1 /*
2  * AIDE (Advanced Intrusion Detection Environment)
3  *
4  * Copyright (C) 1999-2002, 2006, 2016, 2020-2021 Rami Lehti, Pablo Virolainen,
5  *               Richard van den Berg, Hannes von Haugwitz
6  *
7  * This program is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU General Public License as
9  * published by the Free Software Foundation; either version 2 of the
10  * License, or (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful, but
13  * WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License along
18  * with this program; if not, write to the Free Software Foundation, Inc.,
19  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20  */
21 
22 #ifndef _RX_RULE_H_INCLUDED
23 #define  _RX_RULE_H_INCLUDED
24 
25 #include "attributes.h"
26 #include "seltree_struct.h"
27 #include <sys/stat.h>
28 #include <pcre.h>
29 
30 #define RESTRICTION_TYPE unsigned int
31 #define FT_REG   (1U<<0) /* file */
32 #define FT_DIR   (1U<<1) /* dir */
33 #define FT_FIFO  (1U<<2) /* fifo */
34 #define FT_LNK   (1U<<3) /* link */
35 #define FT_BLK   (1U<<4) /* block device */
36 #define FT_CHR   (1U<<5) /* char device */
37 #define FT_SOCK  (1U<<6) /* socket */
38 #define FT_DOOR  (1U<<7) /* door */
39 #define FT_PORT  (1U<<8) /* port */
40 #define FT_NULL  0U
41 
42 typedef struct rx_rule {
43   char* rx; /* Regular expression in text form */
44   pcre* crx; /* Compiled regexp */
45   DB_ATTR_TYPE attr; /* Which attributes to save */
46   seltree *node;
47   char *config_filename;
48   int config_linenumber;
49   char *config_line;
50   RESTRICTION_TYPE restriction;
51 } rx_rule;
52 
53 RESTRICTION_TYPE get_restriction_from_char(char);
54 RESTRICTION_TYPE get_restriction_from_perm(mode_t);
55 char get_file_type_char_from_perm(mode_t);
56 char get_restriction_char(RESTRICTION_TYPE);
57 
58 typedef enum {
59     AIDE_NEGATIVE_RULE=0,
60     AIDE_SELECTIVE_RULE=1,
61     AIDE_EQUAL_RULE=2,
62 } AIDE_RULE_TYPE;
63 
64 char* get_rule_type_long_string(AIDE_RULE_TYPE);
65 char* get_rule_type_char(AIDE_RULE_TYPE);
66 
67 /* memory for the returned string is obtained with malloc(3), and should be freed with free(3). */
68 char *get_restriction_string(RESTRICTION_TYPE);
69 
70 #endif /* RX_RULE_H_INCLUDED */
71