/** main **/
int main(int argc, char **argv)
{
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
char *agent_id = NULL;
int gid = 0;
int uid = 0;
int c = 0, info_agent = 0, update_rootcheck = 0,
list_agents = 0, show_last = 0,
resolved_only = 0;
int active_only = 0, csv_output = 0;
char shost[512];
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
while((c = getopt(argc, argv, "VhqrDdLlcsu:i:")) != -1)
{
switch(c){
case 'V':
print_version();
break;
case 'h':
helpmsg();
break;
case 'D':
nowDebug();
break;
case 'l':
list_agents++;
break;
case 's':
csv_output = 1;
break;
case 'c':
active_only++;
break;
case 'r':
resolved_only = 1;
break;
case 'q':
resolved_only = 2;
break;
case 'L':
show_last = 1;
break;
case 'i':
info_agent++;
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
break;
case 'u':
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
update_rootcheck = 1;
break;
default:
helpmsg();
break;
}
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(gid < 0)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir);
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
/* Getting servers hostname */
memset(shost, '\0', 512);
if(gethostname(shost, 512 -1) != 0)
{
strncpy(shost, "localhost", 32);
return(0);
}
/* Listing available agents. */
if(list_agents)
{
if(!csv_output)
{
printf("\nOSSEC HIDS %s. List of available agents:",
ARGV0);
printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, "
"Active/Local\n", shost);
}
else
{
printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
}
print_agents(1, active_only, csv_output);
printf("\n");
exit(0);
}
/* Update rootcheck database. */
if(update_rootcheck)
{
/* Cleaning all agents (and server) db. */
if(strcmp(agent_id, "all") == 0)
{
DIR *sys_dir;
struct dirent *entry;
sys_dir = opendir(ROOTCHECK_DIR);
if(!sys_dir)
{
ErrorExit("%s: Unable to open: '%s'", ARGV0, ROOTCHECK_DIR);
}
while((entry = readdir(sys_dir)) != NULL)
{
FILE *fp;
char full_path[OS_MAXSTR +1];
/* Do not even attempt to delete . and .. :) */
if((strcmp(entry->d_name,".") == 0)||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
snprintf(full_path, OS_MAXSTR,"%s/%s", ROOTCHECK_DIR,
entry->d_name);
fp = fopen(full_path, "w");
if(fp)
{
fclose(fp);
}
if(entry->d_name[0] == '.')
{
unlink(full_path);
}
}
closedir(sys_dir);
printf("\n** Policy and auditing database updated.\n\n");
exit(0);
}
else if((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0))
{
char final_dir[1024];
FILE *fp;
snprintf(final_dir, 1020, "/%s/rootcheck", ROOTCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
unlink(final_dir);
printf("\n** Policy and auditing database updated.\n\n");
exit(0);
}
/* Database from remote agents. */
else
{
int i;
keystore keys;
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, agent_id);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
/* Deleting syscheck */
delete_rootcheck(keys.keyentries[i]->name,
keys.keyentries[i]->ip->ip, 0);
printf("\n** Policy and auditing database updated.\n\n");
exit(0);
}
}
/* Printing information from an agent. */
if(info_agent)
{
int i;
char final_ip[128 +1];
char final_mask[128 +1];
keystore keys;
if((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0))
{
if(!csv_output)
printf("\nPolicy and auditing events for local system '%s - %s':\n",
shost, "127.0.0.1");
print_rootcheck(NULL,
NULL, NULL, resolved_only, csv_output, show_last);
}
else
{
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, agent_id);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
/* Getting netmask from ip. */
final_ip[128] = '\0';
final_mask[128] = '\0';
getNetmask(keys.keyentries[i]->ip->netmask,
final_mask, 128);
snprintf(final_ip, 128, "%s%s",keys.keyentries[i]->ip->ip,
final_mask);
if(!csv_output)
printf("\nPolicy and auditing events for agent "
"'%s (%s) - %s':\n",
keys.keyentries[i]->name, keys.keyentries[i]->id,
final_ip);
print_rootcheck(keys.keyentries[i]->name,
keys.keyentries[i]->ip->ip, NULL,
resolved_only, csv_output, show_last);
}
exit(0);
}
printf("\n** Invalid argument combination.\n");
helpmsg();
return(0);
}
int main(int argc, char **argv)
{
int c, test_config = 0,run_foreground = 0;
int uid = 0,gid = 0;
/* Using MAILUSER (read only) */
char *dir = DEFAULTDIR;
char *user = MAILUSER;
char *group = GROUPGLOBAL;
char *cfg = DEFAULTCPATH;
/* Database Structure */
SyslogConfig **syslog_config = NULL;
/* Setting the name */
OS_SetName(ARGV0);
while((c = getopt(argc, argv, "vVdhtfu:g:D:c:")) != -1) {
switch(c) {
case 'V':
print_version();
break;
case 'v':
print_version();
break;
case 'h':
help(ARGV0);
break;
case 'd':
nowDebug();
break;
case 'f':
run_foreground = 1;
break;
case 'u':
if(!optarg)
ErrorExit("%s: -u needs an argument",ARGV0);
user=optarg;
break;
case 'g':
if(!optarg)
ErrorExit("%s: -g needs an argument",ARGV0);
group=optarg;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help(ARGV0);
break;
}
}
/* Starting daemon */
debug1(STARTED_MSG, ARGV0);
/* Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Reading configuration */
syslog_config = OS_ReadSyslogConf(test_config, cfg, syslog_config);
/* Getting servers hostname */
memset(__shost, '\0', 512);
if(gethostname(__shost, 512 -1) != 0)
{
ErrorExit("%s: ERROR: gethostname() failed", ARGV0);
}
else
{
char *ltmp;
/* Remove domain part if available */
ltmp = strchr(__shost, '.');
if(ltmp)
*ltmp = '\0';
}
/* Exit here if test config is set */
if(test_config)
exit(0);
if (!run_foreground)
{
/* Going on daemon mode */
nowDaemon();
goDaemon();
}
/* Not configured */
if(!syslog_config || !syslog_config[0])
{
verbose("%s: INFO: Remote syslog server not configured. "
"Clean exit.", ARGV0);
exit(0);
}
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
/* Now on chroot */
nowChroot();
/* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
/* Basic start up completed. */
debug1(PRIVSEP_MSG,ARGV0,dir,user);
/* Signal manipulation */
StartSIG(ARGV0);
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR, ARGV0);
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* the real daemon now */
OS_CSyslogD(syslog_config);
exit(0);
}
/* AgentdStart v0.2, 2005/11/09
* Starts the agent daemon.
*/
void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
{
int rc = 0;
int pid = 0;
int maxfd = 0;
fd_set fdset;
struct timeval fdtimeout;
pid = getpid();
available_server = 0;
/* Going Daemon */
if (!run_foreground)
{
nowDaemon();
goDaemonLight();
}
/* Setting group ID */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR, ARGV0, group);
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR, ARGV0, dir);
nowChroot();
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR, ARGV0, user);
/* Create the queue. In this case we are going to create
* and read from it
* Exit if fails.
*/
if((agt->m_queue = StartMQ(DEFAULTQUEUE, READ)) < 0)
ErrorExit(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno));
maxfd = agt->m_queue;
agt->sock = -1;
/* Creating PID file */
if(CreatePID(ARGV0, getpid()) < 0)
merror(PID_ERROR,ARGV0);
/* Reading the private keys */
verbose(ENC_READ, ARGV0);
OS_ReadKeys(&keys);
OS_StartCounter(&keys);
/* cmoraes : changed the following call to
os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id);
*/
os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id,
agt->profile);
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* Initial random numbers */
#ifdef __OpenBSD__
srandomdev();
#else
srandom( time(0) + getpid()+ pid + getppid());
#endif
random();
/* Connecting UDP */
rc = 0;
while(rc < agt->rip_id)
{
verbose("%s: INFO: Server IP Address: %s", ARGV0, agt->rip[rc]);
rc++;
}
/* Trying to connect to the server */
if(!connect_server(0))
{
ErrorExit(UNABLE_CONN, ARGV0);
}
/* Setting max fd for select */
if(agt->sock > maxfd)
{
maxfd = agt->sock;
}
/* Connecting to the execd queue */
if(agt->execdq == 0)
{
if((agt->execdq = StartMQ(EXECQUEUE, WRITE)) < 0)
{
merror("%s: INFO: Unable to connect to the active response "
"queue (disabled).", ARGV0);
agt->execdq = -1;
}
}
/* Trying to connect to server */
os_setwait();
start_agent(1);
os_delwait();
/* Sending integrity message for agent configs */
intcheck_file(OSSECCONF, dir);
intcheck_file(OSSEC_DEFINES, dir);
/* Sending first notification */
run_notify();
/* Maxfd must be higher socket +1 */
maxfd++;
/* monitor loop */
while(1)
{
/* Monitoring all available sockets from here */
FD_ZERO(&fdset);
FD_SET(agt->sock, &fdset);
FD_SET(agt->m_queue, &fdset);
fdtimeout.tv_sec = 1;
fdtimeout.tv_usec = 0;
/* Continuously send notifications */
run_notify();
/* Wait with a timeout for any descriptor */
rc = select(maxfd, &fdset, NULL, NULL, &fdtimeout);
if(rc == -1)
{
ErrorExit(SELECT_ERROR, ARGV0);
}
else if(rc == 0)
{
continue;
}
/* For the receiver */
if(FD_ISSET(agt->sock, &fdset))
{
receive_msg();
}
/* For the forwarder */
if(FD_ISSET(agt->m_queue, &fdset))
{
EventForward();
}
}
}
/** main **/
int main(int argc, char **argv)
{
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
char *agent_id = NULL;
char *ip_address = NULL;
char *ar = NULL;
int arq = 0;
int gid = 0;
int uid = 0;
int c = 0, restart_syscheck = 0, restart_all_agents = 0, list_agents = 0;
int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0;
int list_responses = 0, end_time = 0, restart_agent = 0;
char shost[512];
keystore keys;
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
while((c = getopt(argc, argv, "VehdlLcsaru:i:b:f:R:")) != -1)
{
switch(c){
case 'V':
print_version();
break;
case 'h':
helpmsg();
break;
case 'd':
nowDebug();
break;
case 'L':
list_responses = 1;
break;
case 'e':
end_time = 1;
break;
case 'r':
restart_syscheck = 1;
break;
case 'l':
list_agents++;
break;
case 's':
csv_output = 1;
break;
case 'c':
active_only++;
break;
case 'i':
info_agent++;
case 'u':
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
break;
case 'b':
if(!optarg)
{
merror("%s: -b needs an argument",ARGV0);
helpmsg();
}
ip_address = optarg;
break;
case 'f':
if(!optarg)
{
merror("%s: -e needs an argument",ARGV0);
helpmsg();
}
ar = optarg;
break;
case 'R':
if(!optarg)
{
merror("%s: -R needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
restart_agent = 1;
case 'a':
restart_all_agents = 1;
break;
default:
helpmsg();
break;
}
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(gid < 0)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir);
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
/* Getting servers hostname */
memset(shost, '\0', 512);
if(gethostname(shost, 512 -1) != 0)
{
strncpy(shost, "localhost", 32);
return(0);
}
/* Listing responses. */
if(list_responses)
{
FILE *fp;
if(!csv_output)
{
printf("\nOSSEC HIDS %s. Available active responses:\n", ARGV0);
}
fp = fopen(DEFAULTAR, "r");
if(fp)
{
char buffer[256];
while(fgets(buffer, 255, fp) != NULL)
{
char *r_name;
char *r_cmd;
char *r_timeout;
r_name = buffer;
r_cmd = strchr(buffer, ' ');
if(!r_cmd)
continue;
*r_cmd = '\0';
r_cmd++;
if(*r_cmd == '-')
r_cmd++;
if(*r_cmd == ' ')
r_cmd++;
r_timeout = strchr(r_cmd, ' ');
if(!r_timeout)
continue;
*r_timeout = '\0';
if(strcmp(r_name, "restart-ossec0") == 0)
{
continue;
}
printf("\n Response name: %s, command: %s", r_name, r_cmd);
}
printf("\n\n");
fclose(fp);
}
else
{
printf("\n No active response available.\n\n");
}
exit(0);
}
/* Listing available agents. */
if(list_agents)
{
if(!csv_output)
{
printf("\nOSSEC HIDS %s. List of available agents:",
ARGV0);
printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, Active/Local\n",
shost);
}
else
{
printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
}
print_agents(1, active_only, csv_output);
printf("\n");
exit(0);
}
/* Checking if the provided ID is valid. */
if(agent_id != NULL)
{
if(strcmp(agent_id, "000") != 0)
{
OS_ReadKeys(&keys);
agt_id = OS_IsAllowedID(&keys, agent_id);
if(agt_id < 0)
{
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
}
else
{
/* server. */
agt_id = -1;
}
}
/* Printing information from an agent. */
if(info_agent)
{
int agt_status = 0;
char final_ip[IPSIZE + 4];
agent_info *agt_info;
final_ip[(sizeof final_ip) - 1] = '\0';
if(!csv_output)
printf("\nOSSEC HIDS %s. Agent information:", ARGV0);
if(agt_id != -1)
{
agt_status = get_agent_status(keys.keyentries[agt_id]->name,
keys.keyentries[agt_id]->ip->ip);
agt_info = get_agent_info(keys.keyentries[agt_id]->name,
keys.keyentries[agt_id]->ip->ip);
/* Getting full address/prefix length from ip. */
snprintf(final_ip, sizeof final_ip, "%s/%u",
keys.keyentries[agt_id]->ip->ip,
keys.keyentries[agt_id]->ip->prefixlength);
if(!csv_output)
{
printf("\n Agent ID: %s\n", keys.keyentries[agt_id]->id);
printf(" Agent Name: %s\n", keys.keyentries[agt_id]->name);
printf(" IP address: %s\n", final_ip);
printf(" Status: %s\n\n",print_agent_status(agt_status));
}
else
{
printf("%s,%s,%s,%s,",
keys.keyentries[agt_id]->id,
keys.keyentries[agt_id]->name,
final_ip,
print_agent_status(agt_status));
}
}
else
{
agt_status = get_agent_status(NULL, NULL);
agt_info = get_agent_info(NULL, "127.0.0.1");
if(!csv_output)
{
printf("\n Agent ID: 000 (local instance)\n");
printf(" Agent Name: %s\n", shost);
printf(" IP address: 127.0.0.1\n");
printf(" Status: %s/Local\n\n",print_agent_status(agt_status));
}
else
{
printf("000,%s,127.0.0.1,%s/Local,",
shost,
print_agent_status(agt_status));
}
}
if(!csv_output)
{
printf(" Operating system: %s\n", agt_info->os);
printf(" Client version: %s\n", agt_info->version);
printf(" Last keep alive: %s\n\n", agt_info->last_keepalive);
if(end_time)
{
printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
printf(" Syscheck last ended at: %s\n", agt_info->syscheck_endtime);
printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
printf(" Rootcheck last ended at: %s\n\n", agt_info->rootcheck_endtime);
}
else
{
printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
}
}
else
{
printf("%s,%s,%s,%s,%s,\n",
agt_info->os,
agt_info->version,
agt_info->last_keepalive,
agt_info->syscheck_time,
agt_info->rootcheck_time);
}
exit(0);
}
/* Restarting syscheck every where. */
if(restart_all_agents && restart_syscheck)
{
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
/* Sending restart message to all agents. */
if(send_msg_to_agent(arq, HC_SK_RESTART, NULL, NULL) == 0)
{
printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on all agents.",
ARGV0);
}
else
{
printf("\n** Unable to restart syscheck on all agents.\n");
exit(1);
}
exit(0);
}
if(restart_syscheck && agent_id)
{
/* Restart on the server. */
if(strcmp(agent_id, "000") == 0)
{
os_set_restart_syscheck();
printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck "
"locally.\n", ARGV0);
exit(0);
}
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
if(send_msg_to_agent(arq, HC_SK_RESTART, agent_id, NULL) == 0)
{
printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on agent: %s\n",
ARGV0, agent_id);
}
else
{
printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
exit(1);
}
exit(0);
}
if(restart_agent && agent_id)
{
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
if(send_msg_to_agent(arq, "restart-ossec0", agent_id, "null") == 0)
{
printf("\nOSSEC HIDS %s: Restarting agent: %s\n",
ARGV0, agent_id);
}
else
{
printf("\n** Unable to restart agent: %s\n", agent_id);
exit(1);
}
exit(0);
}
/* running active response on the specified agent id. */
if(ip_address && ar && agent_id)
{
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
if(send_msg_to_agent(arq, ar, agent_id, ip_address) == 0)
{
printf("\nOSSEC HIDS %s: Running active response '%s' on: %s\n",
ARGV0, ar, agent_id);
}
else
{
printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
exit(1);
}
exit(0);
}
printf("\n** Invalid argument combination.\n");
helpmsg();
return(0);
}
/** main **/
int main(int argc, char **argv)
{
int clear_daily = 0;
int clear_weekly = 0;
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
int gid;
int uid;
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc != 2)
{
helpmsg();
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(gid < 0)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir);
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
/* User options */
if(strcmp(argv[1], "-h") == 0)
{
helpmsg();
}
else if(strcmp(argv[1], "-a") == 0)
{
clear_daily = 1;
clear_weekly = 1;
}
else if(strcmp(argv[1], "-d") == 0)
{
clear_daily = 1;
}
else if(strcmp(argv[1], "-w") == 0)
{
clear_weekly = 1;
}
else
{
printf("\n** Invalid option '%s'.\n", argv[1]);
helpmsg();
}
/* Clear daily files */
if(clear_daily)
{
char *daily_dir = STATQUEUE;
DIR *daily;
struct dirent *entry;
daily = opendir(daily_dir);
if(!daily)
{
ErrorExit("%s: Unable to open: '%s'", ARGV0, daily_dir);
}
while((entry = readdir(daily)) != NULL)
{
char full_path[OS_MAXSTR +1];
/* Do not even attempt to delete . and .. :) */
if((strcmp(entry->d_name,".") == 0)||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
/* Remove file */
full_path[OS_MAXSTR] = '\0';
snprintf(full_path, OS_MAXSTR, "%s/%s", daily_dir, entry->d_name);
unlink(full_path);
}
closedir(daily);
}
/* Clear weekly averages */
if(clear_weekly)
{
int i = 0;
while(i <= 6)
{
char *daily_dir = STATWQUEUE;
char dir_path[OS_MAXSTR +1];
DIR *daily;
struct dirent *entry;
snprintf(dir_path, OS_MAXSTR, "%s/%d", daily_dir, i);
daily = opendir(dir_path);
if(!daily)
{
ErrorExit("%s: Unable to open: '%s' (no stats)",
ARGV0, dir_path);
}
while((entry = readdir(daily)) != NULL)
{
char full_path[OS_MAXSTR +1];
/* Do not even attempt to delete . and .. :) */
if((strcmp(entry->d_name,".") == 0)||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
/* Remove file */
full_path[OS_MAXSTR] = '\0';
snprintf(full_path, OS_MAXSTR, "%s/%s", dir_path,
entry->d_name);
unlink(full_path);
}
i++;
closedir(daily);
}
}
printf("\n** Internal stats clear.\n\n");
return(0);
}
/** void HandleRemote(int position, int uid) v0.2 2005/11/09
* Handle remote connections
* v0.2, 2005/11/09
* v0.1, 2004/7/30
*/
void HandleRemote(int position, int uid)
{
/* If syslog connection and allowips is not defined, exit */
if(logr.conn[position] == SYSLOG_CONN)
{
if(logr.allowips == NULL)
{
ErrorExit(NO_SYSLOG, ARGV0);
}
else
{
os_ip **tmp_ips;
tmp_ips = logr.allowips;
while(*tmp_ips)
{
verbose("%s: Remote syslog allowed from: '%s'",
ARGV0, (*tmp_ips)->ip);
tmp_ips++;
}
}
}
/* Bind TCP */
if(logr.proto[position] == TCP_PROTO)
{
if((logr.sock =
OS_Bindporttcp(logr.port[position],logr.lip[position], logr.ipv6[position])) < 0)
{
ErrorExit(BIND_ERROR, ARGV0, logr.port[position]);
}
}
else
{
/* Using UDP. Fast, unreliable.. perfect */
if((logr.sock =
OS_Bindportudp(logr.port[position], logr.lip[position], logr.ipv6[position])) < 0)
{
ErrorExit(BIND_ERROR, ARGV0, logr.port[position]);
}
}
/* Revoking the privileges */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR,ARGV0, REMUSER);
}
/* Creating PID */
if(CreatePID(ARGV0, getpid()) < 0)
{
ErrorExit(PID_ERROR,ARGV0);
}
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* If Secure connection, deal with it */
if(logr.conn[position] == SECURE_CONN)
{
HandleSecure();
}
else if(logr.proto[position] == TCP_PROTO)
{
HandleSyslogTCP();
}
/* If not, deal with syslog */
else
{
HandleSyslog();
}
return;
}
int main(int argc, char **argv)
{
int c, test_config = 0,run_foreground = 0;
int uid = 0,gid = 0;
const char *dir = DEFAULTDIR;
const char *user = MAILUSER;
const char *group = GROUPGLOBAL;
const char *cfg = DEFAULTCPATH;
/* Mail Structure */
MailConfig mail;
/* Setting the name */
OS_SetName(ARGV0);
while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){
switch(c){
case 'V':
print_version();
break;
case 'h':
help_maild();
break;
case 'd':
nowDebug();
break;
case 'f':
run_foreground = 1;
break;
case 'u':
if(!optarg)
ErrorExit("%s: -u needs an argument",ARGV0);
user=optarg;
break;
case 'g':
if(!optarg)
ErrorExit("%s: -g needs an argument",ARGV0);
group=optarg;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help_maild();
break;
}
}
/* Starting daemon */
debug1(STARTED_MSG,ARGV0);
/*Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
ErrorExit(USER_ERROR,ARGV0,user,group);
/* Reading configuration */
if(MailConf(test_config, cfg, &mail) < 0)
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
/* Reading internal options */
mail.strict_checking = getDefine_Int("maild",
"strict_checking",
0, 1);
/* Get groupping */
mail.groupping = getDefine_Int("maild",
"groupping",
0, 1);
/* Getting subject type */
mail.subject_full = getDefine_Int("maild",
"full_subject",
0, 1);
#ifdef GEOIP
/* Get GeoIP */
mail.geoip = getDefine_Int("maild",
"geoip",
0, 1);
#endif
/* Exit here if test config is set */
if(test_config)
exit(0);
if(!run_foreground)
{
nowDaemon();
goDaemon();
}
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
nowChroot();
/* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
debug1(PRIVSEP_MSG,ARGV0,dir,user);
/* Signal manipulation */
StartSIG(ARGV0);
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR, ARGV0);
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* the real daemon now */
OS_Run(&mail);
}
int main(int argc, char **argv)
{
int c, test_config = 0;
int uid=0,gid=0;
int do_chroot = 0;
char *dir = DEFAULTDIR;
char *user = USER;
char *group = GROUPGLOBAL;
char *cfg = DEFAULTCPATH;
char *filter_by = NULL;
char *filter_value = NULL;
char *related_of = NULL;
char *related_values = NULL;
report_filter r_filter;
/* Setting the name */
OS_SetName(ARGV0);
r_filter.group = NULL;
r_filter.rule = NULL;
r_filter.level = NULL;
r_filter.location = NULL;
r_filter.srcip = NULL;
r_filter.user = NULL;
r_filter.files = NULL;
r_filter.show_alerts = 0;
r_filter.related_group = 0;
r_filter.related_rule = 0;
r_filter.related_level = 0;
r_filter.related_location = 0;
r_filter.related_srcip = 0;
r_filter.related_user = 0;
r_filter.related_file = 0;
r_filter.report_name = NULL;
while((c = getopt(argc, argv, "Vdhstu:g:D:c:f:v:n:r:NC")) != -1)
{
switch(c){
case 'V':
print_version();
break;
case 'h':
report_help();
break;
case 'd':
nowDebug();
break;
case 'n':
if(!optarg)
ErrorExit("%s: -n needs an argument",ARGV0);
r_filter.report_name = optarg;
break;
case 'r':
if(!optarg || !argv[optind])
ErrorExit("%s: -r needs two argument",ARGV0);
related_of = optarg;
related_values = argv[optind];
if(os_report_configfilter(related_of, related_values,
&r_filter, REPORT_RELATED) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, "user argument");
}
optind++;
break;
case 'f':
if(!optarg)
ErrorExit("%s: -f needs two argument",ARGV0);
filter_by = optarg;
filter_value = argv[optind];
if(os_report_configfilter(filter_by, filter_value,
&r_filter, REPORT_FILTER) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, "user argument");
}
optind++;
break;
case 'u':
if(!optarg)
ErrorExit("%s: -u needs an argument",ARGV0);
user=optarg;
break;
case 'g':
if(!optarg)
ErrorExit("%s: -g needs an argument",ARGV0);
group=optarg;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
case 's':
r_filter.show_alerts = 1;
break;
case 'N':
do_chroot = 0;
break;
case 'C':
do_chroot = 1;
break;
default:
report_help();
break;
}
}
/* Starting daemon */
debug1(STARTED_MSG,ARGV0);
/* Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
ErrorExit(USER_ERROR,ARGV0,user,group);
/* Exit here if test config is set */
if(test_config)
exit(0);
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
/* chrooting */
if (do_chroot) {
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
nowChroot();
} else {
chdir(dir);
}
/* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
debug1(PRIVSEP_MSG,ARGV0,dir,user);
/* Signal manipulation */
StartSIG(ARGV0);
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* the real stuff now */
os_ReportdStart(&r_filter);
exit(0);
}
int main_analysisd(int argc, char **argv)
#endif
{
int c = 0, m_queue = 0, test_config = 0,run_foreground = 0;
int debug_level = 0;
char *dir = DEFAULTDIR;
char *user = USER;
char *group = GROUPGLOBAL;
int uid = 0,gid = 0;
char *cfg = DEFAULTCPATH;
/* Setting the name */
OS_SetName(ARGV0);
thishour = 0;
today = 0;
prev_year = 0;
memset(prev_month, '\0', 4);
hourly_alerts = 0;
hourly_events = 0;
hourly_syscheck = 0;
hourly_firewall = 0;
while((c = getopt(argc, argv, "Vtdhfu:g:D:c:")) != -1){
switch(c){
case 'V':
print_version();
break;
case 'h':
help_analysisd();
break;
case 'd':
nowDebug();
debug_level = 1;
break;
case 'f':
run_foreground = 1;
break;
case 'u':
if(!optarg)
ErrorExit("%s: -u needs an argument",ARGV0);
user = optarg;
break;
case 'g':
if(!optarg)
ErrorExit("%s: -g needs an argument",ARGV0);
group = optarg;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir = optarg;
break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help_analysisd();
break;
}
}
/* Check current debug_level
* Command line setting takes precedence
*/
if (debug_level == 0)
{
/* Getting debug level */
debug_level = getDefine_Int("analysisd", "debug", 0, 2);
while(debug_level != 0)
{
nowDebug();
debug_level--;
}
}
/* Starting daemon */
debug1(STARTED_MSG,ARGV0);
DEBUG_MSG("%s: DEBUG: Starting on debug mode - %d ", ARGV0, (int)time(0));
/*Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
ErrorExit(USER_ERROR,ARGV0,user,group);
/* Found user */
debug1(FOUND_USER, ARGV0);
/* Initializing Active response */
AR_Init();
if(AR_ReadConfig(cfg) < 0)
{
ErrorExit(CONFIG_ERROR,ARGV0, cfg);
}
debug1(ASINIT, ARGV0);
/* Reading configuration file */
if(GlobalConf(cfg) < 0)
{
ErrorExit(CONFIG_ERROR,ARGV0, cfg);
}
debug1(READ_CONFIG, ARGV0);
/* Fixing Config.ar */
Config.ar = ar_flag;
if(Config.ar == -1)
Config.ar = 0;
/* Getting servers hostname */
memset(__shost, '\0', 512);
if(gethostname(__shost, 512 -1) != 0)
{
strncpy(__shost, OSSEC_SERVER, 512 -1);
}
else
{
char *_ltmp;
/* Remove domain part if available */
_ltmp = strchr(__shost, '.');
if(_ltmp)
*_ltmp = '\0';
}
/* going on Daemon mode */
if(!test_config && !run_foreground)
{
nowDaemon();
goDaemon();
}
/* Starting prelude */
#ifdef PRELUDE
if(Config.prelude)
{
prelude_start(Config.prelude_profile, argc, argv);
}
#endif
/* Starting zeromq */
#ifdef ZEROMQ_OUTPUT
if(Config.zeromq_output)
{
zeromq_output_start(Config.zeromq_output_uri, argc, argv);
}
#endif
/* Opening the Picviz socket */
if(Config.picviz)
{
OS_PicvizOpen(Config.picviz_socket);
if(chown(Config.picviz_socket, uid, gid) == -1)
{
ErrorExit(CHOWN_ERROR, ARGV0, Config.picviz_socket);
}
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
/* Chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
nowChroot();
/*
* Anonymous Section: Load rules, decoders, and lists
*
* As lists require two pass loading of rules that make use of list lookups
* are created with blank database structs, and need to be filled in after
* completion of all rules and lists.
*/
{
{
/* Initializing the decoders list */
OS_CreateOSDecoderList();
if(!Config.decoders)
{ /* Legacy loading */
/* Reading decoders */
if(!ReadDecodeXML(XML_DECODER))
{
ErrorExit(CONFIG_ERROR, ARGV0, XML_DECODER);
}
/* Reading local ones. */
c = ReadDecodeXML(XML_LDECODER);
if(!c)
{
if((c != -2))
ErrorExit(CONFIG_ERROR, ARGV0, XML_LDECODER);
}
else
{
if(!test_config)
verbose("%s: INFO: Reading local decoder file.", ARGV0);
}
}
else
{ /* New loaded based on file speified in ossec.conf */
char **decodersfiles;
decodersfiles = Config.decoders;
while( decodersfiles && *decodersfiles)
{
if(!test_config)
verbose("%s: INFO: Reading decoder file %s.", ARGV0, *decodersfiles);
if(!ReadDecodeXML(*decodersfiles))
ErrorExit(CONFIG_ERROR, ARGV0, *decodersfiles);
free(*decodersfiles);
decodersfiles++;
}
}
/* Load decoders */
SetDecodeXML();
}
{ /* Load Lists */
/* Initializing the lists of list struct */
Lists_OP_CreateLists();
/* Load each list into list struct */
{
char **listfiles;
listfiles = Config.lists;
while(listfiles && *listfiles)
{
if(!test_config)
verbose("%s: INFO: Reading loading the lists file: '%s'", ARGV0, *listfiles);
if(Lists_OP_LoadList(*listfiles) < 0)
ErrorExit(LISTS_ERROR, ARGV0, *listfiles);
free(*listfiles);
listfiles++;
}
free(Config.lists);
Config.lists = NULL;
}
}
{ /* Load Rules */
/* Creating the rules list */
Rules_OP_CreateRules();
/* Reading the rules */
{
char **rulesfiles;
rulesfiles = Config.includes;
while(rulesfiles && *rulesfiles)
{
if(!test_config)
verbose("%s: INFO: Reading rules file: '%s'", ARGV0, *rulesfiles);
if(Rules_OP_ReadRules(*rulesfiles) < 0)
ErrorExit(RULES_ERROR, ARGV0, *rulesfiles);
free(*rulesfiles);
rulesfiles++;
}
free(Config.includes);
Config.includes = NULL;
}
/* Find all rules with that require list lookups and attache the
* the correct list struct to the rule. This keeps rules from having to
* search thought the list of lists for the correct file during rule evaluation.
*/
OS_ListLoadRules();
}
}
/* Fixing the levels/accuracy */
{
int total_rules;
RuleNode *tmp_node = OS_GetFirstRule();
total_rules = _setlevels(tmp_node, 0);
if(!test_config)
verbose("%s: INFO: Total rules enabled: '%d'", ARGV0, total_rules);
}
/* Creating a rules hash (for reading alerts from other servers). */
{
RuleNode *tmp_node = OS_GetFirstRule();
Config.g_rules_hash = OSHash_Create();
if(!Config.g_rules_hash)
{
ErrorExit(MEM_ERROR, ARGV0);
}
AddHash_Rule(tmp_node);
}
/* Ignored files on syscheck */
{
char **files;
files = Config.syscheck_ignore;
while(files && *files)
{
if(!test_config)
verbose("%s: INFO: Ignoring file: '%s'", ARGV0, *files);
files++;
}
}
/* Checking if log_fw is enabled. */
Config.logfw = getDefine_Int("analysisd",
"log_fw",
0, 1);
/* Success on the configuration test */
if(test_config)
exit(0);
/* Verbose message */
debug1(PRIVSEP_MSG, ARGV0, dir, user);
/* Signal manipulation */
StartSIG(ARGV0);
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
/* Creating the PID file */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
/* Setting the queue */
if((m_queue = StartMQ(DEFAULTQUEUE,READ)) < 0)
ErrorExit(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno));
/* White list */
if(Config.white_list == NULL)
{
if(Config.ar)
verbose("%s: INFO: No IP in the white list for active reponse.", ARGV0);
}
else
{
if(Config.ar)
{
os_ip **wl;
int wlc = 0;
wl = Config.white_list;
while(*wl)
{
verbose("%s: INFO: White listing IP: '%s'",ARGV0, (*wl)->ip);
wl++;wlc++;
}
verbose("%s: INFO: %d IPs in the white list for active response.",
ARGV0, wlc);
}
}
/* Hostname White list */
if(Config.hostname_white_list == NULL)
{
if(Config.ar)
verbose("%s: INFO: No Hostname in the white list for active reponse.",
ARGV0);
}
else
{
if(Config.ar)
{
int wlc = 0;
OSMatch **wl;
wl = Config.hostname_white_list;
while(*wl)
{
char **tmp_pts = (*wl)->patterns;
while(*tmp_pts)
{
verbose("%s: INFO: White listing Hostname: '%s'",ARGV0,*tmp_pts);
wlc++;
tmp_pts++;
}
wl++;
}
verbose("%s: INFO: %d Hostname(s) in the white list for active response.",
ARGV0, wlc);
}
}
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* Going to main loop */
OS_ReadMSG(m_queue);
if (Config.picviz)
{
OS_PicvizClose();
}
exit(0);
}
/** main **/
int main(int argc, char **argv)
{
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
char *msg;
char **agent_list;
int gid;
int uid;
int flag = 0;
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(gid < 0)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir);
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
/* User options */
if(strcmp(argv[1], "-h") == 0)
{
helpmsg();
}
else if(strcmp(argv[1], "-a") == 0)
{
flag = GA_ALL;
msg = "is available.";
}
else if(strcmp(argv[1], "-c") == 0)
{
flag = GA_ACTIVE;
msg = "is active.";
}
else if(strcmp(argv[1], "-n") == 0)
{
flag = GA_NOTACTIVE;
msg = "is not active.";
}
else
{
printf("\n** Invalid option '%s'.\n", argv[1]);
helpmsg();
}
agent_list = get_agents(flag);
if(agent_list)
{
char **agent_list_pt = agent_list;
while(*agent_list)
{
printf("%s %s\n", *agent_list, msg);
agent_list++;
}
free_agents(agent_list_pt);
}
else
{
printf("** No agent available.\n");
}
return(0);
}
/** main **/
int main(int argc, char **argv)
{
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
int gid;
int uid;
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(gid < 0)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir);
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
/* User options */
if(strcmp(argv[1], "-h") == 0)
{
helpmsg();
}
else if(strcmp(argv[1], "-l") == 0)
{
printf("\nOSSEC HIDS %s: Updates the integrity check database.",
ARGV0);
print_agents(0, 0, 0);
printf("\n");
exit(0);
}
else if(strcmp(argv[1], "-u") == 0)
{
if(argc != 3)
{
printf("\n** Option -u requires an extra argument\n");
helpmsg();
}
}
else if(strcmp(argv[1], "-a") == 0)
{
DIR *sys_dir;
struct dirent *entry;
sys_dir = opendir(SYSCHECK_DIR);
if(!sys_dir)
{
ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR);
}
while((entry = readdir(sys_dir)) != NULL)
{
FILE *fp;
char full_path[OS_MAXSTR +1];
/* Do not even attempt to delete . and .. :) */
if((strcmp(entry->d_name,".") == 0)||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR, entry->d_name);
fp = fopen(full_path, "w");
if(fp)
{
fclose(fp);
}
if(entry->d_name[0] == '.')
{
unlink(full_path);
}
}
closedir(sys_dir);
printf("\n** Integrity check database updated.\n\n");
exit(0);
}
else
{
printf("\n** Invalid option '%s'.\n", argv[1]);
helpmsg();
}
/* local */
if(strcmp(argv[2],"local") == 0)
{
char final_dir[1024];
FILE *fp;
snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
unlink(final_dir);
/* Deleting cpt file */
snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
/* unlink(final_dir); */
}
/* external agents */
else
{
int i;
keystore keys;
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, argv[2]);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", argv[2]);
helpmsg();
}
/* Deleting syscheck */
delete_syscheck(keys.keyentries[i]->name,keys.keyentries[i]->ip->ip,0);
}
printf("\n** Integrity check database updated.\n\n");
return(0);
}
int main(int argc, char **argv)
{
int test_config = 0;
int c = 0;
char *ut_str = NULL;
const char *dir = DEFAULTDIR;
const char *cfg = DEFAULTCPATH;
const char *user = USER;
const char *group = GROUPGLOBAL;
uid_t uid;
gid_t gid;
int quiet = 0;
/* Set the name */
OS_SetName(ARGV0);
thishour = 0;
today = 0;
prev_year = 0;
full_output = 0;
alert_only = 0;
active_responses = NULL;
memset(prev_month, '\0', 4);
#ifdef LIBGEOIP_ENABLED
geoipdb = NULL;
#endif
while ((c = getopt(argc, argv, "VatvdhU:D:c:q")) != -1) {
switch (c) {
case 'V':
print_version();
break;
case 't':
test_config = 1;
break;
case 'h':
help_logtest();
break;
case 'd':
nowDebug();
break;
case 'U':
if (!optarg) {
ErrorExit("%s: -U needs an argument", ARGV0);
}
ut_str = optarg;
break;
case 'D':
if (!optarg) {
ErrorExit("%s: -D needs an argument", ARGV0);
}
dir = optarg;
break;
case 'c':
if (!optarg) {
ErrorExit("%s: -c needs an argument", ARGV0);
}
cfg = optarg;
break;
case 'a':
alert_only = 1;
break;
case 'q':
quiet = 1;
break;
case 'v':
full_output = 1;
break;
default:
help_logtest();
break;
}
}
/* Read configuration file */
if (GlobalConf(cfg) < 0) {
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
debug1(READ_CONFIG, ARGV0);
#ifdef LIBGEOIP_ENABLED
Config.geoip_jsonout = getDefine_Int("analysisd", "geoip_jsonout", 0, 1);
/* Opening GeoIP DB */
if(Config.geoipdb_file) {
geoipdb = GeoIP_open(Config.geoipdb_file, GEOIP_INDEX_CACHE);
if (geoipdb == NULL)
{
merror("%s: Unable to open GeoIP database from: %s (disabling GeoIP).", ARGV0, Config.geoipdb_file);
}
}
#endif
/* Get server hostname */
memset(__shost, '\0', 512);
if (gethostname(__shost, 512 - 1) != 0) {
strncpy(__shost, OSSEC_SERVER, 512 - 1);
} else {
char *_ltmp;
/* Remove domain part if available */
_ltmp = strchr(__shost, '.');
if (_ltmp) {
*_ltmp = '\0';
}
}
/* Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if (uid == (uid_t) - 1 || gid == (gid_t) - 1) {
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Set the group */
if (Privsep_SetGroup(gid) < 0) {
ErrorExit(SETGID_ERROR, ARGV0, group, errno, strerror(errno));
}
/* Chroot */
if (Privsep_Chroot(dir) < 0) {
ErrorExit(CHROOT_ERROR, ARGV0, dir, errno, strerror(errno));
}
nowChroot();
/*
* Anonymous Section: Load rules, decoders, and lists
*
* As lists require two pass loading of rules that make use of list lookups
* are created with blank database structs, and need to be filled in after
* completion of all rules and lists.
*/
{
{
/* Load decoders */
/* Initialize the decoders list */
OS_CreateOSDecoderList();
if (!Config.decoders) {
/* Legacy loading */
/* Read decoders */
if (!ReadDecodeXML("etc/decoder.xml")) {
ErrorExit(CONFIG_ERROR, ARGV0, XML_DECODER);
}
/* Read local ones */
c = ReadDecodeXML("etc/local_decoder.xml");
if (!c) {
if ((c != -2)) {
ErrorExit(CONFIG_ERROR, ARGV0, XML_LDECODER);
}
} else {
verbose("%s: INFO: Reading local decoder file.", ARGV0);
}
} else {
/* New loaded based on file specified in ossec.conf */
char **decodersfiles;
decodersfiles = Config.decoders;
while ( decodersfiles && *decodersfiles) {
if(!quiet) {
verbose("%s: INFO: Reading decoder file %s.", ARGV0, *decodersfiles);
}
if (!ReadDecodeXML(*decodersfiles)) {
ErrorExit(CONFIG_ERROR, ARGV0, *decodersfiles);
}
free(*decodersfiles);
decodersfiles++;
}
}
/* Load decoders */
SetDecodeXML();
}
{
/* Load Lists */
/* Initialize the lists of list struct */
Lists_OP_CreateLists();
/* Load each list into list struct */
{
char **listfiles;
listfiles = Config.lists;
while (listfiles && *listfiles) {
verbose("%s: INFO: Reading the lists file: '%s'", ARGV0, *listfiles);
if (Lists_OP_LoadList(*listfiles) < 0) {
ErrorExit(LISTS_ERROR, ARGV0, *listfiles);
}
free(*listfiles);
listfiles++;
}
free(Config.lists);
Config.lists = NULL;
}
}
{
/* Load Rules */
/* Create the rules list */
Rules_OP_CreateRules();
/* Read the rules */
{
char **rulesfiles;
rulesfiles = Config.includes;
while (rulesfiles && *rulesfiles) {
debug1("%s: INFO: Reading rules file: '%s'", ARGV0, *rulesfiles);
if (Rules_OP_ReadRules(*rulesfiles) < 0) {
ErrorExit(RULES_ERROR, ARGV0, *rulesfiles);
}
free(*rulesfiles);
rulesfiles++;
}
free(Config.includes);
Config.includes = NULL;
}
/* Find all rules with that require list lookups and attache the
* the correct list struct to the rule. This keeps rules from
* having to search thought the list of lists for the correct file
* during rule evaluation.
*/
OS_ListLoadRules();
}
}
/* Fix the levels/accuracy */
{
int total_rules;
RuleNode *tmp_node = OS_GetFirstRule();
total_rules = _setlevels(tmp_node, 0);
debug1("%s: INFO: Total rules enabled: '%d'", ARGV0, total_rules);
}
/* Creating a rules hash (for reading alerts from other servers) */
{
RuleNode *tmp_node = OS_GetFirstRule();
Config.g_rules_hash = OSHash_Create();
if (!Config.g_rules_hash) {
ErrorExit(MEM_ERROR, ARGV0, errno, strerror(errno));
}
AddHash_Rule(tmp_node);
}
if (test_config == 1) {
exit(0);
}
/* Set the user */
if (Privsep_SetUser(uid) < 0) {
ErrorExit(SETUID_ERROR, ARGV0, user, errno, strerror(errno));
}
/* Start up message */
verbose(STARTUP_MSG, ARGV0, getpid());
/* Going to main loop */
OS_ReadMSG(ut_str);
exit(0);
}
int main(int argc, char **argv)
{
int c, test_config = 0, run_foreground = 0;
int uid=0,gid=0;
char *dir = DEFAULTDIR;
char *user = USER;
char *group = GROUPGLOBAL;
char *cfg = DEFAULTCPATH;
/* Initializing global variables */
mond.a_queue = 0;
/* Setting the name */
OS_SetName(ARGV0);
while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){
switch(c){
case 'V':
print_version();
break;
case 'h':
help(ARGV0);
break;
case 'd':
nowDebug();
break;
case 'f':
run_foreground = 1;
break;
case 'u':
if(!optarg)
ErrorExit("%s: -u needs an argument",ARGV0);
user=optarg;
break;
case 'g':
if(!optarg)
ErrorExit("%s: -g needs an argument",ARGV0);
group=optarg;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help(ARGV0);
break;
}
}
/* Starting daemon */
debug1(STARTED_MSG,ARGV0);
/*Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
ErrorExit(USER_ERROR,ARGV0,user,group);
/* Getting config options */
mond.day_wait = getDefine_Int("monitord",
"day_wait",
5,240);
mond.compress = getDefine_Int("monitord",
"compress",
0,1);
mond.sign = getDefine_Int("monitord","sign",0,1);
mond.monitor_agents = getDefine_Int("monitord","monitor_agents",0,1);
mond.agents = NULL;
mond.smtpserver = NULL;
mond.emailfrom = NULL;
c = 0;
c|= CREPORTS;
if(ReadConfig(c, cfg, &mond, NULL) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
/* If we have any reports configured, read smtp/emailfrom */
if(mond.reports)
{
OS_XML xml;
char *tmpsmtp;
char *(xml_smtp[])={"ossec_config", "global", "smtp_server", NULL};
char *(xml_from[])={"ossec_config", "global", "email_from", NULL};
if(OS_ReadXML(cfg, &xml) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
tmpsmtp = OS_GetOneContentforElement(&xml,xml_smtp);
mond.emailfrom = OS_GetOneContentforElement(&xml,xml_from);
if(tmpsmtp && mond.emailfrom)
{
mond.smtpserver = OS_GetHost(tmpsmtp, 5);
if(!mond.smtpserver)
{
merror(INVALID_SMTP, ARGV0, tmpsmtp);
if(mond.emailfrom) free(mond.emailfrom);
mond.emailfrom = NULL;
merror("%s: Invalid SMTP server. Disabling email reports.", ARGV0);
}
}
else
{
if(tmpsmtp) free(tmpsmtp);
if(mond.emailfrom) free(mond.emailfrom);
mond.emailfrom = NULL;
merror("%s: SMTP server or 'email from' missing. Disabling email reports.", ARGV0);
}
OS_ClearXML(&xml);
}
/* Exit here if test config is set */
if(test_config)
exit(0);
if (!run_foreground)
{
/* Going on daemon mode */
nowDaemon();
goDaemon();
}
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
nowChroot();
/* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
debug1(PRIVSEP_MSG,ARGV0,dir,user);
/* Signal manipulation */
StartSIG(ARGV0);
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* the real daemon now */
Monitord();
exit(0);
}
