summaryrefslogtreecommitdiff
path: root/src/libimcv/imv
diff options
context:
space:
mode:
Diffstat (limited to 'src/libimcv/imv')
-rw-r--r--src/libimcv/imv/data.sql118
-rw-r--r--src/libimcv/imv/imv_policy_manager.c25
-rw-r--r--src/libimcv/imv/tables.sql57
3 files changed, 140 insertions, 60 deletions
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index fb0db91ee..a872499d2 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -652,114 +652,120 @@ INSERT INTO algorithms (
8192, 'SHA384'
);
+INSERT INTO algorithms (
+ id, name
+) VALUES (
+ 4096, 'SHA512'
+);
+
/* File Hashes */
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 28, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a'
+ 2, 2, 32768, '6c6f8e12f6cbfba612e780374c4cdcd40f20968a'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 28, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07'
+ 2, 2, 16384, 'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 28, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953'
+ 2, 2, 8192, '197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 28, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361'
+ 2, 4, 32768, '3ad204f99eb7262efab79cfca02628870ea76361'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 28, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376'
+ 2, 4, 16384, '3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 28, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f'
+ 2, 4, 8192, 'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 28, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f'
+ 4, 5, 32768, 'ecd9c7076cc0572724c7a67db7f19c2831e0445f'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 28, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305'
+ 4, 5, 16384, '28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 28, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208'
+ 4, 5, 8192, '51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4'
+ 5, 1, 32768, 'd9309b9e45928239d7a7b18711e690792632cce4'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59'
+ 5, 1, 16384, 'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c'
+ 5, 1, 8192, 'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b'
+ 5, 3, 32768, '3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be'
+ 5, 3, 16384, 'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0'
+ 5, 3, 8192, 'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7'
+ 6, 5, 32768, 'e59602f4edf24c1b36199588886d06665d4adcd7'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500'
+ 6, 5, 16384, '090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500'
);
INSERT INTO file_hashes (
- product, file, algo, hash
+ version, file, algo, hash
) VALUES (
- 18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668'
+ 6, 5, 8192, '7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668'
);
/* Packages */
@@ -790,30 +796,42 @@ INSERT INTO packages ( /* 4 */
/* Versions */
-INSERT INTO versions (
+INSERT INTO versions ( /* 1 */
package, product, release, time
) VALUES (
1, 28, '1.0.1e-2', 1366531494
);
-INSERT INTO versions (
+INSERT INTO versions ( /* 2 */
package, product, release, time
) VALUES (
2, 28, '1.0.1e-2', 1366531494
);
-INSERT INTO versions (
+INSERT INTO versions ( /* 3 */
package, product, release, time
) VALUES (
3, 28, '1.0.1e-2', 1366531494
);
-INSERT INTO versions (
+INSERT INTO versions ( /* 4 */
package, product, release, time
) VALUES (
4, 28, '1.0.1e-2', 1366531494
);
+INSERT INTO versions ( /* 5 */
+ package, product, time
+) VALUES (
+ 2, 18, 1350544774
+);
+
+INSERT INTO versions ( /* 6 */
+ package, product, time
+) VALUES (
+ 4, 18, 1350544774
+);
+
/* Components */
INSERT INTO components (
@@ -1681,59 +1699,59 @@ INSERT INTO enforcements ( /* 18 */
INSERT INTO "swid_entities" ( /* 1 */
"name", "regid"
) VALUES (
- 'strongSwan Project', 'regid.2004-03.org.strongswan'
+ 'strongSwan Project', 'strongswan.org'
);
INSERT INTO swid_entities ( /* 2 */
"name", "regid"
) VALUES (
- 'Adobe Systems Inc.', 'regid.1986-12.com.adobe'
+ 'Adobe Systems Inc.', 'adobe.com'
);
INSERT INTO swid_entities ( /* 3 */
"name", "regid"
) VALUES (
- 'Microsoft Corporation', 'regid.1991-06.com.microsoft'
+ 'Microsoft Corporation', 'microsoft.com'
);
INSERT INTO swid_entities ( /* 4 */
"name", "regid"
) VALUES (
- 'Ubuntu Project', 'regid.2004-05.com.ubuntu'
+ 'Ubuntu Project', 'ubuntu.com'
);
INSERT INTO swid_entities ( /* 5 */
"name", "regid"
) VALUES (
- 'Apache Software Foundation', 'regid.1995-04.org.apache'
+ 'Apache Software Foundation', 'apache.org'
);
INSERT INTO swid_entities ( /* 6 */
"name", "regid"
) VALUES (
- 'Debian Project', 'regid.1999-03.org.debian'
+ 'Debian Project', 'debian.org'
);
INSERT INTO swid_entities ( /* 7 */
"name", "regid"
) VALUES (
- 'Internet Systems Consortium', 'regid.1994-04.org.isc'
+ 'Internet Systems Consortium', 'isc.org'
);
INSERT INTO swid_entities ( /* 8 */
"name", "regid"
) VALUES (
- 'OpenSSL Project', 'regid.1998-12.org.openssl'
+ 'OpenSSL Project', 'openssl.org'
);
INSERT INTO swid_entities ( /* 9 */
"name", "regid"
) VALUES (
- 'Samba Project', 'regid.1998-01.org.samba'
+ 'Samba Project', 'samba.org'
);
INSERT INTO swid_entities ( /* 10 */
"name", "regid"
) VALUES (
- 'SQLite Project', 'regid.2002-08.org.sqlite'
+ 'SQLite Project', 'sqlite.org'
);
diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c
index b730f8c41..1988873e9 100644
--- a/src/libimcv/imv/imv_policy_manager.c
+++ b/src/libimcv/imv/imv_policy_manager.c
@@ -130,6 +130,31 @@ static bool iterate_enforcements(database_t *db, int device_id, int session_id,
case IMV_WORKITEM_DIR_META:
arg_int = dir;
break;
+ case IMV_WORKITEM_SWID_TAGS:
+ /* software [identifier] inventory by default */
+ arg_int = 0;
+
+ /* software identifiers only? */
+ if (device_id && strchr(argument, 'R'))
+ {
+ /* get last EID in order to set earliest EID */
+ e2 = db->query(db,
+ "SELECT eid FROM swid_events where device == ? "
+ "ORDER BY eid DESC", DB_UINT, device_id, DB_INT);
+ if (e2)
+ {
+ if (e2->enumerate(e2, &arg_int))
+ {
+ arg_int++;
+ }
+ else
+ {
+ arg_int = 1;
+ }
+ e2->destroy(e2);
+ }
+ }
+ break;
default:
arg_int = 0;
}
diff --git a/src/libimcv/imv/tables.sql b/src/libimcv/imv/tables.sql
index 5c2a6563b..8bde8898f 100644
--- a/src/libimcv/imv/tables.sql
+++ b/src/libimcv/imv/tables.sql
@@ -41,11 +41,15 @@ DROP TABLE IF EXISTS file_hashes;
CREATE TABLE file_hashes (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
file INTEGER NOT NULL REFERENCES files(id),
- product INTEGER NOT NULL REFERENCES products(id),
- device INTEGER DEFAULT 0 REFERENCES devices(id),
+ version INTEGER REFERENCES versions(id),
+ device INTEGER REFERENCES devices(id),
+ size INTEGER,
algo INTEGER NOT NULL REFERENCES algorithms(id),
- hash BLOB NOT NULL
+ hash VARCHAR(64) NOT NULL,
+ mutable INTEGER DEFAULT 0
);
+DROP INDEX IF EXISTS "file_hashes_idx";
+CREATE INDEX "file_hashes_idx" ON "file_hashes" ("file", "version", "algo");
DROP TABLE IF EXISTS groups;
CREATE TABLE groups (
@@ -177,9 +181,9 @@ CREATE INDEX packages_name ON packages (
DROP TABLE IF EXISTS versions;
CREATE TABLE versions (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- package INTEGER NOT NULL REFERENCES packages(id),
product INTEGER NOT NULL REFERENCES products(id),
- release TEXT NOT NULL,
+ package INTEGER NOT NULL REFERENCES packages(id),
+ release TEXT,
security INTEGER DEFAULT 0,
blacklist INTEGER DEFAULT 0,
time INTEGER DEFAULT 0
@@ -302,14 +306,47 @@ CREATE INDEX "swid_tags_sessions_session_id" ON "swid_tags_sessions" (
DROP TABLE IF EXISTS "swid_tagstats";
CREATE TABLE "swid_tagstats" (
- "id" integer NOT NULL PRIMARY KEY,
- "tag_id" integer NOT NULL REFERENCES "swid_tags" ("id"),
- "device_id" integer NOT NULL REFERENCES "devices" ("id"),
- "first_seen_id" integer NOT NULL REFERENCES "sessions" ("id"),
- "last_seen_id" integer NOT NULL REFERENCES "sessions" ("id"),
+ "id" INTEGER NOT NULL PRIMARY KEY,
+ "tag_id" INTEGER NOT NULL REFERENCES "swid_tags" ("id"),
+ "device_id" INTEGER NOT NULL REFERENCES "devices" ("id"),
+ "first_seen_id" INTEGER NOT NULL REFERENCES "sessions" ("id"),
+ "last_seen_id" INTEGER NOT NULL REFERENCES "sessions" ("id"),
+ "first_installed_id" INTEGER REFERENCES "swid_events" ("id"),
+ "last_deleted_id" INTEGER REFERENCES "swid_events" ("id"),
UNIQUE ("tag_id", "device_id")
);
CREATE INDEX "swid_tagstats_tag_id" ON "swid_tagstats" ("tag_id");
CREATE INDEX "swid_tagstats_device_id" ON "swid_tagstats" ("device_id");
CREATE INDEX "swid_tagstats_first_seen_id" ON "swid_tagstats" ("first_seen_id");
CREATE INDEX "swid_tagstats_last_seen_id" ON "swid_tagstats" ("last_seen_id");
+
+DROP TABLE IF EXISTS "swid_events";
+CREATE TABLE "swid_events" (
+ "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ "device" INTEGER REFERENCES "devices" ("id"),
+ "epoch" INTEGER NOT NULL,
+ "eid" INTEGER NOT NULL,
+ "timestamp" CHAR(20) NOT NULL
+);
+DROP INDEX IF EXISTS "swid_events_device";
+CREATE INDEX "swid_events_device" ON "swid_events" (
+ "device"
+);
+
+DROP TABLE IF EXISTS "swid_tags_events";
+CREATE TABLE "swid_tags_events" (
+ "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ "tag_id" INTEGER NOT NULL REFERENCES "swid_tags" ("id"),
+ "event_id" INTEGER NOT NULL REFERENCES "swid_events" ("id"),
+ "action" INTEGER NOT NULL,
+ "record_id" INTEGER DEFAULT 0,
+ "source_id" INTEGER DEFAULT 0
+);
+DROP INDEX IF EXISTS "swid_tags_events_event_id";
+DROP INDEX IF EXISTS "swid_tags_events_tag_id";
+CREATE INDEX "swid_tags_events_event_id" ON "swid_tags_events" (
+ "event_id"
+);
+CREATE INDEX "swid_tags_events_tag_id" ON "swid_tags_events" (
+ "tag_id"
+);
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-17 06:57:46 +0000