-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhancement/72 remove ossechids conditional directives from the code #80
Enhancement/72 remove ossechids conditional directives from the code #80
Conversation
@@ -169,13 +169,11 @@ static void loop_all_pids(const char *ps, pid_t max_pid, int *_errors, int *_tot | |||
} | |||
|
|||
/* If we are run in the context of OSSEC-HIDS, sleep here (no rush) */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
@@ -38,7 +38,6 @@ int notify_rk(int rk_type, const char *msg) | |||
return (0); | |||
} | |||
|
|||
#ifdef OSSECHIDS | |||
/* When running in context of OSSEC-HIDS, send problem to the rootcheck queue */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
help_rootcheck(home_path); | ||
break; | ||
} | ||
} | ||
#ifdef WIN32 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove also this block.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If they work, I think we can keep these functions. Please test them, for example in version 4.9.0 (remove the ifdef
so they compile), and we will see what to do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tested with version 4.9.0
, and the port check doesn't do anything, it just prints a message with printf
. This check is performed according to the default agent configuration setting:
<localfile>
<log_format>full_command</log_format>
<command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
<alias>netstat listening ports</alias>
<frequency>360</frequency>
</localfile>
The port check of Rootcheck has been removed.
9dace30
to
b8ed3fa
Compare
Related issue:
Description
This PR adds the changes to delete the use of the OSSECHIDS conditional directive and remove any unnecessary code used along with these directives.