Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37749792
en ru br
Репозитории ALT

Группа :: Система/Настройка/Прочее
Пакет: alterator-audit

 Главная   Изменения   Спек   Патчи   Исходники   Загрузить   Gear   Bugs and FR  Repocop 

alterator-audit-0.3.0/000075500000000000000000000000001230111162100145755ustar00rootroot00000000000000alterator-audit-0.3.0/Makefile000064400000000000000000000005541230111162100162410ustar00rootroot00000000000000NAME=audit
DESCRIPTION="System Audit"

INSTALL=/usr/bin/install

all:
clean:
install: install-backend install-ui install-data

install-data:
	install -d $(sysconfdir)/sysconfig/alterator-audit/templates
	cp -a template/* $(sysconfdir)/sysconfig/alterator-audit/templates

include /usr/share/alterator/build/ui2.mak
include /usr/share/alterator/build/backend.mak


alterator-audit-0.3.0/applications/000075500000000000000000000000001230111162100172635ustar00rootroot00000000000000alterator-audit-0.3.0/applications/audit.desktop000064400000000000000000000003171230111162100217650ustar00rootroot00000000000000[Desktop Entry]
Type=Application
Categories=X-Alterator-System
Terminal=false
Name=Audit
Icon=audit
X-Alterator-URI=/audit
X-Alterator-Weight=20
X-Alterator-Help=audit
Name[ru]=п║п╦я│я┌п╣п╪п╫я▀п╧ п░я┐п╢п╦я┌
alterator-audit-0.3.0/backend3/000075500000000000000000000000001230111162100162475ustar00rootroot00000000000000alterator-audit-0.3.0/backend3/audit000075500000000000000000000517661230111162100173220ustar00rootroot00000000000000#!/bin/bash

CONFIGDIR="/etc/sysconfig/alterator-audit"
RULES_NAME="$CONFIGDIR/names"
RULES="$CONFIGDIR/rules"
FILTERS="$CONFIGDIR/filters"
TEMPLATES="$CONFIGDIR/templates"

alterator_api_version=1
. alterator-sh-functions
. alterator-service-functions
. shell-config

daemon_status()
{
	if service_control "auditd" is-enabled && service_control "auditd" is-active; then
		write_string_param auditd_status "Active"
	else
		write_string_param auditd_status "Inactive"
	fi
}

daemon_on()
{
	if service_control "auditd" is-enabled && service_control "auditd" is-active; then
		service_control "auditd" condstop
		/etc/init.d/auditd stop
		service_control "auditd" off
	else
		auditctl "-D"
		service_control "auditd" on
		service_control "auditd" start || :
	fi
	daemon_status
}

list_report()
{
	head= 
	size=0
	write_enum_item "auth"
	write_enum_item "avc"
	write_enum_item "config"
	write_enum_item "crypto"
	write_enum_item "event"
	write_enum_item "file"
	write_enum_item "host"
#	write_enum_item "input"		#TODO <file>
	write_enum_item "login"
	write_enum_item "mods"
	write_enum_item "mac"
	write_enum_item "pid"
	write_enum_item "response"
	write_enum_item "syscall"
	write_enum_item "terminal"
	write_enum_item "user"
	write_enum_item "executable"
}

list_size_page()
{
	write_enum_item "20" "`_ "20 lines"`"
	write_enum_item "30" "`_ "30 lines"`"
	write_enum_item "50" "`_ "50 lines"`"
	write_enum_item "100" "`_ "100 lines"`"
}

list_time()
{
	write_enum_item " "		#all
	write_enum_item "now"		#я│п╣п╧я┤п╟я│
	write_enum_item "recent"	#10 п╪п╦п╫ п╫п╟п╥п╟п╢
	write_enum_item "today"		#я│п╣пЁп╬п╢п╫я▐
	write_enum_item "yesterday"
	write_enum_item "this-week"
	write_enum_item "this-month"
	write_enum_item "this-year"
	write_enum_item "another"
}

read_log()
{
	aurep_data="$(aureport $parameters --input-logs | sed -n $(($1+1))','$2'p')"
	if [ "$(echo "$aurep_data" | sed -n '6p')" = '<no events of interest were found>' ]; then
		aurep_data= 
		return
	fi
	if [ "$(echo "$aurep_data" | sed -n '1p')" = 'usage: aureport [options]' ];then
		aurep_data= 
		return
	fi
}

config_log()
{
	snum=1
	fnum=$(($snum + $in_size_page - 1))
	nstr=1000
	d_nstr=500
	dn_str=0
	parameters="--$in_report $(create_params)"
	all_lines="$(($(aureport $parameters --input-logs | wc -l) -5))"

	read_log 0 $(($nstr+5))

	data_head="$(echo "$aurep_data" | sed -n '4p')"
	head= 
	size=0
	for name in $data_head
	do
		if [ -n "$head" ]; then
			head="$head;$name"
		else
			head="$name"
		fi
		size=$(($size + 1))
	done
	
	aurep_data="$(echo "$aurep_data" | sed '1,5d')"

	if [ -n "$(echo "$in_parameter" | tr -d ' ')" ];then
		advance_search
		all_lines="$(echo "$aurep_data" | wc -l)"
		nstr=$(($all_lines+$d_nstr))
	fi
	
	write_string_param all_lines "$all_lines"
	write_string_param select_line "$snum"
}

advance_search()
{
	aurep_data="$(aureport $parameters --input-logs | sed '1,5d')"
	for search in $in_parameter
	do
		aurep_data="$(echo "$aurep_data" | grep "$search")"
	done
}

title_logtable()
{
	if [ -z "$head" ]; then head="Log Audit"; fi
	echo "$size $head"
}

list_table()
{
	if [ -n "$aurep_data" ]; then
		if [ $fnum -gt $nstr ] || [ $snum -lt $dn_str ]; then
			nstr=$snum
			local low=$(($snum-$d_nstr+5))
			local high=$(($snum+$d_nstr+5))
			test $low -lt 5 && low=5 && high=$(($snum+$d_nstr+5))
			read_log $low $high
			dn_str=$(($snum-$d_nstr))
			test $dn_str -lt 5 && dn_str=0
		fi

		local data_page="$(echo "$aurep_data" | sed -n $(($snum-$dn_str))','$(($fnum-$dn_str))'p' | tr '\n' ' ' | sed -e 's/ \{1,\}/;;/g')"
	  	write_enum_item "$data_page"
  	else
	  	write_enum_item "Empty Log;;"
	fi
}

page_table()
{
	local psize=$in_size
	if [ "$in_page" = 'back' ]; then
		snum=$(($snum - $psize))
		fnum=$(($fnum - $psize))
		if [ $snum -lt 1 ]; then
			snum=1
			fnum=$psize
		fi
	elif [ "$in_page" = 'next' ]; then
		if [ $fnum -lt $all_lines ]; then
			snum=$(($fnum + 1))
			fnum=$(($fnum + $psize))
		fi
	elif [ "$in_page" = 'size' ]; then
			snum=$snum
			fnum=$(($snum + $psize -1))
	else
		if [ $in_page -le $all_lines ]; then
			snum=$in_page
			fnum=$(($snum + $psize - 1))
		fi
	fi
	write_string_param select_line "$snum"
	write_string_param prev_num "$snum"
}

create_params()
{
	local params= 
	if [ "$in_interplet" = '#t' ]; then params="-i"; fi
	if [ "$in_success" = '#t' ]; then params="$params --success"; fi
	if [ "$in_failed" = '#t' ]; then params="$params --failed"; fi

	if [ "$in_time" = '#t' ]; then
		if [ "$in_start_time" != ' ' ]; then
			if [ "$in_start_time" != 'another' ]; then
				params="$params -ts $in_start_time"
			else
				params="$(echo $params -ts "$(echo $in_s_date | sed -e 's/^.\{2\}//' | awk -F'-' '{print $2,$3,$1}' | tr ' ' '/')" "$in_s_time")"
			fi
		fi
		if [ "$in_end_time" != ' ' ]; then
			if [ "$in_end_time" != 'another' ]; then
				params="$params -te $in_end_time"
			else
				params="$(echo $params -te "$(echo $in_e_date | sed -e 's/^.\{2\}//' | awk -F'-' '{print $2,$3,$1}' | tr ' ' '/')" "$in_e_time")"
			fi
		fi
	fi
	if [ "$in_summary" = '#t' ]; then params="$params --summary"; fi
	echo $params
}

save_log()
{
	if [ -z "$in_path" ];then
		write_error "`_ "Empty path"`"
		return
	fi
	echo "$(echo "$head" | tr ';' ' ')" > "$in_path"
	if ! [ -f "$in_path" ];then
		write_error "`_ "Can't create file in $in_path"`"
		return
	fi
	if [ "$in_full" = "full" ];then
		if [ $nstr = $(($all_lines+$d_nstr)) ];then
			echo "$aurep_data" >> "$in_path"
		else
			read_log 5 $(($all_lines+5))
		fi
	elif [ "$in_full" = "page" ];then
		echo "$(echo "$aurep_data" | sed -n $(($snum-$dn_str))','$(($fnum-$dn_str))'p')" >> "$in_path"
	fi

}

edit_config()
{
	local number=$(grep -n $1'=' "$CONFIGDIR/config" | awk -F':' '{print $1}')
	sed -i $number"i $1=$2" "$CONFIGDIR/config"
	sed -i $(($number+1))'d' "$CONFIGDIR/config"
}

check_name_params()
{
	local number=$(grep -n $in_name'::' $FILTERS | awk -F':' '{print $1}')
	if [ -z "$number" ]; then
		number=$(grep -n '::'"$(create_params)" $FILTERS | awk -F':' '{print $1}')
	fi
	echo "$number"
}

list_filter_log()
{
	local name= value=
	cat $FILTERS | while read line
	do
		name="$(echo $line | awk -F'::' '{print $1}')"
		value="$(echo $line | awk -F'::' '{print $2}')"
		write_enum_item "$value" "$name"
#		write_table_item "$(echo $line | awk -F'::' '{print $1}')" "$(echo $line | awk -F'::' '{print $2}')"
	done
}

change_filter()
{
	case "$in_mode" in
		"save") save_filter "add"
		;;
		"del") delete_filter
		;;
		"chan")	save_filter "ch"
		;;
	esac
	list_filter_log
}

save_filter()
{
	local params="$(create_params)"
	params="$in_name::$in_report $params"
#	if [ "$in_fo_search" = '#t' ]; then
#		params="$params --options="
#		while read fil
#		do
#			params="$params$in_fil_list"
#		done < <(echo $in_fil_list)
	if [ -n "$in_parameter" ];then
		params="$params --options=$in_parameter"
	fi
	if [ "$1" = "add" ];then
		echo "$params" >> $FILTERS
	else
		if [ $in_number != -1 ];then
			sed -i $(($in_number+1))"i $params" $FILTERS
			sed -i $(($in_number+2))'d' $FILTERS
		fi
	fi
}

delete_filter()
{
	if [ -n "$in_number" ];then
		sed -i $(($in_number+1))'d' $FILTERS
	fi
}

init_filter()
{
	local report="$(echo $in_params | awk -F' ' '{print $1}')"
	local start_time="$(echo $in_params | grep "ts " | sed -r 's/.*-ts ([^ ]+).*/\1/')"
	local end_time="$(echo $in_params | grep "te " | sed -r 's/.*-te ([^ ]+).*/\1/')"
	local s_date= s_time= e_date= e_time= 

	if [ -n "$(echo $start_time | grep '/')" ]; then
		start_time="another"
		s_date="$(echo "$in_params" | grep "ts " | sed -r 's/.*-ts ([^-]+).*/\1/')"
		s_time="$(echo "$s_date" | awk -F' ' '{print $2}')"
		s_date="$(echo "$s_date" | awk -F' ' '{print $1}' | awk -F'/' '{print $3,$1,$2}' | tr ' ' '-')"
		if [ $(echo $s_date | cut -c 1) -eq 9 ];then
			s_date="19$s_date"
		else
			s_date="20$s_date"
		fi
	fi
	if [ -n "$(echo $end_time | grep '/')" ]; then
		end_time="another"
		e_date="$(echo "$in_params" | grep "te " | sed -r 's/.*-te ([^-]+).*/\1/')"
		e_time="$(echo "$e_date" | awk -F' ' '{print $2}')"
		e_date="$(echo "$e_date" | awk -F' ' '{print $1}' | awk -F'/' '{print $3,$1,$2}' | tr ' ' '-')"
		if [ $(echo $e_date | cut -c 1) -eq 9 ];then
			e_date="19$e_date"
		else
			e_date="20$e_date"
		fi
	fi

	local options="$(echo "$in_params" | grep "options" | sed -r 's/.*--options=([^-]+).*/\1/')"
#	if [ -n "$options" ]; then
#		write_string_param 

	write_string_param report "$report"
	write_string_param start_time "$start_time"
	write_string_param end_time "$end_time"
	write_string_param s_date "$s_date"
	write_string_param e_date "$e_date"
	write_string_param s_time "$s_time"
	write_string_param e_time "$e_time"
	write_string_param search_param "$options"
}


#================================rules================



list_all_rules()
{
	local list="$(cat $RULES)"
#	local list=$(/sbin/auditctl -l | awk -F:  '{print $2}')
	if [ -z "$(echo $list|tr -d '/n')" ];then return;fi
	local stat_= i=1 name= j=1
	while read rule
	do
		name="$(sed -n $i'p' $RULES_NAME)"

		test "$(echo "$rule"|cut -c1)" != '#' && stat_="on" || rule="$(echo "$rule"|cut -c2-)"
		if [ -z "$name" ]; then
			name="rule_$j"
			j=$(($j+1))
		fi
		write_table_item name "$rule" rule "$name" check "$stat_"
		name=
		stat_= 
		i=$(($i+1))
	done < <(echo "$list")
}

delete_rule()
{
	if [ "$in_option" = "del_all" ];then
		auditctl -D
		cat /dev/null > $RULES
		cat /dev/null > $RULES_NAME
		return
	fi

	test $in_num -lt 0 && return

	local rule="$(sed -n $(($in_num+1))'p' $RULES)"
	local active=true
#	local rule="$in_rule"
	test "$(echo "$rule"|cut -c1)" = '#' && active=false
	local param_rule="$(echo "$rule" | awk -F' ' '{print $1}')"
	rule="$(echo "$rule" |cut -d ' ' -f 2- )"
	test $param_rule = '-w' && rule="-W $rule" || rule="-d $rule"

	local err= 
	if service_control "auditd" is-active; then err="$(auditctl $rule 2>&1)";fi
	if [ -n "$err" ] && $active;then
		write_error "`_ "Error deleting rules!"`""
                                 $err"
		echo "err"
		return
	fi
	
	sed -i $(($in_num+1))'d' $RULES_NAME
	sed -i $(($in_num+1))'d' $RULES
}

new_rule_simple()
{
	local err="$(auditctl -w "$1" -p $2 2>&1)"
	test -n "$err" && write_error "`_ "Error creating rule!"`""
				$err" && return
	local rule="$in_path -p $2"
	if [ -z "$err" ];then
		if [ "$in_add_rule" = 'add' ];then
			echo "-w $rule" >> $RULES
			echo "$in_name" >> $RULES_NAME
		else
			test -n delete_rule && return
			rule="-w $rule"
			sed -i $(($in_num+1))"i $rule" $RULES
			sed -i $(($in_num+1))"i $in_name" $RULES_NAME
		fi
	else
		write_error "`_ "Error creating rule: Path not found!"`"
		return
	fi
#	new_rule_name
}

new_rule()
{
	test -z "$in_name" && write_error "`_ "Empty name"`" && return
#	test -n "$(grep -x $in_name $RULES_NAME)" && write_error "`_ "This name is already exists"`" && return
	local perm=$(echo "$in_perm" | grep -o "[rwxa]" | tr -d '\n')
	test -z "$perm" && perm="rwxa"
	test "$in_expert" = '#t' && new_rule_expert || new_rule_simple "$in_path" $perm
}

config_rule()
{
	local rule="$(echo "$in_rule" | cut -c2-)"
	local i=1 param= value=
	permiss="rwxa"
	syscall=

	local string="$(echo "$rule" | awk -F'-' -F' -' '{print $1}')"

	while [ -n "$string" ]
	do
		param="$(echo "$string" | awk -F' ' '{print $1}')"
		value="$(echo "$string" | cut -c3-)"
		check_param "$param" "$value"
		i=$(($i+1))
		string="$(echo "$rule" | awk -F'-' -F' -' '{print $'$i'}')"
	done
	
	write_string_param rule_syscall "$syscall"
	test_permiss "$permiss"
}

activate_rule()
{
	if [ $in_num != -1 ];then
		local rule="$(sed -n $(($in_num+1))'p' $RULES)"
		test "$in_stat" = '#f' && rule="#$rule" || rule="$(echo "$rule"|cut -c2-)"
		sed -i $(($in_num+1))"i $rule" $RULES
		sed -i $(($in_num+2))'d' $RULES
	fi
}

reload_rules()
{
	auditctl -D
	auditctl -R $RULES
}

test_path()
{
	write_string_param path_file "$1"
	if [ -d "$1" ];then
		write_bool_param check_file false
		return
	elif [ -f "$1" ];then
		write_bool_param check_file true
	else
		write_error "`_ "Error rule: Path not found!"`"
	fi
	syscall="all"
}

test_permiss()
{
	test -n "$(echo "$1" | grep 'r')" && write_bool_param perm_r true || write_bool_param perm_r false
	test -n "$(echo "$1" | grep 'w')" && write_bool_param perm_w true || write_bool_param perm_w false
	test -n "$(echo "$1" | grep 'x')" && write_bool_param perm_x true || write_bool_param perm_x false
	test -n "$(echo "$1" | grep 'a')" && write_bool_param perm_a true || write_bool_param perm_a false
}

check_param()
{
	case "$1" in
		w)
			test_path "$2"
			write_string_param rule_list 'exit'
			write_string_param rule_action 'always'
		;;
		p)
			permiss="$2"
		;;
		a)
			write_string_param rule_list "$(echo "$2" | awk -F, '{print $1}')"
			write_string_param rule_action "$(echo "$2" | awk -F, '{print $2}')"
		;;
		F)
			local cond="$(echo $2 | grep -o "[!=<>&]")"
			local fil="$(echo $2 | awk -F$cond '{print $1}')"
			local val="$(echo $2 | awk -F$cond '{print $2}')"
			case $fil in
				perm)
					permiss="$val"
				;;
				dir|path)
					test_path "$val"
				;;
			esac
		;;
		S)
			test $2 = 'all' || syscall="$syscall $2"
		;;

	esac
}


#==============expert rules==============

list_rules()
{
	write_enum_item "task"
	write_enum_item "entry"
	write_enum_item "exit"
	write_enum_item "user"
	write_enum_item "exclude"
}

list_filters()
{
	local rule="$(echo "$in_rule" | cut -c2-)"
	test -z $rule && return
	local string="$(echo "$rule" | awk -F'-' -F' -' '{print $1}')"
        local i=1 param= value= 
	local fil= val= cond= 
	
	while [ -n "$string" ]
	do
		param="$(echo "$string" | awk -F' ' '{print $1}')"
		value="$(echo "$string" | cut -c3-)"
		case "$param" in
			F)
				cond="$(echo "$value" | grep -o "[!=<>&]")"
				fil="$(echo "$value" | awk -F$cond '{print $1}')"
				val="$(echo "$value" | awk -F$cond '{print $2}')"
				write_table_item name "$value" label "$fil" check "$cond" summary "$val"
			;;
			w)
				test -d "$value" && 
					write_table_item name "dir=$value" label "dir" check "=" summary "$value" ||
					write_table_item name "path=$value" label "path" check "=" summary "$value"
			;;
			p)
				write_table_item name "perm=$value" label "perm" check "=" summary "$value"
			;;
		esac
		i=$(($i+1))
		string="$(echo "$rule" | awk -F'-' -F' -' '{print $'$i'}')"
	done
}

list_all_filters()
{

	write_enum_item "dir"
	write_enum_item "path"
	write_enum_item "perm"
	write_enum_item "arch"
	write_enum_item "auid"
	write_enum_item "devmajor"
	write_enum_item "devminor"
	write_enum_item "egid"
	write_enum_item "euid"
	write_enum_item "exit"
	write_enum_item "fsgid"
	write_enum_item "fsuid"
	write_enum_item "gid"
	write_enum_item "inode"
	write_enum_item "key"
	write_enum_item "msgtype"
	write_enum_item "obj_user"
	write_enum_item "obj_role"
	write_enum_item "obj_type"
	write_enum_item "obj_lev_low"
	write_enum_item "obj_lev_high"
	write_enum_item "path"
	write_enum_item "perm"
	write_enum_item "pers"
	write_enum_item "pid"
	write_enum_item "ppid"
	write_enum_item "subj_user"
	write_enum_item "subj_role"
	write_enum_item "subj_type"
	write_enum_item "subj_sen"
	write_enum_item "subj_clr"
	write_enum_item "sgid"
	write_enum_item "success"
	write_enum_item "suid"
	write_enum_item "uid"
	write_enum_item "a0"
	write_enum_item "a1"
	write_enum_item "a2"
	write_enum_item "a3"
}

list_all_conditions()
{
	write_enum_item "="
	write_enum_item "!="
	write_enum_item "<"
	write_enum_item ">"
	write_enum_item "<="
	write_enum_item ">="
	write_enum_item "&"
	write_enum_item "&="
}


new_rule_name()
{
	local number=1
	local size_rules=$(wc -l $RULES_NAME | awk -F' ' '{print $1}')
	if [ $in_count > $size_rules ]; then
		for ((i=$size_rules;i<$in_count+1;i++))
		do
			echo >> $RULES_NAME
		done
	fi
#	echo >> $CONFIGDIR/Rules

	local num=$(echo $(grep -nx $in_name $RULES_NAME) | awk -F':' '{print $1}')
	if [ -z "$num" ];then
		if [ "$in_option" = "first" ];then
			sed -i '1i' "$in_name" $RULES_NAME
		else
			number=$(($in_count + 1))
			if [ "$size_rules" = "0" ];then number=$in_count;fi
			sed -i $number"i $in_name" $RULES_NAME
			sed -i $(($number+1))',$d' $RULES_NAME
		fi
	fi
	#"$in_name" "$CONFIGDIR/Rules"
#	echo "$in_name" >> $CONFIGDIR/Rules
}

new_rule_expert()
{
	local err= 
	local fil_list=$(echo "$in_filter_name" | tr ';' '\n')
	local fil_cond=$(echo "$in_filter_cond" | tr ';' '\n')
	local fil_val=$(echo "$in_filter_val" | tr ';' '\n')
	local rule= 
	
	if [ -z "$in_rule" ]; then
		write_error "`_ "Empty type of rule!"`"
		return;fi
	
	if [ -n "$in_action" ];then
		rule="$in_rule,$in_action"
	else
		rule="$in_rule,always"
	fi

	if [ "$in_option" = "syscall_all" ];then
		rule="$rule -S all"
	elif [ -n "$in_syscall" ];then
		rule="${rule}$(echo " $in_syscall" | sed 's/ \{1,\}/ /g' | sed 's/[ \t]*$//' | sed 's/ / -S /g')"
	elif [ -z "$in_filter_name"]; then
		write_error "`_ "Empty filters list!"`"
		return
	fi

	local value= cond= i=1
	while read filter
	do
		value=$(echo "$fil_val" | sed -n $i'p')
		cond=$(echo "$fil_cond" | sed -n $i'p')
		test -n "$filter" && rule="$rule -F $filter$cond$value"
		i=$(($i+1))
	done < <(echo "$fil_list")
	if [ -n "$in_name" ]; then
		err="$(auditctl -a $rule 2>&1)"
		local info="$(echo "$err" | tr -d '\n' | cut -c1)"
		if [ -z "$info" ];then
			if [ "$in_add_rule" = 'add' ];then
				echo "-a $rule" >> $RULES
				echo "$in_name" >> $RULES_NAME
			else
				test -n delete_rule && return
				rule="-a $rule"
				sed -i $(($in_num+1))"i $rule" $RULES
				sed -i $(($in_num+1))"i $in_name" $RULES_NAME
			fi
		else
		   case "$info" in
			W)
				rule="$(echo $(auditctl -l) | awk -F',| ' '{print $2}'),$(echo "$rule" | cut -d ',' -f 2-)"
				if [ "$in_add_rule" = 'add' ];then
					echo "-a $rule" >> $RULES
					echo "$in_name" >> $RULES_NAME
				else
					test -n delete_rule && return
					rule="-a $rule"
					sed -i $(($in_num+1))"i $rule" $RULES
					sed -i $(($in_num+1))"i $in_name" $RULES_NAME
				fi
			;;
			*)
				write_error "$err"
				return
			;;
		   esac
		fi
	fi
}

clean_all()
{
	write_string_param rule_action "#f"
	write_string_param filters ""
	write_string_param condition ""
	write_string_param rule_list ""
	write_string_param filter_val ""
	write_string_param name ""
}

on_message() {

    case "$in_action" in
        list)
          case "$in__objects" in
            title_table)
              title_logtable | write_enum
            ;;
#    	    filters_list)
#	      list_filters | write_enum
#	    ;;
          esac
          ;;
	read)
	;;
    esac
}


#-----------------------------templates-------------------------------------

list_templates()
{
	ls -1 "$TEMPLATES" | while read line
	do
		if [ "$line" != "system" ] && [ -z "$(echo "$line"|grep '.names')" ];then write_enum_item "$line";fi
	done

	ls -1 "$TEMPLATES/system" | while read line
	do
		write_enum_item "system/$line"
	done
}

templates()
{
	if [ "$in_what" = 'load' ];then template_load
	elif [ "$in_what" = 'save' ]; then template_save
	elif [ "$in_what" = 'remove' ]; then template_remove
	fi
}


template_load()
{
	if [ "$in_addend" != '#f' ];then
		write_error "`_ "rule: $in_template!"`"
#		auditctl -D
#		cat /dev/null > "$TEMPLATES/$in_template"
#		cat /dev/null > "$TEMPLATES/$in_template"".names"
		return
	fi
	
#	local list=$(/sbin/auditctl -l | awk -F:  '{print $2}')
	local list="$(cat $TEMPLATES/$in_template)"
#	local all_names="$(cat "$TEMPLATES/$in_template"".names")"
	local i=1 name= err=
	while read rule
	do
		err="$(auditctl $rule 2>&1)"
#		if [ -z "$all_name" ];then
			name="$(echo "$in_template"|tr '/' '_')_$i"
#		else
#			name="$(sed -n $i'p' $all_names)"
#		fi
		if [ -z "$err" ];then 
#			echo "-a$(echo $(auditctl -l | tail -n 1)| awk -F:  '{print $2}')" >> $RULES
			echo "$rule" >> $RULES
			echo "$name" >> $RULES_NAME
		else
			write_error "`_ "Error creating rules!"`""
			                ERR: $err"
			return
		fi
		name= 
		i=$(($i+1))
	done < <(echo "$list")
}

template_save()
{
	local file="$TEMPLATES/$in_name"
	if [ "$in_addend" != '#f' ];then
		if [ -n "$(echo "$in_template"|grep "^system/")" ];then
			write_error "`_ "Impossible to change. This is a systemic template!"`"
			return
		fi
		if [ -z "$in_name" ];then
			write_error "`_ "Empty name"`"
			return
		fi
		file="$TEMPLATES/$in_template"
		cat /dev/null > "$file"
		cat /dev/null > "$file"".names"
	fi
	echo "$(cat $RULES)" >> "$file"
	echo "$(cat $RULES_NAME)" >> "$file"".names"
}

template_remove()
{
	if [ -n "$(echo "$in_template"|grep "^system/")" ];then
		write_error "`_ "Impossible to remove. This is a systemic template!"`"
		return
	fi
	rm -f "$TEMPLATES/$in_template"
	rm -f "$TEMPLATES/$in_template"".names"
}

alterator_export_proc list_templates
alterator_export_proc templates

alterator_export_proc daemon_status
alterator_export_proc daemon_on

alterator_export_proc list_table
alterator_export_proc list_report
alterator_export_proc list_time
alterator_export_proc config_log
alterator_export_proc save_log
#alterator_export_proc init_config

alterator_export_proc page_table
alterator_export_proc list_size_page
alterator_export_proc list_search
alterator_export_proc change_filter
alterator_export_proc list_filter_log
alterator_export_proc init_filter

alterator_export_proc list_filters
alterator_export_proc new_rule
alterator_export_proc delete_rule
alterator_export_proc list_rules
alterator_export_proc activate_rule
alterator_export_proc reload_rules

alterator_export_proc list_all_rules
alterator_export_proc list_all_filters
alterator_export_proc list_all_conditions
alterator_export_proc config_rule
alterator_export_proc clean_all


message_loop
alterator-audit-0.3.0/template/000075500000000000000000000000001230111162100164105ustar00rootroot00000000000000alterator-audit-0.3.0/template/system/000075500000000000000000000000001230111162100177345ustar00rootroot00000000000000alterator-audit-0.3.0/template/system/at_configure000064400000000000000000000000641230111162100223240ustar00rootroot00000000000000-w /var/spool/at 
-w /etc/at.allow 
-w /etc/at.deny
alterator-audit-0.3.0/template/system/audit_configure000064400000000000000000000001711230111162100230250ustar00rootroot00000000000000-w /etc/audit/auditd.conf -p wa
-w /etc/audit/audit.rules -p wa
-w /etc/libaudit.conf -p wa
-w /etc/default/auditd -p wa
alterator-audit-0.3.0/template/system/audit_log000064400000000000000000000000601230111162100216220ustar00rootroot00000000000000-w /var/log/audit/ 
-w /var/log/audit/audit.log
alterator-audit-0.3.0/template/system/cron_tasks000064400000000000000000000003501230111162100220230ustar00rootroot00000000000000-w /etc/cron.allow -p wa 
-w /etc/cron.deny -p wa 
-w /etc/cron.d/ -p wa 
-w /etc/cron.daily/ -p wa 
-w /etc/cron.hourly/ -p wa 
-w /etc/cron.monthly/ -p wa 
-w /etc/cron.weekly/ -p wa 
-w /etc/crontab -p wa
-w /var/spool/cron/root
alterator-audit-0.3.0/template/system/hostnames000064400000000000000000000000241230111162100216540ustar00rootroot00000000000000-w /etc/hosts -p wa
alterator-audit-0.3.0/template/system/init.d000064400000000000000000000000541230111162100210430ustar00rootroot00000000000000-w /etc/init.d/
-w /etc/init.d/auditd -p wa
alterator-audit-0.3.0/template/system/ld.conf000064400000000000000000000000561230111162100212030ustar00rootroot00000000000000-w /etc/ld.so.conf.d
-w /etc/ld.so.conf -p wa
alterator-audit-0.3.0/template/system/localtime000064400000000000000000000000301230111162100216210ustar00rootroot00000000000000-w /etc/localtime -p wa
alterator-audit-0.3.0/template/system/modprobe000064400000000000000000000000241230111162100214620ustar00rootroot00000000000000-w /etc/modprobe.d/
alterator-audit-0.3.0/template/system/pam.d000064400000000000000000000000171230111162100206540ustar00rootroot00000000000000-w /etc/pam.d/
alterator-audit-0.3.0/template/system/ssh_server000064400000000000000000000000301230111162100220330ustar00rootroot00000000000000-w /etc/ssh/sshd_config
alterator-audit-0.3.0/template/system/sysctl000064400000000000000000000000321230111162100211730ustar00rootroot00000000000000-w /etc/sysctl.conf -p wa
alterator-audit-0.3.0/template/system/system_login000064400000000000000000000001261230111162100223720ustar00rootroot00000000000000-w /etc/login.defs -p wa 
-w /etc/securetty 
-w /var/log/faillog 
-w /var/log/lastlog
alterator-audit-0.3.0/template/system/system_users000064400000000000000000000000721230111162100224230ustar00rootroot00000000000000-w /etc/group -p wa 
-w /etc/passwd -p wa 
-w /etc/shadow
alterator-audit-0.3.0/ui/000075500000000000000000000000001230111162100152125ustar00rootroot00000000000000alterator-audit-0.3.0/ui/audit/000075500000000000000000000000001230111162100163205ustar00rootroot00000000000000alterator-audit-0.3.0/ui/audit/index.scm000064400000000000000000000226641230111162100201450ustar00rootroot00000000000000(document:surround "/std/frame")

(define (ui-init)
   (form-update-enum "report" (woo-list "/audit/list_report"))
   (form-update-enum "size_page" (woo-list "/audit/list_size_page"))
   (form-update-enum "filters" (woo-list "/audit/list_filter_log"))
   (form-update-enum "start_time" (woo-list "/audit/list_time"))
   (form-update-enum "end_time" (woo-list "/audit/list_time"))
   (let ((data (woo-read-first "/audit/daemon_status")))
      (daemon text (woo-get-option data 'auditd_status)))
   (update-header_log)
)

(define (daemon_turn_off)
   (let ((data (woo-read-first "/audit/daemon_on")))
      (daemon text (woo-get-option data 'auditd_status))))
  

(define (update-header_log)
  (tabels rows-clear)
  (form-update-visibility "tabel" #f)

  (map (lambda(data)
	 (simple-notify tabels 'action "new"
		 		'parent group_tab
				'columns (woo-get-option data 'name)
		 		'type "listbox"
	 ))
       (woo-list "/audit/title_table"))
   
  (map (lambda(data)
	  (tabels columns (woo-get-option data 'name)
		  header (woo-get-option data 'label)
		  ))
	(woo-list "/audit/title_table"))
)

(define (update-table)
  (let ((data (woo-read-first "/audit/config_log" 
			      	     'report (form-value "report")
				     'size_page (form-value "size_page")
				     'summary (form-value "fo_summary")
				     'success (form-value "fo_success")
				     'failed (form-value "fo_failed")
				     'interplet (form-value "fo_interplet")
				     'time (form-value "fo_time")
				     'start_time (form-value "start_time")
				     's_time (form-value "s_time")
				     's_date (form-value "s_date")
				     'end_time (form-value "end_time")
				     'e_time (form-value "e_time")
				     'e_date (form-value "e_date")
				     'parameter (form-value "search_param")
				     )))
    (form-update-value-list '("all_lines" "select_line") data))
  (update-header_log)
  (tabels enumref "/audit/list_table")
  (simple-notify tabels 'action "create-event" 'value "clicked")
  (form-update-value "prev_num" 1)
)

(define (setting_rules)
  (frame:replace "/audit/rules")
)

(define (visible_start_time)
  (if (and (equal? (form-value "start_time") "another")
	   (form-value "fo_time"))
    (begin
      (form-update-visibility "s_date" #t)
      (form-update-visibility "s_time" #t))
    (begin
      (form-update-visibility "s_date" #f)
      (form-update-visibility "s_time" #f)))
  )

(define (visible_end_time)
  (if (and (equal? (form-value "end_time") "another")
	   (form-value "fo_time"))
    (begin
      (form-update-visibility "e_date" #t)
      (form-update-visibility "e_time" #t))
    (begin
      (form-update-visibility "e_date" #f)
      (form-update-visibility "e_time" #f)))
  )

(define (show_time)
  (form-update-visibility "start_time" (form-value "fo_time"))
  (form-update-visibility "end_time" (form-value "fo_time"))
  (form-update-visibility "label_start_time" (form-value "fo_time"))
  (form-update-visibility "label_end_time" (form-value "fo_time"))
  (visible_start_time)
  (visible_end_time))

;---------------------------list all filters---------------
(define (select_filter)
  (form-update-value "name" (filters text))
  (if (string-contains (form-value "filters") "--failed")
    (form-update-value "fo_failed" #t)
    (form-update-value "fo_failed" #f))
  (if (string-contains (form-value "filters") "--success")
    (form-update-value "fo_success" #t)
    (form-update-value "fo_success" #f))
  (if (string-contains (form-value "filters") "--summary")
    (form-update-value "fo_summary" #t)
    (form-update-value "fo_summary" #f))
  (if (string-contains (form-value "filters") "-i")
    (form-update-value "fo_interplet" #t)
    (form-update-value "fo_interplet" #f))
  (if (string-contains (form-value "filters") (or "-ts" "-te"))
    (form-update-value "fo_time" #t)
    (form-update-value "fo_time" #f))
;  (if (string-contains (form-value "filters") "--options")
;    (form-update-value "fo_search" #t)
;    (form-update-value "fo_search" #f))
  
  (let ((data (woo-read "/audit/init_filter" 'params (filters value))))
    (form-update-value-list '("report"
			      "start_time" "end_time"
			      "s_date" "s_time" "e_date" "e_time"
			      "search_param"
			      ) data))
  (show_time)
;  (form-update-visibility "advance_search" (form-value "fo_search"))
)

(define (change_filter mode)
  (form-update-enum "filters" 
		    (woo-list "/audit/change_filter"
				  'mode mode
				  'number (filters current)
			          'name (form-value "name")
				  'report (form-value "report")
				  'summary (form-value "fo_summary")
				  'success (form-value "fo_success")
				  'failed (form-value "fo_failed")
				  'interplet (form-value "fo_interplet")
				  'time (form-value "fo_time")
				  'start_time (form-value "start_time")
				  's_time (form-value "s_time")
				  's_date (form-value "s_date")
				  'end_time (form-value "end_time")
				  'e_time (form-value "e_time")
				  'e_date (form-value "e_date")
				  'parameter (form-value "search_param")
				)
  )
)

(define (f_change_page data)
  (form-update-value-list '("select_line" "prev_num") (woo-read "/audit/page_table" 'page data
										    'size (form-value "size_page")))
  (tabels enumref "/audit/list_table")
)

(define (save_log data)
  (catch/message
    (lambda()
      (woo-write "/audit/save_log" 'full data
	     		       'path (form-value "path_log")
			       ))
    )
  )

;---------------------------addvance search------------
;(define (config_filter)
;  (fil value (list_fo_search text))
;  (fil_check value (car(list_fo_search row-item (list (list_fo_search current) 1))))
;  (fil_val value (car(list_fo_search row-item (list (list_fo_search current) 2))))
;  (form-update-visibility "change_fo_search" #t)
;  (form-update-visibility "delete_fo_search" #t)
;  (form-update-visibility "clean_list_search" #t)
;)
;
;(define (change_search)
;  (list_fo_search row-item (list_fo_search current) (list (fil value)))
;  (list_fo_search row-item (list (list_fo_search current) 1) (list (fil_check value)))
;  (list_fo_search row-item (list (list_fo_search current) 2) (fil_val value))
;)
;
;(define (add_search)
;  (if (and (not (equal? (fil value) ""))
;	   (not (equal? (fil_check value) ""))
;	   (not (equal? (fil_val value)"")) )
;    (list_fo_search append-row (vector (fil value) (fil_check value) (fil_val text)) ))
;)
;
;
;--------------------UI--------------

(define (line)
  (form-update-value "select_line" (+ (string->number (form-value "prev_num")) (tabels current)) )
)

(edit name "prev_num" value 1 visibility #f)

(gridbox
  columns "4;100;4"
  align "top"
  (spacer)
  (vbox
    (hbox align "left;top" 
;	(button (_ "Log Settings") name "log_setting")
;	)
;    (hbox align "left"
	(label (_ "Status: ")) 
	(document:id daemon (button (when clicked (daemon_turn_off))))
  	(label "          ") (button (_ "Setting Rules") name "rules_setting"))
    (document:id group_tab (groupbox (_ "Log audit") height 380
				     (document:id tabels (listbox name "tabel"
 							 (when clicked (line))
								  ))
				     ))
    
    (hbox 
      (hbox align "left"
	  (button (_ "Back") (when clicked (f_change_page "back")))
	  (button (_ "Next") (when clicked (f_change_page "next")))
	  (combobox name "size_page" (when changed (f_change_page "size")))
	  (spinbox name "select_line" minimum "1" step "1"
		   (when changed (f_change_page (form-value "select_line"))))
	  (label "/") (label name "all_lines" value "1")
	   )
      (hbox align "right"
;	    (button (_ "Copy in buffer") (when clicked (woo-write "/audit/copy_buffer")))
	    (label "path:")
	    (edit name "path_log")
	    (button (_ "Save Page") (when clicked (save_log "page")))
	    (button (_ "Save Log") (when clicked (save_log "full")))
	    )
      )

    (separator)

    (gridbox columns "70;50;5;100;5;60"
	     align "top"
      	  (document:id filters (listbox name "filters"
		   (when selected (select_filter))
		   ))
	  (vbox align "top"
	     (groupbox (_ "Filter options") align "top"
		      (vbox
		    	(checkbox (_ "Success") name "fo_success"
				  (when changed (form-update-value "fo_failed" #f)))
			(checkbox (_ "Failed") name "fo_failed"
				  (when changed (form-update-value "fo_success" #f)))
			(checkbox (_ "Summary") name "fo_summary")
			(checkbox (_ "Interplet") name "fo_interplet" value #t))
			(checkbox (_ "time") name "fo_time"
				  (when changed (show_time)))
		     )
		)
	  (spacer)
	  (gridbox columns "0;100"
		   align "top"
		   (label (_ "Name")) (edit name "name")
		   (label (_ "Report")) (combobox name "report")
		   (label (_ "Search")) (edit name "search_param")
		   (label (_ "Start Time") visibility (form-value "fo_time") name "label_start_time" )
		   (combobox name "start_time" visibility (form-value "fo_time")
						      (when changed (visible_start_time)))
		   (dateedit name "s_date" visibility #f)
		   (timeedit name "s_time" visibility #f stop #t)
		   (label (_ "End Time") visibility (form-value "fo_time") name "label_end_time")
		   (combobox name "end_time" visibility (form-value "fo_time")
						      (when changed (visible_end_time)))
		   (dateedit name "e_date" visibility #f)
		   (timeedit name "e_time" visibility #f stop #t)
		   )
	  (spacer)
	  (spacer)
    
    	(hbox 
	  (button (_"Add") (when clicked (change_filter "save")))
	  (button (_"Delete") (when clicked (change_filter "del")))
	  (button (_"Change") (when clicked (change_filter "chan"))))
	(spacer)
	(spacer)
	  (button (_"Update") align "right" (when clicked (update-table) ))
	)
   )
)

(document:root
  (when loaded
    (ui-init)
    (form-bind "rules_setting" "click" setting_rules)
  )
)
alterator-audit-0.3.0/ui/audit/rules/000075500000000000000000000000001230111162100174525ustar00rootroot00000000000000alterator-audit-0.3.0/ui/audit/rules/index.scm000064400000000000000000000221021230111162100212620ustar00rootroot00000000000000(document:surround "/std/frame")

(define (ui-init)
  (catch/message
    (lambda()
      (form-update-enum "all_rules" (woo-list "/audit/list_all_rules"))
      (form-update-enum "rule_list" (woo-list "/audit/list_rules"))
      (form-update-enum "condition" (woo-list "/audit/list_all_conditions"))
      (form-update-enum "filters" (woo-list "/audit/list_all_filters" ))
     )
  )
  (clean)
)

(define (config_rule)
  (clean)
  (if (not (equal? (rule_all current) -1)) (configure_rule)))

(define (configure_rule)
  (let ((data (woo-read-first "/audit/config_rule" 'rule (form-value "all_rules"))))
    (rule_name value ( if (equal? (rule_all text) (form-value "all_rules")) "" (rule_all text) ))
    (form-update-value "active" (equal? (car(rule_all row-item (list (rule_all current) 1))) "on") )
    (form-update-value-list '("rule_action") data)
    (form-update-value-list '("rule_list" "rule_syscall") data)
    (form-update-enum "filter_list" (woo-list "/audit/list_filters" 'rule (form-value "all_rules")))
    (form-update-value-list '("perm_r" "perm_w" "perm_x" "perm_a" "check_file") data)
    (path_dir_file value (woo-get-option data 'path_file))
  )
  (dir_or_file)
)

(define (clean)
  (let ((data (woo-read "/audit/clean_all")))
    (form-update-value-list '("rule_action" "filters" "condition" "filter_val" "rule_list" "name") data) )
  (fil_list rows-clear)
  (form-update-visibility "change_filter" #f)
  (form-update-visibility "delete_filter" #f)
  (form-update-visibility "clean_filter_list" #f)
  (dir_or_file)
)

(define (config_filter)
  (form-update-value "filters" (fil_list text))
  (form-update-value "condition" (car(fil_list row-item (list (fil_list current) 1))))
  (fil_val value (car(fil_list row-item (list (fil_list current) 2))))
  (form-update-visibility "change_filter" #t)
  (form-update-visibility "delete_filter" #t)
  (form-update-visibility "clean_filter_list" #t)
)

(define (change_filter)
  (fil_list row-item (fil_list current) (list (fil text)))
  (fil_list row-item (list (fil_list current) 1) (list (fil_check text)))
  (fil_list row-item (list (fil_list current) 2) (fil_val text))
)

(define (add_filter)
  (if (and (not (equal? (fil value) ""))
	   (not (equal? (fil_check value) ""))
	   (not (equal? (fil_val value)"")) )
    (fil_list append-row (vector (fil text) (fil_check text) (fil_val text)) ))
)

(define (activate)
  (rule_all row-item (list (rule_all current) 1) ( if (form-value "active") (list "on") (list "") ))
  (woo-call "/audit/activate_rule" 'stat (form-value "active")
	    			   'num (rule_all current))
  (if (not (equal? (rule_all current) -1)) (form-update-visibility "reload" #t))
)

(define (permission)
  (vector
    (if (form-value "perm_r") "r" "")
    (if (form-value "perm_w") "w" "")
    (if (form-value "perm_x") "x" "")
    (if (form-value "perm_a") "a" "")
  )
)

(define (new_rule mode)
  (define (extract-text0 x) (car (vector-ref x 0)))
  (define (extract-text1 x) (car (vector-ref x 1)))
  (define (extract-text2 x) (car (vector-ref x 2)))
  (catch/message
   (lambda()
    (woo-write "/audit/new_rule" 'syscall (form-value "rule_syscall")
	    			 'rule (form-value "rule_list")
				 'action (form-value "rule_action")
				 'all_rules (form-value "all_rules")
				 'add_rule mode
				 'name (form-value "name")
				 'num (rule_all current)
				 'count (rule_all count)
				 'expert (form-value "expert_mode")
				 'path (path_dir_file value)
				 'perm (permission)

	     			 'filter_name (map extract-text0 (fil_list rows))
	     			 'filter_val (map extract-text2 (fil_list rows))
	     			 'filter_cond (map extract-text1 (fil_list rows))
				 )
    )
;    (document:popup-warning (_ "msg") #t)
;    (lambda(msg) (document:popup-critical (_ "msg") 'ok) #t)
    )
  (form-update-enum "all_rules" (woo-list "/audit/list_all_rules"))
; (clean)
)

(define (delete_rule)
  (catch/message
    (lambda()
      (woo-call "/audit/delete_rule"
		'num  (rule_all current)
		'rule (form-value "all_rules")
		)
  (form-update-enum "all_rules" (woo-list "/audit/list_all_rules"))
  (clean)))
)

(define (turn_rule)
  (list (list (rule_all row-item (rule_all current)) (list (rule_all row-item (+(rule_all current) 1))) ))
)

(define (template)
  (form-popup "/audit/rules/templates")
  (ui-init)
)

(define (expert)
  (define mode (form-value "expert_mode"))
  (form-update-visibility "rule_syscall" mode)
  (form-update-visibility "label_syscall" mode)
  (form-update-visibility "label_rule" mode)
  (form-update-visibility "rule_list" mode)
  (form-update-visibility "group_filters" mode)
  (form-update-visibility "actions" mode)
;  (form-update-visibility "move_rule" mode)

  (path_dir_file visibility (not mode))
  (form-update-visibility "label_path" (not mode))
  (form-update-visibility "group_perm" (not mode))
  (form-update-visibility "check_file" (not mode))
)

(define fileselect (make-widget 'fileselect))
(define url (make-attribute 'url))
(define value (make-attribute 'value))
(define filter (make-attribute 'filter))
(define hints (make-attribute 'hints))


(define (ui-exit)
  (document:end))

(define (dir_or_file)
  (if (form-value "check_file")
    (path_dir_file hints "existing_file"
		   title (_"Select file")
		   filter "*")
    (path_dir_file hints "existing_file;directory;show_dirs_only"
		   title (_"Select directory")
		   filter "*.directory"))
)


;;; UI

width 800
height 600


(gridbox columns "10;100;10" align "top"
  (spacer)
  (gridbox columns "70;5;100" align "top"

	 (vbox
	   (label)
	   (checkbox (_ "Expert mode") name "expert_mode" align "left"))
	 (spacer)
	 (spacer)

	 (groupbox (_ "Rules")
		   (document:id rule_all (listbox name "all_rules"
						  columns 2
						  header (vector (_ "Rule") (_ "Status"))
						  row '#((rule . "") (check . "") )
						  ))
		   (hbox align "left"
			   (button (_ "Templates") (when clicked (template))))
	  )
	 (spacer)
	 (vbox
	     (gridbox columns "10;100"

		  (label (_ "Name"))
		  (document:id rule_name (edit name "name"))
;;///basic
		  (checkbox (_ "(File) Path") name "check_file")
		  (document:id path_dir_file (fileselect url "/"))
;;///
		  (label (_ "Rule") name "label_rule")
		  (combobox name "rule_list")
		  (groupbox (_ "Action") 
			    orientation "horizontal" 
			    colspan 2
			    name "actions"
			    (radio text "always" name "rule_action" value "always")
			    (radio text "newer" name "rule_action" value "newer"))
		  (label (_ "Syscall") name "label_syscall")
		  (edit name "rule_syscall"))
;;///basic
	     (groupbox (_ "Permissive")
		       name "group_perm"
		       colspan 2
		       (hbox
			 (checkbox (_ "read") name "perm_r")
			 (checkbox (_ "execute") name "perm_x"))
		       (hbox
			 (checkbox (_ "write") name "perm_w")
			 (checkbox (_ "change attribute") name "perm_a")))
;;///

	     (groupbox (_ "Filters") name "group_filters"
		       (document:id fil_list
				    (listbox columns 3
					     name "filter_list"
					     header (vector (_ "filter") (_ "check") (_ "value"))
					     row '#((label . "") (check . "") (summary . "")) ) )
		       (hbox
			 (document:id fil (combobox name "filters" align "left"))
			 (document:id fil_check (combobox name "condition" align "left"))
			 (document:id fil_val (edit name "filter_val"
						    (when return-pressed (change_filter)))) )

		       (gridbox columns "10;3;10"
				(hbox align "left"
				  (button (_ "Add filter") name "add_filter")
				  (button (_ "Change") name "change_filter" visibility #f))
				(spacer)
				(hbox align "right"
				  (button (_ "Clean list") name "clean_filter_list" align "left" visibility #f
					  (when clicked (fil_list rows-clear)))
				  (button (_ "Delete") name "delete_filter" visibility #f
					(when clicked (fil_list row-remove (fil_list current)))))) )
	     (spacer)
	     (checkbox (_ "Activate rule") name "active")
	     (spacer)
	     (hbox 
;	       	(hbox align "left" name "move_rule" visibility #f
;		  (label (_ "move rule in the list:"))
;		  (button (_ "Up") (when clicked (move_rule "up")))
;		  (button (_ "Down") (when clicked (move_rule "down"))))
	     (spacer)
		(hbox align "right;bottom"
		      (button (_ "Add Rule") name "add_rule"
			      (when clicked (new_rule "add")))
		      (button (_ "Change Rule") name "save_rule"
			      (when clicked (new_rule "change") (form-update-visibility "reload" #t) ))
		      (button (_ "Delete") name "del_rule"
			      (when clicked (delete_rule)) )) ))
	 (vbox
	   (spacer)
	   (hbox
	     (button (_ "Back") align "left;bottom" name "cancel"
		 (when clicked (frame:replace "/audit")))
	     (hbox align "center" name "reload" visibility #f
		 (label (_ "Please reload configuration of rules "))
		 (button (_ "Reload") (when clicked (woo-call "/audit/reload_rules") (form-update-visibility "reload" #f))))))
  )
)

;;
(document:root
  (when loaded
    (ui-init)
    (expert)
    (form-bind "all_rules" "change" config_rule)
    (form-bind "expert_mode" "change" config_rule)
    (form-bind "filter_list" "change" config_filter)
    (form-bind "change_filter" "click" change_filter)
    (form-bind "add_filter" "click" add_filter)
    (form-bind "expert_mode" "change" expert)
    (form-bind "active" "change" activate)

    (form-bind "check_file" "change" dir_or_file)
))
alterator-audit-0.3.0/ui/audit/rules/templates/000075500000000000000000000000001230111162100214505ustar00rootroot00000000000000alterator-audit-0.3.0/ui/audit/rules/templates/index.scm000064400000000000000000000025771230111162100232760ustar00rootroot00000000000000(document:surround "/std/frame")

(define (ui-read)
  (catch/message
    (lambda()
      (form-update-enum "all_templates" (woo-list "/audit/list_templates"))
      )
    )
)

(define (ui-exit)
  (document:end)
)

(define (templates data)
  (catch/message
    (lambda()
      (woo-write "/audit/templates" 'template (form-value "all_templates")
		 		    'name (form-value "name")
		 		    'what data
				    'addend "#f"
;		 		    'addend (form-value "add")
				    )
      )
    )
  (ui-read)
)

(gridbox
  columns "5;100;5"
;  (spacer)
;  (vbox
;    (label align "center" text (_ "Rules"))
;    (listbox name "rules")
;    )
  (spacer)
  (vbox
   (gridbox align "top"
    columns "10;90"
    (label) (label)
    (label (_ "Name template")) (edit name "name")
    (label (_ "Templates")) (combobox name "all_templates")
;    (label (_ "Add to end of list")) (checkbox name "add")
    )
   (vbox align "middle"
    (hbox
      (button (_ "Remove") align "left" (when clicked (templates "remove")))
      (hbox align "right"
	    (button (_ "Load") (when clicked (templates "load")))
	    (button (_ "Save") (when clicked (templates "save")))
	    )
      ))

  (button align "bottom;right"  text (_ "Cancel") name "cancel")
  )
)

(document:root
  (when loaded
    (ui-read)
;    (form-bind "bridge" "change" bridge-changed)
;    (form-bind "ok" "click" ui-write)
    (form-bind "cancel" "click" ui-exit)))
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin