colin
/
tripwire-open-source
mirror of https://github.com/Tripwire/tripwire-open-source.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support posix_fadvise() where available; optionally enable O_DIRECT/F_NOCACHE if DIRECT_IO=true in tw.cfg; fix internal naming of update 'secure mode' flag for clarity.

This commit is contained in:
Brian Cox 2016-05-05 00:19:56 -07:00
parent ccf149c978
commit eaca9fcedf
17 changed files with 127 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/core/archive.cpp
View File

@ -678,8 +678,9 @@ void cFileArchive::OpenRead(const TCHAR* filename, uint32 openFlags)
uint32 flags = cFile::OPEN_READ;
flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 );
flags |= ( ( openFlags & FA_OPEN_TEXT ) ? cFile::OPEN_TEXT : 0 );
flags |= ( ( openFlags & FA_NONBLOCKING ) ? cFile::OPEN_NONBLOCKING :0 );
flags |= ( ( openFlags & FA_SCANNING ) ? cFile::OPEN_SCANNING : 0 );
flags |= ( ( openFlags & FA_DIRECT ) ? cFile::OPEN_DIRECT : 0 );
mCurrentFilename = filename;
mCurrentFile.Open( filename, flags );
isWritable = false;
@ -704,7 +705,8 @@ void cFileArchive::OpenReadWrite(const TCHAR* filename, uint32 openFlags)
uint32 flags = cFile::OPEN_WRITE;
flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 );
flags |= ( ( openFlags & FA_OPEN_TEXT ) ? cFile::OPEN_TEXT : 0 );
flags |= ( ( openFlags & FA_NONBLOCKING ) ? cFile::OPEN_NONBLOCKING :0 );
flags |= ( ( openFlags & FA_SCANNING ) ? cFile::OPEN_SCANNING : 0 );
flags |= ( ( openFlags & FA_DIRECT ) ? cFile::OPEN_DIRECT : 0 );
mCurrentFilename = filename;
mCurrentFile.Open( filename, flags );

3
src/core/archive.h
View File

@ -260,7 +260,8 @@ public:
{
FA_OPEN_TEXT = 0x1,
FA_OPEN_TRUNCATE = 0x2,
FA_NONBLOCKING = 0x4
FA_SCANNING = 0x4,
FA_DIRECT = 0x8
};
// TODO: Open should throw

3
src/core/file.h
View File

@ -98,7 +98,8 @@ public:
OPEN_CREATE = 0x00000010, // create the file if it doesn't exist; this is implicit if OF_TRUNCATE is set
OPEN_TEXT = 0x00000020,
OPEN_EXCLUSIVE = 0x00000040, // Use O_CREAT | O_EXCL
OPEN_NONBLOCKING = 0x00000080, // Use non-blocking i/o [Unix]
OPEN_SCANNING = 0x00000080, // Open for scanning; set nonblocking & caching accordingly, where available
OPEN_DIRECT = 0x00000100 // Use O_DIRECT or platform equivalent
};
//Ctor, Dtor, CpyCtor, Operator=:

19
src/core/file_unix.cpp
View File

@ -169,9 +169,15 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
perm |= O_CREAT;
#ifdef O_NONBLOCK
if( flags & OPEN_NONBLOCKING )
if( flags & OPEN_SCANNING )
perm |= O_NONBLOCK;
#endif
#ifdef O_DIRECT
if (flags & OPEN_DIRECT)
perm |= O_DIRECT
#endif
//
// actually open the file
//
@ -202,6 +208,17 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
mpData->mFileName = sFileName; //Set mFileName to the newly opened file.
cFile::Rewind();
#ifdef F_NOCACHE
if (flags & OPEN_DIRECT)
fcntl(fh, F_NOCACHE, 1);
#endif
#ifdef HAVE_POSIX_FADVISE
if (flags & OPEN_SCANNING)
posix_fadvise(fh,0,0, POSIX_FADV_DONTNEED);
#endif
}

4
src/fco/fcopropcalc.h
View File

@ -84,8 +84,10 @@ public:
enum CalcFlags
{
DO_NOT_MODIFY_PROPERTIES = 0x00000001 // reset any properties that may have been altered due to measurement
DO_NOT_MODIFY_PROPERTIES = 0x00000001, // reset any properties that may have been altered due to measurement
DIRECT_IO = 0x00000002 // use direct i/o when scanning files
};
virtual int GetCalcFlags() const = 0;
virtual void SetCalcFlags(int i) = 0;
// any calculation flags needed for calculation.

7
src/fs/fspropcalc.cpp
View File

@ -45,6 +45,7 @@
#include "fspropcalc.h"
#include "fsobject.h"
#if IS_UNIX
#include <unistd.h>
#endif
@ -300,8 +301,10 @@ void cFSPropCalc::VisitFSObject(cFSObject& obj)
{
pTheArch = &arch;
try
{
arch.OpenRead(strName.c_str(), cFileArchive::FA_NONBLOCKING);
{
arch.OpenRead(strName.c_str(), ((mCalcFlags & iFCOPropCalc::DIRECT_IO) ?
cFileArchive::FA_SCANNING | cFileArchive::FA_DIRECT :
cFileArchive::FA_SCANNING) );
}
catch (eArchive&)
{

1
src/fs/fspropcalc.h
View File

@ -73,6 +73,7 @@ public:
virtual int GetCalcFlags() const;
virtual void SetCalcFlags( int i );
private:
cFSPropCalc( const cFSPropCalc& );
void operator =( const cFSPropCalc& );

5
src/tripwire/generatedb.cpp
View File

@ -147,6 +147,11 @@ void cGenerateDb::Execute( const cFCOSpecList& specList, cHierDatabase& db, iFCO
dbIter.SetIterFlags( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS );
pDSIter->SetIterFlags( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS );
}
if (flags & FLAG_DIRECT_IO)
{
pPC->SetCalcFlags( pPC->GetCalcFlags() | iFCOPropCalc::DIRECT_IO);
}
//
// iterate over all of the specs...

4
src/tripwire/generatedb.h
View File

@ -54,10 +54,12 @@ public:
enum Flags
{
FLAG_ERASE_FOOTPRINTS_GD = 0x00000001
FLAG_ERASE_FOOTPRINTS_GD = 0x00000001,
// when this flag is set, cGenerateDb will attempt to leave no footprints when
// creating the database for instance, cGenerateDb will tell the property calculator
// to reset access times.
FLAG_DIRECT_IO = 0x00000002
// Use direct i/o when scanning files
};
};

10
src/tripwire/integritycheck.cpp
View File

@ -483,6 +483,11 @@ void cIntegrityCheck::Execute( uint32 flags )
pDSIter->SetIterFlags ( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS );
}
if (flags & FLAG_DIRECT_IO)
{
mpPropCalc->SetCalcFlags(mpPropCalc->GetCalcFlags() | iFCOPropCalc::DIRECT_IO);
}
//
// iterate over all of the specs...
//
@ -575,6 +580,11 @@ void cIntegrityCheck::ExecuteOnObjectList( const std::list<cFCOName>& fcoNames,
dbIter.SetIterFlags ( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS );
pDSIter->SetIterFlags ( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS );
}
if (flags & FLAG_DIRECT_IO)
{
mpPropCalc->SetCalcFlags(mpPropCalc->GetCalcFlags() | iFCOPropCalc::DIRECT_IO);
}
//
// iterate over all the objects to integrity check..

4
src/tripwire/integritycheck.h
View File

@ -110,9 +110,11 @@ public:
// previous enumeration. This flag indicates that any valid properties in the new FCO during
// an integrity check that are not valid in the database FCO should be copied to the db's fco.
// Yuck!
FLAG_ERASE_FOOTPRINTS_IC = 0x00000010
FLAG_ERASE_FOOTPRINTS_IC = 0x00000010,
// when this flag is set, IC will attempt to leave no footprints when doing an integrity check.
// for instance, IC will tell the property calculator to reset access times.
FLAG_DIRECT_IO = 0x00000020
// Use direct i/o when scanning files
};
private:

16
src/tripwire/policyupdate.cpp
View File

@ -177,6 +177,11 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
{
icFlags |= cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC;
}
if (flags & FLAG_DIRECT_IO)
{
icFlags |= cIntegrityCheck::FLAG_DIRECT_IO;
}
ic.Execute( icFlags );
//TODO-- the second flag I just added probably makes the flag to cUpdateDb::Execute() unnecessary;
@ -208,7 +213,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
{
// this is an error that should be reported to the user.
ePolicyUpdateAddedFCO e( pTrans->ToStringDisplay( pIter->FCO()->GetName() ) );
if( (flags & ANAL) == 0 )
if( (flags & FLAG_SECURE_MODE) == 0 )
e.SetFlags( eError::NON_FATAL );
else
e.SetFlags( eError::SUPRESS_THIRD_MSG );
@ -229,7 +234,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
// this is an error that should be reported to the user.
ePolicyUpdateRemovedFCO e( pTrans->ToStringDisplay( pRmIter->FCO()->GetName() ) );
if( (flags & ANAL) == 0 )
if( (flags & FLAG_SECURE_MODE) == 0 )
e.SetFlags( eError::NON_FATAL );
else
e.SetFlags( eError::SUPRESS_THIRD_MSG );
@ -262,7 +267,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
// add this to the error bucket
ePolicyUpdateChangedFCO e( badPropStr );
if( (flags & ANAL) == 0 )
if( (flags & FLAG_SECURE_MODE) == 0 )
e.SetFlags( eError::NON_FATAL );
else
e.SetFlags( eError::SUPRESS_THIRD_MSG );
@ -272,7 +277,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
}
//
// now, we will update the database with everything in the report...
// TODO -- don't do this if the anal flag was passed in
// TODO -- don't do this if the secure mode flag was passed in
//
TW_NOTIFY_NORMAL( TSS_GetString( cTripwire, tripwire::STR_PU_UPDATE_DB ).c_str() );
//
@ -283,7 +288,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
{
updateDBFlags |= cUpdateDb::FLAG_ERASE_FOOTPRINTS_UD;
}
update.Execute( updateDBFlags );
// the last thing that we have to do is to remove everything that is still
@ -303,6 +308,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
{
i.SetIterFlags( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS );
}
const cFCOSpecListCanonicalIter newPolIter( mNewPolicy );
util_PruneExtraObjects( i, newPolIter );

9
src/tripwire/policyupdate.h
View File

@ -64,15 +64,18 @@ public:
bool Execute( uint32 flags = 0 ) ; // throw (eError)
// if false is returned, then there was at least one conflict that came up during the policy
// update, and if tripwire was run in anal mode then the policy update should fail.
// update, and if tripwire was run in secure mode then the policy update should fail.
enum Flags
{
ANAL = 0x00000001, // if this is set, then we are in anal mode. This affects whether error
FLAG_SECURE_MODE = 0x00000001, // if this is set, then we're in pedantic mode. This affects whether error
// messages appear as "Error" or "Warning"
FLAG_ERASE_FOOTPRINTS_PU= 0x00000002
FLAG_ERASE_FOOTPRINTS_PU= 0x00000002,
// when this flag is set, cPolicyUpdate will attempt undo any inadvertant modifications
// it may make when executing.
FLAG_DIRECT_IO = 0x00000004
// Use direct i/o when scanning files
};
private:

78
src/tripwire/twcmdline.cpp
View File

@ -433,6 +433,14 @@ static void FillOutConfigInfo(cTWModeCommon* pModeInfo, const cConfigFile& cf)
pModeInfo->mbCrossFileSystems = false;
}
if(cf.Lookup(TSTRING(_T("DIRECT_IO")), str))
{
if (_tcsicmp(str.c_str(), _T("true")) == 0)
pModeInfo->mbDirectIO = true;
else
pModeInfo->mbDirectIO = false;
}
//
// turn all of the file names into full paths (they're relative to the exe dir)
//
@ -621,7 +629,7 @@ bool cTWModeDbInit::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine)
// Set the cross file systems flag appropriately.
cFSDataSourceIter::SetFileSystemCrossing(mpData->mbCrossFileSystems);
#endif
return true;
}
@ -663,7 +671,8 @@ int cTWModeDbInit::Execute(cErrorQueue* pQueue)
uint32 gdbFlags = 0;
gdbFlags |= ( mpData->mbResetAccessTime ? cGenerateDb::FLAG_ERASE_FOOTPRINTS_GD : 0 );
gdbFlags |= ( mpData->mbDirectIO ? cGenerateDb::FLAG_DIRECT_IO : 0 );
// loop through the genres
cGenreSpecListVector::iterator genreIter;
for (genreIter = genreSpecList.begin(); genreIter != genreSpecList.end(); ++genreIter)
@ -776,7 +785,7 @@ public:
TSTRING mSeverityName; // gets mapped to number, then treated like mSeverityLevel
TSTRING mRuleName; // only the named rule will be checked
TSTRING mGenreName; // if not empty, specifies the genre to check
bool mbAnal; // are we in anal mode? (only valid with mbUpdate == true)
bool mbSecureMode; // are we in extra-pedantic mode? (only valid with mbUpdate == true)
#ifdef GMMS
bool mbGmms; // Send violation reports via gmms?
@ -790,7 +799,7 @@ public:
// ctor can set up some default values
cTWModeIC_i() : cTWModeCommon(), mbUpdate(false), mbPrintToStdout(true), mbEmail(false), mbEncryptReport(false),
mSeverityLevel(-1), mbTrimBySeverity(false), mbAnal(false)
mSeverityLevel(-1), mbTrimBySeverity(false), mbSecureMode(false)
#ifdef GMMS
, mbGmms(false), mGmmsVerbosity(2)
#endif
@ -1080,7 +1089,7 @@ bool cTWModeIC::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine)
// Set the cross file systems flag appropriately.
cFSDataSourceIter::SetFileSystemCrossing(mpData->mbCrossFileSystems);
#endif
return true;
}
@ -1223,7 +1232,8 @@ int cTWModeIC::Execute(cErrorQueue* pQueue)
uint32 icFlags = 0;
icFlags |= ( mpData->mfLooseDirs ? cIntegrityCheck::FLAG_LOOSE_DIR : 0 );
icFlags |= ( mpData->mbResetAccessTime ? cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC : 0 );
icFlags |= ( mpData->mbDirectIO ? cIntegrityCheck::FLAG_DIRECT_IO : 0 );
ic.ExecuteOnObjectList( fcoNames, icFlags );
// put all info into report
@ -1354,7 +1364,8 @@ int cTWModeIC::Execute(cErrorQueue* pQueue)
uint32 icFlags = 0;
icFlags |= ( mpData->mfLooseDirs ? cIntegrityCheck::FLAG_LOOSE_DIR : 0 );
icFlags |= ( mpData->mbResetAccessTime ? cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC : 0 );
icFlags |= ( mpData->mbDirectIO ? cIntegrityCheck::FLAG_DIRECT_IO : 0 );
ic.Execute( icFlags );
// put all display info into report
@ -1531,7 +1542,7 @@ class cTWModeDbUpdate_i : public cTWModeCommon
{
public:
bool mbInteractive; // don't do interactive update; just integrate the report file
bool mbAnal; // are we in anal mode?
bool mbSecureMode; // are we in extra-pedantic mode?
//std::string mSitePassphrase; // pass phrase for site key
//bool mSiteProvided;
@ -1544,7 +1555,7 @@ public:
cFCOReportHeader* mpReportHeader;
// ctor can set up some default values
cTWModeDbUpdate_i() : cTWModeCommon(), mbInteractive(true), mbAnal(true), /*mSiteProvided(false),*/ mpReport(0), mpDbFile(0), mpReportHeader(0) {}
cTWModeDbUpdate_i() : cTWModeCommon(), mbInteractive(true), mbSecureMode(true), /*mSiteProvided(false),*/ mpReport(0), mpDbFile(0), mpReportHeader(0) {}
};
///////////////////////////////////////////////////////////////////////////////
@ -1572,7 +1583,7 @@ void cTWModeDbUpdate::InitCmdLineParser(cCmdLineParser& cmdLine)
cmdLine.AddArg(cTWCmdLine::MODE_UPDATE_DB, TSTRING(_T("")), TSTRING(_T("update")), cCmdLineParser::PARAM_NONE);
cmdLine.AddArg(cTWCmdLine::ACCEPT_ALL, TSTRING(_T("a")), TSTRING(_T("accept-all")), cCmdLineParser::PARAM_NONE);
cmdLine.AddArg(cTWCmdLine::ANAL_LEVEL, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::SECURE_MODE, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::EDITOR, TSTRING(_T("V")), TSTRING(_T("visual")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::PARAMS, TSTRING(_T("")), TSTRING(_T("")), cCmdLineParser::PARAM_NONE);
@ -1601,15 +1612,15 @@ bool cTWModeDbUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine)
case cTWCmdLine::ACCEPT_ALL:
mpData->mbInteractive = false;
break;
case cTWCmdLine::ANAL_LEVEL:
case cTWCmdLine::SECURE_MODE:
ASSERT(iter.NumParams() > 0);
if(iter.ParamAt(0).compare(_T("high")) == 0)
mpData->mbAnal = true;
mpData->mbSecureMode = true;
else if(iter.ParamAt(0).compare(_T("low")) == 0)
mpData->mbAnal = false;
mpData->mbSecureMode = false;
else
{
// invalid parameter to anal switch...
// invalid parameter to secure mode switch...
// TODO -- print this to stderr; how do I display (1) the switch name
// and (2) the possible values?
// TODO -- move {high, low} somewhere else
@ -1658,14 +1669,14 @@ bool cTWModeDbUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine)
// Set the cross file systems flag appropriately.
cFSDataSourceIter::SetFileSystemCrossing(mpData->mbCrossFileSystems);
#endif
return true;
}
void cTWModeDbUpdate::Init(const cTWModeIC_i* pICData, cFCODatabaseFile* dbFile, cFCOReportHeader* prh, cFCOReport* pReport, bool bEncryptDb)
{
mpData->mbInteractive = true; // always interactive
mpData->mbAnal = pICData->mbAnal;
mpData->mbSecureMode = pICData->mbSecureMode;
//mpData->mbBackup = pICData->mbBackup;
mpData->mDbFile = pICData->mDbFile;
mpData->mLocalKeyFile = pICData->mLocalKeyFile;
@ -1819,9 +1830,9 @@ int cTWModeDbUpdate::Execute(cErrorQueue* pQueue)
//
uint32 udFlags = 0;
udFlags |= ( mpData->mbResetAccessTime ? cUpdateDb::FLAG_ERASE_FOOTPRINTS_UD : 0 );
cUpdateDb update( dbIter.GetDb(), *mpData->mpReport, pQueue );
if( (! update.Execute( udFlags )) && mpData->mbAnal )
if( (! update.Execute( udFlags )) && mpData->mbSecureMode )
{
// we will not perform the update; simply exit.
TCOUT << TSS_GetString( cTripwire, tripwire::STR_DB_NOT_UPDATED) << std::endl;
@ -1906,10 +1917,10 @@ public:
TSTRING mTextPolFile;
wc16_string mSitePassphrase;
bool mSiteProvided;
bool mbAnal;
bool mbSecureMode;
// ctor can set up some default values
cTWModePolUpdate_i() : cTWModeCommon(), mSiteProvided(false), mbAnal(true) {}
cTWModePolUpdate_i() : cTWModeCommon(), mSiteProvided(false), mbSecureMode(true) {}
};
///////////////////////////////////////////////////////////////////////////////
@ -1937,7 +1948,7 @@ void cTWModePolUpdate::InitCmdLineParser(cCmdLineParser& cmdLine)
cmdLine.AddArg(cTWCmdLine::TEXT_POL_FILE, TSTRING(_T("")), TSTRING(_T("")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::LOCAL_PASSPHRASE,TSTRING(_T("P")), TSTRING(_T("local-passphrase")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::SITE_PASSPHRASE, TSTRING(_T("Q")), TSTRING(_T("site-passphrase")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::ANAL_LEVEL, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::SECURE_MODE, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE);
}
///////////////////////////////////////////////////////////////////////////////
@ -1973,15 +1984,15 @@ bool cTWModePolUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine
mpData->mSitePassphrase = cStringUtil::TstrToWstr(iter.ParamAt(0));
mpData->mSiteProvided = true;
break;
case cTWCmdLine::ANAL_LEVEL:
case cTWCmdLine::SECURE_MODE:
ASSERT(iter.NumParams() > 0);
if(iter.ParamAt(0).compare(_T("high")) == 0)
mpData->mbAnal = true;
mpData->mbSecureMode = true;
else if(iter.ParamAt(0).compare(_T("low")) == 0)
mpData->mbAnal = false;
mpData->mbSecureMode = false;
else
{
// invalid parameter to anal switch...
// invalid parameter to secure mode switch...
// TODO -- print this to stderr; how do I display (1) the switch name
// and (2) the possible values?
// TODO -- move {high, low} somewhere else
@ -2025,13 +2036,12 @@ bool cTWModePolUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine
//
if (cTWUtil::VerifyCfgSiteKey( mstrConfigFile, mpData->mSiteKeyFile ) == false)
cTWUtil::PrintErrorMsg(eTWCfgUnencrypted(_T(""), eError::NON_FATAL|eError::SUPRESS_THIRD_MSG));
#if IS_UNIX
// Set the cross file systems flag appropriately.
cFSDataSourceIter::SetFileSystemCrossing(mpData->mbCrossFileSystems);
#endif
return true;
}
@ -2133,11 +2143,13 @@ int cTWModePolUpdate::Execute(cErrorQueue* pQueue)
//
cPolicyUpdate pu( genreIter->GetGenre(), dbIter.GetSpecList(), genreIter->GetSpecList(), dbIter.GetDb(), pQueue );
uint32 puFlags = 0;
puFlags |= mpData->mbAnal ? cPolicyUpdate::ANAL : 0;
puFlags |= mpData->mbSecureMode ? cPolicyUpdate::FLAG_SECURE_MODE : 0;
puFlags |= ( mpData->mbResetAccessTime ? cPolicyUpdate::FLAG_ERASE_FOOTPRINTS_PU : 0 );
if( (! pu.Execute(puFlags)) && (mpData->mbAnal) )
puFlags |= ( mpData->mbDirectIO ? cPolicyUpdate::FLAG_DIRECT_IO : 0 );
if( (! pu.Execute(puFlags)) && (mpData->mbSecureMode) )
{
// they were in anal mode and errors occured; an error condition
// they were in secure mode and errors occured; an error condition
TCOUT << TSS_GetString( cTripwire, tripwire::STR_ERR_POL_UPDATE) << std::endl;
return 8;
}
@ -2163,7 +2175,9 @@ int cTWModePolUpdate::Execute(cErrorQueue* pQueue)
// TODO -- turn pQueue into an error bucket
uint32 gdbFlags = 0;
gdbFlags |= ( mpData->mbResetAccessTime ? cGenerateDb::FLAG_ERASE_FOOTPRINTS_GD : 0 );
gdbFlags |= ( mpData->mbResetAccessTime ? cGenerateDb::FLAG_ERASE_FOOTPRINTS_GD : 0 );
gdbFlags |= ( mpData->mbDirectIO ? cGenerateDb::FLAG_DIRECT_IO : 0 );
cGenerateDb::Execute( dbIter.GetSpecList(), dbIter.GetDb(), dbIter.GetGenreHeader().GetPropDisplayer(), pQueue, gdbFlags );
//TODO -- what other prop displayer stuff do I have to do here?

6
src/tripwire/twcmdline.h
View File

@ -131,7 +131,7 @@ public:
RULE_NAME,
GENRE_NAME,
ACCEPT_ALL, // update db with entire report
ANAL_LEVEL,
SECURE_MODE,
TEXT_POL_FILE,
LOCAL_PASSPHRASE,
SITE_PASSPHRASE,
@ -174,6 +174,7 @@ class cTWModeCommon
bool mbResetAccessTime; // do we reset access time when calculating properties of files?
bool mbLogToSyslog; // log significant events and level 0 reports to SYSLOG
bool mbCrossFileSystems; // automatically recurse across mount points on Unis FS genre
bool mbDirectIO; // Use direct i/o when scanning files, if platform supports it.
cTextReportViewer::ReportingLevel mEmailReportLevel; // What level of email reporting we should use
cMailMessage::MailMethod mMailMethod; // What mechanism should we use to send the report
@ -190,7 +191,8 @@ class cTWModeCommon
mfLooseDirs(false),
mbResetAccessTime(false),
mbLogToSyslog(false),
mbCrossFileSystems(false)
mbCrossFileSystems(false),
mbDirectIO(false)
{
}
};

2
src/tripwire/updatedb.h
View File

@ -76,6 +76,8 @@ public:
// when this flag is set, UpdateDb will attempt
// undo any inadvertant modifications it may make
// when executing.
};
private:

2
src/tw/twstrings.h
View File

@ -73,7 +73,7 @@ TSS_BeginStringIds( tw )
STR_ENTER_LOCAL_PASSPHRASE,
STR_ENTER_SITE_PASSPHRASE,
STR_ENTER_PROVIDED_PASSPHRASE,
STR_DB_NOT_UPDATED, // db update not performed due to anal mode
STR_DB_NOT_UPDATED, // db update not performed due to secure mode
STR_IGNORE_PROPS, // ignoring properties
STR_NOT_IMPLEMENTED,
STR_REPORT_EMPTY,