+++ /dev/null
-Description: The mod_if module monitors various aspects of network
- interfaces for change, including IP, Hardware Address,
- broadcast, MTU, metric, and promiscuous mode.
-Version: 0.2
-
-diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/Makefile osiris-4.1.9-new/src/osirisd/modules/mod_if/Makefile
---- osiris-4.1.9-old/src/osirisd/modules/mod_if/Makefile 1970-01-01 01:00:00.000000000 +0100
-+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/Makefile 2005-10-07 02:19:17.000000000 +0200
-@@ -0,0 +1,16 @@
-+
-+include ../Makefile
-+
-+SRCS=mod_if.c
-+OBJS=$(SRCS:.c=.o)
-+
-+module: ${SRCS} ${OBJS}
-+
-+INCS=-I../.. -I../../../libosiris -I../../../libfileapi -I../../../..
-+
-+# meta-rule for compiling any "C" source file.
-+$(OBJS): $(SRCS)
-+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) ${INCLUDES} ${INCS} $(AM_CPPFLAGS) \
-+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c $(SRCS)
-+ cp $@ ..
-+
-diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/README osiris-4.1.9-new/src/osirisd/modules/mod_if/README
---- osiris-4.1.9-old/src/osirisd/modules/mod_if/README 1970-01-01 01:00:00.000000000 +0100
-+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/README 2005-10-07 02:19:17.000000000 +0200
-@@ -0,0 +1,42 @@
-+
-+Module: mod_if
-+Author: Brian Wotring (brian@hostintegrity.com)
-+
-+
-+
-+DESCRIPTION:
-+
-+The mod_if module is designed originally to monitor the promisc flag
-+on network interfaces, but quickly turned into being able to monitor
-+various aspects of network interfaces including hardware address,
-+IP address, broadcast, MTU, and metric.
-+
-+This module is somewhat different in that each record is an element
-+about a network interface as opposed to one record per interface. This
-+will make it easier to add more elements to be monitored, easier to
-+filter, and easier to understand alerts.
-+
-+USE:
-+
-+To use this module, all that is needed is to include it in the Modules
-+block of a scan configuration, e.g.:
-+
-+ <Modules>
-+ ...
-+ Include mod_if
-+ ...
-+ </Modules>
-+
-+
-+PARAMETERS:
-+
-+There are no parameters for this module.
-+
-+PLATFORMS:
-+
-+Currently, this module is only implemented for Linux.
-+
-+NOTES:
-+
-+
-+
-diff -ruN osiris-4.1.9-old/src/osirisd/modules/mod_if/mod_if.c osiris-4.1.9-new/src/osirisd/modules/mod_if/mod_if.c
---- osiris-4.1.9-old/src/osirisd/modules/mod_if/mod_if.c 1970-01-01 01:00:00.000000000 +0100
-+++ osiris-4.1.9-new/src/osirisd/modules/mod_if/mod_if.c 2005-10-07 02:19:17.000000000 +0200
-@@ -0,0 +1,317 @@
-+\r
-+/******************************************************************************\r
-+**\r
-+** Copyright (C) 2005 Brian Wotring.\r
-+**\r
-+** This program is free software; you can redistribute it and/or\r
-+** modify it, however, you cannot sell it.\r
-+**\r
-+** This program is distributed in the hope that it will be useful,\r
-+** but WITHOUT ANY WARRANTY; without even the implied warranty of\r
-+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\r
-+**\r
-+** You should have received a copy of the license attached to the\r
-+** use of this software. If not, view a current copy of the license\r
-+** file here:\r
-+**\r
-+** http://www.hostintegrity.com/osiris/LICENSE\r
-+**\r
-+******************************************************************************/\r
-+\r
-+/*****************************************************************************\r
-+**\r
-+** File: mod_if.c\r
-+** Date: September 23, 2005\r
-+**\r
-+** Author: Brian Wotring\r
-+** Purpose: platform specific methods for monitoring network devices.\r
-+**\r
-+******************************************************************************/\r
-+\r
-+\r
-+/* CODE USED IN THIS MODULE WAS ORIGINALLY TAKEN FROM: \r
-+*\r
-+* http://mail.nl.linux.org/kernelnewbies/2003-05/msg00090.html\r
-+*/\r
-+\r
-+static const char *MODULE_NAME = "mod_if";\r
-+\r
-+\r
-+#ifndef WIN32\r
-+#include "config.h"\r
-+#endif\r
-+\r
-+#include <stdio.h>\r
-+#include <stdlib.h>\r
-+\r
-+#ifndef WIN32\r
-+#include <unistd.h>\r
-+#include <string.h>\r
-+#include <errno.h>\r
-+\r
-+#include <sys/socket.h>\r
-+#include <sys/types.h>\r
-+#include <net/if.h>\r
-+#endif\r
-+\r
-+#include <sys/ioctl.h>\r
-+#include <net/if_arp.h>\r
-+#include <arpa/inet.h>\r
-+\r
-+\r
-+#include "libosiris.h"\r
-+#include "libfileapi.h"\r
-+#include "rootpriv.h"\r
-+#include "common.h"\r
-+#include "version.h"\r
-+\r
-+#include "scanner.h"\r
-+#include "logging.h"\r
-+\r
-+\r
-+#define inaddrr(x) (*(struct in_addr *) &ifr->x[sizeof sa.sin_port])\r
-+#define IFRSIZE ((int)(size * sizeof (struct ifreq)))\r
-+\r
-+void process_if_unix( SCANNER *scanner )\r
-+{\r
-+ unsigned char*u;\r
-+ int sockfd, size = 1;\r
-+ struct ifreq *ifr;\r
-+ struct ifconf ifc;\r
-+ struct sockaddr_in sa;\r
-+\r
-+ SCAN_RECORD_TEXT_1 record;\r
-+\r
-+ /* Make sure we are able to create sockets */\r
-+ \r
-+ if ( (sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP)) < 0 )\r
-+ {\r
-+ log_error( "mod_if unable to create socket!" );\r
-+ return;\r
-+ }\r
-+\r
-+ ifc.ifc_len = IFRSIZE;\r
-+ ifc.ifc_req = NULL;\r
-+\r
-+ do\r
-+ {\r
-+ ++size;\r
-+\r
-+ /* realloc buffer size until no overflow occurs */\r
-+ \r
-+ if ((ifc.ifc_req = realloc(ifc.ifc_req, IFRSIZE)) == NULL )\r
-+ {\r
-+ log_error( "out of memory!!!" );\r
-+ return;\r
-+ }\r
-+\r
-+ ifc.ifc_len = IFRSIZE;\r
-+\r
-+ if (ioctl(sockfd, SIOCGIFCONF, &ifc))\r
-+ {\r
-+ log_error("ioctl failure: SIOCFIFCONF");\r
-+ return;\r
-+ }\r
-+\r
-+ } while (IFRSIZE <= ifc.ifc_len);\r
-+\r
-+ ifr = ifc.ifc_req;\r
-+\r
-+ for (;(char *) ifr < (char *) ifc.ifc_req + ifc.ifc_len; ++ifr)\r
-+ {\r
-+ if (ifr->ifr_addr.sa_data == (ifr+1)->ifr_addr.sa_data)\r
-+ {\r
-+ continue; /* duplicate, skip it */\r
-+ }\r
-+\r
-+ if (ioctl(sockfd, SIOCGIFFLAGS, ifr))\r
-+ {\r
-+ continue; /* failed to get flags, skip it */\r
-+ }\r
-+\r
-+ initialize_scan_record( (SCAN_RECORD *)&record,\r
-+ SCAN_RECORD_TYPE_TEXT_1 );\r
-+\r
-+ osi_strlcpy( record.module_name, MODULE_NAME,\r
-+ sizeof( record.module_name ) );\r
-+\r
-+ osi_snprintf( record.name, sizeof( record.name ),\r
-+ "if:%s:IP", ifr->ifr_name );\r
-+\r
-+ osi_snprintf( record.data, sizeof( record.data ),\r
-+ "%s", inet_ntoa(inaddrr(ifr_addr.sa_data)));\r
-+\r
-+ send_scan_data( scanner, (SCAN_RECORD *)&record );\r
-+\r
-+ /*\r
-+ * This won't work on HP-UX 10.20 as there's no SIOCGIFHWADDR ioctl. You'll\r
-+ * need to use DLPI or the NETSTAT ioctl on /dev/lan0, etc (and you'll need\r
-+ * to be root to use the NETSTAT ioctl. Also this is deprecated and doesn't\r
-+ * work on 11.00).\r
-+ *\r
-+ * On Digital Unix you can use the SIOCRPHYSADDR ioctl according to an old\r
-+ * utility I have. Also on SGI I think you need to use a raw socket, e.g. s\r
-+ * = socket(PF_RAW, SOCK_RAW, RAWPROTO_SNOOP)\r
-+ *\r
-+ * Dave\r
-+ *\r
-+ * From: David Peter <dave.peter@eu.citrix.com>\r
-+ **/\r
-+\r
-+ if ( ioctl(sockfd, SIOCGIFHWADDR, ifr) == 0 )\r
-+ {\r
-+ /* Select which hardware types to process.\r
-+ **\r
-+ ** See list in system include file included from\r
-+ ** /usr/include/net/if_arp.h (For example, on\r
-+ ** Linux see file /usr/include/linux/if_arp.h to\r
-+ ** get the list.)\r
-+ **/\r
-+\r
-+ switch (ifr->ifr_hwaddr.sa_family)\r
-+ {\r
-+ default:\r
-+ continue;\r
-+\r
-+ case ARPHRD_NETROM:\r
-+ case ARPHRD_ETHER:\r
-+ case ARPHRD_PPP:\r
-+ case ARPHRD_EETHER:\r
-+ case ARPHRD_IEEE802:\r
-+ break;\r
-+ }\r
-+\r
-+ u = (unsigned char *) &ifr->ifr_addr.sa_data;\r
-+\r
-+ /* send record for MAC for this interface */\r
-+\r
-+ if (u[0] + u[1] + u[2] + u[3] + u[4] + u[5])\r
-+ {\r
-+ initialize_scan_record( (SCAN_RECORD *)&record,\r
-+ SCAN_RECORD_TYPE_TEXT_1 );\r
-+\r
-+ osi_strlcpy( record.module_name, MODULE_NAME,\r
-+ sizeof( record.module_name ) );\r
-+\r
-+ osi_snprintf( record.name, sizeof( record.name ),\r
-+ "if:%s:MAC", ifr->ifr_name );\r
-+\r
-+ osi_snprintf( record.data, sizeof( record.data ),\r
-+ "%2.2x.%2.2x.%2.2x.%2.2x.%2.2x.%2.2x",\r
-+ u[0], u[1], u[2], u[3], u[4], u[5]);\r
-+\r
-+ send_scan_data( scanner, (SCAN_RECORD *)&record );\r
-+ }\r
-+ }\r
-+\r
-+ if ( ioctl(sockfd, SIOCGIFNETMASK, ifr) == 0 &&\r
-+ strcmp("255.255.255.255", inet_ntoa(inaddrr(ifr_addr.sa_data))))\r
-+ {\r
-+ initialize_scan_record( (SCAN_RECORD *)&record,\r
-+ SCAN_RECORD_TYPE_TEXT_1 );\r
-+\r
-+ osi_strlcpy( record.module_name, MODULE_NAME,\r
-+ sizeof( record.module_name ) );\r
-+\r
-+ osi_snprintf( record.name, sizeof( record.name ),\r
-+ "if:%s:NETMASK", ifr->ifr_name );\r
-+\r
-+ osi_snprintf( record.data, sizeof( record.data ),\r
-+ "%s", inet_ntoa(inaddrr(ifr_addr.sa_data)));\r
-+\r
-+ send_scan_data( scanner, (SCAN_RECORD *)&record );\r
-+ }\r
-+\r
-+ if (ifr->ifr_flags & IFF_BROADCAST)\r
-+ {\r
-+ if ( ioctl(sockfd, SIOCGIFBRDADDR, ifr) == 0 &&\r
-+ strcmp("0.0.0.0", inet_ntoa(inaddrr(ifr_addr.sa_data))))\r
-+ {\r
-+\r
-+ initialize_scan_record( (SCAN_RECORD *)&record,\r
-+ SCAN_RECORD_TYPE_TEXT_1 );\r
-+\r
-+ osi_strlcpy( record.module_name, MODULE_NAME,\r
-+ sizeof( record.module_name ) );\r
-+\r
-+ osi_snprintf( record.name, sizeof( record.name ),\r
-+ "if:%s:BROADCAST", ifr->ifr_name );\r
-+\r
-+ osi_snprintf( record.data, sizeof( record.data ),\r
-+ "%s",inet_ntoa(inaddrr(ifr_addr.sa_data)));\r
-+\r
-+ send_scan_data( scanner, (SCAN_RECORD *)&record );\r
-+ }\r
-+ }\r
-+\r
-+ /* Added by David Vasil to check for Promiscuous mode */\r
-+\r
-+ initialize_scan_record( (SCAN_RECORD *)&record,\r
-+ SCAN_RECORD_TYPE_TEXT_1 );\r
-+\r
-+ osi_strlcpy( record.module_name, MODULE_NAME,\r
-+ sizeof( record.module_name ) );\r
-+\r
-+\r
-+ osi_snprintf( record.name, sizeof( record.name ),\r
-+ "if:%s:PROMISC", ifr->ifr_name );\r
-+\r
-+ if ( ioctl(sockfd, SIOCGIFFLAGS, ifr) == 0 &&\r
-+ ifr->ifr_flags & IFF_PROMISC)\r
-+ {\r
-+ osi_strlcpy( record.data, "ENABLED", sizeof( record.data ) );\r
-+ }\r
-+\r
-+ else\r
-+ {\r
-+ osi_strlcpy( record.data, "DISABLED", sizeof( record.data ) );\r
-+ }\r
-+\r
-+ send_scan_data( scanner, (SCAN_RECORD *)&record );\r
-+\r
-+\r
-+ if ( ioctl(sockfd, SIOCGIFMTU, ifr) == 0 )\r
-+ {\r
-+ initialize_scan_record( (SCAN_RECORD *)&record,\r
-+ SCAN_RECORD_TYPE_TEXT_1 );\r
-+\r
-+ osi_strlcpy( record.module_name, MODULE_NAME,\r
-+ sizeof( record.module_name ) );\r
-+\r
-+ osi_snprintf( record.name, sizeof( record.name ),\r
-+ "if:%s:MTU", ifr->ifr_name );\r
-+\r
-+ osi_snprintf( record.data, sizeof( record.data ),\r
-+ "%u", ifr->ifr_mtu );\r
-+\r
-+ send_scan_data( scanner, (SCAN_RECORD *)&record );\r
-+ }\r
-+\r
-+ if ( ioctl(sockfd, SIOCGIFMETRIC, ifr) == 0 )\r
-+ {\r
-+ initialize_scan_record( (SCAN_RECORD *)&record,\r
-+ SCAN_RECORD_TYPE_TEXT_1 );\r
-+\r
-+ osi_strlcpy( record.module_name, MODULE_NAME,\r
-+ sizeof( record.module_name ) );\r
-+\r
-+ osi_snprintf( record.name, sizeof( record.name ),\r
-+ "if:%s:METRIC", ifr->ifr_name );\r
-+\r
-+ osi_snprintf( record.data, sizeof( record.data ),\r
-+ "%u", ifr->ifr_metric );\r
-+\r
-+ send_scan_data( scanner, (SCAN_RECORD *)&record );\r
-+ }\r
-+ }\r
-+\r
-+ close(sockfd);\r
-+}\r
-+\r
-+void mod_if( SCANNER *scanner )\r
-+{\r
-+#if defined(SYSTEM_LINUX)\r
-+ process_if_unix( scanner );\r
-+#endif\r
-+\r
-+}\r
projects / openwrt / svn-archive / archive.git / commitdiff