/* $Id$ * Written by Sebastien Tricaud * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2 of the License. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. */ #include #include #include #include "alert-callback.h" #include "config.h" static int brouette_notify(const char *classification, const char *message, idmef_impact_severity_t *severity, const char *target_name, const char *target_addr) { NotifyNotification *n; char *icon = NULL; gchar *header; gchar *body; notify_init("Brouette"); switch( *severity ) { case IDMEF_IMPACT_SEVERITY_ERROR: icon = g_strconcat( ICONS, G_DIR_SEPARATOR_S, config_get_val("ui","theme"), "/error.png", NULL); break; case IDMEF_IMPACT_SEVERITY_INFO: icon = g_strconcat( ICONS, G_DIR_SEPARATOR_S, config_get_val("ui","theme"), "/info.png", NULL); break; case IDMEF_IMPACT_SEVERITY_LOW: icon = g_strconcat( ICONS, G_DIR_SEPARATOR_S, config_get_val("ui","theme"), "/low.png", NULL); break; case IDMEF_IMPACT_SEVERITY_MEDIUM: icon = g_strconcat( ICONS, G_DIR_SEPARATOR_S, config_get_val("ui","theme"), "/medium.png", NULL); break; case IDMEF_IMPACT_SEVERITY_HIGH: icon = g_strconcat( ICONS, G_DIR_SEPARATOR_S, config_get_val("ui","theme"), "/high.png", NULL); break; default: g_error("Cannot extract severity. We shouldn't be there!"); icon = NULL; } if ( ! target_name ) target_name = ""; if ( ! target_addr ) target_addr = ""; if ( ! classification ) classification = ""; if ( ! message ) message = ""; header = g_strdup_printf("%s (%s)", target_name, target_addr); body = g_strdup_printf("%s\n%s", classification, message); n = notify_notification_new (header, body, icon, NULL); if ( ! n ) { fprintf(stderr, "Cannot create the notification (libnotify bug!)\n"); return 1; } notify_notification_set_timeout (n, 3000); //3 seconds if (!notify_notification_show (n, NULL)) { fprintf(stderr, "failed to send notification\n"); return 1; } g_object_unref(G_OBJECT(n)); g_free(header); g_free(body); return 0; } static const char * brouette_get_classification(idmef_alert_t *alert) { int ret; idmef_classification_t *classification; prelude_string_t *pstr; const char *buffer; classification = idmef_alert_get_classification(alert); if ( ! classification ) { printf("Cannot get classification from alert\n"); return NULL; } pstr = idmef_classification_get_text(classification); if ( ! pstr ) { printf("Cannot get text from classification\n"); return NULL; } buffer = prelude_string_get_string(pstr); return buffer; } static idmef_impact_t * brouette_get_impact(idmef_alert_t *alert) { int ret; idmef_assessment_t *assessment; idmef_impact_t *impact; assessment = idmef_alert_get_assessment(alert); if ( ! assessment ) { printf("Cannot get assessment from alert\n"); return NULL; } impact = idmef_assessment_get_impact (assessment); if ( ! impact ) { printf("Cannot get impact from assessment\n"); return NULL; } return impact; } static const char * brouette_get_impact_description(idmef_impact_t *impact) { prelude_string_t *pstr; const char *buffer; pstr = idmef_impact_get_description(impact); if ( ! impact ) { printf("Cannot get description from impact\n"); return NULL; } if (pstr) { buffer = prelude_string_get_string(pstr); } else { buffer = ""; } return buffer; } static void brouette_get_target_infos(idmef_alert_t *alert, const char **node_name, const char **node_addr) { idmef_target_t *target = NULL; idmef_address_t *address = NULL; idmef_node_t *node; prelude_string_t *pstr; const char *buffer; while ( (target = idmef_alert_get_next_target(alert, target)) ) { node = idmef_target_get_node(target); if (node) { pstr = idmef_node_get_name(node); if ( pstr ) { buffer = prelude_string_get_string(pstr); } else { buffer = ""; } *node_name = buffer; while ( (address = idmef_node_get_next_address(node, address)) ) { pstr = idmef_address_get_address(address); if ( pstr ) { buffer = prelude_string_get_string(pstr); } else { buffer = ""; } *node_addr = buffer; } } else { *node_name = ""; *node_addr = ""; } } } extern int process_idmef_message(prelude_msg_t *msg) { int ret; idmef_message_t *idmef; idmef_message_type_t msg_type; idmef_alert_t *alert; idmef_impact_t *impact; idmef_impact_severity_t *severity; idmef_target_t *target; const char *classbuf; const char *descrbuf; const char *target_name; const char *target_addr; ret = idmef_message_new(&idmef); if ( ret < 0 ) return ret; ret = idmef_message_read(idmef, msg); if ( ret < 0 ) { prelude_perror(ret, "error reading IDMEF message"); return ret; } /* We only process the Alert class */ msg_type = idmef_message_get_type(idmef); if ( msg_type != IDMEF_MESSAGE_TYPE_ALERT ) return 0; if ( idmef ) { alert = idmef_message_get_alert(idmef); if ( ! alert ) { printf("Cannot get alert from message\n"); return -1; } } else { return -1; } brouette_get_target_infos(alert, &target_name, &target_addr); classbuf = brouette_get_classification(alert); if ( ! classbuf ) classbuf=""; impact = brouette_get_impact(alert); if ( impact ) { descrbuf = brouette_get_impact_description(impact); if ( ! descrbuf ) descrbuf=""; severity = idmef_impact_get_severity(impact); if ( ! severity ) return -1; brouette_notify(classbuf, descrbuf, severity, target_name, target_addr); } else { g_warning("Cannot get impact!"); } idmef_message_destroy(idmef); return 0; } extern int event_cb(prelude_connection_pool_t *pool, prelude_connection_pool_event_t event, prelude_connection_t *conn, void *extra) { int ret; prelude_msg_t *msg = NULL; ret = prelude_connection_recv(conn, &msg); if ( ret < 0 ) { prelude_perror(ret, "couldn't read message"); return ret; } if ( prelude_msg_get_tag(msg) != PRELUDE_MSG_IDMEF ) return 0; return process_idmef_message(msg); }