colin
/
tripwire-open-source
mirror of https://github.com/Tripwire/tripwire-open-source.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support posix_fadvise() where available; optionally enable O_DIRECT/F_NOCACHE if DIRECT_IO=true in tw.cfg; fix internal naming of update 'secure mode' flag for clarity.

This commit is contained in:
Brian Cox 2016-05-05 00:19:56 -07:00
parent ccf149c978
commit eaca9fcedf
17 changed files with 127 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/core/archive.cpp
View File

@ -678,7 +678,8 @@ void cFileArchive::OpenRead(const TCHAR* filename, uint32 openFlags)
uint32 flags = cFile::OPEN_READ; uint32 flags = cFile::OPEN_READ;
flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 ); flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 );
flags |= ( ( openFlags & FA_OPEN_TEXT ) ? cFile::OPEN_TEXT : 0 ); flags |= ( ( openFlags & FA_OPEN_TEXT ) ? cFile::OPEN_TEXT : 0 );
flags |= ( ( openFlags & FA_NONBLOCKING ) ? cFile::OPEN_NONBLOCKING :0 ); flags |= ( ( openFlags & FA_SCANNING ) ? cFile::OPEN_SCANNING : 0 );
flags |= ( ( openFlags & FA_DIRECT ) ? cFile::OPEN_DIRECT : 0 );
mCurrentFilename = filename; mCurrentFilename = filename;
mCurrentFile.Open( filename, flags ); mCurrentFile.Open( filename, flags );
@ -704,7 +705,8 @@ void cFileArchive::OpenReadWrite(const TCHAR* filename, uint32 openFlags)
uint32 flags = cFile::OPEN_WRITE; uint32 flags = cFile::OPEN_WRITE;
flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 ); flags |= ( ( openFlags & FA_OPEN_TRUNCATE ) ? cFile::OPEN_TRUNCATE : 0 );
flags |= ( ( openFlags & FA_OPEN_TEXT ) ? cFile::OPEN_TEXT : 0 ); flags |= ( ( openFlags & FA_OPEN_TEXT ) ? cFile::OPEN_TEXT : 0 );
flags |= ( ( openFlags & FA_NONBLOCKING ) ? cFile::OPEN_NONBLOCKING :0 ); flags |= ( ( openFlags & FA_SCANNING ) ? cFile::OPEN_SCANNING : 0 );
flags |= ( ( openFlags & FA_DIRECT ) ? cFile::OPEN_DIRECT : 0 );
mCurrentFilename = filename; mCurrentFilename = filename;
mCurrentFile.Open( filename, flags ); mCurrentFile.Open( filename, flags );

3
src/core/archive.h
View File

@ -260,7 +260,8 @@ public:
{ {
FA_OPEN_TEXT = 0x1, FA_OPEN_TEXT = 0x1,
FA_OPEN_TRUNCATE = 0x2, FA_OPEN_TRUNCATE = 0x2,
FA_NONBLOCKING = 0x4 FA_SCANNING = 0x4,
FA_DIRECT = 0x8
}; };
// TODO: Open should throw // TODO: Open should throw

3
src/core/file.h
View File

@ -98,7 +98,8 @@ public:
OPEN_CREATE = 0x00000010, // create the file if it doesn't exist; this is implicit if OF_TRUNCATE is set OPEN_CREATE = 0x00000010, // create the file if it doesn't exist; this is implicit if OF_TRUNCATE is set
OPEN_TEXT = 0x00000020, OPEN_TEXT = 0x00000020,
OPEN_EXCLUSIVE = 0x00000040, // Use O_CREAT | O_EXCL OPEN_EXCLUSIVE = 0x00000040, // Use O_CREAT | O_EXCL
OPEN_NONBLOCKING = 0x00000080, // Use non-blocking i/o [Unix] OPEN_SCANNING = 0x00000080, // Open for scanning; set nonblocking & caching accordingly, where available
OPEN_DIRECT = 0x00000100 // Use O_DIRECT or platform equivalent
}; };
//Ctor, Dtor, CpyCtor, Operator=: //Ctor, Dtor, CpyCtor, Operator=:

19
src/core/file_unix.cpp
View File

@ -169,9 +169,15 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
perm |= O_CREAT; perm |= O_CREAT;
#ifdef O_NONBLOCK #ifdef O_NONBLOCK
if( flags & OPEN_NONBLOCKING ) if( flags & OPEN_SCANNING )
perm |= O_NONBLOCK; perm |= O_NONBLOCK;
#endif #endif
#ifdef O_DIRECT
if (flags & OPEN_DIRECT)
perm |= O_DIRECT
#endif
// //
// actually open the file // actually open the file
// //
@ -202,6 +208,17 @@ void cFile::Open( const TSTRING& sFileNameC, uint32 flags )
mpData->mFileName = sFileName; //Set mFileName to the newly opened file. mpData->mFileName = sFileName; //Set mFileName to the newly opened file.
cFile::Rewind(); cFile::Rewind();
#ifdef F_NOCACHE
if (flags & OPEN_DIRECT)
fcntl(fh, F_NOCACHE, 1);
#endif
#ifdef HAVE_POSIX_FADVISE
if (flags & OPEN_SCANNING)
posix_fadvise(fh,0,0, POSIX_FADV_DONTNEED);
#endif
} }

4
src/fco/fcopropcalc.h
View File

@ -84,8 +84,10 @@ public:
enum CalcFlags enum CalcFlags
{ {
DO_NOT_MODIFY_PROPERTIES = 0x00000001 // reset any properties that may have been altered due to measurement DO_NOT_MODIFY_PROPERTIES = 0x00000001, // reset any properties that may have been altered due to measurement
DIRECT_IO = 0x00000002 // use direct i/o when scanning files
}; };
virtual int GetCalcFlags() const = 0; virtual int GetCalcFlags() const = 0;
virtual void SetCalcFlags(int i) = 0; virtual void SetCalcFlags(int i) = 0;
// any calculation flags needed for calculation. // any calculation flags needed for calculation.

5
src/fs/fspropcalc.cpp
View File

@ -45,6 +45,7 @@
#include "fspropcalc.h" #include "fspropcalc.h"
#include "fsobject.h" #include "fsobject.h"
#if IS_UNIX #if IS_UNIX
#include <unistd.h> #include <unistd.h>
#endif #endif
@ -301,7 +302,9 @@ void cFSPropCalc::VisitFSObject(cFSObject& obj)
pTheArch = &arch; pTheArch = &arch;
try try
{ {
arch.OpenRead(strName.c_str(), cFileArchive::FA_NONBLOCKING); arch.OpenRead(strName.c_str(), ((mCalcFlags & iFCOPropCalc::DIRECT_IO) ?
cFileArchive::FA_SCANNING | cFileArchive::FA_DIRECT :
cFileArchive::FA_SCANNING) );
} }
catch (eArchive&) catch (eArchive&)
{ {

1
src/fs/fspropcalc.h
View File

@ -73,6 +73,7 @@ public:
virtual int GetCalcFlags() const; virtual int GetCalcFlags() const;
virtual void SetCalcFlags( int i ); virtual void SetCalcFlags( int i );
private: private:
cFSPropCalc( const cFSPropCalc& ); cFSPropCalc( const cFSPropCalc& );
void operator =( const cFSPropCalc& ); void operator =( const cFSPropCalc& );

5
src/tripwire/generatedb.cpp
View File

@ -148,6 +148,11 @@ void cGenerateDb::Execute( const cFCOSpecList& specList, cHierDatabase& db, iFCO
pDSIter->SetIterFlags( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS ); pDSIter->SetIterFlags( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS );
} }
if (flags & FLAG_DIRECT_IO)
{
pPC->SetCalcFlags( pPC->GetCalcFlags() | iFCOPropCalc::DIRECT_IO);
}
// //
// iterate over all of the specs... // iterate over all of the specs...
// //

4
src/tripwire/generatedb.h
View File

@ -54,10 +54,12 @@ public:
enum Flags enum Flags
{ {
FLAG_ERASE_FOOTPRINTS_GD = 0x00000001 FLAG_ERASE_FOOTPRINTS_GD = 0x00000001,
// when this flag is set, cGenerateDb will attempt to leave no footprints when // when this flag is set, cGenerateDb will attempt to leave no footprints when
// creating the database for instance, cGenerateDb will tell the property calculator // creating the database for instance, cGenerateDb will tell the property calculator
// to reset access times. // to reset access times.
FLAG_DIRECT_IO = 0x00000002
// Use direct i/o when scanning files
}; };
}; };

10
src/tripwire/integritycheck.cpp
View File

@ -483,6 +483,11 @@ void cIntegrityCheck::Execute( uint32 flags )
pDSIter->SetIterFlags ( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS ); pDSIter->SetIterFlags ( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS );
} }
if (flags & FLAG_DIRECT_IO)
{
mpPropCalc->SetCalcFlags(mpPropCalc->GetCalcFlags() | iFCOPropCalc::DIRECT_IO);
}
// //
// iterate over all of the specs... // iterate over all of the specs...
// //
@ -576,6 +581,11 @@ void cIntegrityCheck::ExecuteOnObjectList( const std::list<cFCOName>& fcoNames,
pDSIter->SetIterFlags ( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS ); pDSIter->SetIterFlags ( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS );
} }
if (flags & FLAG_DIRECT_IO)
{
mpPropCalc->SetCalcFlags(mpPropCalc->GetCalcFlags() | iFCOPropCalc::DIRECT_IO);
}
// //
// iterate over all the objects to integrity check.. // iterate over all the objects to integrity check..
// //

4
src/tripwire/integritycheck.h
View File

@ -110,9 +110,11 @@ public:
// previous enumeration. This flag indicates that any valid properties in the new FCO during // previous enumeration. This flag indicates that any valid properties in the new FCO during
// an integrity check that are not valid in the database FCO should be copied to the db's fco. // an integrity check that are not valid in the database FCO should be copied to the db's fco.
// Yuck! // Yuck!
FLAG_ERASE_FOOTPRINTS_IC = 0x00000010 FLAG_ERASE_FOOTPRINTS_IC = 0x00000010,
// when this flag is set, IC will attempt to leave no footprints when doing an integrity check. // when this flag is set, IC will attempt to leave no footprints when doing an integrity check.
// for instance, IC will tell the property calculator to reset access times. // for instance, IC will tell the property calculator to reset access times.
FLAG_DIRECT_IO = 0x00000020
// Use direct i/o when scanning files
}; };
private: private:

14
src/tripwire/policyupdate.cpp
View File

@ -178,6 +178,11 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
icFlags |= cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC; icFlags |= cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC;
} }
if (flags & FLAG_DIRECT_IO)
{
icFlags |= cIntegrityCheck::FLAG_DIRECT_IO;
}
ic.Execute( icFlags ); ic.Execute( icFlags );
//TODO-- the second flag I just added probably makes the flag to cUpdateDb::Execute() unnecessary; //TODO-- the second flag I just added probably makes the flag to cUpdateDb::Execute() unnecessary;
// I should probably remove it. // I should probably remove it.
@ -208,7 +213,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
{ {
// this is an error that should be reported to the user. // this is an error that should be reported to the user.
ePolicyUpdateAddedFCO e( pTrans->ToStringDisplay( pIter->FCO()->GetName() ) ); ePolicyUpdateAddedFCO e( pTrans->ToStringDisplay( pIter->FCO()->GetName() ) );
if( (flags & ANAL) == 0 ) if( (flags & FLAG_SECURE_MODE) == 0 )
e.SetFlags( eError::NON_FATAL ); e.SetFlags( eError::NON_FATAL );
else else
e.SetFlags( eError::SUPRESS_THIRD_MSG ); e.SetFlags( eError::SUPRESS_THIRD_MSG );
@ -229,7 +234,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
// this is an error that should be reported to the user. // this is an error that should be reported to the user.
ePolicyUpdateRemovedFCO e( pTrans->ToStringDisplay( pRmIter->FCO()->GetName() ) ); ePolicyUpdateRemovedFCO e( pTrans->ToStringDisplay( pRmIter->FCO()->GetName() ) );
if( (flags & ANAL) == 0 ) if( (flags & FLAG_SECURE_MODE) == 0 )
e.SetFlags( eError::NON_FATAL ); e.SetFlags( eError::NON_FATAL );
else else
e.SetFlags( eError::SUPRESS_THIRD_MSG ); e.SetFlags( eError::SUPRESS_THIRD_MSG );
@ -262,7 +267,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
// add this to the error bucket // add this to the error bucket
ePolicyUpdateChangedFCO e( badPropStr ); ePolicyUpdateChangedFCO e( badPropStr );
if( (flags & ANAL) == 0 ) if( (flags & FLAG_SECURE_MODE) == 0 )
e.SetFlags( eError::NON_FATAL ); e.SetFlags( eError::NON_FATAL );
else else
e.SetFlags( eError::SUPRESS_THIRD_MSG ); e.SetFlags( eError::SUPRESS_THIRD_MSG );
@ -272,7 +277,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
} }
// //
// now, we will update the database with everything in the report... // now, we will update the database with everything in the report...
// TODO -- don't do this if the anal flag was passed in // TODO -- don't do this if the secure mode flag was passed in
// //
TW_NOTIFY_NORMAL( TSS_GetString( cTripwire, tripwire::STR_PU_UPDATE_DB ).c_str() ); TW_NOTIFY_NORMAL( TSS_GetString( cTripwire, tripwire::STR_PU_UPDATE_DB ).c_str() );
// //
@ -303,6 +308,7 @@ bool cPolicyUpdate::Execute( uint32 flags ) // throw (eError)
{ {
i.SetIterFlags( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS ); i.SetIterFlags( iFCODataSourceIter::DO_NOT_MODIFY_OBJECTS );
} }
const cFCOSpecListCanonicalIter newPolIter( mNewPolicy ); const cFCOSpecListCanonicalIter newPolIter( mNewPolicy );
util_PruneExtraObjects( i, newPolIter ); util_PruneExtraObjects( i, newPolIter );

9
src/tripwire/policyupdate.h
View File

@ -64,15 +64,18 @@ public:
bool Execute( uint32 flags = 0 ) ; // throw (eError) bool Execute( uint32 flags = 0 ) ; // throw (eError)
// if false is returned, then there was at least one conflict that came up during the policy // if false is returned, then there was at least one conflict that came up during the policy
// update, and if tripwire was run in anal mode then the policy update should fail. // update, and if tripwire was run in secure mode then the policy update should fail.
enum Flags enum Flags
{ {
ANAL = 0x00000001, // if this is set, then we are in anal mode. This affects whether error FLAG_SECURE_MODE = 0x00000001, // if this is set, then we're in pedantic mode. This affects whether error
// messages appear as "Error" or "Warning" // messages appear as "Error" or "Warning"
FLAG_ERASE_FOOTPRINTS_PU= 0x00000002 FLAG_ERASE_FOOTPRINTS_PU= 0x00000002,
// when this flag is set, cPolicyUpdate will attempt undo any inadvertant modifications // when this flag is set, cPolicyUpdate will attempt undo any inadvertant modifications
// it may make when executing. // it may make when executing.
FLAG_DIRECT_IO = 0x00000004
// Use direct i/o when scanning files
}; };
private: private:

60
src/tripwire/twcmdline.cpp
View File

@ -433,6 +433,14 @@ static void FillOutConfigInfo(cTWModeCommon* pModeInfo, const cConfigFile& cf)
pModeInfo->mbCrossFileSystems = false; pModeInfo->mbCrossFileSystems = false;
} }
if(cf.Lookup(TSTRING(_T("DIRECT_IO")), str))
{
if (_tcsicmp(str.c_str(), _T("true")) == 0)
pModeInfo->mbDirectIO = true;
else
pModeInfo->mbDirectIO = false;
}
// //
// turn all of the file names into full paths (they're relative to the exe dir) // turn all of the file names into full paths (they're relative to the exe dir)
// //
@ -663,6 +671,7 @@ int cTWModeDbInit::Execute(cErrorQueue* pQueue)
uint32 gdbFlags = 0; uint32 gdbFlags = 0;
gdbFlags |= ( mpData->mbResetAccessTime ? cGenerateDb::FLAG_ERASE_FOOTPRINTS_GD : 0 ); gdbFlags |= ( mpData->mbResetAccessTime ? cGenerateDb::FLAG_ERASE_FOOTPRINTS_GD : 0 );
gdbFlags |= ( mpData->mbDirectIO ? cGenerateDb::FLAG_DIRECT_IO : 0 );
// loop through the genres // loop through the genres
cGenreSpecListVector::iterator genreIter; cGenreSpecListVector::iterator genreIter;
@ -776,7 +785,7 @@ public:
TSTRING mSeverityName; // gets mapped to number, then treated like mSeverityLevel TSTRING mSeverityName; // gets mapped to number, then treated like mSeverityLevel
TSTRING mRuleName; // only the named rule will be checked TSTRING mRuleName; // only the named rule will be checked
TSTRING mGenreName; // if not empty, specifies the genre to check TSTRING mGenreName; // if not empty, specifies the genre to check
bool mbAnal; // are we in anal mode? (only valid with mbUpdate == true) bool mbSecureMode; // are we in extra-pedantic mode? (only valid with mbUpdate == true)
#ifdef GMMS #ifdef GMMS
bool mbGmms; // Send violation reports via gmms? bool mbGmms; // Send violation reports via gmms?
@ -790,7 +799,7 @@ public:
// ctor can set up some default values // ctor can set up some default values
cTWModeIC_i() : cTWModeCommon(), mbUpdate(false), mbPrintToStdout(true), mbEmail(false), mbEncryptReport(false), cTWModeIC_i() : cTWModeCommon(), mbUpdate(false), mbPrintToStdout(true), mbEmail(false), mbEncryptReport(false),
mSeverityLevel(-1), mbTrimBySeverity(false), mbAnal(false) mSeverityLevel(-1), mbTrimBySeverity(false), mbSecureMode(false)
#ifdef GMMS #ifdef GMMS
, mbGmms(false), mGmmsVerbosity(2) , mbGmms(false), mGmmsVerbosity(2)
#endif #endif
@ -1223,6 +1232,7 @@ int cTWModeIC::Execute(cErrorQueue* pQueue)
uint32 icFlags = 0; uint32 icFlags = 0;
icFlags |= ( mpData->mfLooseDirs ? cIntegrityCheck::FLAG_LOOSE_DIR : 0 ); icFlags |= ( mpData->mfLooseDirs ? cIntegrityCheck::FLAG_LOOSE_DIR : 0 );
icFlags |= ( mpData->mbResetAccessTime ? cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC : 0 ); icFlags |= ( mpData->mbResetAccessTime ? cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC : 0 );
icFlags |= ( mpData->mbDirectIO ? cIntegrityCheck::FLAG_DIRECT_IO : 0 );
ic.ExecuteOnObjectList( fcoNames, icFlags ); ic.ExecuteOnObjectList( fcoNames, icFlags );
@ -1354,6 +1364,7 @@ int cTWModeIC::Execute(cErrorQueue* pQueue)
uint32 icFlags = 0; uint32 icFlags = 0;
icFlags |= ( mpData->mfLooseDirs ? cIntegrityCheck::FLAG_LOOSE_DIR : 0 ); icFlags |= ( mpData->mfLooseDirs ? cIntegrityCheck::FLAG_LOOSE_DIR : 0 );
icFlags |= ( mpData->mbResetAccessTime ? cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC : 0 ); icFlags |= ( mpData->mbResetAccessTime ? cIntegrityCheck::FLAG_ERASE_FOOTPRINTS_IC : 0 );
icFlags |= ( mpData->mbDirectIO ? cIntegrityCheck::FLAG_DIRECT_IO : 0 );
ic.Execute( icFlags ); ic.Execute( icFlags );
@ -1531,7 +1542,7 @@ class cTWModeDbUpdate_i : public cTWModeCommon
{ {
public: public:
bool mbInteractive; // don't do interactive update; just integrate the report file bool mbInteractive; // don't do interactive update; just integrate the report file
bool mbAnal; // are we in anal mode? bool mbSecureMode; // are we in extra-pedantic mode?
//std::string mSitePassphrase; // pass phrase for site key //std::string mSitePassphrase; // pass phrase for site key
//bool mSiteProvided; //bool mSiteProvided;
@ -1544,7 +1555,7 @@ public:
cFCOReportHeader* mpReportHeader; cFCOReportHeader* mpReportHeader;
// ctor can set up some default values // ctor can set up some default values
cTWModeDbUpdate_i() : cTWModeCommon(), mbInteractive(true), mbAnal(true), /*mSiteProvided(false),*/ mpReport(0), mpDbFile(0), mpReportHeader(0) {} cTWModeDbUpdate_i() : cTWModeCommon(), mbInteractive(true), mbSecureMode(true), /*mSiteProvided(false),*/ mpReport(0), mpDbFile(0), mpReportHeader(0) {}
}; };
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
@ -1572,7 +1583,7 @@ void cTWModeDbUpdate::InitCmdLineParser(cCmdLineParser& cmdLine)
cmdLine.AddArg(cTWCmdLine::MODE_UPDATE_DB, TSTRING(_T("")), TSTRING(_T("update")), cCmdLineParser::PARAM_NONE); cmdLine.AddArg(cTWCmdLine::MODE_UPDATE_DB, TSTRING(_T("")), TSTRING(_T("update")), cCmdLineParser::PARAM_NONE);
cmdLine.AddArg(cTWCmdLine::ACCEPT_ALL, TSTRING(_T("a")), TSTRING(_T("accept-all")), cCmdLineParser::PARAM_NONE); cmdLine.AddArg(cTWCmdLine::ACCEPT_ALL, TSTRING(_T("a")), TSTRING(_T("accept-all")), cCmdLineParser::PARAM_NONE);
cmdLine.AddArg(cTWCmdLine::ANAL_LEVEL, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE); cmdLine.AddArg(cTWCmdLine::SECURE_MODE, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::EDITOR, TSTRING(_T("V")), TSTRING(_T("visual")), cCmdLineParser::PARAM_ONE); cmdLine.AddArg(cTWCmdLine::EDITOR, TSTRING(_T("V")), TSTRING(_T("visual")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::PARAMS, TSTRING(_T("")), TSTRING(_T("")), cCmdLineParser::PARAM_NONE); cmdLine.AddArg(cTWCmdLine::PARAMS, TSTRING(_T("")), TSTRING(_T("")), cCmdLineParser::PARAM_NONE);
@ -1601,15 +1612,15 @@ bool cTWModeDbUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine)
case cTWCmdLine::ACCEPT_ALL: case cTWCmdLine::ACCEPT_ALL:
mpData->mbInteractive = false; mpData->mbInteractive = false;
break; break;
case cTWCmdLine::ANAL_LEVEL: case cTWCmdLine::SECURE_MODE:
ASSERT(iter.NumParams() > 0); ASSERT(iter.NumParams() > 0);
if(iter.ParamAt(0).compare(_T("high")) == 0) if(iter.ParamAt(0).compare(_T("high")) == 0)
mpData->mbAnal = true; mpData->mbSecureMode = true;
else if(iter.ParamAt(0).compare(_T("low")) == 0) else if(iter.ParamAt(0).compare(_T("low")) == 0)
mpData->mbAnal = false; mpData->mbSecureMode = false;
else else
{ {
// invalid parameter to anal switch... // invalid parameter to secure mode switch...
// TODO -- print this to stderr; how do I display (1) the switch name // TODO -- print this to stderr; how do I display (1) the switch name
// and (2) the possible values? // and (2) the possible values?
// TODO -- move {high, low} somewhere else // TODO -- move {high, low} somewhere else
@ -1665,7 +1676,7 @@ bool cTWModeDbUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine)
void cTWModeDbUpdate::Init(const cTWModeIC_i* pICData, cFCODatabaseFile* dbFile, cFCOReportHeader* prh, cFCOReport* pReport, bool bEncryptDb) void cTWModeDbUpdate::Init(const cTWModeIC_i* pICData, cFCODatabaseFile* dbFile, cFCOReportHeader* prh, cFCOReport* pReport, bool bEncryptDb)
{ {
mpData->mbInteractive = true; // always interactive mpData->mbInteractive = true; // always interactive
mpData->mbAnal = pICData->mbAnal; mpData->mbSecureMode = pICData->mbSecureMode;
//mpData->mbBackup = pICData->mbBackup; //mpData->mbBackup = pICData->mbBackup;
mpData->mDbFile = pICData->mDbFile; mpData->mDbFile = pICData->mDbFile;
mpData->mLocalKeyFile = pICData->mLocalKeyFile; mpData->mLocalKeyFile = pICData->mLocalKeyFile;
@ -1821,7 +1832,7 @@ int cTWModeDbUpdate::Execute(cErrorQueue* pQueue)
udFlags |= ( mpData->mbResetAccessTime ? cUpdateDb::FLAG_ERASE_FOOTPRINTS_UD : 0 ); udFlags |= ( mpData->mbResetAccessTime ? cUpdateDb::FLAG_ERASE_FOOTPRINTS_UD : 0 );
cUpdateDb update( dbIter.GetDb(), *mpData->mpReport, pQueue ); cUpdateDb update( dbIter.GetDb(), *mpData->mpReport, pQueue );
if( (! update.Execute( udFlags )) && mpData->mbAnal ) if( (! update.Execute( udFlags )) && mpData->mbSecureMode )
{ {
// we will not perform the update; simply exit. // we will not perform the update; simply exit.
TCOUT << TSS_GetString( cTripwire, tripwire::STR_DB_NOT_UPDATED) << std::endl; TCOUT << TSS_GetString( cTripwire, tripwire::STR_DB_NOT_UPDATED) << std::endl;
@ -1906,10 +1917,10 @@ public:
TSTRING mTextPolFile; TSTRING mTextPolFile;
wc16_string mSitePassphrase; wc16_string mSitePassphrase;
bool mSiteProvided; bool mSiteProvided;
bool mbAnal; bool mbSecureMode;
// ctor can set up some default values // ctor can set up some default values
cTWModePolUpdate_i() : cTWModeCommon(), mSiteProvided(false), mbAnal(true) {} cTWModePolUpdate_i() : cTWModeCommon(), mSiteProvided(false), mbSecureMode(true) {}
}; };
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
@ -1937,7 +1948,7 @@ void cTWModePolUpdate::InitCmdLineParser(cCmdLineParser& cmdLine)
cmdLine.AddArg(cTWCmdLine::TEXT_POL_FILE, TSTRING(_T("")), TSTRING(_T("")), cCmdLineParser::PARAM_ONE); cmdLine.AddArg(cTWCmdLine::TEXT_POL_FILE, TSTRING(_T("")), TSTRING(_T("")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::LOCAL_PASSPHRASE,TSTRING(_T("P")), TSTRING(_T("local-passphrase")), cCmdLineParser::PARAM_ONE); cmdLine.AddArg(cTWCmdLine::LOCAL_PASSPHRASE,TSTRING(_T("P")), TSTRING(_T("local-passphrase")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::SITE_PASSPHRASE, TSTRING(_T("Q")), TSTRING(_T("site-passphrase")), cCmdLineParser::PARAM_ONE); cmdLine.AddArg(cTWCmdLine::SITE_PASSPHRASE, TSTRING(_T("Q")), TSTRING(_T("site-passphrase")), cCmdLineParser::PARAM_ONE);
cmdLine.AddArg(cTWCmdLine::ANAL_LEVEL, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE); cmdLine.AddArg(cTWCmdLine::SECURE_MODE, TSTRING(_T("Z")), TSTRING(_T("secure-mode")), cCmdLineParser::PARAM_ONE);
} }
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
@ -1973,15 +1984,15 @@ bool cTWModePolUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine
mpData->mSitePassphrase = cStringUtil::TstrToWstr(iter.ParamAt(0)); mpData->mSitePassphrase = cStringUtil::TstrToWstr(iter.ParamAt(0));
mpData->mSiteProvided = true; mpData->mSiteProvided = true;
break; break;
case cTWCmdLine::ANAL_LEVEL: case cTWCmdLine::SECURE_MODE:
ASSERT(iter.NumParams() > 0); ASSERT(iter.NumParams() > 0);
if(iter.ParamAt(0).compare(_T("high")) == 0) if(iter.ParamAt(0).compare(_T("high")) == 0)
mpData->mbAnal = true; mpData->mbSecureMode = true;
else if(iter.ParamAt(0).compare(_T("low")) == 0) else if(iter.ParamAt(0).compare(_T("low")) == 0)
mpData->mbAnal = false; mpData->mbSecureMode = false;
else else
{ {
// invalid parameter to anal switch... // invalid parameter to secure mode switch...
// TODO -- print this to stderr; how do I display (1) the switch name // TODO -- print this to stderr; how do I display (1) the switch name
// and (2) the possible values? // and (2) the possible values?
// TODO -- move {high, low} somewhere else // TODO -- move {high, low} somewhere else
@ -2026,7 +2037,6 @@ bool cTWModePolUpdate::Init(const cConfigFile& cf, const cCmdLineParser& cmdLine
if (cTWUtil::VerifyCfgSiteKey( mstrConfigFile, mpData->mSiteKeyFile ) == false) if (cTWUtil::VerifyCfgSiteKey( mstrConfigFile, mpData->mSiteKeyFile ) == false)
cTWUtil::PrintErrorMsg(eTWCfgUnencrypted(_T(""), eError::NON_FATAL|eError::SUPRESS_THIRD_MSG)); cTWUtil::PrintErrorMsg(eTWCfgUnencrypted(_T(""), eError::NON_FATAL|eError::SUPRESS_THIRD_MSG));
#if IS_UNIX #if IS_UNIX
// Set the cross file systems flag appropriately. // Set the cross file systems flag appropriately.
cFSDataSourceIter::SetFileSystemCrossing(mpData->mbCrossFileSystems); cFSDataSourceIter::SetFileSystemCrossing(mpData->mbCrossFileSystems);
@ -2133,11 +2143,13 @@ int cTWModePolUpdate::Execute(cErrorQueue* pQueue)
// //
cPolicyUpdate pu( genreIter->GetGenre(), dbIter.GetSpecList(), genreIter->GetSpecList(), dbIter.GetDb(), pQueue ); cPolicyUpdate pu( genreIter->GetGenre(), dbIter.GetSpecList(), genreIter->GetSpecList(), dbIter.GetDb(), pQueue );
uint32 puFlags = 0; uint32 puFlags = 0;
puFlags |= mpData->mbAnal ? cPolicyUpdate::ANAL : 0; puFlags |= mpData->mbSecureMode ? cPolicyUpdate::FLAG_SECURE_MODE : 0;
puFlags |= ( mpData->mbResetAccessTime ? cPolicyUpdate::FLAG_ERASE_FOOTPRINTS_PU : 0 ); puFlags |= ( mpData->mbResetAccessTime ? cPolicyUpdate::FLAG_ERASE_FOOTPRINTS_PU : 0 );
if( (! pu.Execute(puFlags)) && (mpData->mbAnal) ) puFlags |= ( mpData->mbDirectIO ? cPolicyUpdate::FLAG_DIRECT_IO : 0 );
if( (! pu.Execute(puFlags)) && (mpData->mbSecureMode) )
{ {
// they were in anal mode and errors occured; an error condition // they were in secure mode and errors occured; an error condition
TCOUT << TSS_GetString( cTripwire, tripwire::STR_ERR_POL_UPDATE) << std::endl; TCOUT << TSS_GetString( cTripwire, tripwire::STR_ERR_POL_UPDATE) << std::endl;
return 8; return 8;
} }
@ -2163,7 +2175,9 @@ int cTWModePolUpdate::Execute(cErrorQueue* pQueue)
// TODO -- turn pQueue into an error bucket // TODO -- turn pQueue into an error bucket
uint32 gdbFlags = 0; uint32 gdbFlags = 0;
gdbFlags |= ( mpData->mbResetAccessTime ? cGenerateDb::FLAG_ERASE_FOOTPRINTS_GD : 0 ); gdbFlags |= ( mpData->mbResetAccessTime ? cGenerateDb::FLAG_ERASE_FOOTPRINTS_GD : 0 );
gdbFlags |= ( mpData->mbDirectIO ? cGenerateDb::FLAG_DIRECT_IO : 0 );
cGenerateDb::Execute( dbIter.GetSpecList(), dbIter.GetDb(), dbIter.GetGenreHeader().GetPropDisplayer(), pQueue, gdbFlags ); cGenerateDb::Execute( dbIter.GetSpecList(), dbIter.GetDb(), dbIter.GetGenreHeader().GetPropDisplayer(), pQueue, gdbFlags );
//TODO -- what other prop displayer stuff do I have to do here? //TODO -- what other prop displayer stuff do I have to do here?

6
src/tripwire/twcmdline.h
View File

@ -131,7 +131,7 @@ public:
RULE_NAME, RULE_NAME,
GENRE_NAME, GENRE_NAME,
ACCEPT_ALL, // update db with entire report ACCEPT_ALL, // update db with entire report
ANAL_LEVEL, SECURE_MODE,
TEXT_POL_FILE, TEXT_POL_FILE,
LOCAL_PASSPHRASE, LOCAL_PASSPHRASE,
SITE_PASSPHRASE, SITE_PASSPHRASE,
@ -174,6 +174,7 @@ class cTWModeCommon
bool mbResetAccessTime; // do we reset access time when calculating properties of files? bool mbResetAccessTime; // do we reset access time when calculating properties of files?
bool mbLogToSyslog; // log significant events and level 0 reports to SYSLOG bool mbLogToSyslog; // log significant events and level 0 reports to SYSLOG
bool mbCrossFileSystems; // automatically recurse across mount points on Unis FS genre bool mbCrossFileSystems; // automatically recurse across mount points on Unis FS genre
bool mbDirectIO; // Use direct i/o when scanning files, if platform supports it.
cTextReportViewer::ReportingLevel mEmailReportLevel; // What level of email reporting we should use cTextReportViewer::ReportingLevel mEmailReportLevel; // What level of email reporting we should use
cMailMessage::MailMethod mMailMethod; // What mechanism should we use to send the report cMailMessage::MailMethod mMailMethod; // What mechanism should we use to send the report
@ -190,7 +191,8 @@ class cTWModeCommon
mfLooseDirs(false), mfLooseDirs(false),
mbResetAccessTime(false), mbResetAccessTime(false),
mbLogToSyslog(false), mbLogToSyslog(false),
mbCrossFileSystems(false) mbCrossFileSystems(false),
mbDirectIO(false)
{ {
} }
}; };

2
src/tripwire/updatedb.h
View File

@ -76,6 +76,8 @@ public:
// when this flag is set, UpdateDb will attempt // when this flag is set, UpdateDb will attempt
// undo any inadvertant modifications it may make // undo any inadvertant modifications it may make
// when executing. // when executing.
}; };
private: private:

2
src/tw/twstrings.h
View File

@ -73,7 +73,7 @@ TSS_BeginStringIds( tw )
STR_ENTER_LOCAL_PASSPHRASE, STR_ENTER_LOCAL_PASSPHRASE,
STR_ENTER_SITE_PASSPHRASE, STR_ENTER_SITE_PASSPHRASE,
STR_ENTER_PROVIDED_PASSPHRASE, STR_ENTER_PROVIDED_PASSPHRASE,
STR_DB_NOT_UPDATED, // db update not performed due to anal mode STR_DB_NOT_UPDATED, // db update not performed due to secure mode
STR_IGNORE_PROPS, // ignoring properties STR_IGNORE_PROPS, // ignoring properties
STR_NOT_IMPLEMENTED, STR_NOT_IMPLEMENTED,
STR_REPORT_EMPTY, STR_REPORT_EMPTY,