Beispiel #1
0
/* Check if key changed */
int OS_CheckUpdateKeys(const keystore *keys)
{
    if (keys->file_change !=  File_DateofChange(KEYS_FILE)) {
        return (1);
    }
    return (0);
}
Beispiel #2
0
/* int OS_CheckKeys():
 * Checks if the authentication key file is present
 */
int OS_CheckKeys()
{
    FILE *fp;

    if(File_DateofChange(KEYSFILE_PATH) < 0)
    {
        merror(NO_AUTHFILE, __local_name, KEYSFILE_PATH);
        merror(NO_REM_CONN, __local_name);
        return(0);
    }

    fp = fopen(KEYSFILE_PATH, "r");
    if(!fp)
    {
        /* We can leave from here */
        merror(FOPEN_ERROR, __local_name, KEYSFILE_PATH, errno, strerror(errno));
        merror(NO_AUTHFILE, __local_name, KEYSFILE_PATH);
        merror(NO_REM_CONN, __local_name);
        return(0);
    }

    fclose(fp);


    /* Authentication keys are present */
    return(1);
}
Beispiel #3
0
int DeletePID(const char *name)
{
    char file[256];

    if (isChroot()) {
        snprintf(file, 255, "%s/%s-%d.pid", OS_PIDFILE, name, (int)getpid());
    } else {
        snprintf(file, 255, "%s%s/%s-%d.pid", DEFAULTDIR,
                 OS_PIDFILE, name, (int)getpid());
    }

    if (File_DateofChange(file) < 0) {
        return (-1);
    }

    if (unlink(file)) {
        log2file(
            DELETE_ERROR,
            __local_name,
            file,
            errno,
            strerror(errno)
        );
    }

    return (0);
}
Beispiel #4
0
int DeletePID(char *name)
{
    char file[256];
    
    if(isChroot())
    {
        snprintf(file,255,"%s/%s-%d.pid",OS_PIDFILE,name,(int)getpid());
    }
    else
    {
        snprintf(file,255,"%s%s/%s-%d.pid",DEFAULTDIR,
                OS_PIDFILE,name,(int)getpid());
    }

    if(File_DateofChange(file) < 0)
        return(-1);
    
    unlink(file);	
    
    return(0);
}
Beispiel #5
0
/* Update the keys if changed */
int OS_UpdateKeys(keystore *keys)
{
    if (keys->file_change !=  File_DateofChange(KEYS_FILE)) {
        merror(ENCFILE_CHANGED, __local_name);
        debug1("%s: DEBUG: Freekeys", __local_name);

        OS_FreeKeys(keys);
        debug1("%s: DEBUG: OS_ReadKeys", __local_name);

        /* Read keys */
        verbose(ENC_READ, __local_name);

        OS_ReadKeys(keys);
        debug1("%s: DEBUG: OS_StartCounter", __local_name);

        OS_StartCounter(keys);
        debug1("%s: DEBUG: OS_UpdateKeys completed", __local_name);

        return (1);
    }
    return (0);
}
Beispiel #6
0
/* run_notify: Send periodically notification to server */
void run_notify()
{
    char keep_alive_random[1024];
    char tmp_msg[OS_SIZE_1024 +1];
    char *uname;
    char *shared_files;
    os_md5 md5sum;


    keep_alive_random[0] = '\0';

    time_t curr_time;

    curr_time = time(0);


    #ifndef ONEWAY
    /* Check if the server has responded */
    if((curr_time - available_server) > (3*NOTIFY_TIME))
    {
        /* If response is not available, set lock and
         * wait for it.
         */
        verbose(SERVER_UNAV, ARGV0);
        os_setwait();

        /* Send sync message */
        start_agent(0);

        verbose(SERVER_UP, ARGV0);
        os_delwait();
    }
    #endif


    /* Check if time has elapsed */
    if((curr_time - g_saved_time) < (NOTIFY_TIME - 120))
    {
        return;
    }
    g_saved_time = curr_time;
    
    debug1("%s: DEBUG: Sending agent notification.", ARGV0);


    /* Send the message.
     * Message is going to be the 
     * uname\n checksum file\n checksum file\n 
     */   

    /* Getting uname */
    uname = getuname();
    if(!uname)
    {
        merror(MEM_ERROR,ARGV0);
        return;
    }


    /* get shared files */
    shared_files = getsharedfiles();
    if(!shared_files)
    {
        shared_files = strdup("\0");
        if(!shared_files)
        {
            free(uname);
            merror(MEM_ERROR,ARGV0);
            return;
        }
    }

    rand_keepalive_str2(keep_alive_random, 700);


    /* creating message */
    if((File_DateofChange(AGENTCONFIGINT) > 0 ) &&
       (OS_MD5_File(AGENTCONFIGINT, md5sum) == 0))
    {
        snprintf(tmp_msg, OS_SIZE_1024, "#!-%s / %s\n%s\n%s",
                 uname, md5sum, shared_files, keep_alive_random);
    }
    else
    {
        snprintf(tmp_msg, OS_SIZE_1024, "#!-%s\n%s\n%s",
                 uname, shared_files, keep_alive_random);
    }


    /* Sending status message */
    send_msg(0, tmp_msg);


    free(uname);
    free(shared_files);

    return;
}
Beispiel #7
0
/* int Start_win32_Syscheck()
 * syscheck main for windows
 */
int Start_win32_Syscheck()
{
    int r = 0;
    char *cfg = DEFAULTCPATH;


    /* Zeroing the structure */
    syscheck.workdir = DEFAULTDIR;


    /* Checking if the configuration is present */
    if(File_DateofChange(cfg) < 0)
        ErrorExit(NO_CONFIG, ARGV0, cfg);


    /* Read syscheck config */
    if((r = Read_Syscheck_Config(cfg)) < 0)
    {
        ErrorExit(CONFIG_ERROR, ARGV0, cfg);
    }
    /* Disabled */
    else if((r == 1) || (syscheck.disabled == 1))
    {
        if(!syscheck.dir)
        {
            merror(SK_NO_DIR, ARGV0);
            dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
        }
        else if(!syscheck.dir[0])
        {
            merror(SK_NO_DIR, ARGV0);
        }
        syscheck.dir[0] = NULL;

        if(!syscheck.registry)
        {
            dump_syscheck_entry(&syscheck, "", 0, 1, NULL);
        }
        syscheck.registry[0] = NULL;

        merror("%s: WARN: Syscheck disabled.", ARGV0);
    }


    /* Reading internal options */
    read_internal();


    /* Rootcheck config */
    if(rootcheck_init(0) == 0)
    {
        syscheck.rootcheck = 1;
    }
    else
    {
        syscheck.rootcheck = 0;
        merror("%s: WARN: Rootcheck module disabled.", ARGV0);
    }
                                                            


    /* Printing options */
    r = 0;
    while(syscheck.registry[r] != NULL)
    {
        verbose("%s: INFO: Monitoring registry entry: '%s'.", 
                ARGV0, syscheck.registry[r]);
        r++;
    }
    
    r = 0;
    while(syscheck.dir[r] != NULL)
    {
        verbose("%s: INFO: Monitoring directory: '%s'.",
                ARGV0, syscheck.dir[r]);
        r++;
    }


    /* Start up message */
    verbose(STARTUP_MSG, ARGV0, getpid());
            
        
        
    /* Some sync time */
    sleep(syscheck.tsleep + 10);


    /* Waiting if agent started properly. */
    os_wait();

    
    start_daemon();


    exit(0);
}
Beispiel #8
0
int main(int argc, char **argv)
{
    int c,r;
    int test_config = 0,run_foreground = 0;
    
    char *cfg = DEFAULTCPATH;
    
    
    /* Zeroing the structure */
    syscheck.workdir = NULL;


    /* Setting the name */
    OS_SetName(ARGV0);
        
    
    while((c = getopt(argc, argv, "VtdhfD:c:")) != -1)
    {
        switch(c)
        {
            case 'V':
                print_version();
                break;
            case 'h':
                help(ARGV0);
                break;
            case 'd':
                nowDebug();
                break;
            case 'f':
                run_foreground = 1;
                break;
            case 'D':
                if(!optarg)
                    ErrorExit("%s: -D needs an argument",ARGV0);
                syscheck.workdir = optarg;
                break;
            case 'c':
                if(!optarg)
                    ErrorExit("%s: -c needs an argument",ARGV0);
                cfg = optarg;
                break;
            case 't':
                test_config = 1;
                break;        
            default:
                help(ARGV0);
                break;   
        }
    }


    /* Checking if the configuration is present */
    if(File_DateofChange(cfg) < 0)
        ErrorExit(NO_CONFIG, ARGV0, cfg);


    /* Read syscheck config */
    if((r = Read_Syscheck_Config(cfg)) < 0)
    {
        ErrorExit(CONFIG_ERROR, ARGV0, cfg);
    }
    else if((r == 1) || (syscheck.disabled == 1))
    {
        if(!syscheck.dir)
        {
            if(!test_config)
                merror(SK_NO_DIR, ARGV0);
            dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
        }
        else if(!syscheck.dir[0])
        {
            if(!test_config)
                merror(SK_NO_DIR, ARGV0);
        }
        syscheck.dir[0] = NULL;
        if(!test_config)
        {
            merror("%s: WARN: Syscheck disabled.", ARGV0);
        }
    }


    /* Reading internal options */
    read_internal();
        
    

    /* Rootcheck config */
    if(rootcheck_init(test_config) == 0)
    {
        syscheck.rootcheck = 1;
    }
    else
    {
        syscheck.rootcheck = 0;
        merror("%s: WARN: Rootcheck module disabled.", ARGV0);
    }

        
    /* Exit if testing config */
    if(test_config)
        exit(0);

        
    /* Setting default values */
    if(syscheck.workdir == NULL)
        syscheck.workdir = DEFAULTDIR;


    if(!run_foreground) 
    {
        nowDaemon();
        goDaemon();
    }
   
    /* Initial time to settle */
    sleep(syscheck.tsleep + 2); 
    
    
    /* Connect to the queue  */
    if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
    {   
        merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));

        sleep(5);
        if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
        {
            /* more 10 seconds of wait.. */
            merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
            sleep(10);
            if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
                ErrorExit(QUEUE_FATAL,ARGV0,DEFAULTQPATH);
        }
    }


    /* Start the signal handling */
    StartSIG(ARGV0);
    

    /* Creating pid */
    if(CreatePID(ARGV0, getpid()) < 0)
        merror(PID_ERROR,ARGV0);


    /* Start up message */
    verbose(STARTUP_MSG, ARGV0, (int)getpid());

    if(syscheck.rootcheck)
    {
        verbose(STARTUP_MSG, "ossec-rootcheck", (int)getpid());
    }


    /* Printing directories to be monitored. */
    r = 0;
    while(syscheck.dir[r] != NULL)
    {
        verbose("%s: INFO: Monitoring directory: '%s'.",
                ARGV0, syscheck.dir[r]);
        r++;
    }

    /* Checking directories set for real time. */
    r = 0;
    while(syscheck.dir[r] != NULL)
    {
        if(syscheck.opts[r] & CHECK_REALTIME)
        {
            #ifdef USEINOTIFY
            verbose("%s: INFO: Directory set for real time monitoring: "
                    "'%s'.", ARGV0, syscheck.dir[r]);
            #elif WIN32
            verbose("%s: INFO: Directory set for real time monitoring: "
                    "'%s'.", ARGV0, syscheck.dir[r]);
            #else
            verbose("%s: WARN: Ignoring flag for real time monitoring on "
                    "directory: '%s'.", ARGV0, syscheck.dir[r]);
            #endif
        }
        r++;
    }
        
    
    /* Some sync time */
    sleep(syscheck.tsleep + 10);


    /* Start the daemon */
    start_daemon();

    return(0);        
}
Beispiel #9
0
/* syscheck main for Windows */
int Start_win32_Syscheck()
{
    int debug_level = 0;
    int r = 0;
    char *cfg = DEFAULTCPATH;

    /* Read internal options */
    read_internal(debug_level);

    debug1(STARTED_MSG, ARGV0);

    /* Check if the configuration is present */
    if (File_DateofChange(cfg) < 0) {
        ErrorExit(NO_CONFIG, ARGV0, cfg);
    }

    /* Read syscheck config */
    if ((r = Read_Syscheck_Config(cfg)) < 0) {
        ErrorExit(CONFIG_ERROR, ARGV0, cfg);
    } else if ((r == 1) || (syscheck.disabled == 1)) {
        /* Disabled */
        if (!syscheck.dir) {
            merror(SK_NO_DIR, ARGV0);
            dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
        } else if (!syscheck.dir[0]) {
            merror(SK_NO_DIR, ARGV0);
        }
        syscheck.dir[0] = NULL;

        if (!syscheck.registry) {
            dump_syscheck_entry(&syscheck, "", 0, 1, NULL);
        }
        syscheck.registry[0].entry = NULL;

        merror("%s: WARN: Syscheck disabled.", ARGV0);
    }

    /* Rootcheck config */
    if (rootcheck_init(0) == 0) {
        syscheck.rootcheck = 1;
    } else {
        syscheck.rootcheck = 0;
        merror("%s: WARN: Rootcheck module disabled.", ARGV0);
    }

    /* Print options */
    r = 0;
    while (syscheck.registry[r].entry != NULL) {
        verbose("%s: INFO: Monitoring registry entry: '%s%s'.",
                ARGV0, syscheck.registry[r].entry, syscheck.registry[r].arch == ARCH_64BIT ? " [x64]" : "");
        r++;
    }

    /* Print directories to be monitored */
    r = 0;
    while (syscheck.dir[r] != NULL) {
	char optstr[ 100 ];
        verbose("%s: INFO: Monitoring directory: '%s', with options %s.",
	    ARGV0, syscheck.dir[r],
	    syscheck_opts2str(optstr, sizeof( optstr ), syscheck.opts[r]));
        r++;
    }

    /* Print ignores. */
    if(syscheck.ignore)
	for (r = 0; syscheck.ignore[r] != NULL; r++)
	    verbose("%s: INFO: ignoring: '%s'",
		ARGV0, syscheck.ignore[r]);

    /* Print files with no diff. */
    if (syscheck.nodiff){
        r = 0;
        while (syscheck.nodiff[r] != NULL) {
            verbose("%s: INFO: No diff for file: '%s'",
                    ARGV0, syscheck.nodiff[r]);
            r++;
        }
    }

    /* Start up message */
    verbose(STARTUP_MSG, ARGV0, getpid());

    /* Some sync time */
    sleep(syscheck.tsleep + 10);

    /* Wait if agent started properly */
    os_wait();

    start_daemon();

    exit(0);
}
Beispiel #10
0
/* Syscheck unix main */
int main(int argc, char **argv)
{
    int c, r;
    int debug_level = 0;
    int test_config = 0, run_foreground = 0;
    const char *cfg = DEFAULTCPATH;

    /* Set the name */
    OS_SetName(ARGV0);

    while ((c = getopt(argc, argv, "Vtdhfc:")) != -1) {
        switch (c) {
            case 'V':
                print_version();
                break;
            case 'h':
                help_syscheckd();
                break;
            case 'd':
                nowDebug();
                debug_level ++;
                break;
            case 'f':
                run_foreground = 1;
                break;
            case 'c':
                if (!optarg) {
                    ErrorExit("%s: -c needs an argument", ARGV0);
                }
                cfg = optarg;
                break;
            case 't':
                test_config = 1;
                break;
            default:
                help_syscheckd();
                break;
        }
    }

    /* Read internal options */
    read_internal(debug_level);

    debug1(STARTED_MSG, ARGV0);

    /* Check if the configuration is present */
    if (File_DateofChange(cfg) < 0) {
        ErrorExit(NO_CONFIG, ARGV0, cfg);
    }

    /* Read syscheck config */
    if ((r = Read_Syscheck_Config(cfg)) < 0) {
        ErrorExit(CONFIG_ERROR, ARGV0, cfg);
    } else if ((r == 1) || (syscheck.disabled == 1)) {
        if (!syscheck.dir) {
            if (!test_config) {
                merror(SK_NO_DIR, ARGV0);
            }
            dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
        } else if (!syscheck.dir[0]) {
            if (!test_config) {
                merror(SK_NO_DIR, ARGV0);
            }
        }
        syscheck.dir[0] = NULL;
        if (!test_config) {
            merror("%s: WARN: Syscheck disabled.", ARGV0);
        }
    }

    /* Rootcheck config */
    if (rootcheck_init(test_config) == 0) {
        syscheck.rootcheck = 1;
    } else {
        syscheck.rootcheck = 0;
        merror("%s: WARN: Rootcheck module disabled.", ARGV0);
    }

    /* Exit if testing config */
    if (test_config) {
        exit(0);
    }

    /* Setup libmagic */
#ifdef USE_MAGIC
    init_magic(&magic_cookie);
#endif

    if (!run_foreground) {
        nowDaemon();
        goDaemon();
    }

    /* Initial time to settle */
    sleep(syscheck.tsleep + 2);

    /* Connect to the queue */
    if ((syscheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
        merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));

        sleep(5);
        if ((syscheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
            /* more 10 seconds of wait */
            merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
            sleep(10);
            if ((syscheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
                ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
            }
        }
    }

    /* Start signal handling */
    StartSIG(ARGV0);

    /* Create pid */
    if (CreatePID(ARGV0, getpid()) < 0) {
        ErrorExit(PID_ERROR, ARGV0);
    }

    /* Start up message */
    verbose(STARTUP_MSG, ARGV0, (int)getpid());

    if (syscheck.rootcheck) {
        verbose(STARTUP_MSG, "ossec-rootcheck", (int)getpid());
    }

    /* Print directories to be monitored */
    r = 0;
    while (syscheck.dir[r] != NULL) {
	char optstr[ 100 ];
        verbose("%s: INFO: Monitoring directory: '%s', with options %s.",
	    ARGV0, syscheck.dir[r],
	    syscheck_opts2str(optstr, sizeof( optstr ), syscheck.opts[r]));
        r++;
    }

    /* Print ignores. */
    if(syscheck.ignore)
	for (r = 0; syscheck.ignore[r] != NULL; r++)
	    verbose("%s: INFO: ignoring: '%s'",
		ARGV0, syscheck.ignore[r]);

    /* Print files with no diff. */
    if (syscheck.nodiff){
        r = 0;
        while (syscheck.nodiff[r] != NULL) {
            verbose("%s: INFO: No diff for file: '%s'",
                    ARGV0, syscheck.nodiff[r]);
            r++;
        }
    }

    /* Check directories set for real time */
    r = 0;
    while (syscheck.dir[r] != NULL) {
        if (syscheck.opts[r] & CHECK_REALTIME) {
#ifdef INOTIFY_ENABLED
            verbose("%s: INFO: Directory set for real time monitoring: "
                    "'%s'.", ARGV0, syscheck.dir[r]);
#elif defined(WIN32)
            verbose("%s: INFO: Directory set for real time monitoring: "
                    "'%s'.", ARGV0, syscheck.dir[r]);
#else
            verbose("%s: WARN: Ignoring flag for real time monitoring on "
                    "directory: '%s'.", ARGV0, syscheck.dir[r]);
#endif
        }
        r++;
    }

    /* Some sync time */
    sleep(syscheck.tsleep + 10);

    /* Start the daemon */
    start_daemon();
}
Beispiel #11
0
/* Send win32 info to server */
void send_win32_info(time_t curr_time)
{
    int msg_size;
    char tmp_msg[OS_MAXSTR +2];
    char crypt_msg[OS_MAXSTR +2];

    tmp_msg[OS_MAXSTR +1] = '\0';
    crypt_msg[OS_MAXSTR +1] = '\0';


    debug1("%s: DEBUG: Sending keep alive message.", ARGV0);
    verbose("%s Sending keep alive message....", ARGV0);

    /* fixing time */
    __win32_curr_time = curr_time;


    /* Getting uname. */
    if(!__win32_uname)
    {
        __win32_uname = getuname();
        if(!__win32_uname)
        {
            merror("%s: Error generating system information.", ARGV0);
            os_strdup("Microsoft Windows - Unknown (unable to get system info)", __win32_uname);
        }
    }


    /* Getting shared files list -- every 30 seconds only. */
    if((__win32_curr_time - __win32_shared_time) > 30)
    {
        if(__win32_shared)
        {
            free(__win32_shared);
            __win32_shared = NULL;
        }

        __win32_shared_time = __win32_curr_time;
    }


    /* get shared files */
    if(!__win32_shared)
    {
        __win32_shared = getsharedfiles();
        if(!__win32_shared)
        {
            __win32_shared = strdup("\0");
            if(!__win32_shared)
            {
                merror(MEM_ERROR, ARGV0);
                return;
            }
        }
    }



    /* creating message */
    if(File_DateofChange(AGENTCONFIGINT) > 0)
    {
        os_md5 md5sum;
        if(OS_MD5_File(AGENTCONFIGINT, md5sum) != 0)
        {
            snprintf(tmp_msg, OS_SIZE_1024, "#!-%s\n%s", __win32_uname, __win32_shared);
        }
        else
        {
            snprintf(tmp_msg, OS_SIZE_1024, "#!-%s / %s\n%s", __win32_uname, md5sum, __win32_shared);
        }
    }
    else
    {
        snprintf(tmp_msg, OS_SIZE_1024, "#!-%s\n%s", __win32_uname, __win32_shared);
    }


    /* creating message */
    debug1("%s: DEBUG: Sending keep alive: %s", ARGV0, tmp_msg);

    msg_size = CreateSecMSG(&keys, tmp_msg, crypt_msg, 0);

    if(msg_size == 0)
    {
        merror(SEC_ERROR, ARGV0);
        return;
    }

    /* Sending UDP message */
    if(OS_SendUDPbySize(logr->sock, msg_size, crypt_msg) < 0)
    {
        merror(SEND_ERROR, ARGV0, "server");
        sleep(1);
    }

    return;
}
Beispiel #12
0
/* Locally starts (after service/win init) */
int local_start()
{
    int debug_level;
    int accept_manager_commands = 0;
    char *cfg = DEFAULTCPATH;
    WSADATA wsaData;
    DWORD  threadID;
    DWORD  threadID2;


    /* Starting logr */
    logr = (agent *)calloc(1, sizeof(agent));
    if(!logr)
    {
        ErrorExit(MEM_ERROR, ARGV0);
    }
    logr->port = DEFAULT_SECURE;

    /* Getting debug level */
    debug_level = getDefine_Int("windows","debug", 0, 2);
    while(debug_level != 0)
    {
        nowDebug();
        debug_level--;
    }
    accept_manager_commands = getDefine_Int("logcollector",
                              "remote_commands", 0, 1);




    /* Configuration file not present */
    if(File_DateofChange(cfg) < 0)
        ErrorExit("%s: Configuration file '%s' not found",ARGV0,cfg);


    /* Starting Winsock */
    if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0)
    {
        ErrorExit("%s: WSAStartup() failed", ARGV0);
    }


    /* Read agent config */
    debug1("%s: DEBUG: Reading agent configuration.", ARGV0);
    if(ClientConf(cfg) < 0)
    {
        ErrorExit(CLIENT_ERROR,ARGV0);
    }
    if(logr->notify_time == 0)
    {
        logr->notify_time = NOTIFY_TIME;
    }
    if(logr->max_time_reconnect_try == 0 )
    {
      logr->max_time_reconnect_try = NOTIFY_TIME * 3;
    }
    if(logr->max_time_reconnect_try <= logr->notify_time)
    {
      logr->max_time_reconnect_try = (logr->notify_time * 3);
      verbose("%s Max time to reconnect can't be less than notify_time(%d), using notify_time*3 (%d)",ARGV0,logr->notify_time,logr->max_time_reconnect_try);
    }
    verbose("%s Using notify time: %d and max time to reconnect: %d",ARGV0,logr->notify_time,logr->max_time_reconnect_try);

    /* Reading logcollector config file */
    debug1("%s: DEBUG: Reading logcollector configuration.", ARGV0);
    if(LogCollectorConfig(cfg, accept_manager_commands) < 0)
    {
        ErrorExit(CONFIG_ERROR, ARGV0, cfg);
    }


    /* Checking auth keys */
    if(!OS_CheckKeys())
    {
        ErrorExit(AG_NOKEYS_EXIT, ARGV0);
    }



    /* If there is not file to monitor, create a clean entry
     * for the mark messages.
     */
    if(logff == NULL)
    {
        os_calloc(2, sizeof(logreader), logff);
        logff[0].file = NULL;
        logff[0].ffile = NULL;
        logff[0].logformat = NULL;
        logff[0].fp = NULL;
        logff[1].file = NULL;
        logff[1].logformat = NULL;

        merror(NO_FILE, ARGV0);
    }


    /* Reading execd config. */
    if(!WinExecd_Start())
    {
        logr->execdq = -1;
    }


    /* Reading keys */
    verbose(ENC_READ, ARGV0);

    OS_ReadKeys(&keys);
    OS_StartCounter(&keys);
    os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id, NULL);


    /* Initial random numbers */
    srandom(time(0));
    random();


    /* Socket connection */
    logr->sock = -1;
    StartMQ(NULL, 0);


    /* Starting mutex */
    debug1("%s: DEBUG: Creating thread mutex.", ARGV0);
    hMutex = CreateMutex(NULL, FALSE, NULL);
    if(hMutex == NULL)
    {
        ErrorExit("%s: Error creating mutex.", ARGV0);
    }



    /* Starting syscheck thread */
    if(CreateThread(NULL,
                    0,
                    (LPTHREAD_START_ROUTINE)skthread,
                    NULL,
                    0,
                    (LPDWORD)&threadID) == NULL)
    {
        merror(THREAD_ERROR, ARGV0);
    }



    /* Checking if server is connected */
    os_setwait();

    start_agent(1);

    os_delwait();


    /* Sending integrity message for agent configs */
    intcheck_file(cfg, "");
    intcheck_file(OSPATROL_DEFINES, "");


    /* Starting receiver thread */
    if(CreateThread(NULL,
                    0,
                    (LPTHREAD_START_ROUTINE)receiver_thread,
                    NULL,
                    0,
                    (LPDWORD)&threadID2) == NULL)
    {
        merror(THREAD_ERROR, ARGV0);
    }


    /* Sending agent information message */
    send_win32_info(time(0));


    /* Startting logcollector -- main process here */
    LogCollectorStart();

    WSACleanup();
    return(0);
}
Beispiel #13
0
/* Read the authentication keys */
void OS_ReadKeys(keystore *keys)
{
    FILE *fp;

    char buffer[OS_BUFFER_SIZE + 1];

    char name[KEYSIZE + 1];
    char ip[KEYSIZE + 1];
    char id[KEYSIZE + 1];
    char key[KEYSIZE + 1];

    /* Check if the keys file is present and we can read it */
    if ((keys->file_change = File_DateofChange(KEYS_FILE)) < 0) {
        merror(NO_AUTHFILE, __local_name, KEYS_FILE);
        ErrorExit(NO_REM_CONN, __local_name);
    }
    fp = fopen(KEYS_FILE, "r");
    if (!fp) {
        /* We can leave from here */
        merror(FOPEN_ERROR, __local_name, KEYS_FILE, errno, strerror(errno));
        ErrorExit(NO_REM_CONN, __local_name);
    }

    /* Initialize hashes */
    keys->keyhash_id = OSHash_Create();
    keys->keyhash_ip = OSHash_Create();
    if (!keys->keyhash_id || !keys->keyhash_ip) {
        ErrorExit(MEM_ERROR, __local_name, errno, strerror(errno));
    }

    /* Initialize structure */
    keys->keyentries = NULL;
    keys->keysize = 0;

    /* Zero the buffers */
    __memclear(id, name, ip, key, KEYSIZE + 1);
    memset(buffer, '\0', OS_BUFFER_SIZE + 1);

    /* Read each line. Lines are divided as "id name ip key" */
    while (fgets(buffer, OS_BUFFER_SIZE, fp) != NULL) {
        char *tmp_str;
        char *valid_str;

        if ((buffer[0] == '#') || (buffer[0] == ' ')) {
            continue;
        }

        /* Get ID */
        valid_str = buffer;
        tmp_str = strchr(buffer, ' ');
        if (!tmp_str) {
            merror(INVALID_KEY, __local_name, buffer);
            continue;
        }

        *tmp_str = '\0';
        tmp_str++;
        strncpy(id, valid_str, KEYSIZE - 1);

        /* Removed entry */
        if (*tmp_str == '#') {
            continue;
        }

        /* Get name */
        valid_str = tmp_str;
        tmp_str = strchr(tmp_str, ' ');
        if (!tmp_str) {
            merror(INVALID_KEY, __local_name, buffer);
            continue;
        }

        *tmp_str = '\0';
        tmp_str++;
        strncpy(name, valid_str, KEYSIZE - 1);

        /* Get IP address */
        valid_str = tmp_str;
        tmp_str = strchr(tmp_str, ' ');
        if (!tmp_str) {
            merror(INVALID_KEY, __local_name, buffer);
            continue;
        }

        *tmp_str = '\0';
        tmp_str++;
        strncpy(ip, valid_str, KEYSIZE - 1);

        /* Get key */
        valid_str = tmp_str;
        tmp_str = strchr(tmp_str, '\n');
        if (tmp_str) {
            *tmp_str = '\0';
        }

        strncpy(key, valid_str, KEYSIZE - 1);

        /* Generate the key hash */
        __chash(keys, id, name, ip, key);

        /* Clear the memory */
        __memclear(id, name, ip, key, KEYSIZE + 1);

        /* Check for maximum agent size */
        if (keys->keysize >= (MAX_AGENTS - 2)) {
            merror(AG_MAX_ERROR, __local_name, MAX_AGENTS - 2);
            ErrorExit(CONFIG_ERROR, __local_name, KEYS_FILE);
        }

        continue;
    }

    /* Close key file */
    fclose(fp);

    /* Clear one last time before leaving */
    __memclear(id, name, ip, key, KEYSIZE + 1);

    /* Check if there are any agents available */
    if (keys->keysize == 0) {
        merror(NO_REM_CONN, __local_name);
    }

    /* Add additional entry for sender == keysize */
    os_calloc(1, sizeof(keyentry), keys->keyentries[keys->keysize]);

    return;
}
Beispiel #14
0
int doDiff(RuleInfo *rule, Eventinfo *lf)
{
    time_t date_of_change;
    char *htpt = NULL;
    char flastfile[OS_SIZE_2048 + 1];
    static char flastcontent[OS_SIZE_8192 + 1];

    /* Clean up global */
    flastcontent[0] = '\0';
    flastcontent[OS_SIZE_8192] = '\0';
    rule->last_events[0] = NULL;

    if (lf->hostname[0] == '(') {
        htpt = strchr(lf->hostname, ')');
        if (htpt) {
            *htpt = '\0';
        }
#ifndef TESTRULE
        snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname + 1, rule->sigid, DIFF_LAST_FILE);
#else
        snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, DIFF_TEST_HOST, rule->sigid, DIFF_LAST_FILE);
#endif

        if (htpt) {
            *htpt = ')';
        }
        htpt = NULL;
    } else {
#ifndef TESTRULE
        snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname, rule->sigid, DIFF_LAST_FILE);
#else
        snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, DIFF_TEST_HOST, rule->sigid, DIFF_LAST_FILE);
#endif
    }

    /* lf->size can't be too long */
    if (lf->size >= OS_SIZE_8192) {
        merror("%s: ERROR: event size (%zd) too long for diff.", ARGV0, lf->size);
        return (0);
    }

    /* Check if last diff exists */
    date_of_change = File_DateofChange(flastfile);
    if (date_of_change <= 0) {
        if (!_add2last(lf->log, lf->size, flastfile)) {
            merror("%s: ERROR: unable to create last file: %s", ARGV0, flastfile);
            return (0);
        }
        return (0);
    } else {
        FILE *fp;
        size_t n;
        fp = fopen(flastfile, "r");
        if (!fp) {
            merror(FOPEN_ERROR, ARGV0, flastfile, errno, strerror(errno));
            return (0);
        }

        n = fread(flastcontent, 1, OS_SIZE_8192, fp);
        if (n > 0) {
            flastcontent[n] = '\0';
        } else {
            merror("%s: ERROR: read error on %s", ARGV0, flastfile);
            fclose(fp);
            return (0);
        }
        fclose(fp);
    }

    /* Nothing changed */
    if (strcmp(flastcontent, lf->log) == 0) {
        return (0);
    }

    if (!_add2last(lf->log, lf->size, flastfile)) {
        merror("%s: ERROR: unable to create last file: %s", ARGV0, flastfile);
    }

    rule->last_events[0] = "Previous output:";
    rule->last_events[1] = flastcontent;
    lf->previous = flastcontent;

    return (1);
}
Beispiel #15
0
void Lists_OP_MakeCDB(char *txt_filename, char *cdb_filename, int force)
{
    /*
    struct stat cdb_stat;
    struct stat txt_stat;
    */
    struct cdb_make cdbm;
    FILE *tmp_fd;
    FILE *txt_fd;
    char *tmp_str;
    char *key, *val;
    char str[OS_MAXSTR+1];

    str[OS_MAXSTR]= '\0';
    char tmp_filename[OS_MAXSTR];
    tmp_filename[OS_MAXSTR - 2] = '\0';
    snprintf(tmp_filename, OS_MAXSTR - 2, "%s.tmp", txt_filename);

    /*
    if((stat(txt_filename, &txt_stat)) == -1)
        debug1("%s: stat of file %s failed", ARGV0, txt_filename);
    if((stat(cdb_filename, &cdb_stat)) == -1)
        debug1("%s: stat of file %s failed", ARGV0, cdb_filename);
        */
    if(File_DateofChange(txt_filename) > File_DateofChange(cdb_filename) ||
       force)
    {
        printf(" * File %s need to be updated\n", cdb_filename);
        tmp_fd = fopen(tmp_filename, "w+");
        cdb_make_start(&cdbm, tmp_fd);
        if(!(txt_fd = fopen(txt_filename, "r")))
        {
            merror(FOPEN_ERROR, ARGV0, txt_filename);
            return;
        }
        while((fgets(str, OS_MAXSTR-1,txt_fd)) != NULL)
        {
            /* Removing new lines or carriage returns. */
            tmp_str = strchr(str, '\r');
            if(tmp_str)
                *tmp_str = '\0';
            tmp_str = strchr(str, '\n');
            if(tmp_str)
                *tmp_str = '\0';
            if((val = strchr(str, ':')))
            {
                *val = '\0';
                val++;
            }
            else
            {
                continue;
            }
            key = str;
            cdb_make_add(&cdbm, key, strlen(key), val, strlen(val));
            if(force) print_out("  * adding - key: %s value: %s",key,val);
        }
        cdb_make_finish(&cdbm);
        rename(tmp_filename,cdb_filename);
    }
    else
    {
        printf(" * File %s does not need to be compiled\n", cdb_filename);
    }
}