From 5c3ab2b73fed34c577ed470b0f282cd8061adcd8 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 24 Feb 2010 16:03:14 +0200 Subject: [PATCH] Load host OS info from the configuration. --- src/suricata.c | 3 +++ src/util-host-os-info.c | 60 +++++++++++++++++++++++++++++++++++++++++ src/util-host-os-info.h | 1 + suricata.yaml | 14 ++++++++++ 4 files changed, 78 insertions(+) diff --git a/src/suricata.c b/src/suricata.c index 9cde7b1a31..fdea746f50 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -629,6 +629,9 @@ int main(int argc, char **argv) * logging module. */ SCLogLoadConfig(); + /* Load the Host-OS lookup. */ + SCHInfoLoadFromConfig(); + if (run_mode == MODE_UNKNOWN) { usage(argv[0]); exit(EXIT_FAILURE); diff --git a/src/util-host-os-info.c b/src/util-host-os-info.c index 8a8f4669c8..4117081f10 100644 --- a/src/util-host-os-info.c +++ b/src/util-host-os-info.c @@ -10,6 +10,8 @@ #include "stream-tcp-private.h" #include "stream-tcp-reassemble.h" +#include "conf.h" + #include "util-enum.h" #include "util-unittest.h" @@ -366,6 +368,32 @@ void SCHInfoCleanResources(void) return; } +/** + * \brief Load the host os policy information from the configuration. + */ +void SCHInfoLoadFromConfig(void) +{ + ConfNode *root = ConfGetNode("host-os-policy"); + if (root == NULL) + return; + + ConfNode *policy; + TAILQ_FOREACH(policy, &root->head, next) { + ConfNode *host; + TAILQ_FOREACH(host, &policy->head, next) { + int is_ipv4 = 1; + if (index(host->val, ':') != NULL) + is_ipv4 = 0; + if (SCHInfoAddHostOSInfo(policy->name, host->val, is_ipv4) == -1) { + SCLogError(SC_ERR_INVALID_ARGUMENT, + "Failed to add host \"%s\" with policy \"%s\" to host " + "info database", host->val, policy->name); + exit(EXIT_FAILURE); + } + } + } +} + /*------------------------------------Unit_Tests------------------------------*/ #ifdef UNITTESTS @@ -954,6 +982,36 @@ int SCHInfoTestValidIPV4Address09(void) return result; } +/** + * \test Check the loading of host info from a configuration file. + */ +int SCHInfoTestLoadFromConfig01(void) +{ + char config[] = "\ +%YAML 1.1\n\ +---\n\ +host-os-policy:\n\ + windows: [10.0.0.0/8, 192.168.1.0/24]\n\ + linux: [10.0.0.5/32]\n\ +\n"; + + ConfCreateContextBackup(); + ConfInit(); + ConfYamlLoadString(config, strlen(config)); + + SCHInfoLoadFromConfig(); + if (SCHInfoGetHostOSFlavour("10.0.0.4") != OS_POLICY_WINDOWS) + return 0; + if (SCHInfoGetHostOSFlavour("10.0.0.5") != OS_POLICY_LINUX) + return 0; + if (SCHInfoGetHostOSFlavour("192.168.1.1") != OS_POLICY_WINDOWS) + return 0; + + ConfDeInit(); + ConfRestoreContextBackup(); + + return 1; +} #endif /* UNITTESTS */ @@ -980,6 +1038,8 @@ void SCHInfoRegisterTests(void) SCHInfoTestValidIPV6Address08, 1); UtRegisterTest("SCHInfoTestValidIPV4Address09", SCHInfoTestValidIPV4Address09, 1); + UtRegisterTest("SCHInfoTestLoadFromConfig01", + SCHInfoTestLoadFromConfig01, 1); #endif /* UNITTESTS */ diff --git a/src/util-host-os-info.h b/src/util-host-os-info.h index 33e3629526..61cecdda85 100644 --- a/src/util-host-os-info.h +++ b/src/util-host-os-info.h @@ -13,6 +13,7 @@ int SCHInfoGetHostOSFlavour(char *); int SCHInfoGetIPv4HostOSFlavour(uint8_t *); int SCHInfoGetIPv6HostOSFlavour(uint8_t *); void SCHInfoCleanResources(void); +void SCHInfoLoadFromConfig(void); void SCHInfoRegisterTests(void); #endif /* __UTIL_HOST_OS_INFO_H__ */ diff --git a/suricata.yaml b/suricata.yaml index 3a1995a6a2..ef8c23dbab 100644 --- a/suricata.yaml +++ b/suricata.yaml @@ -364,3 +364,17 @@ vars: ORACLE_PORTS: 1521 SSH_PORTS: 22 + +host-os-policy: + + bsd: [] + old_linux: [] + linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000:0000"] + solaris: ["::1"] + hpux10: [] + hpux11: [] + irix: [] + macos: [] + windows: [192.168.1.0/24, 192.168.2.0/24] + vista: [] + windows2k3: []