#include "../pub/getopt.h"#include "cf.defs.h"#include "cf.extern.h"#include <math.h>#include <db.h>Go to the source code of this file.
Defines | |
| #define | LOADAVG_5MIN 1 |
| #define | CFGRACEPERIOD 4.0 |
Enumerations | |
| enum | socks { netbiosns, netbiosdgm, netbiosssn, irc, cfengine, nfsd, smtp, www, ftp, ssh, telnet } |
Functions | |
| void CheckOptsAndInit | ARGLIST ((int argc, char **argv)) |
| int | main (int argc, char **argv) |
| void | CheckOptsAndInit (int argc, char **argv) |
| void | Syntax () |
| void | GetDatabaseAge () |
| void | LoadHistogram () |
| void | DoBatch () |
| void | StartServer (int argc, char **argv) |
| void | yyerror (char *s) |
| void | RotateFiles (char *name, int number) |
| void | FatalError (char *s) |
| void | GetQ () |
| char * | GetTimeKey () |
| Averages | EvalAvQ (char *t) |
| void | ArmClasses (struct Averages av, char *timekey) |
| void | GatherProcessData () |
| void | GatherDiskData () |
| void | GatherLoadData () |
| void | GatherSocketData () |
| void | GatherPhData () |
| Averages * | GetCurrentAverages (char *timekey) |
| void | UpdateAverages (char *timekey, struct Averages newvals) |
| void | UpdateDistributions (char *timekey, struct Averages *av) |
| double | WAverage (double anew, double aold, double age) |
| void | SetClasses (double expect, double delta, double sigma, double lexpect, double ldelta, double lsigma, char *name, struct Item **classlist, char *timekey) |
| void | SetVariable (char *name, double value, double average, double stddev, struct Item **classlist) |
| void | RecordChangeOfState (struct Item *classlist, char *timekey) |
| double | RejectAnomaly (double new, double average, double variance, double localav, double localvar) |
| int | HashPhKey (char *key) |
| int | RecursiveTidySpecialArea (char *name, struct Tidy *tp, int maxrecurse, struct stat *sb) |
| int | Repository (char *file, char *repository) |
Variables | |
| unsigned int | HISTOGRAM [ATTR *2+5+PH_LIMIT][7][GRAINS] |
| int | HISTO = false |
| int | NUMBER_OF_USERS |
| int | ROOTPROCS |
| int | OTHERPROCS |
| int | DISKFREE |
| int | LOADAVG |
| int | INCOMING [ATTR] |
| int | OUTGOING [ATTR] |
| int | PH_SAMP [PH_LIMIT] |
| int | PH_LAST [PH_LIMIT] |
| int | PH_DELTA [PH_LIMIT] |
| int | SLEEPTIME = 5 * 60 |
| int | BATCH_MODE = false |
| double | ITER = 0.0 |
| double | AGE |
| double | WAGE |
| char | OUTPUT [bufsize *2] |
| char | BATCHFILE [bufsize] |
| char | STATELOG [bufsize] |
| char | ENV_NEW [bufsize] |
| char | ENV [bufsize] |
| Averages | LOCALAV |
| Item * | ALL_INCOMING = NULL |
| Item * | ALL_OUTGOING = NULL |
| double | ENTROPY = 0.0 |
| double | LAST_HOUR_ENTROPY = 0.0 |
| double | LAST_DAY_ENTROPY = 0.0 |
| Item * | PREVIOUS_STATE = NULL |
| option | CFDENVOPTIONS [] |
| short | NO_FORK = false |
| char * | ECGSOCKS [ATTR][2] |
| char * | PH_BINARIES [PH_LIMIT] |
|
|
Definition at line 51 of file cfenvd.c. Referenced by EvalAvQ(). |
|
|
Definition at line 42 of file cfenvd.c. Referenced by GatherLoadData(). |
|
|
Definition at line 103 of file cfenvd.c. 00104 { 00105 netbiosns, 00106 netbiosdgm, 00107 netbiosssn, 00108 irc, 00109 cfengine, 00110 nfsd, 00111 smtp, 00112 www, 00113 ftp, 00114 ssh, 00115 telnet 00116 };
|
|
|
|
|
||||||||||||
|
Definition at line 811 of file cfenvd.c. References ATTR, CanonifyName(), Debug, DeleteItemList(), DISKFREE, ECGSOCKS, ENV, ENV_NEW, Averages::expect_diskfree, Averages::expect_incoming, Averages::expect_loadavg, Averages::expect_number_of_users, Averages::expect_otherprocs, Averages::expect_outgoing, Averages::expect_pH, Averages::expect_rootprocs, fp, i, INCOMING, isdigit, LOADAVG, Item::name, NULL, NUMBER_OF_USERS, OTHERPROCS, OUTGOING, PH_BINARIES, PH_DELTA, PH_LIMIT, ROOTPROCS, SetClasses(), SetVariable(), sp, Averages::var_diskfree, Averages::var_incoming, Averages::var_number_of_users, Averages::var_otherprocs, Averages::var_outgoing, Averages::var_pH, and Averages::var_rootprocs. Referenced by StartServer(). 00816 { double sigma,delta,lsigma,ldelta; 00817 struct Item *classlist = NULL, *ip; 00818 int i; 00819 FILE *fp; 00820 00821 delta = NUMBER_OF_USERS - av.expect_number_of_users; 00822 sigma = sqrt(av.var_number_of_users); 00823 ldelta = NUMBER_OF_USERS - LOCALAV.expect_number_of_users; 00824 lsigma = sqrt(LOCALAV.var_number_of_users); 00825 00826 SetClasses(av.expect_number_of_users,delta,sigma, 00827 LOCALAV.expect_number_of_users,ldelta,lsigma, 00828 "Users",&classlist,timekey); 00829 00830 SetVariable("users",NUMBER_OF_USERS,av.expect_number_of_users,lsigma,&classlist); 00831 00832 delta = ROOTPROCS - av.expect_rootprocs; 00833 sigma = sqrt(av.var_rootprocs); 00834 ldelta = ROOTPROCS - LOCALAV.expect_rootprocs; 00835 lsigma = sqrt(LOCALAV.var_rootprocs); 00836 00837 SetClasses(av.expect_rootprocs,delta,sigma, 00838 LOCALAV.expect_rootprocs,ldelta,lsigma, 00839 "RootProcs",&classlist,timekey); 00840 00841 SetVariable("rootprocs",ROOTPROCS,av.expect_rootprocs,lsigma,&classlist); 00842 00843 delta = OTHERPROCS - av.expect_otherprocs; 00844 sigma = sqrt(av.var_otherprocs); 00845 ldelta = OTHERPROCS - LOCALAV.expect_otherprocs; 00846 lsigma = sqrt(LOCALAV.var_otherprocs); 00847 00848 SetClasses(av.expect_otherprocs,delta,sigma, 00849 LOCALAV.expect_otherprocs,ldelta,lsigma, 00850 "UserProcs",&classlist,timekey); 00851 00852 00853 SetVariable("userprocs",OTHERPROCS,av.expect_otherprocs,lsigma,&classlist); 00854 00855 delta = DISKFREE - av.expect_diskfree; 00856 sigma = sqrt(av.var_diskfree); 00857 ldelta = DISKFREE - LOCALAV.expect_diskfree; 00858 lsigma = sqrt(LOCALAV.var_diskfree); 00859 00860 SetClasses(av.expect_diskfree,delta,sigma, 00861 LOCALAV.expect_diskfree,ldelta,lsigma, 00862 "DiskFree",&classlist,timekey); 00863 00864 SetVariable("diskfree",DISKFREE,av.expect_diskfree,lsigma,&classlist); 00865 00866 SetClasses(av.expect_loadavg,delta,sigma, 00867 LOCALAV.expect_loadavg,ldelta,lsigma, 00868 "LoadAvg",&classlist,timekey); 00869 00870 SetVariable("loadavg",LOADAVG,av.expect_loadavg,lsigma,&classlist); 00871 00872 for (i = 0; i < ATTR; i++) 00873 { 00874 char name[256]; 00875 strcpy(name,ECGSOCKS[i][1]); 00876 strcat(name,"_in"); 00877 delta = INCOMING[i] - av.expect_incoming[i]; 00878 sigma = sqrt(av.var_incoming[i]); 00879 ldelta = INCOMING[i] - LOCALAV.expect_incoming[i]; 00880 lsigma = sqrt(LOCALAV.var_incoming[i]); 00881 00882 SetClasses(av.expect_incoming[i],delta,sigma, 00883 LOCALAV.expect_incoming[i],ldelta,lsigma, 00884 name,&classlist,timekey); 00885 00886 SetVariable(name,INCOMING[i],av.expect_incoming[i],lsigma,&classlist); 00887 00888 strcpy(name,ECGSOCKS[i][1]); 00889 strcat(name,"_out"); 00890 delta = OUTGOING[i] - av.expect_outgoing[i]; 00891 sigma = sqrt(av.var_outgoing[i]); 00892 ldelta = OUTGOING[i] - LOCALAV.expect_outgoing[i]; 00893 lsigma = sqrt(LOCALAV.var_outgoing[i]); 00894 00895 SetClasses(av.expect_outgoing[i],delta,sigma, 00896 LOCALAV.expect_outgoing[i],ldelta,lsigma, 00897 name,&classlist,timekey); 00898 00899 SetVariable(name,OUTGOING[i],av.expect_outgoing[i],lsigma,&classlist); 00900 } 00901 00902 for (i = 0; i < PH_LIMIT; i++) 00903 { 00904 if (PH_BINARIES[i] == NULL) 00905 { 00906 continue; 00907 } 00908 00909 delta = PH_DELTA[i] - av.expect_pH[i]; 00910 sigma = sqrt(av.var_pH[i]); 00911 ldelta = PH_DELTA[i] - LOCALAV.expect_pH[i]; 00912 lsigma = sqrt(LOCALAV.var_pH[i]); 00913 00914 SetClasses(av.expect_pH[i],delta,sigma, 00915 LOCALAV.expect_pH[i],ldelta,lsigma, 00916 CanonifyName(PH_BINARIES[i]),&classlist,timekey); 00917 00918 SetVariable(CanonifyName(PH_BINARIES[i]),PH_DELTA[i],av.expect_pH[i],lsigma,&classlist); 00919 } 00920 00921 00922 /* 00923 if (WAGE > CFGRACEPERIOD) 00924 { 00925 if (!OrderedListsMatch(PREVIOUS_STATE,classlist)) 00926 { 00927 RecordChangeOfState(classlist,timekey); 00928 } 00929 } 00930 */ 00931 00932 unlink(ENV_NEW); 00933 00934 if ((fp = fopen(ENV_NEW,"w")) == NULL) 00935 { 00936 DeleteItemList(PREVIOUS_STATE); 00937 PREVIOUS_STATE = classlist; 00938 return; 00939 } 00940 00941 for (ip = classlist; ip != NULL; ip=ip->next) 00942 { 00943 fprintf(fp,"%s\n",ip->name); 00944 } 00945 00946 DeleteItemList(PREVIOUS_STATE); 00947 PREVIOUS_STATE = classlist; 00948 00949 for (ip = ALL_INCOMING; ip != NULL; ip=ip->next) 00950 { char *sp; 00951 int print=true; 00952 00953 for (sp = ip->name; *sp != '\0'; sp++) 00954 { 00955 if (!isdigit((int)*sp)) 00956 { 00957 print = false; 00958 } 00959 } 00960 00961 if (print) 00962 { 00963 Debug("Port(in,%s) ",ip->name); 00964 fprintf(fp,"pin-%s\n",ip->name); 00965 } 00966 } 00967 00968 Debug("\n\n"); 00969 00970 for (ip = ALL_OUTGOING; ip != NULL; ip=ip->next) 00971 { char *sp; 00972 int print=true; 00973 00974 for (sp = ip->name; *sp != '\0'; sp++) 00975 { 00976 if (!isdigit((int)*sp)) 00977 { 00978 continue; 00979 } 00980 } 00981 00982 if (print) 00983 { 00984 Debug("Port(out,%s) ",ip->name); 00985 /* fprintf(fp,"pout-%s\n",ip->name); */ 00986 } 00987 } 00988 00989 Debug("\n\n"); 00990 fclose(fp); 00991 00992 rename(ENV_NEW,ENV); 00993 }
|
|
||||||||||||
|
Definition at line 206 of file cfenvd.c. References ATTR, AVDB, AVDB_FILE, BATCH_MODE, BATCHFILE, bufsize, CFLOCK, COPYRIGHT, CreateEmptyFile(), D1, D2, DEBUG, ECGSOCKS, ENV, ENV_FILE, ENV_NEW, ENV_NEW_FILE, Averages::expect_diskfree, Averages::expect_incoming, Averages::expect_loadavg, Averages::expect_number_of_users, Averages::expect_otherprocs, Averages::expect_outgoing, Averages::expect_pH, Averages::expect_rootprocs, GetDatabaseAge(), getopt_long(), GRAINS, HISTO, HISTOGRAM, i, IGNORELOCK, j, k, LoadHistogram(), LOGGING, MakeDirectoriesFor(), NO_FORK, NULL, optarg, OUTPUT, PH_LAST, PH_LIMIT, PH_SAMP, snprintf(), STATELOG, STATELOG_FILE, Syntax(), Averages::var_diskfree, Averages::var_incoming, Averages::var_loadavg, Averages::var_number_of_users, Averages::var_otherprocs, Averages::var_outgoing, Averages::var_pH, Averages::var_rootprocs, VBUFF, VERBOSE, VLOCKDIR, VLOGDIR, and VPREFIX. Referenced by main(). 00211 { extern char *optarg; 00212 int optindex = 0; 00213 int c, i,j,k; 00214 00215 umask(077); 00216 sprintf(VPREFIX,"cfenvd"); 00217 openlog(VPREFIX,LOG_PID|LOG_NOWAIT|LOG_ODELAY,LOG_DAEMON); 00218 00219 strcpy(CFLOCK,"cfenvd"); 00220 00221 IGNORELOCK = false; 00222 OUTPUT[0] = '\0'; 00223 00224 while ((c=getopt_long(argc,argv,"d:f:vhHFV",CFDENVOPTIONS,&optindex)) != EOF) 00225 { 00226 switch ((char) c) 00227 { 00228 case 'd': 00229 00230 switch ((optarg==NULL)?3:*optarg) 00231 { 00232 case '1': D1 = true; 00233 break; 00234 case '2': D2 = true; 00235 break; 00236 default: DEBUG = true; 00237 break; 00238 } 00239 00240 NO_FORK = true; 00241 printf("cfenvd: Debug mode: running in foreground\n"); 00242 break; 00243 00244 case 'f': /* This is for us Oslo folks to test against old data in batch */ 00245 00246 strcpy(BATCHFILE,optarg); 00247 NO_FORK = true; 00248 BATCH_MODE = true; 00249 printf("Working in batch mode on file %s\n",BATCHFILE); 00250 break; 00251 00252 case 'v': VERBOSE = true; 00253 break; 00254 00255 case 'V': printf("GNU %s-%s daemon\n%s\n",PACKAGE,VERSION,COPYRIGHT); 00256 printf("This program is covered by the GNU Public License and may be\n"); 00257 printf("copied free of charge. No warrenty is implied.\n\n"); 00258 exit(0); 00259 break; 00260 00261 case 'F': NO_FORK = true; 00262 break; 00263 00264 case 'H': HISTO = true; 00265 break; 00266 00267 default: Syntax(); 00268 exit(1); 00269 00270 } 00271 } 00272 00273 LOGGING = true; /* Do output to syslog */ 00274 00275 sprintf(VBUFF,"%s/test",WORKDIR); 00276 MakeDirectoriesFor(VBUFF,'y'); 00277 sprintf(VBUFF,"%s/state/test",WORKDIR); 00278 MakeDirectoriesFor(VBUFF,'y'); 00279 strncpy(VLOCKDIR,WORKDIR,bufsize-1); 00280 strncpy(VLOGDIR,WORKDIR,bufsize-1); 00281 00282 for (i = 0; i < ATTR; i++) 00283 { 00284 sprintf(VBUFF,"%s/state/cf_incoming.%s",WORKDIR,ECGSOCKS[i][1]); 00285 CreateEmptyFile(VBUFF); 00286 sprintf(VBUFF,"%s/state/cf_outgoing.%s",WORKDIR,ECGSOCKS[i][1]); 00287 CreateEmptyFile(VBUFF); 00288 } 00289 00290 sprintf(VBUFF,"%s/state/cf_users",WORKDIR); 00291 CreateEmptyFile(VBUFF); 00292 00293 snprintf(AVDB,bufsize,"%s/state/%s",WORKDIR,AVDB_FILE); 00294 snprintf(STATELOG,bufsize,"%s/state/%s",WORKDIR,STATELOG_FILE); 00295 snprintf(ENV_NEW,bufsize,"%s/state/%s",WORKDIR,ENV_NEW_FILE); 00296 snprintf(ENV,bufsize,"%s/state/%s",WORKDIR,ENV_FILE); 00297 00298 if (!BATCH_MODE) 00299 { 00300 GetDatabaseAge(); 00301 LOCALAV.expect_number_of_users = 0.0; 00302 LOCALAV.expect_rootprocs = 0.0; 00303 LOCALAV.expect_otherprocs = 0.0; 00304 LOCALAV.expect_diskfree = 0.0; 00305 LOCALAV.expect_loadavg = 0.0; 00306 LOCALAV.var_number_of_users = 0.0; 00307 LOCALAV.var_rootprocs = 0.0; 00308 LOCALAV.var_otherprocs = 0.0; 00309 LOCALAV.var_diskfree = 0.0; 00310 LOCALAV.var_loadavg = 0.0; 00311 00312 for (i = 0; i < ATTR; i++) 00313 { 00314 LOCALAV.expect_incoming[i] = 0.0; 00315 LOCALAV.expect_outgoing[i] = 0.0; 00316 LOCALAV.var_incoming[i] = 0.0; 00317 LOCALAV.var_outgoing[i] = 0.0; 00318 } 00319 00320 for (i = 0; i < PH_LIMIT; i++) 00321 { 00322 LOCALAV.expect_pH[i] = 0.0; 00323 LOCALAV.var_pH[i] = 0.0; 00324 } 00325 00326 } 00327 00328 for (i = 0; i < 7; i++) 00329 { 00330 for (j = 0; j < ATTR*2+5+PH_LIMIT; j++) 00331 { 00332 for (k = 0; k < GRAINS; k++) 00333 { 00334 HISTOGRAM[i][j][k] = 0; 00335 } 00336 } 00337 } 00338 00339 for (i = 0; i < PH_LIMIT; i++) 00340 { 00341 PH_SAMP[i] = PH_LAST[i] = 0.0; 00342 } 00343 00344 srand((unsigned int)time(NULL)); 00345 LoadHistogram(); 00346 }
|
|
|
Definition at line 467 of file cfenvd.c. References AVDB, BATCHFILE, bzero, cfengine, cferror, CfLog(), ConvTimeKey(), Debug, DISKFREE, errno, EvalAvQ(), fp, ftp, i, INCOMING, nfsd, NULL, NUMBER_OF_USERS, OTHERPROCS, OUTGOING, OUTPUT, ROOTPROCS, smtp, ssh, telnet, and www. Referenced by main(). 00469 { FILE *fp; 00470 char buffer[4096],time[256],timekey[256]; 00471 float v1,v2,v3,v4,v5,v6,v7,v8,v9,v10,v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26; 00472 DB *dbp; 00473 int i = 0; 00474 00475 sprintf(AVDB,"/tmp/cfenv.tmp.db"); 00476 unlink(AVDB); 00477 00478 if ((errno = db_create(&dbp,NULL,0)) != 0) 00479 { 00480 sprintf(OUTPUT,"Couldn't open average database %s\n",AVDB); 00481 CfLog(cferror,OUTPUT,"db_open"); 00482 return; 00483 } 00484 00485 #ifdef CF_OLD_DB 00486 if ((errno = dbp->open(dbp,AVDB,NULL,DB_BTREE,DB_CREATE,0644)) != 0) 00487 #else 00488 if ((errno = dbp->open(dbp,NULL,AVDB,NULL,DB_BTREE,DB_CREATE,0644)) != 0) 00489 #endif 00490 { 00491 sprintf(OUTPUT,"Couldn't open average database %s\n",AVDB); 00492 CfLog(cferror,OUTPUT,"db_open"); 00493 return; 00494 } 00495 00496 if ((fp=fopen(BATCHFILE,"r")) == NULL) 00497 { 00498 printf("Cannot open %s\n",BATCHFILE); 00499 return; 00500 } 00501 00502 while (!feof(fp)) 00503 { 00504 bzero(buffer,4096); 00505 fgets(buffer,1024,fp); 00506 if (i++ % 1024 == 0) 00507 { 00508 printf(" * Working %d ... *\r",i); 00509 } 00510 00511 sscanf(buffer,"%[^,],%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f%*c%f",time,&v1,&v2,&v3,&v4,&v5,&v6,&v7,&v8,&v9,&v10,&v11,&v12,&v13,&v14,&v15,&v16,&v17,&v18,&v19,&v20,&v21,&v22,&v23,&v24,&v25,&v26); 00512 00513 Debug("%s,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f,%f",time,v1,v2,v3,v4,v5,v6,v7,v8,v9,v10,v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26); 00514 00515 NUMBER_OF_USERS = (double)v1; 00516 ROOTPROCS = (double)v4; 00517 OTHERPROCS = (double)v5; 00518 DISKFREE = (double)v6; 00519 INCOMING[cfengine] = (double)v13; 00520 OUTGOING[cfengine] = (double)v14; 00521 INCOMING[nfsd] = (double)v15; 00522 OUTGOING[nfsd] = (double)v16; 00523 INCOMING[smtp] = (double)v17; 00524 OUTGOING[smtp] = (double)v18; 00525 INCOMING[www] = (double)v19; 00526 OUTGOING[www] = (double)v20; 00527 INCOMING[ftp] = (double)v21; 00528 OUTGOING[ftp] = (double)v22; 00529 INCOMING[ssh] = (double)v23; 00530 OUTGOING[ssh] = (double)v24; 00531 INCOMING[telnet] = (double)v25; 00532 OUTGOING[telnet] = (double)v26; 00533 00534 strcpy(timekey,ConvTimeKey(time)); 00535 00536 (void)EvalAvQ(timekey); 00537 } 00538 00539 fclose(fp); 00540 dbp->close(dbp,0); 00541 printf("\nDone - database saved to %s\n",AVDB); 00542 printf("Run cfenvgraph -f %s to generate graphs\n\n",AVDB); 00543 }
|
|
|
|
|
Definition at line 1048 of file cfenvd.c. References cfpercent, DISKFREE, GetDiskUsage(), and Verbose. Referenced by GetQ(). 01050 { 01051 DISKFREE = GetDiskUsage("/",cfpercent); 01052 Verbose("Disk free = %d %%\n",DISKFREE); 01053 }
|
|
|
Definition at line 1058 of file cfenvd.c. References Debug, i, LOADAVG, LOADAVG_5MIN, and Verbose. Referenced by GetQ(). 01060 { double load[4] = {0,0,0,0}, sum = 0.0; 01061 int i,n = 1; 01062 01063 Debug("GatherLoadData\n\n"); 01064 01065 #ifdef HAVE_GETLOADAVG 01066 if ((n = getloadavg(load,LOADAVG_5MIN)) == -1) 01067 { 01068 LOADAVG = 0.0; 01069 } 01070 else 01071 { 01072 for (i = 0; i < n; i++) 01073 { 01074 Debug("Found load average to be %lf of %d samples\n", load[i],n); 01075 sum += load[i]; 01076 } 01077 } 01078 #endif 01079 01080 /* Scale load average by 100 to make it visible */ 01081 01082 LOADAVG = (int) (100.0 * sum); 01083 Verbose("100 x Load Average = %d\n",LOADAVG); 01084 }
|
|
|
Definition at line 1215 of file cfenvd.c. References bufsize, CfLog(), cfverbose, Chop(), Debug, dirent, fp, HashPhKey(), i, isdigit, key, NULL, OUTPUT, PH_DELTA, PH_LAST, PH_LIMIT, PH_SAMP, snprintf(), sp, value, and VBUFF. Referenced by GetQ(). |