search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
indent dump_dns.c
[prads.git] / src / config.c
blob0c1678a01058e449954e4f258cf4efcbaa562fa1
1 /*
2 ** This file is a part of PRADS.
3 **
4 ** Copyright (C) 2010, Edward Fjellskål <edward.fjellskaal@redpill-linpro.com>
5 ** Copyright (C) 2010, Kacper Wysocki <kacper.wysocki@redpill-linpro.com>
6 ** Adopted from PADS by Matt Shelton
7 ** Copyright (C) 2004 Matt Shelton <matt@mattshelton.com>
8 **
9 ** This program is free software; you can redistribute it and/or modify
10 ** it under the terms of the GNU General Public License as published by
11 ** the Free Software Foundation; either version 2 of the License, or
12 ** (at your option) any later version.
13 **
14 ** This program is distributed in the hope that it will be useful,
15 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
16 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 ** GNU General Public License for more details.
18 **
19 ** You should have received a copy of the GNU General Public License
20 ** along with this program; if not, write to the Free Software
21 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 **
23 */
24
25 /* I N C L U D E S *********************************************************/
26 #include "common.h"
27 #include "prads.h"
28 #include "sys_func.h"
29 #include "config.h"
30 #include "mac.h"
31 #include "sig.h"
32
33 /* G L O B A L E S *********************************************************/
34 extern globalconfig config;
35
36 /* F U N C T I O N S ********************************************************/
37 void display_config()
38 {
39 olog("[*] OS checks enabled:");
40 if (IS_COSET(&config,CO_SYN)) olog (" SYN");
41 if (IS_COSET(&config,CO_SYNACK)) olog (" SYNACK");
42 if (IS_COSET(&config,CO_RST)) olog (" RST");
43 if (IS_COSET(&config,CO_FIN)) olog (" FIN");
44 if (IS_COSET(&config,CO_ACK)) olog (" ACK");
45 olog("\n");
46
47 olog("[*] Service checks enabled:");
48 if (IS_CSSET(&config,CS_TCP_SERVER)) olog (" TCP-SERVER");
49 if (IS_CSSET(&config,CS_TCP_CLIENT)) olog (" TCP-CLIENT");
50 if (IS_CSSET(&config,CS_UDP_SERVICES)) olog (" UDP-SERVICES");
51 if (IS_CSSET(&config,CS_ICMP)) olog (" ICMP");
52 if (IS_CSSET(&config,CS_ARP)) olog (" ARP");
53 if (IS_CSSET(&config,CS_MAC)) olog (" MAC");
54 olog("\n");
55
56 return;
57 }
58
59 void free_config()
60 {
61 if (config.dev != NULL) free (config.dev);
62 if (config.cfilter.bf_insns != NULL) free (config.cfilter.bf_insns);
63 // Grr - no nice way to tell if the settings comes from configfile or not :/
64 if (config.pidfile != NULL) free(config.pidfile);
65 if (config.user_name != NULL) free(config.user_name);
66 if (config.group_name != NULL) free(config.group_name);
67 if (config.bpff != NULL) free(config.bpff);
68 }
69
70 void set_default_config_options()
71 {
72 config.ctf |= CO_SYN;
73 config.ctf |= CO_RST;
74 config.ctf |= CO_FIN;
75 config.ctf |= CO_ACK;
76 config.ctf |= CO_SYNACK;
77 //config.ctf |= CO_ICMP;
78 //config.ctf |= CO_UDP;
79 //config.ctf |= CO_OTHER;
80 config.cof |= CS_TCP_SERVER;
81 config.cof |= CS_TCP_CLIENT;
82 config.cof |= CS_UDP_SERVICES;
83 config.cof |= CS_MAC;
84 config.dev = strdup("eth0");
85 config.bpff = strdup("");
86 config.dpath = "/tmp";
87 config.pidfile = strdup("/var/run/prads.pid");
88 config.assetlog= strdup(LOGDIR PRADS_ASSETLOG);
89 config.fifo = NULL;
90 // default source net owns everything
91 config.s_net = DEFAULT_NETS ;
92 config.errbuf[0] = '\0';
93 config.configpath = CONFDIR "";
94 // files should be relative to configpath somehow
95 config.sig_file_syn = CONFDIR "tcp-syn.fp";
96 config.sig_file_synack = CONFDIR "tcp-synack.fp";
97 config.sig_file_ack = CONFDIR "tcp-stray-ack.fp";
98 config.sig_file_fin = CONFDIR "tcp-fin.fp";
99 config.sig_file_rst = CONFDIR "tcp-rst.fp";
100 config.sig_file_mac = CONFDIR "mac.sig";
101 config.sig_file_serv_tcp = CONFDIR "tcp-service.sig";
102 config.sig_file_serv_udp = CONFDIR "udp-service.sig";
103 config.sig_file_cli_tcp = CONFDIR "tcp-clients.sig";
104 config.sig_syn = NULL;
105 config.sig_synack = NULL;
106 config.sig_ack = NULL;
107 config.sig_fin = NULL;
108 config.sig_rst = NULL;
109 config.sig_mac = NULL;
110 config.sig_hashsize = SIG_HASHSIZE;
111 config.mac_hashsize = MAC_HASHSIZE;
112 // don't chroot by default
113 config.chroot_dir = NULL;
114 }
115
116 void parse_config_file(bstring fname)
117 {
118 FILE *fp;
119 bstring filedata;
120 struct bstrList *lines;
121 int i;
122 vlog(0x3, "config - Processing '%s'.", bdata(fname));
123
124 if ((fp = fopen((char *)bdata(fname), "r")) == NULL) {
125 elog("Unable to open configuration file - %s\n", bdata(fname));
126 return;
127 }
128
129 filedata = bread ((bNread) fread, fp);
130 if ((lines = bsplit(filedata, '\n')) != NULL) {
131 for (i = 0; i < lines->qty; i++) {
132 parse_line(lines->entry[i]);
133 }
134 }
135
136 bdestroy(filedata);
137 bstrListDestroy(lines);
138 fclose(fp);
139 }
140
141 void parse_line (bstring line)
142 {
143 bstring param, value;
144 struct bstrList *list;
145 int i;
146 /* Check to see if this line has something to read. */
147 if (line->data[0] == '\0' || line->data[0] == '#')
148 return;
149
150 /* Check to see if this line has a comment in it. */
151 if ((list = bsplit(line, '#')) != NULL) {
152 if ((bassign(line, list->entry[0])) == -1) {
153 elog("warning: 'bassign' in function 'parse_line' failed.\n");
154 }
155 if (list != NULL)
156 bstrListDestroy(list);
157 }
158
159 /* Separate line into a parameter and a value. */
160 if ((i = bstrchr(line, '=')) == BSTR_ERR)
161 return;
162 if ((param = bmidstr(line, 0, i)) == NULL)
163 return;
164 if ((value = bmidstr(line, i + 1, line->slen - i)) == NULL)
165 return;
166
167 /* Normalize Strings */
168 if ((btolower(param)) != 0)
169 elog("warning: 'btolower' in function 'parse_line' failed.\n");
170 if ((bltrim(value)) != 0)
171 elog("warning: 'bltrim' in function 'parse_line' failed.\n");
172 if ((brtrim(value)) != 0)
173 elog("warning: 'brtrim' in function 'parse_line' failed.\n");
174
175 /* Do something based upon value. */
176 if ((biseqcstr(param, "daemon")) == 1) {
177 /* DAEMON */
178 if (!config.daemon_flag) {
179 if (value->data[0] == '1')
180 config.daemon_flag = 1;
181 else
182 config.daemon_flag = 0;
183 }
184 } else if ((biseqcstr(param, "mac")) == 1) {
185 /* MAC CHECK */
186 if (value->data[0] == '1')
187 config.cof |= CS_MAC;
188 else
189 config.cof &= ~CS_MAC;
190 } else if ((biseqcstr(param, "arp")) == 1) {
191 /* ARP CHECK */
192 if (value->data[0] == '1')
193 config.cof |= CS_ARP;
194 else
195 config.cof &= ~CS_ARP;
196 } else if ((biseqcstr(param, "service_tcp")) == 1) {
197 /* TCP Service check */
198 if (value->data[0] == '1')
199 config.cof |= CS_TCP_SERVER;
200 else
201 config.cof &= ~CS_TCP_SERVER;
202 } else if ((biseqcstr(param, "client_tcp")) == 1) {
203 /* TCP Client check */
204 if (value->data[0] == '1')
205 config.cof |= CS_TCP_CLIENT;
206 else
207 config.cof &= ~CS_TCP_CLIENT;
208 } else if ((biseqcstr(param, "service_udp")) == 1) {
209 /* UPD service and client checks */
210 if (value->data[0] == '1')
211 config.cof |= CS_UDP_SERVICES;
212 else
213 config.cof &= ~CS_UDP_SERVICES;
214 } else if ((biseqcstr(param, "os_icmp")) == 1) {
215 /* ICMP OS Fingerprinting */
216 if (value->data[0] == '1')
217 config.ctf |= CO_ICMP;
218 else
219 config.ctf &= ~CO_ICMP;
220 } else if ((biseqcstr(param, "os_udp")) == 1) {
221 /* UDP OS Fingerprinting */
222 if (value->data[0] == '1')
223 config.ctf |= CO_UDP;
224 else
225 config.ctf &= ~CO_UDP;
226 } else if ((biseqcstr(param, "service_udp")) == 1) {
227 /* UPD service and client checks */
228 if (value->data[0] == '1')
229 config.cof |= CS_UDP_SERVICES;
230 else
231 config.cof &= ~CS_UDP_SERVICES;
232 } else if ((biseqcstr(param, "os_syn_fingerprint")) == 1) {
233 /* TCP SYN OS Fingerprinting */
234 if (value->data[0] == '1')
235 config.ctf |= CO_SYN;
236 else
237 config.ctf &= ~CO_SYN;
238 } else if ((biseqcstr(param, "os_synack_fingerprint")) == 1) {
239 /* TCP SYNACK OS Fingerprinting */
240 if (value->data[0] == '1')
241 config.ctf |= CO_SYNACK;
242 else
243 config.ctf &= ~CO_SYNACK;
244 } else if ((biseqcstr(param, "os_ack_fingerprint")) == 1) {
245 /* TCP Stray ACK OS Fingerprinting */
246 if (value->data[0] == '1')
247 config.ctf |= CO_ACK;
248 else
249 config.ctf &= ~CO_ACK;
250 } else if ((biseqcstr(param, "os_rst_fingerprint")) == 1) {
251 /* TCP RST OS Fingerprinting */
252 if (value->data[0] == '1')
253 config.ctf |= CO_RST;
254 else
255 config.ctf &= ~CO_RST;
256 } else if ((biseqcstr(param, "os_fin_fingerprint")) == 1) {
257 /* TCP FIN OS Fingerprinting */
258 if (value->data[0] == '1')
259 config.ctf |= CO_FIN;
260 else
261 config.ctf &= ~CO_FIN;
262
263 } else if ((biseqcstr(param, "pid_file")) == 1) {
264 /* PID FILE */
265 free(config.pidfile);
266 config.pidfile = bstr2cstr(value, '-');
267 } else if ((biseqcstr(param, "asset_log")) == 1) {
268 /* PRADS ASSET LOG */
269 if(config.assetlog) free(config.assetlog);
270 config.assetlog = bstr2cstr(value,'-');
271 } else if ((biseqcstr(param, "fifo")) == 1) {
272 /* FIFO path */
273 config.fifo = bstr2cstr (value, '-');
274 } else if ((biseqcstr(param, "sig_file_serv_tcp")) == 1) {
275 /* SIGNATURE FILE */
276 config.sig_file_serv_tcp = bstr2cstr(value, '-');
277 } else if ((biseqcstr(param, "sig_file_cli_tcp")) == 1) {
278 /* SIGNATURE FILE */
279 config.sig_file_cli_tcp = bstr2cstr(value, '-');
280 } else if ((biseqcstr(param, "sig_file_serv_udp")) == 1) {
281 /* SIGNATURE FILE */
282 config.sig_file_serv_udp = bstr2cstr(value, '-');
283 } else if ((biseqcstr(param, "sig_file_cli_udp")) == 1) {
284 /* SIGNATURE FILE */
285 config.sig_file_cli_udp = bstr2cstr(value, '-');
286 } else if ((biseqcstr(param, "mac_file")) == 1) {
287 /* MAC / VENDOR RESOLUTION FILE */
288 config.sig_file_mac = bstr2cstr(value, '-');
289 } else if ((biseqcstr(param, "output")) == 1) {
290 /* OUTPUT */
291 //conf_module_plugin(value, &activate_output_plugin);
292 } else if ((biseqcstr(param, "user")) == 1) {
293 /* USER */
294 config.user_name = bstr2cstr(value, '-');
295 } else if ((biseqcstr(param, "group")) == 1) {
296 /* GROUP */
297 config.group_name = bstr2cstr(value, '-');
298 } else if ((biseqcstr(param, "interface")) == 1) {
299 /* INTERFACE */
300 free(config.dev);
301 config.dev = bstr2cstr(value, '-');
302 } else if ((biseqcstr(param, "bpfilter")) == 1) {
303 /* FILTER */
304 free(config.bpff);
305 config.bpff = bstr2cstr(value, '-');
306
307 // } else if ((biseqcstr(param, "network")) == 1) {
308 // /* NETWORK */
309 // parse_networks((unsigned char *)bdata(value));
310 // } else if ((biseqcstr(param, "hide_unknowns")) == 1) {
311 // /* UNKNOWN */
312 // if (!config.hide_unknowns) {
313 // if (value->data[0] == '1')
314 // config.hide_unknowns = 1;
315 // else
316 // config.hide_unknowns = 0;
317 // }
318 }
319
320 vlog(0x3,"config - PARAM: |%s| / VALUE: |%s|\n", bdata(param), bdata(value));
321
322 /* Clean Up */
323 if (param != NULL)
324 bdestroy(param);
325 if (value != NULL)
326 bdestroy(value);
327 }
328
329 /* ----------------------------------------------------------
330 * FUNCTION : bltrim
331 * DESCRIPTION : This function will trim the whitespace from
332 * : the left side of a string.
333 * INPUT : 0 - String
334 * ---------------------------------------------------------- */
335 int bltrim (bstring string)
336 {
337 int i;
338 int len = 0;
339
340 /* Find Whitespace */
341 for (i = 0; i < string->slen; i++) {
342 if (string->data[i] == ' ' || string->data[i] == '\t')
343 len++;
344 else
345 break;
346 }
347
348 /* Remove Whitespace */
349 if (len > 0)
350 bdelete(string, 0, len);
351
352 return 0;
353 }
354
355 /* ----------------------------------------------------------
356 * FUNCTION : brtrim
357 * DESCRIPTION : This function will trim the whitespace from
358 * : the right side of a string.
359 * INPUT : 0 - String
360 * ---------------------------------------------------------- */
361 int brtrim (bstring string)
362 {
363 int i;
364 int len = 0;
365
366 /* Find Whitespace */
367 for (i = (string->slen - 1); i > 0; i--) {
368 if (string->data[i] == ' ' || string->data[i] == '\t')
369 len++;
370 else
371 break;
372 }
373
374 /* Remove Whitespace */
375 if (len > 0)
376 bdelete(string, i + 1, len);
377
378 return 0;
379 }
380
PRADS is a Passive Real-time Asset Detection System. It passively listen to network traffic and gathers information on hosts and services it sees on the network.