2019-08-01 11:51:52 +03:00
|
|
|
/* $NetBSD: veriexecgen.c,v 1.21 2019/08/01 08:51:52 alnsn Exp $ */
|
2006-09-17 00:54:42 +04:00
|
|
|
|
|
|
|
|
/*-
|
|
|
|
|
* Copyright (c) 2006 The NetBSD Foundation, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
|
* by Matt Fleming.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*/
|
2006-12-20 00:21:28 +03:00
|
|
|
#if HAVE_NBTOOL_CONFIG_H
|
|
|
|
|
#include "nbtool_config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include <sys/cdefs.h>
|
|
|
|
|
|
|
|
|
|
#ifndef lint
|
|
|
|
|
#ifdef __RCSID
|
2019-08-01 11:51:52 +03:00
|
|
|
__RCSID("$NetBSD: veriexecgen.c,v 1.21 2019/08/01 08:51:52 alnsn Exp $");
|
2006-12-20 00:21:28 +03:00
|
|
|
#endif
|
|
|
|
|
#endif /* not lint */
|
|
|
|
|
|
2006-09-17 00:54:42 +04:00
|
|
|
#include <sys/param.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/queue.h>
|
|
|
|
|
#include <sys/stat.h>
|
|
|
|
|
#include <sys/dirent.h>
|
|
|
|
|
#include <sys/verified_exec.h>
|
|
|
|
|
|
|
|
|
|
#include <err.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <fts.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <time.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <util.h>
|
|
|
|
|
|
2006-10-30 23:22:53 +03:00
|
|
|
#include <sha2.h>
|
2006-09-17 00:54:42 +04:00
|
|
|
|
|
|
|
|
#define IS_EXEC(mode) ((mode) & (S_IXUSR | S_IXGRP | S_IXOTH))
|
|
|
|
|
|
|
|
|
|
#define DEFAULT_DBFILE "/etc/signatures"
|
|
|
|
|
#define DEFAULT_HASH "sha256"
|
|
|
|
|
#define DEFAULT_SYSPATHS { "/bin", "/sbin", "/usr/bin", "/usr/sbin", \
|
2006-09-23 23:08:48 +04:00
|
|
|
"/lib", "/usr/lib", "/libexec", "/usr/libexec", \
|
|
|
|
|
NULL }
|
2006-09-17 00:54:42 +04:00
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
/* this struct defines a hash algorithm */
|
|
|
|
|
typedef struct hash_t {
|
|
|
|
|
const char *hashname; /* algorithm name */
|
|
|
|
|
char *(*filefunc)(const char *, char *); /* function */
|
|
|
|
|
} hash_t;
|
|
|
|
|
|
|
|
|
|
/* this struct encapsulates various diverse options and arguments */
|
|
|
|
|
typedef struct veriexecgen_t {
|
|
|
|
|
int all_files; /* scan also for non-executable files */
|
|
|
|
|
int append_output; /* append output to existing sigs file */
|
|
|
|
|
char *dbfile; /* name of signatures database file */
|
|
|
|
|
int exit_on_error; /* exit if we can't create a hash */
|
|
|
|
|
char *prefix; /* any prefix to be discarded on output */
|
|
|
|
|
int recursive_scan;/* perform scan for files recursively */
|
|
|
|
|
int scan_system_dirs; /* just scan system directories */
|
|
|
|
|
int verbose; /* verbosity level */
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
int stamp; /* put a timestamp */
|
2019-07-31 18:02:39 +03:00
|
|
|
FILE *from_file; /* read from a file or stdin */
|
|
|
|
|
char *from_filename;
|
2006-12-20 00:21:28 +03:00
|
|
|
} veriexecgen_t;
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
/* this struct describes a directory entry to generate a hash for */
|
2006-09-17 00:54:42 +04:00
|
|
|
struct fentry {
|
2006-12-05 00:22:40 +03:00
|
|
|
char filename[MAXPATHLEN]; /* name of entry */
|
|
|
|
|
char *hash_val; /* its associated hash value */
|
|
|
|
|
int flags; /* any associated flags */
|
|
|
|
|
TAILQ_ENTRY(fentry) f; /* its place in the queue */
|
2006-09-17 00:54:42 +04:00
|
|
|
};
|
|
|
|
|
TAILQ_HEAD(, fentry) fehead;
|
|
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
/* define the possible hash algorithms */
|
|
|
|
|
static hash_t hashes[] = {
|
2006-09-17 00:54:42 +04:00
|
|
|
{ "SHA256", SHA256_File },
|
|
|
|
|
{ "SHA384", SHA384_File },
|
|
|
|
|
{ "SHA512", SHA512_File },
|
|
|
|
|
{ NULL, NULL },
|
|
|
|
|
};
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
static int Fflag;
|
2006-12-04 10:06:56 +03:00
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
static int make_immutable; /* set immutable flag on signatures file */
|
2006-12-04 10:06:56 +03:00
|
|
|
|
|
|
|
|
/* warn about a problem - exit if exit_on_error is set */
|
|
|
|
|
static void
|
2006-12-20 00:21:28 +03:00
|
|
|
gripe(veriexecgen_t *vp, const char *fmt, const char *filename)
|
2006-12-04 10:06:56 +03:00
|
|
|
{
|
|
|
|
|
warn(fmt, filename);
|
2006-12-20 00:21:28 +03:00
|
|
|
if (vp->exit_on_error) {
|
2006-12-04 10:06:56 +03:00
|
|
|
/* error out on problematic files */
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-09-17 00:54:42 +04:00
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
/* print usage message */
|
2006-09-17 00:54:42 +04:00
|
|
|
static void
|
|
|
|
|
usage(void)
|
|
|
|
|
{
|
|
|
|
|
(void)fprintf(stderr,
|
2019-07-31 18:02:39 +03:00
|
|
|
"usage: %s [-AaDrSTvW] [-d dir] [-f file] [-o fingerprintdb] [-p prefix]\n"
|
2006-12-23 12:16:38 +03:00
|
|
|
"\t\t [-t algorithm]\n"
|
|
|
|
|
"\t%s [-h]\n", getprogname(), getprogname());
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
/* tell people what we're doing - scan dirs, fingerprint etc */
|
2006-09-17 00:54:42 +04:00
|
|
|
static void
|
2006-12-20 00:21:28 +03:00
|
|
|
banner(veriexecgen_t *vp, hash_t *hash_type, char **search_path)
|
2006-09-17 00:54:42 +04:00
|
|
|
{
|
|
|
|
|
int j;
|
|
|
|
|
|
|
|
|
|
(void)printf("Fingerprinting ");
|
|
|
|
|
|
2019-07-31 18:02:39 +03:00
|
|
|
if (search_path) {
|
|
|
|
|
for (j = 0; search_path[j] != NULL; j++)
|
|
|
|
|
(void)printf("%s ", search_path[j]);
|
|
|
|
|
} else if (vp->from_file == stdin) {
|
|
|
|
|
(void)printf("files from stdin ");
|
|
|
|
|
} else {
|
|
|
|
|
(void)printf("files from %s ",
|
|
|
|
|
vp->from_filename ? vp->from_filename : "???");
|
|
|
|
|
}
|
2006-09-17 00:54:42 +04:00
|
|
|
|
|
|
|
|
(void)printf("(%s) (%s) using %s\n",
|
2006-12-20 00:21:28 +03:00
|
|
|
vp->all_files ? "all files" : "executables only",
|
|
|
|
|
vp->recursive_scan ? "recursive" : "non-recursive",
|
2006-09-17 00:54:42 +04:00
|
|
|
hash_type->hashname);
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
/* find a hash algorithm, given its name */
|
2006-12-20 00:21:28 +03:00
|
|
|
static hash_t *
|
2006-09-17 00:54:42 +04:00
|
|
|
find_hash(char *hash_type)
|
|
|
|
|
{
|
2006-12-20 00:21:28 +03:00
|
|
|
hash_t *hash;
|
2006-09-17 00:54:42 +04:00
|
|
|
|
|
|
|
|
for (hash = hashes; hash->hashname != NULL; hash++)
|
|
|
|
|
if (strcasecmp(hash_type, hash->hashname) == 0)
|
|
|
|
|
return hash;
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
/* perform the hashing operation on `filename' */
|
2006-09-17 00:54:42 +04:00
|
|
|
static char *
|
2006-12-20 00:21:28 +03:00
|
|
|
do_hash(char *filename, hash_t * h)
|
2006-09-17 00:54:42 +04:00
|
|
|
{
|
|
|
|
|
return h->filefunc(filename, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
/* return flags for `path' */
|
2006-09-17 00:54:42 +04:00
|
|
|
static int
|
|
|
|
|
figure_flags(char *path, mode_t mode)
|
|
|
|
|
{
|
|
|
|
|
#ifdef notyet
|
|
|
|
|
if (Fflag) {
|
|
|
|
|
/* Try to figure out right flag(s). */
|
|
|
|
|
return VERIEXEC_DIRECT;
|
2006-12-05 00:22:40 +03:00
|
|
|
}
|
2006-09-17 00:54:42 +04:00
|
|
|
#endif /* notyet */
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
return (IS_EXEC(mode)) ? 0 : VERIEXEC_FILE;
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
/* check to see that we don't have a duplicate entry */
|
2006-09-17 00:54:42 +04:00
|
|
|
static int
|
|
|
|
|
check_dup(char *filename)
|
|
|
|
|
{
|
|
|
|
|
struct fentry *lwalk;
|
|
|
|
|
|
|
|
|
|
TAILQ_FOREACH(lwalk, &fehead, f) {
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
if (strcmp(lwalk->filename, filename) == 0)
|
2006-09-17 00:54:42 +04:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
/* add a new entry to the list for `file' */
|
2006-09-17 00:54:42 +04:00
|
|
|
static void
|
2019-07-31 18:02:39 +03:00
|
|
|
add_new_path_entry(veriexecgen_t *vp, const char *file, hash_t *hash)
|
|
|
|
|
{
|
|
|
|
|
struct stat sb;
|
|
|
|
|
struct fentry *e;
|
|
|
|
|
|
|
|
|
|
if (stat(file, &sb) == -1) {
|
|
|
|
|
gripe(vp, "Cannot stat file `%s'", file);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!vp->all_files && !IS_EXEC(sb.st_mode))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
e = ecalloc(1UL, sizeof(*e));
|
|
|
|
|
|
|
|
|
|
if (realpath(file, e->filename) == NULL) {
|
|
|
|
|
gripe(vp, "Cannot find absolute path `%s'", file);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (check_dup(e->filename)) {
|
|
|
|
|
free(e);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if ((e->hash_val = do_hash(e->filename, hash)) == NULL) {
|
|
|
|
|
gripe(vp, "Cannot calculate hash `%s'", e->filename);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
e->flags = figure_flags(e->filename, sb.st_mode);
|
|
|
|
|
|
|
|
|
|
TAILQ_INSERT_TAIL(&fehead, e, f);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* add a new entry to the list for `file' */
|
|
|
|
|
static void
|
|
|
|
|
add_new_ftsent_entry(veriexecgen_t *vp, FTSENT *file, hash_t *hash)
|
2006-09-17 00:54:42 +04:00
|
|
|
{
|
|
|
|
|
struct fentry *e;
|
|
|
|
|
struct stat sb;
|
|
|
|
|
|
|
|
|
|
if (file->fts_info == FTS_SL) {
|
2006-12-05 00:22:40 +03:00
|
|
|
/* we have a symbolic link */
|
2006-12-04 10:06:56 +03:00
|
|
|
if (stat(file->fts_path, &sb) == -1) {
|
2006-12-20 00:21:28 +03:00
|
|
|
gripe(vp, "Cannot stat symlink `%s'", file->fts_path);
|
2006-12-04 10:06:56 +03:00
|
|
|
return;
|
|
|
|
|
}
|
2006-09-17 00:54:42 +04:00
|
|
|
} else
|
|
|
|
|
sb = *file->fts_statp;
|
|
|
|
|
|
2019-04-24 01:35:42 +03:00
|
|
|
if (!vp->all_files && !IS_EXEC(sb.st_mode))
|
2006-09-17 00:54:42 +04:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
e = ecalloc(1UL, sizeof(*e));
|
|
|
|
|
|
2006-12-04 10:06:56 +03:00
|
|
|
if (realpath(file->fts_accpath, e->filename) == NULL) {
|
2006-12-20 00:21:28 +03:00
|
|
|
gripe(vp, "Cannot find absolute path `%s'", file->fts_accpath);
|
2006-12-04 10:06:56 +03:00
|
|
|
return;
|
|
|
|
|
}
|
2006-09-17 00:54:42 +04:00
|
|
|
if (check_dup(e->filename)) {
|
|
|
|
|
free(e);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2006-12-04 10:06:56 +03:00
|
|
|
if ((e->hash_val = do_hash(e->filename, hash)) == NULL) {
|
2006-12-20 00:21:28 +03:00
|
|
|
gripe(vp, "Cannot calculate hash `%s'", e->filename);
|
2006-12-04 10:06:56 +03:00
|
|
|
return;
|
|
|
|
|
}
|
2006-09-17 00:54:42 +04:00
|
|
|
e->flags = figure_flags(e->filename, sb.st_mode);
|
|
|
|
|
|
|
|
|
|
TAILQ_INSERT_TAIL(&fehead, e, f);
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
/* walk through a directory */
|
2006-09-17 00:54:42 +04:00
|
|
|
static void
|
2006-12-20 00:21:28 +03:00
|
|
|
walk_dir(veriexecgen_t *vp, char **search_path, hash_t *hash)
|
2006-09-17 00:54:42 +04:00
|
|
|
{
|
|
|
|
|
FTS *fh;
|
|
|
|
|
FTSENT *file;
|
|
|
|
|
|
2006-12-04 10:06:56 +03:00
|
|
|
if ((fh = fts_open(search_path, FTS_PHYSICAL, NULL)) == NULL) {
|
2006-12-20 00:21:28 +03:00
|
|
|
gripe(vp, "fts_open `%s'", (const char *)search_path);
|
2006-12-04 10:06:56 +03:00
|
|
|
return;
|
|
|
|
|
}
|
2006-09-17 00:54:42 +04:00
|
|
|
|
|
|
|
|
while ((file = fts_read(fh)) != NULL) {
|
2006-12-20 00:21:28 +03:00
|
|
|
if (!vp->recursive_scan && file->fts_level > 1) {
|
2006-09-17 00:54:42 +04:00
|
|
|
fts_set(fh, file, FTS_SKIP);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (file->fts_info) {
|
|
|
|
|
case FTS_D:
|
|
|
|
|
case FTS_DC:
|
|
|
|
|
case FTS_DP:
|
|
|
|
|
continue;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (file->fts_errno) {
|
2006-12-20 00:21:28 +03:00
|
|
|
if (vp->exit_on_error) {
|
2006-12-05 00:22:40 +03:00
|
|
|
errx(EXIT_FAILURE, "%s: %s", file->fts_path,
|
|
|
|
|
strerror(file->fts_errno));
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2019-07-31 18:02:39 +03:00
|
|
|
add_new_ftsent_entry(vp, file, hash);
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fts_close(fh);
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-31 18:02:39 +03:00
|
|
|
/* read files from `file' */
|
|
|
|
|
static void
|
|
|
|
|
read_from_file(veriexecgen_t *vp, hash_t *hash, FILE *file)
|
|
|
|
|
{
|
|
|
|
|
char *line = NULL;
|
|
|
|
|
size_t linesize = 0;
|
|
|
|
|
ssize_t linelen;
|
|
|
|
|
|
|
|
|
|
while ((linelen = getline(&line, &linesize, file)) != -1) {
|
|
|
|
|
if (linelen > 0 && line[linelen - 1] == '\n')
|
|
|
|
|
line[linelen - 1] = '\0';
|
|
|
|
|
add_new_path_entry(vp, line, hash);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ferror(stdin)) {
|
|
|
|
|
gripe(vp, "Error reading from stdin `%s'", strerror(errno));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
/* return a string representation of the flags */
|
2006-09-17 00:54:42 +04:00
|
|
|
static char *
|
|
|
|
|
flags2str(int flags)
|
|
|
|
|
{
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
return (flags == 0) ? "" : "file, indirect";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static char *
|
|
|
|
|
escape(const char *s)
|
|
|
|
|
{
|
|
|
|
|
char *q, *p;
|
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
|
|
len = strlen(s);
|
|
|
|
|
if (len >= MAXPATHLEN)
|
|
|
|
|
return (NULL);
|
|
|
|
|
|
|
|
|
|
len *= 2;
|
|
|
|
|
q = p = calloc(1, len + 1);
|
|
|
|
|
|
|
|
|
|
while (*s) {
|
|
|
|
|
if (*s == ' ' || *s == '\t')
|
|
|
|
|
*p++ = '\\';
|
|
|
|
|
|
|
|
|
|
*p++ = *s++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (q);
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
/* store the list in the signatures file */
|
2006-09-17 00:54:42 +04:00
|
|
|
static void
|
2006-12-20 00:21:28 +03:00
|
|
|
store_entries(veriexecgen_t *vp, hash_t *hash)
|
2006-09-17 00:54:42 +04:00
|
|
|
{
|
|
|
|
|
FILE *fp;
|
|
|
|
|
int move = 1;
|
|
|
|
|
char old_dbfile[MAXPATHLEN];
|
|
|
|
|
time_t ct;
|
|
|
|
|
struct stat sb;
|
|
|
|
|
struct fentry *e;
|
2006-12-20 00:21:28 +03:00
|
|
|
int prefixc;
|
2006-09-17 00:54:42 +04:00
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
if (stat(vp->dbfile, &sb) != 0) {
|
2006-09-17 00:54:42 +04:00
|
|
|
if (errno == ENOENT)
|
|
|
|
|
move = 0;
|
|
|
|
|
else
|
2006-12-20 00:21:28 +03:00
|
|
|
err(EXIT_FAILURE, "could not stat %s", vp->dbfile);
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
2006-12-20 00:21:28 +03:00
|
|
|
if (move && !vp->append_output) {
|
|
|
|
|
if (vp->verbose)
|
2006-09-17 00:54:42 +04:00
|
|
|
(void)printf("\nBacking up existing fingerprint file "
|
2006-12-20 00:21:28 +03:00
|
|
|
"to \"%s.old\"\n\n", vp->dbfile);
|
2006-09-17 00:54:42 +04:00
|
|
|
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
if (snprintf(old_dbfile, sizeof(old_dbfile), "%s.old",
|
|
|
|
|
vp->dbfile) < strlen(vp->dbfile) + 4) {
|
2006-12-05 00:22:40 +03:00
|
|
|
err(EXIT_FAILURE, "%s", old_dbfile);
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
2006-12-20 00:21:28 +03:00
|
|
|
if (rename(vp->dbfile, old_dbfile) == -1)
|
2006-12-05 00:22:40 +03:00
|
|
|
err(EXIT_FAILURE, "could not rename file");
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
|
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
prefixc = (vp->prefix == NULL) ? -1 : strlen(vp->prefix);
|
|
|
|
|
|
|
|
|
|
fp = efopen(vp->dbfile, vp->append_output ? "a" : "w+");
|
2006-09-17 00:54:42 +04:00
|
|
|
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
if (vp->stamp) {
|
|
|
|
|
time(&ct);
|
|
|
|
|
(void)fprintf(fp, "# Generated by %s, %.24s\n",
|
|
|
|
|
getlogin(), ctime(&ct));
|
|
|
|
|
}
|
2006-09-17 00:54:42 +04:00
|
|
|
|
|
|
|
|
TAILQ_FOREACH(e, &fehead, f) {
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
char *file;
|
|
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
if (vp->verbose)
|
2006-09-17 00:54:42 +04:00
|
|
|
(void)printf("Adding %s.\n", e->filename);
|
|
|
|
|
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
file = (prefixc < 0) ? e->filename : &e->filename[prefixc];
|
|
|
|
|
file = escape(file);
|
|
|
|
|
|
|
|
|
|
(void)fprintf(fp, "%s %s %s %s\n", file, hash->hashname,
|
|
|
|
|
e->hash_val, flags2str(e->flags));
|
2006-12-20 00:21:28 +03:00
|
|
|
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
free(file);
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
(void)fclose(fp);
|
|
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
if (vp->verbose) {
|
2006-12-05 00:22:40 +03:00
|
|
|
(void)printf("\n\n"
|
|
|
|
|
"#############################################################\n"
|
|
|
|
|
" PLEASE VERIFY CONTENTS OF %s AND FINE-TUNE THE\n"
|
|
|
|
|
" FLAGS WHERE APPROPRIATE AFTER READING veriexecctl(8)\n"
|
|
|
|
|
"#############################################################\n",
|
2006-12-20 00:21:28 +03:00
|
|
|
vp->dbfile);
|
2006-12-05 00:22:40 +03:00
|
|
|
}
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main(int argc, char **argv)
|
|
|
|
|
{
|
|
|
|
|
int ch, total = 0;
|
|
|
|
|
char **search_path = NULL;
|
2006-12-20 00:21:28 +03:00
|
|
|
hash_t *hash = NULL;
|
|
|
|
|
veriexecgen_t v;
|
2006-09-17 00:54:42 +04:00
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
(void) memset(&v, 0x0, sizeof(v));
|
2006-12-05 00:22:40 +03:00
|
|
|
make_immutable = 0;
|
|
|
|
|
Fflag = 0;
|
2006-09-17 00:54:42 +04:00
|
|
|
|
2006-12-04 10:06:56 +03:00
|
|
|
/* error out if we have a dangling symlink or other fs problem */
|
2006-12-20 00:21:28 +03:00
|
|
|
v.exit_on_error = 1;
|
2006-12-04 10:06:56 +03:00
|
|
|
|
2019-07-31 18:02:39 +03:00
|
|
|
while ((ch = getopt(argc, argv, "AaDd:f:ho:p:rSTt:vW")) != -1) {
|
2006-09-17 00:54:42 +04:00
|
|
|
switch (ch) {
|
|
|
|
|
case 'A':
|
2006-12-20 00:21:28 +03:00
|
|
|
v.append_output = 1;
|
2006-09-17 00:54:42 +04:00
|
|
|
break;
|
|
|
|
|
case 'a':
|
2006-12-20 00:21:28 +03:00
|
|
|
v.all_files = 1;
|
2006-09-17 00:54:42 +04:00
|
|
|
break;
|
|
|
|
|
case 'D':
|
2006-12-20 00:21:28 +03:00
|
|
|
v.scan_system_dirs = 1;
|
2006-09-17 00:54:42 +04:00
|
|
|
break;
|
|
|
|
|
case 'd':
|
|
|
|
|
search_path = erealloc(search_path, sizeof(char *) *
|
|
|
|
|
(total + 1));
|
|
|
|
|
search_path[total] = optarg;
|
|
|
|
|
search_path[++total] = NULL;
|
|
|
|
|
break;
|
|
|
|
|
#ifdef notyet
|
|
|
|
|
case 'F':
|
|
|
|
|
Fflag = 1;
|
|
|
|
|
break;
|
|
|
|
|
#endif /* notyet */
|
2019-07-31 18:02:39 +03:00
|
|
|
case 'f':
|
|
|
|
|
if (strcmp(optarg, "-") == 0) {
|
|
|
|
|
v.from_file = stdin;
|
|
|
|
|
v.from_filename = NULL;
|
|
|
|
|
} else {
|
|
|
|
|
v.from_file = fopen(optarg, "r");
|
|
|
|
|
if (v.from_file == NULL) {
|
|
|
|
|
errx(EXIT_FAILURE,
|
|
|
|
|
"Error opening file %s",
|
|
|
|
|
optarg);
|
|
|
|
|
}
|
|
|
|
|
v.from_filename = strdup(optarg);
|
|
|
|
|
}
|
|
|
|
|
break;
|
2019-08-01 11:51:52 +03:00
|
|
|
case 'h':
|
|
|
|
|
usage();
|
|
|
|
|
return EXIT_SUCCESS;
|
2006-09-17 00:54:42 +04:00
|
|
|
case 'o':
|
2006-12-20 00:21:28 +03:00
|
|
|
v.dbfile = optarg;
|
|
|
|
|
break;
|
|
|
|
|
case 'p':
|
|
|
|
|
v.prefix = optarg;
|
2006-09-17 00:54:42 +04:00
|
|
|
break;
|
|
|
|
|
case 'r':
|
2006-12-20 00:21:28 +03:00
|
|
|
v.recursive_scan = 1;
|
2006-09-17 00:54:42 +04:00
|
|
|
break;
|
2006-09-18 21:47:25 +04:00
|
|
|
case 'S':
|
2006-12-05 00:22:40 +03:00
|
|
|
make_immutable = 1;
|
2006-09-18 21:47:25 +04:00
|
|
|
break;
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
case 'T':
|
|
|
|
|
v.stamp = 1;
|
|
|
|
|
break;
|
2006-09-17 00:54:42 +04:00
|
|
|
case 't':
|
2006-12-05 00:22:40 +03:00
|
|
|
if ((hash = find_hash(optarg)) == NULL) {
|
|
|
|
|
errx(EXIT_FAILURE,
|
|
|
|
|
"No such hash algorithm (%s)",
|
|
|
|
|
optarg);
|
|
|
|
|
}
|
2006-09-17 00:54:42 +04:00
|
|
|
break;
|
|
|
|
|
case 'v':
|
2006-12-20 00:21:28 +03:00
|
|
|
v.verbose = 1;
|
2006-09-17 00:54:42 +04:00
|
|
|
break;
|
2006-12-04 10:06:56 +03:00
|
|
|
case 'W':
|
2006-12-20 00:21:28 +03:00
|
|
|
v.exit_on_error = 0;
|
2006-12-04 10:06:56 +03:00
|
|
|
break;
|
2006-09-17 00:54:42 +04:00
|
|
|
default:
|
|
|
|
|
usage();
|
2006-12-05 00:22:40 +03:00
|
|
|
return EXIT_FAILURE;
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
if (v.dbfile == NULL)
|
|
|
|
|
v.dbfile = DEFAULT_DBFILE;
|
2006-09-17 00:54:42 +04:00
|
|
|
|
|
|
|
|
if (hash == NULL) {
|
|
|
|
|
if ((hash = find_hash(DEFAULT_HASH)) == NULL)
|
2006-12-05 00:22:40 +03:00
|
|
|
errx(EXIT_FAILURE, "No hash algorithm");
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TAILQ_INIT(&fehead);
|
|
|
|
|
|
2019-07-31 18:02:39 +03:00
|
|
|
if (search_path == NULL && !v.from_file)
|
2006-12-20 00:21:28 +03:00
|
|
|
v.scan_system_dirs = 1;
|
2006-09-17 00:54:42 +04:00
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
if (v.scan_system_dirs) {
|
2006-09-17 00:54:42 +04:00
|
|
|
char *sys_paths[] = DEFAULT_SYSPATHS;
|
|
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
if (v.verbose)
|
|
|
|
|
banner(&v, hash, sys_paths);
|
|
|
|
|
walk_dir(&v, sys_paths, hash);
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (search_path != NULL) {
|
2006-12-20 00:21:28 +03:00
|
|
|
if (v.verbose)
|
|
|
|
|
banner(&v, hash, search_path);
|
|
|
|
|
walk_dir(&v, search_path, hash);
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|
|
|
|
|
|
2019-07-31 18:02:39 +03:00
|
|
|
if (v.from_file) {
|
|
|
|
|
if (v.verbose)
|
|
|
|
|
banner(&v, hash, NULL);
|
|
|
|
|
read_from_file(&v, hash, v.from_file);
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
store_entries(&v, hash);
|
2006-09-17 00:54:42 +04:00
|
|
|
|
2006-12-20 00:21:28 +03:00
|
|
|
if (make_immutable && chflags(v.dbfile, SF_IMMUTABLE) != 0)
|
2006-12-05 00:22:40 +03:00
|
|
|
err(EXIT_FAILURE, "Can't set immutable flag");
|
2006-09-18 21:47:25 +04:00
|
|
|
|
2019-07-31 18:02:39 +03:00
|
|
|
if (v.from_file && v.from_file != stdin) {
|
|
|
|
|
fclose(v.from_file);
|
|
|
|
|
free(v.from_filename);
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-05 00:22:40 +03:00
|
|
|
return EXIT_SUCCESS;
|
2006-09-17 00:54:42 +04:00
|
|
|
}
|