From 885fe14f305348c73fb843d528f912be0ddd9350 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Wed, 8 Jul 2015 18:16:03 -0300 Subject: [PATCH] Adds AuditLogWriter{Serial,Parallel} classes Furhter those classes will be used to persist (or send) the auditlogs. --- src/Makefile.am | 3 +++ src/audit_log.cc | 28 ++++++++++++++++++-- src/audit_log.h | 6 +++-- src/audit_log_writer.cc | 33 +++++++++++++++++++++++ src/audit_log_writer.h | 45 ++++++++++++++++++++++++++++++++ src/audit_log_writer_parallel.cc | 23 ++++++++++++++++ src/audit_log_writer_parallel.h | 34 ++++++++++++++++++++++++ src/audit_log_writer_serial.cc | 37 ++++++++++++++++++++++++++ src/audit_log_writer_serial.h | 44 +++++++++++++++++++++++++++++++ 9 files changed, 249 insertions(+), 4 deletions(-) create mode 100644 src/audit_log_writer.cc create mode 100644 src/audit_log_writer.h create mode 100644 src/audit_log_writer_parallel.cc create mode 100644 src/audit_log_writer_parallel.h create mode 100644 src/audit_log_writer_serial.cc create mode 100644 src/audit_log_writer_serial.h diff --git a/src/Makefile.am b/src/Makefile.am index 8bccd6bb..c8ff5df7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -81,6 +81,9 @@ libmodsecurity_la_SOURCES = \ parser/driver.cc \ assay.cc \ audit_log.cc \ + audit_log_writer.cc \ + audit_log_writer_serial.cc \ + audit_log_writer_parallel.cc \ modsecurity.cc \ rules.cc \ utils.cc \ diff --git a/src/audit_log.cc b/src/audit_log.cc index 4e2a3a94..68805da2 100644 --- a/src/audit_log.cc +++ b/src/audit_log.cc @@ -1,4 +1,4 @@ -/** +/* * ModSecurity, http://www.modsecurity.org/ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) * @@ -24,6 +24,8 @@ #include #include +#include "src/audit_log_writer_parallel.h" +#include "src/audit_log_writer_serial.h" #define PARTS_CONSTAINS(a, c) \ if (new_parts.find(toupper(a)) != std::string::npos \ @@ -101,7 +103,29 @@ bool AuditLog::setType(AuditLogType audit_type) { bool AuditLog::init() { - return true; + if (m_type == ParallelAuditLogType) { + m_writer = new AuditLogWriterParallel(); + } + + if (m_type == SerialAuditLogType) { + m_writer = new AuditLogWriterSerial(); + } + + if (m_writer == NULL || m_writer->init() == false) { + std::cout << "not able to open the log for write." << std::endl; + return false; + } + + /* Sanity check */ + if (m_status == RelevantOnlyAuditLogStatus) { + if (m_relevant.empty()) { + std::cout << "m_relevant cannot be null while status is " << \ + "RelevantOnly" << std::endl; + return false; + } + } + + return true; } diff --git a/src/audit_log.h b/src/audit_log.h index fd376f79..9a6e2a0b 100644 --- a/src/audit_log.h +++ b/src/audit_log.h @@ -1,4 +1,4 @@ -/** +/* * ModSecurity, http://www.modsecurity.org/ * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) * @@ -23,6 +23,7 @@ #define SRC_AUDIT_LOG_H_ #include "modsecurity/assay.h" +#include "src/audit_log_writer.h" #ifdef __cplusplus @@ -39,6 +40,7 @@ class AuditLog { m_parts(AAuditLogPart | BAuditLogPart | CAuditLogPart | FAuditLogPart | HAuditLogPart | ZAuditLogPart), m_type(ParallelAuditLogType), + m_writer(NULL), m_relevant("") { } @@ -174,7 +176,7 @@ class AuditLog { AuditLogType m_type; std::string m_relevant; -// AuditLogWriter *m_writer; + AuditLogWriter *m_writer; }; } // namespace ModSecurity diff --git a/src/audit_log_writer.cc b/src/audit_log_writer.cc new file mode 100644 index 00000000..cda49dae --- /dev/null +++ b/src/audit_log_writer.cc @@ -0,0 +1,33 @@ +/** + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "src/audit_log_writer.h" + +#include + +#include "src/audit_log.h" + +namespace ModSecurity { + +std::string AuditLogWriter::file_name(const std::string& unique_id) { + time_t timer; + time(&timer); + + /** TODO: return file with time stamp and etc. */ + return std::string("/tmp/temp_audit_log_file.txt"); +} + + +} // namespace ModSecurity diff --git a/src/audit_log_writer.h b/src/audit_log_writer.h new file mode 100644 index 00000000..5441073b --- /dev/null +++ b/src/audit_log_writer.h @@ -0,0 +1,45 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#ifndef SRC_AUDIT_LOG_WRITER_H_ +#define SRC_AUDIT_LOG_WRITER_H_ + +#ifdef __cplusplus +#include +#include +#include +#include +#endif + +#ifdef __cplusplus + +namespace ModSecurity { + +/** @ingroup ModSecurity_CPP_API */ +class AuditLogWriter : public std::ofstream { + public: + AuditLogWriter() { } + + virtual bool close() { return true; } + virtual bool init() { return true; } + virtual bool write(const std::string& log) { return true; } + + std::string file_name(const std::string& unique_id); +}; + +} // namespace ModSecurity +#endif + +#endif // SRC_AUDIT_LOG_WRITER_H_ diff --git a/src/audit_log_writer_parallel.cc b/src/audit_log_writer_parallel.cc new file mode 100644 index 00000000..3f12fd56 --- /dev/null +++ b/src/audit_log_writer_parallel.cc @@ -0,0 +1,23 @@ +/** + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "src/audit_log_writer_parallel.h" + + +namespace ModSecurity { + + + +} // namespace ModSecurity diff --git a/src/audit_log_writer_parallel.h b/src/audit_log_writer_parallel.h new file mode 100644 index 00000000..796ab9ef --- /dev/null +++ b/src/audit_log_writer_parallel.h @@ -0,0 +1,34 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#ifndef SRC_AUDIT_LOG_WRITER_PARALLEL_H_ +#define SRC_AUDIT_LOG_WRITER_PARALLEL_H_ + +#include "src/audit_log_writer.h" + +#ifdef __cplusplus + +namespace ModSecurity { + +/** @ingroup ModSecurity_CPP_API */ +class AuditLogWriterParallel : public AuditLogWriter { + public: + AuditLogWriterParallel() { } +}; + +} // namespace ModSecurity +#endif + +#endif // SRC_AUDIT_LOG_WRITER_PARALLEL_H_ diff --git a/src/audit_log_writer_serial.cc b/src/audit_log_writer_serial.cc new file mode 100644 index 00000000..b1c02b61 --- /dev/null +++ b/src/audit_log_writer_serial.cc @@ -0,0 +1,37 @@ +/** + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "src/audit_log_writer_serial.h" + +#include "src/audit_log.h" + +namespace ModSecurity { + + +bool AuditLogWriterSerial::init() { + return true; +} + + +bool AuditLogWriterSerial::close() { + return true; +} + + +bool AuditLogWriterSerial::write(const std::string& log) { + return true; +} + +} // namespace ModSecurity diff --git a/src/audit_log_writer_serial.h b/src/audit_log_writer_serial.h new file mode 100644 index 00000000..eff58782 --- /dev/null +++ b/src/audit_log_writer_serial.h @@ -0,0 +1,44 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#ifdef __cplusplus +#include +#include +#include +#endif + +#ifndef SRC_AUDIT_LOG_WRITER_SERIAL_H_ +#define SRC_AUDIT_LOG_WRITER_SERIAL_H_ + +#include "src/audit_log_writer.h" + +#ifdef __cplusplus + +namespace ModSecurity { + +/** @ingroup ModSecurity_CPP_API */ +class AuditLogWriterSerial : public AuditLogWriter { + public: + AuditLogWriterSerial() { } + + bool init() override; + bool close() override; + bool write(const std::string& log) override; +}; + +} // namespace ModSecurity +#endif + +#endif // SRC_AUDIT_LOG_WRITER_SERIAL_H_