-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathconfig.h
85 lines (69 loc) · 2.08 KB
/
config.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
/*-
* xnumon - monitor macOS for malicious activity
* https://www.roe.ch/xnumon
*
* Copyright (c) 2017-2019, Daniel Roethlisberger <[email protected]>.
* All rights reserved.
*
* Licensed under the Open Software License version 3.0.
*/
#ifndef CONFIG_H
#define CONFIG_H
#include "hashes.h"
#include "setstr.h"
#include "attrib.h"
#include <stddef.h>
typedef struct {
char *path;
char *id;
bool launchd_mode; /* only settable via command line */
bool debug;
size_t stats_interval; /* generate xnumon-stats every n seconds */
size_t limit_nofile;
int events; /* bit mask of enabled events */
int kextlevel;
#define KEXTLEVEL_NONE 0
#define KEXTLEVEL_OPEN 1
#define KEXTLEVEL_HASH 2
#define KEXTLEVEL_CSIG 3
int hflags;
/* HASH_* see hashes.h */
int envlevel;
#define ENVLEVEL_NONE 0
#define ENVLEVEL_DYLD 1
#define ENVLEVEL_FULL 2
bool codesign;
bool resolve_users_groups;
bool omit_mode;
bool omit_size;
bool omit_mtime;
bool omit_ctime;
bool omit_btime;
bool omit_groups;
bool omit_sid;
bool omit_apple_hashes;
size_t ancestors; /* 0 unlimited, > 0 limited */
int logdst;
int logfmt;
int logoneline; /* compact one-line log format */
char *logfile;
bool suppress_image_exec_at_start;
setstr_t suppress_image_exec_by_ident;
setstr_t suppress_image_exec_by_path;
setstr_t suppress_image_exec_by_ancestor_ident;
setstr_t suppress_image_exec_by_ancestor_path;
setstr_t suppress_process_access_by_subject_ident;
setstr_t suppress_process_access_by_subject_path;
bool suppress_socket_op_localhost;
setstr_t suppress_socket_op_by_subject_ident;
setstr_t suppress_socket_op_by_subject_path;
} config_t;
config_t * config_new(const char *) MALLOC;
void config_free(config_t *) NONNULL(1);
int config_str(config_t *, const char *, const char *) NONNULL(1,2,3) WUNRES;
int config_kextlevel(config_t *, const char *) NONNULL(1,2);
const char * config_kextlevel_s(config_t *) NONNULL(1);
int config_envlevel(config_t *, const char *) NONNULL(1,2);
const char * config_envlevel_s(config_t *) NONNULL(1);
char * config_events_s(config_t *) NONNULL(1);
#endif