j], *nvalue);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ for(i=0; i < onumber; ++i) { free(ovalue[i]); ovalue[i]=NULL; } free(ovalue); ovalue=NULL;
|
|
|
6ac4f1 |
+ for(i=0; i < nnumber; ++i) { free(nvalue[i]); nvalue[i]=NULL; } free(nvalue); nvalue=NULL;
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ error(0, "\n");
|
|
|
6ac4f1 |
+}
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
static void print_attributes_added_node(db_line* line) {
|
|
|
6ac4f1 |
print_dbline_attributes(NULL, line, 0, line->attr);
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
@@ -562,6 +634,26 @@ static void print_attributes_removed_nod
|
|
|
6ac4f1 |
print_dbline_attributes(line, NULL, 0, line->attr);
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
+static void print_attributes_added_node_syslog(db_line* line) {
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ char *file_type = get_file_type_string(line->perm);
|
|
|
6ac4f1 |
+ if (file_type) {
|
|
|
6ac4f1 |
+ error(0,"%s=", file_type);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ error(0,"%s; added\n", line->filename);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+}
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+static void print_attributes_removed_node_syslog(db_line* line) {
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ char *file_type = get_file_type_string(line->perm);
|
|
|
6ac4f1 |
+ if (file_type) {
|
|
|
6ac4f1 |
+ error(0,"%s=", file_type);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ error(0,"%s; removed\n", line->filename);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+}
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
static void terse_report(seltree* node) {
|
|
|
6ac4f1 |
list* r=NULL;
|
|
|
6ac4f1 |
if ((node->checked&(DB_OLD|DB_NEW)) != 0) {
|
|
|
6ac4f1 |
@@ -626,6 +718,26 @@ static void print_report_details(seltree
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
+static void print_syslog_format(seltree* node) {
|
|
|
6ac4f1 |
+ list* r=NULL;
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ if (node->checked&NODE_CHANGED) {
|
|
|
6ac4f1 |
+ print_dbline_attributes_syslog(node->old_data, node->new_data, node->changed_attrs, forced_attrs);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ if (node->checked&NODE_ADDED) {
|
|
|
6ac4f1 |
+ print_attributes_added_node_syslog(node->new_data);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ if (node->checked&NODE_REMOVED) {
|
|
|
6ac4f1 |
+ print_attributes_removed_node_syslog(node->old_data);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ for(r=node->childs;r;r=r->next){
|
|
|
6ac4f1 |
+ print_syslog_format((seltree*)r->data);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+}
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
static void print_report_header() {
|
|
|
6ac4f1 |
char *time;
|
|
|
6ac4f1 |
int first = 1;
|
|
|
6ac4f1 |
@@ -747,39 +859,53 @@ int gen_report(seltree* node) {
|
|
|
6ac4f1 |
send_audit_report();
|
|
|
6ac4f1 |
#endif
|
|
|
6ac4f1 |
if ((nadd|nrem|nchg) > 0 || conf->report_quiet == 0) {
|
|
|
6ac4f1 |
- print_report_header();
|
|
|
6ac4f1 |
- if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) {
|
|
|
6ac4f1 |
- if (conf->grouped) {
|
|
|
6ac4f1 |
- if (nadd) {
|
|
|
6ac4f1 |
- error(2,(char*)report_top_format,_("Added entries"));
|
|
|
6ac4f1 |
- print_report_list(node, NODE_ADDED);
|
|
|
6ac4f1 |
- }
|
|
|
6ac4f1 |
- if (nrem) {
|
|
|
6ac4f1 |
- error(2,(char*)report_top_format,_("Removed entries"));
|
|
|
6ac4f1 |
- print_report_list(node, NODE_REMOVED);
|
|
|
6ac4f1 |
- }
|
|
|
6ac4f1 |
- if (nchg) {
|
|
|
6ac4f1 |
- error(2,(char*)report_top_format,_("Changed entries"));
|
|
|
6ac4f1 |
- print_report_list(node, NODE_CHANGED);
|
|
|
6ac4f1 |
- }
|
|
|
6ac4f1 |
- } else if (nadd || nrem || nchg) {
|
|
|
6ac4f1 |
- if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); }
|
|
|
6ac4f1 |
- else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); }
|
|
|
6ac4f1 |
- else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); }
|
|
|
6ac4f1 |
- else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); }
|
|
|
6ac4f1 |
- else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); }
|
|
|
6ac4f1 |
- else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); }
|
|
|
6ac4f1 |
- else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); }
|
|
|
6ac4f1 |
- print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED);
|
|
|
6ac4f1 |
- }
|
|
|
6ac4f1 |
- if (nadd || nrem || nchg) {
|
|
|
6ac4f1 |
- error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes"));
|
|
|
6ac4f1 |
- print_report_details(node);
|
|
|
6ac4f1 |
- }
|
|
|
6ac4f1 |
- }
|
|
|
6ac4f1 |
- print_report_databases();
|
|
|
6ac4f1 |
- conf->end_time=time(&(conf->end_time));
|
|
|
6ac4f1 |
- print_report_footer();
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ if (!conf->syslog_format) {
|
|
|
6ac4f1 |
+ print_report_header();
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) {
|
|
|
6ac4f1 |
+ if (!conf->syslog_format && conf->grouped) {
|
|
|
6ac4f1 |
+ if (nadd) {
|
|
|
6ac4f1 |
+ error(2,(char*)report_top_format,_("Added entries"));
|
|
|
6ac4f1 |
+ print_report_list(node, NODE_ADDED);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ if (nrem) {
|
|
|
6ac4f1 |
+ error(2,(char*)report_top_format,_("Removed entries"));
|
|
|
6ac4f1 |
+ print_report_list(node, NODE_REMOVED);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ if (nchg) {
|
|
|
6ac4f1 |
+ error(2,(char*)report_top_format,_("Changed entries"));
|
|
|
6ac4f1 |
+ print_report_list(node, NODE_CHANGED);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ } else if (!conf->syslog_format && ( nadd || nrem || nchg ) ) {
|
|
|
6ac4f1 |
+ if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); }
|
|
|
6ac4f1 |
+ else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); }
|
|
|
6ac4f1 |
+ else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); }
|
|
|
6ac4f1 |
+ else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); }
|
|
|
6ac4f1 |
+ else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); }
|
|
|
6ac4f1 |
+ else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); }
|
|
|
6ac4f1 |
+ else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); }
|
|
|
6ac4f1 |
+ print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ if (nadd || nrem || nchg) {
|
|
|
6ac4f1 |
+ if (!conf->syslog_format) {
|
|
|
6ac4f1 |
+ error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes"));
|
|
|
6ac4f1 |
+ print_report_details(node);
|
|
|
6ac4f1 |
+ } else {
|
|
|
6ac4f1 |
+ /* Syslog Format */
|
|
|
6ac4f1 |
+ error(0, "AIDE found differences between database and filesystem!!\n");
|
|
|
6ac4f1 |
+ error(0, "summary;total_number_of_files=%ld;added_files=%ld;"
|
|
|
6ac4f1 |
+ "removed_files=%ld;changed_files=%ld\n",ntotal,nadd,nrem,nchg);
|
|
|
6ac4f1 |
+ print_syslog_format(node);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+ if (!conf->syslog_format) {
|
|
|
6ac4f1 |
+ print_report_databases();
|
|
|
6ac4f1 |
+ conf->end_time=time(&(conf->end_time));
|
|
|
6ac4f1 |
+ print_report_footer();
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
return conf->action&(DO_COMPARE|DO_DIFF) ? (nadd!=0)*1+(nrem!=0)*2+(nchg!=0)*4 : 0;
|
|
|
6ac4f1 |
diff -up ./src/conf_lex.l.syslog_format ./src/conf_lex.l
|
|
|
6ac4f1 |
--- ./src/conf_lex.l.syslog_format 2016-07-25 22:56:55.000000000 +0200
|
|
|
6ac4f1 |
+++ ./src/conf_lex.l 2018-09-27 19:09:09.698371220 +0200
|
|
|
6ac4f1 |
@@ -401,6 +401,12 @@ int var_in_conflval=0;
|
|
|
6ac4f1 |
return (TROOT_PREFIX);
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
+^[\t\ ]*"syslog_format"{E} {
|
|
|
6ac4f1 |
+ error(230,"%li:syslog_format =\n",conf_lineno);
|
|
|
6ac4f1 |
+ BEGIN CONFVALHUNT;
|
|
|
6ac4f1 |
+ return (SYSLOG_FORMAT);
|
|
|
6ac4f1 |
+}
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
^[\t\ ]*"recstop"{E} {
|
|
|
6ac4f1 |
error(230,"%li:recstop =\n",conf_lineno);
|
|
|
6ac4f1 |
BEGIN CONFVALHUNT;
|
|
|
6ac4f1 |
diff -up ./src/conf_yacc.y.syslog_format ./src/conf_yacc.y
|
|
|
6ac4f1 |
--- ./src/conf_yacc.y.syslog_format 2016-07-25 22:56:55.000000000 +0200
|
|
|
6ac4f1 |
+++ ./src/conf_yacc.y 2018-09-27 19:09:09.699371228 +0200
|
|
|
6ac4f1 |
@@ -89,6 +89,7 @@ extern long conf_lineno;
|
|
|
6ac4f1 |
%token TREPORT_URL
|
|
|
6ac4f1 |
%token TGZIPDBOUT
|
|
|
6ac4f1 |
%token TROOT_PREFIX
|
|
|
6ac4f1 |
+%token SYSLOG_FORMAT
|
|
|
6ac4f1 |
%token TUMASK
|
|
|
6ac4f1 |
%token TTRUE
|
|
|
6ac4f1 |
%token TFALSE
|
|
|
6ac4f1 |
@@ -160,7 +161,7 @@ line : rule | equrule | negrule | define
|
|
|
6ac4f1 |
| ifdefstmt | ifndefstmt | ifhoststmt | ifnhoststmt
|
|
|
6ac4f1 |
| groupdef | db_in | db_out | db_new | db_attrs | verbose | report_detailed_init | config_version
|
|
|
6ac4f1 |
| database_add_metadata | report | gzipdbout | root_prefix | report_base16 | report_quiet
|
|
|
6ac4f1 |
- | report_ignore_e2fsattrs | recursion_stopper | warn_dead_symlinks | grouped
|
|
|
6ac4f1 |
+ | report_ignore_e2fsattrs | syslogformat | recursion_stopper | warn_dead_symlinks | grouped
|
|
|
6ac4f1 |
| summarize_changes | acl_no_symlink_follow | beginconfigstmt | endconfigstmt
|
|
|
6ac4f1 |
| TEOF {
|
|
|
6ac4f1 |
newlinelastinconfig=1;
|
|
|
6ac4f1 |
@@ -408,6 +409,15 @@ conf->gzip_dbout=0;
|
|
|
6ac4f1 |
#endif
|
|
|
6ac4f1 |
} ;
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
+syslogformat : SYSLOG_FORMAT TTRUE {
|
|
|
6ac4f1 |
+conf->syslog_format=1;
|
|
|
6ac4f1 |
+} |
|
|
|
6ac4f1 |
+ SYSLOG_FORMAT TFALSE {
|
|
|
6ac4f1 |
+conf->syslog_format=0;
|
|
|
6ac4f1 |
+} ;
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
recursion_stopper : TRECSTOP TSTRING {
|
|
|
6ac4f1 |
/* FIXME implement me */
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
diff -up ./src/error.c.syslog_format ./src/error.c
|
|
|
6ac4f1 |
--- ./src/error.c.syslog_format 2016-07-25 22:56:55.000000000 +0200
|
|
|
6ac4f1 |
+++ ./src/error.c 2018-09-27 19:13:40.312416750 +0200
|
|
|
6ac4f1 |
@@ -38,6 +38,9 @@
|
|
|
6ac4f1 |
/*for locale support*/
|
|
|
6ac4f1 |
#include "util.h"
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
+#define MAX_BUFFER_SIZE 1024
|
|
|
6ac4f1 |
+static char syslog_buffer[MAX_BUFFER_SIZE+1];
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
int cmp_url(url_t* url1,url_t* url2){
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
return ((url1->type==url2->type)&&(strcmp(url1->value,url2->value)==0));
|
|
|
6ac4f1 |
@@ -48,7 +51,9 @@ int error_init(url_t* url,int initial)
|
|
|
6ac4f1 |
{
|
|
|
6ac4f1 |
list* r=NULL;
|
|
|
6ac4f1 |
FILE* fh=NULL;
|
|
|
6ac4f1 |
- int sfac;
|
|
|
6ac4f1 |
+ int sfac;
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1);
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
if (url->type==url_database) {
|
|
|
6ac4f1 |
conf->report_db++;
|
|
|
6ac4f1 |
@@ -163,13 +168,24 @@ void error(int errorlevel,char* error_ms
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
#ifdef HAVE_SYSLOG
|
|
|
6ac4f1 |
if(conf->initial_report_url->type==url_syslog){
|
|
|
6ac4f1 |
-#ifdef HAVE_VSYSLOG
|
|
|
6ac4f1 |
- vsyslog(SYSLOG_PRIORITY,error_msg,ap);
|
|
|
6ac4f1 |
-#else
|
|
|
6ac4f1 |
- char buf[1024];
|
|
|
6ac4f1 |
- vsnprintf(buf,1024,error_msg,ap);
|
|
|
6ac4f1 |
- syslog(SYSLOG_PRIORITY,"%s",buf);
|
|
|
6ac4f1 |
-#endif
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ char buff[MAX_BUFFER_SIZE+1];
|
|
|
6ac4f1 |
+ vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap);
|
|
|
6ac4f1 |
+ size_t buff_len = strlen(buff);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ char result_buff[MAX_BUFFER_SIZE+1];
|
|
|
6ac4f1 |
+#pragma GCC diagnostic push
|
|
|
6ac4f1 |
+#pragma GCC diagnostic ignored "-Wformat-truncation"
|
|
|
6ac4f1 |
+ snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff);
|
|
|
6ac4f1 |
+#pragma GCC diagnostic pop
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ if(buff[buff_len-1] == '\n'){
|
|
|
6ac4f1 |
+ syslog(SYSLOG_PRIORITY,"%s",result_buff);
|
|
|
6ac4f1 |
+ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1);
|
|
|
6ac4f1 |
+ } else {
|
|
|
6ac4f1 |
+ memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
va_end(ap);
|
|
|
6ac4f1 |
return;
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
@@ -181,17 +197,25 @@ void error(int errorlevel,char* error_ms
|
|
|
6ac4f1 |
|
|
|
6ac4f1 |
#ifdef HAVE_SYSLOG
|
|
|
6ac4f1 |
if (conf->report_syslog!=0) {
|
|
|
6ac4f1 |
-#ifdef HAVE_VSYSLOG
|
|
|
6ac4f1 |
- va_start(ap,error_msg);
|
|
|
6ac4f1 |
- vsyslog(SYSLOG_PRIORITY,error_msg,ap);
|
|
|
6ac4f1 |
- va_end(ap);
|
|
|
6ac4f1 |
-#else
|
|
|
6ac4f1 |
- char buf[1024];
|
|
|
6ac4f1 |
- va_start(ap,error_msg);
|
|
|
6ac4f1 |
- vsnprintf(buf,1024,error_msg,ap);
|
|
|
6ac4f1 |
+ va_start(ap, error_msg);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ char buff[MAX_BUFFER_SIZE+1];
|
|
|
6ac4f1 |
+ vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap);
|
|
|
6ac4f1 |
+ size_t buff_len = strlen(buff);
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ char result_buff[MAX_BUFFER_SIZE+1];
|
|
|
6ac4f1 |
+#pragma GCC diagnostic push
|
|
|
6ac4f1 |
+#pragma GCC diagnostic ignored "-Wformat-truncation"
|
|
|
6ac4f1 |
+ snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff);
|
|
|
6ac4f1 |
+#pragma GCC diagnostic pop
|
|
|
6ac4f1 |
+
|
|
|
6ac4f1 |
+ if(buff[buff_len-1] == '\n'){
|
|
|
6ac4f1 |
+ syslog(SYSLOG_PRIORITY,"%s",result_buff);
|
|
|
6ac4f1 |
+ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1);
|
|
|
6ac4f1 |
+ } else {
|
|
|
6ac4f1 |
+ memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE);
|
|
|
6ac4f1 |
+ }
|
|
|
6ac4f1 |
va_end(ap);
|
|
|
6ac4f1 |
- syslog(SYSLOG_PRIORITY,"%s",buf);
|
|
|
6ac4f1 |
-#endif
|
|
|
6ac4f1 |
}
|
|
|
6ac4f1 |
#endif
|
|
|
6ac4f1 |
|