/** main **/
int main(int argc, char **argv)
{
const char *dir = DEFAULTDIR;
const char *group = GROUPGLOBAL;
const char *user = USER;
const char *agent_id = NULL;
const char *fname = NULL;
gid_t gid;
uid_t uid;
int c = 0, info_agent = 0, update_syscheck = 0,
list_agents = 0, zero_counter = 0,
registry_only = 0;
int active_only = 0, csv_output = 0;
char shost[512];
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
while((c = getopt(argc, argv, "VhzrDdlcsu:i:f:")) != -1)
{
switch(c){
case 'V':
print_version();
break;
case 'h':
helpmsg();
break;
case 'D':
nowDebug();
break;
case 'l':
list_agents++;
break;
case 'z':
zero_counter = 1;
break;
case 'd':
zero_counter = 2;
break;
case 's':
csv_output = 1;
break;
case 'c':
active_only++;
break;
case 'r':
registry_only = 1;
break;
case 'i':
info_agent++;
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
break;
case 'f':
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
fname = optarg;
break;
case 'u':
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
update_syscheck = 1;
break;
default:
helpmsg();
break;
}
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(uid == (uid_t)-1 || gid == (gid_t)-1)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group, errno, strerror(errno));
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir, errno, strerror(errno));
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user, errno, strerror(errno));
}
/* Getting servers hostname */
memset(shost, '\0', 512);
if(gethostname(shost, 512 -1) != 0)
{
strncpy(shost, "localhost", 32);
return(0);
}
/* Listing available agents. */
if(list_agents)
{
if(!csv_output)
{
printf("\nOSSEC HIDS %s. List of available agents:",
ARGV0);
printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, "
"Active/Local\n", shost);
}
else
{
printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
}
print_agents(1, active_only, csv_output);
printf("\n");
exit(0);
}
/* Update syscheck database. */
if(update_syscheck)
{
/* Cleaning all agents (and server) db. */
if(strcmp(agent_id, "all") == 0)
{
DIR *sys_dir;
struct dirent *entry;
sys_dir = opendir(SYSCHECK_DIR);
if(!sys_dir)
{
ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR);
}
while((entry = readdir(sys_dir)) != NULL)
{
FILE *fp;
char full_path[OS_MAXSTR +1];
/* Do not even attempt to delete . and .. :) */
if((strcmp(entry->d_name,".") == 0)||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR,
entry->d_name);
fp = fopen(full_path, "w");
if(fp)
{
fclose(fp);
}
if(entry->d_name[0] == '.')
{
unlink(full_path);
}
}
closedir(sys_dir);
printf("\n** Integrity check database updated.\n\n");
exit(0);
}
else if((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0))
{
char final_dir[1024];
FILE *fp;
snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
unlink(final_dir);
/* Deleting cpt file */
snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
unlink(final_dir);
printf("\n** Integrity check database updated.\n\n");
exit(0);
}
/* Database from remote agents. */
else
{
int i;
keystore keys;
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, agent_id);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
/* Deleting syscheck */
delete_syscheck(keys.keyentries[i]->name,
keys.keyentries[i]->ip->ip, 0);
printf("\n** Integrity check database updated.\n\n");
exit(0);
}
}
/* Printing information from an agent. */
if(info_agent)
{
int i;
char final_ip[128 +1];
char final_mask[128 +1];
keystore keys;
if((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0))
{
printf("\nIntegrity checking changes for local system '%s - %s':\n",
shost, "127.0.0.1");
if(fname)
{
printf("Detailed information for entries matching: '%s'\n",
fname);
}
print_syscheck(NULL,
NULL, fname, 0, 0,
csv_output, zero_counter);
}
else if(strchr(agent_id, '@'))
{
if(fname)
{
printf("Detailed information for entries matching: '%s'\n",
fname);
}
print_syscheck(agent_id, NULL, fname, registry_only, 0,
csv_output, zero_counter);
}
else
{
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, agent_id);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
/* Getting netmask from ip. */
final_ip[128] = '\0';
final_mask[128] = '\0';
getNetmask(keys.keyentries[i]->ip->netmask, final_mask, 128);
snprintf(final_ip, 128, "%s%s",keys.keyentries[i]->ip->ip,
final_mask);
if(registry_only)
{
printf("\nIntegrity changes for 'Windows Registry' of"
" agent '%s (%s) - %s':\n",
keys.keyentries[i]->name, keys.keyentries[i]->id,
final_ip);
}
else
{
printf("\nIntegrity changes for agent "
"'%s (%s) - %s':\n",
keys.keyentries[i]->name, keys.keyentries[i]->id,
final_ip);
}
if(fname)
{
printf("Detailed information for entries matching: '%s'\n",
fname);
}
print_syscheck(keys.keyentries[i]->name,
keys.keyentries[i]->ip->ip, fname,
registry_only, 0, csv_output, zero_counter);
}
exit(0);
}
printf("\n** Invalid argument combination.\n");
helpmsg();
return(0);
}
/** main **/
int main(int argc, char **argv)
{
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
char *agent_id = NULL;
char *ip_address = NULL;
char *ar = NULL;
int arq = 0;
int gid = 0;
int uid = 0;
int c = 0, restart_syscheck = 0, restart_all_agents = 0, list_agents = 0;
int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0;
int list_responses = 0, end_time = 0, restart_agent = 0;
char shost[512];
keystore keys;
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
while((c = getopt(argc, argv, "VehdlLcsaru:i:b:f:R:")) != -1)
{
switch(c){
case 'V':
print_version();
break;
case 'h':
helpmsg();
break;
case 'd':
nowDebug();
break;
case 'L':
list_responses = 1;
break;
case 'e':
end_time = 1;
break;
case 'r':
restart_syscheck = 1;
break;
case 'l':
list_agents++;
break;
case 's':
csv_output = 1;
break;
case 'c':
active_only++;
break;
case 'i':
info_agent++;
case 'u':
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
break;
case 'b':
if(!optarg)
{
merror("%s: -b needs an argument",ARGV0);
helpmsg();
}
ip_address = optarg;
break;
case 'f':
if(!optarg)
{
merror("%s: -e needs an argument",ARGV0);
helpmsg();
}
ar = optarg;
break;
case 'R':
if(!optarg)
{
merror("%s: -R needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
restart_agent = 1;
case 'a':
restart_all_agents = 1;
break;
default:
helpmsg();
break;
}
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(gid < 0)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir);
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
/* Getting servers hostname */
memset(shost, '\0', 512);
if(gethostname(shost, 512 -1) != 0)
{
strncpy(shost, "localhost", 32);
return(0);
}
/* Listing responses. */
if(list_responses)
{
FILE *fp;
if(!csv_output)
{
printf("\nOSSEC HIDS %s. Available active responses:\n", ARGV0);
}
fp = fopen(DEFAULTAR, "r");
if(fp)
{
char buffer[256];
while(fgets(buffer, 255, fp) != NULL)
{
char *r_name;
char *r_cmd;
char *r_timeout;
r_name = buffer;
r_cmd = strchr(buffer, ' ');
if(!r_cmd)
continue;
*r_cmd = '\0';
r_cmd++;
if(*r_cmd == '-')
r_cmd++;
if(*r_cmd == ' ')
r_cmd++;
r_timeout = strchr(r_cmd, ' ');
if(!r_timeout)
continue;
*r_timeout = '\0';
if(strcmp(r_name, "restart-ossec0") == 0)
{
continue;
}
printf("\n Response name: %s, command: %s", r_name, r_cmd);
}
printf("\n\n");
fclose(fp);
}
else
{
printf("\n No active response available.\n\n");
}
exit(0);
}
/* Listing available agents. */
if(list_agents)
{
if(!csv_output)
{
printf("\nOSSEC HIDS %s. List of available agents:",
ARGV0);
printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, Active/Local\n",
shost);
}
else
{
printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
}
print_agents(1, active_only, csv_output);
printf("\n");
exit(0);
}
/* Checking if the provided ID is valid. */
if(agent_id != NULL)
{
if(strcmp(agent_id, "000") != 0)
{
OS_ReadKeys(&keys);
agt_id = OS_IsAllowedID(&keys, agent_id);
if(agt_id < 0)
{
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
}
else
{
/* server. */
agt_id = -1;
}
}
/* Printing information from an agent. */
if(info_agent)
{
int agt_status = 0;
char final_ip[128 +1];
char final_mask[128 +1];
agent_info *agt_info;
final_ip[128] = '\0';
final_mask[128] = '\0';
if(!csv_output)
printf("\nOSSEC HIDS %s. Agent information:", ARGV0);
if(agt_id != -1)
{
agt_status = get_agent_status(keys.keyentries[agt_id]->name,
keys.keyentries[agt_id]->ip->ip);
agt_info = get_agent_info(keys.keyentries[agt_id]->name,
keys.keyentries[agt_id]->ip->ip);
/* Getting netmask from ip. */
getNetmask(keys.keyentries[agt_id]->ip->netmask, final_mask, 128);
snprintf(final_ip, 128, "%s%s",keys.keyentries[agt_id]->ip->ip,
final_mask);
if(!csv_output)
{
printf("\n Agent ID: %s\n", keys.keyentries[agt_id]->id);
printf(" Agent Name: %s\n", keys.keyentries[agt_id]->name);
printf(" IP address: %s\n", final_ip);
printf(" Status: %s\n\n",print_agent_status(agt_status));
}
else
{
printf("%s,%s,%s,%s,",
keys.keyentries[agt_id]->id,
keys.keyentries[agt_id]->name,
final_ip,
print_agent_status(agt_status));
}
}
else
{
agt_status = get_agent_status(NULL, NULL);
agt_info = get_agent_info(NULL, "127.0.0.1");
if(!csv_output)
{
printf("\n Agent ID: 000 (local instance)\n");
printf(" Agent Name: %s\n", shost);
printf(" IP address: 127.0.0.1\n");
printf(" Status: %s/Local\n\n",print_agent_status(agt_status));
}
else
{
printf("000,%s,127.0.0.1,%s/Local,",
shost,
print_agent_status(agt_status));
}
}
if(!csv_output)
{
printf(" Operating system: %s\n", agt_info->os);
printf(" Client version: %s\n", agt_info->version);
printf(" Last keep alive: %s\n\n", agt_info->last_keepalive);
if(end_time)
{
printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
printf(" Syscheck last ended at: %s\n", agt_info->syscheck_endtime);
printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
printf(" Rootcheck last ended at: %s\n\n", agt_info->rootcheck_endtime);
}
else
{
printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
}
}
else
{
printf("%s,%s,%s,%s,%s,\n",
agt_info->os,
agt_info->version,
agt_info->last_keepalive,
agt_info->syscheck_time,
agt_info->rootcheck_time);
}
exit(0);
}
/* Restarting syscheck every where. */
if(restart_all_agents && restart_syscheck)
{
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
/* Sending restart message to all agents. */
if(send_msg_to_agent(arq, HC_SK_RESTART, NULL, NULL) == 0)
{
printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on all agents.",
ARGV0);
}
else
{
printf("\n** Unable to restart syscheck on all agents.\n");
exit(1);
}
exit(0);
}
if(restart_syscheck && agent_id)
{
/* Restart on the server. */
if(strcmp(agent_id, "000") == 0)
{
os_set_restart_syscheck();
printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck "
"locally.\n", ARGV0);
exit(0);
}
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
if(send_msg_to_agent(arq, HC_SK_RESTART, agent_id, NULL) == 0)
{
printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on agent: %s\n",
ARGV0, agent_id);
}
else
{
printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
exit(1);
}
exit(0);
}
if(restart_agent && agent_id)
{
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
if(send_msg_to_agent(arq, "restart-ossec0", agent_id, "null") == 0)
{
printf("\nOSSEC HIDS %s: Restarting agent: %s\n",
ARGV0, agent_id);
}
else
{
printf("\n** Unable to restart agent: %s\n", agent_id);
exit(1);
}
exit(0);
}
/* running active response on the specified agent id. */
if(ip_address && ar && agent_id)
{
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
if(send_msg_to_agent(arq, ar, agent_id, ip_address) == 0)
{
printf("\nOSSEC HIDS %s: Running active response '%s' on: %s\n",
ARGV0, ar, agent_id);
}
else
{
printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
exit(1);
}
exit(0);
}
printf("\n** Invalid argument combination.\n");
helpmsg();
return(0);
}
/** main **/
int main(int argc, char **argv)
{
const char *dir = DEFAULTDIR;
const char *group = GROUPGLOBAL;
const char *user = USER;
gid_t gid;
uid_t uid;
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(uid == (uid_t)-1 || gid == (gid_t)-1)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group, errno, strerror(errno));
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir, errno, strerror(errno));
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user, errno, strerror(errno));
}
/* User options */
if(strcmp(argv[1], "-h") == 0)
{
helpmsg();
}
else if(strcmp(argv[1], "-l") == 0)
{
printf("\nOSSEC HIDS %s: Updates the integrity check database.",
ARGV0);
print_agents(0, 0, 0);
printf("\n");
exit(0);
}
else if(strcmp(argv[1], "-u") == 0)
{
if(argc != 3)
{
printf("\n** Option -u requires an extra argument\n");
helpmsg();
}
}
else if(strcmp(argv[1], "-a") == 0)
{
DIR *sys_dir;
struct dirent *entry;
sys_dir = opendir(SYSCHECK_DIR);
if(!sys_dir)
{
ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR);
}
while((entry = readdir(sys_dir)) != NULL)
{
FILE *fp;
char full_path[OS_MAXSTR +1];
/* Do not even attempt to delete . and .. :) */
if((strcmp(entry->d_name,".") == 0)||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR, entry->d_name);
fp = fopen(full_path, "w");
if(fp)
{
fclose(fp);
}
if(entry->d_name[0] == '.')
{
unlink(full_path);
}
}
closedir(sys_dir);
printf("\n** Integrity check database updated.\n\n");
exit(0);
}
else
{
printf("\n** Invalid option '%s'.\n", argv[1]);
helpmsg();
}
/* local */
if(strcmp(argv[2],"local") == 0)
{
char final_dir[1024];
FILE *fp;
snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
unlink(final_dir);
/* Deleting cpt file */
snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
/* unlink(final_dir); */
}
/* external agents */
else
{
int i;
keystore keys;
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, argv[2]);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", argv[2]);
helpmsg();
}
/* Deleting syscheck */
delete_syscheck(keys.keyentries[i]->name,keys.keyentries[i]->ip->ip,0);
}
printf("\n** Integrity check database updated.\n\n");
return(0);
}
int main(int argc, char **argv)
{
const char *dir = DEFAULTDIR;
const char *group = GROUPGLOBAL;
const char *user = USER;
const char *agent_id = NULL;
gid_t gid;
uid_t uid;
int c = 0, info_agent = 0, update_rootcheck = 0,
list_agents = 0, show_last = 0,
resolved_only = 0;
int active_only = 0, csv_output = 0, json_output = 0;
char shost[512];
cJSON *json_root = NULL;
/* Set the name */
OS_SetName(ARGV0);
/* User arguments */
if (argc < 2) {
helpmsg();
}
while ((c = getopt(argc, argv, "VhqrDdLlcsju:i:")) != -1) {
switch (c) {
case 'V':
print_version();
break;
case 'h':
helpmsg();
break;
case 'D':
nowDebug();
break;
case 'l':
list_agents++;
break;
case 's':
csv_output = 1;
break;
case 'j':
json_output = 1;
break;
case 'c':
active_only++;
break;
case 'r':
resolved_only = 1;
break;
case 'q':
resolved_only = 2;
break;
case 'L':
show_last = 1;
break;
case 'i':
info_agent++;
if (!optarg) {
merror("%s: -u needs an argument", ARGV0);
helpmsg();
}
agent_id = optarg;
break;
case 'u':
if (!optarg) {
merror("%s: -u needs an argument", ARGV0);
helpmsg();
}
agent_id = optarg;
update_rootcheck = 1;
break;
default:
helpmsg();
break;
}
}
if (json_output)
json_root = cJSON_CreateObject();
/* Get the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if (uid == (uid_t) - 1 || gid == (gid_t) - 1) {
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Set the group */
if (Privsep_SetGroup(gid) < 0) {
ErrorExit(SETGID_ERROR, ARGV0, group, errno, strerror(errno));
}
/* Chroot to the default directory */
if (Privsep_Chroot(dir) < 0) {
ErrorExit(CHROOT_ERROR, ARGV0, dir, errno, strerror(errno));
}
/* Inside chroot now */
nowChroot();
/* Set the user */
if (Privsep_SetUser(uid) < 0) {
ErrorExit(SETUID_ERROR, ARGV0, user, errno, strerror(errno));
}
/* Get server hostname */
memset(shost, '\0', 512);
if (gethostname(shost, 512 - 1) != 0) {
strncpy(shost, "localhost", 32);
return (0);
}
/* List available agents */
if (list_agents) {
if (!csv_output) {
printf("\nOSSEC HIDS %s. List of available agents:",
ARGV0);
printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, "
"Active/Local\n", shost);
} else {
printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
}
print_agents(1, active_only, csv_output, 0);
printf("\n");
exit(0);
}
/* Update rootcheck database */
if (update_rootcheck) {
char json_buffer[1024];
/* Clean all agents (and server) db */
if (strcmp(agent_id, "all") == 0) {
DIR *sys_dir;
struct dirent *entry;
sys_dir = opendir(ROOTCHECK_DIR);
if (!sys_dir) {
if (json_output) {
cJSON_AddNumberToObject(json_root, "error", 11);
snprintf(json_buffer, 1023, "%s: Unable to open: '%s'", ARGV0, ROOTCHECK_DIR);
cJSON_AddStringToObject(json_root, "message", json_buffer);
printf("%s", cJSON_PrintUnformatted(json_root));
exit(1);
} else
ErrorExit("%s: Unable to open: '%s'", ARGV0, ROOTCHECK_DIR);
}
while ((entry = readdir(sys_dir)) != NULL) {
FILE *fp;
char full_path[OS_MAXSTR + 1];
/* Do not even attempt to delete . and .. :) */
if ((strcmp(entry->d_name, ".") == 0) ||
(strcmp(entry->d_name, "..") == 0)) {
continue;
}
snprintf(full_path, OS_MAXSTR, "%s/%s", ROOTCHECK_DIR,
entry->d_name);
fp = fopen(full_path, "w");
if (fp) {
fclose(fp);
}
if (entry->d_name[0] == '.') {
unlink(full_path);
}
}
closedir(sys_dir);
if (json_output) {
cJSON_AddNumberToObject(json_root, "error", 0);
cJSON_AddStringToObject(json_root, "data", "Policy and auditing database updated");
printf("%s", cJSON_PrintUnformatted(json_root));
} else
printf("\n** Policy and auditing database updated.\n\n");
exit(0);
}
else if ((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0)) {
char final_dir[1024];
FILE *fp;
snprintf(final_dir, 1020, "/%s/rootcheck", ROOTCHECK_DIR);
fp = fopen(final_dir, "w");
if (fp) {
fclose(fp);
}
unlink(final_dir);
if (json_output) {
cJSON_AddNumberToObject(json_root, "error", 0);
cJSON_AddStringToObject(json_root, "data", "Policy and auditing database updated");
printf("%s", cJSON_PrintUnformatted(json_root));
} else
printf("\n** Policy and auditing database updated.\n\n");
exit(0);
}
/* Database from remote agents */
else {
int i;
keystore keys;
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, agent_id);
if (i < 0) {
if (json_output) {
cJSON_AddNumberToObject(json_root, "error", 12);
snprintf(json_buffer, 1023, "Invalid agent id '%s'.", agent_id);
cJSON_AddStringToObject(json_root, "message", json_buffer);
printf("%s", cJSON_PrintUnformatted(json_root));
exit(1);
} else {
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
}
/* Delete syscheck */
delete_rootcheck(keys.keyentries[i]->name,
keys.keyentries[i]->ip->ip, 0);
if (json_output) {
cJSON_AddNumberToObject(json_root, "error", 0);
cJSON_AddStringToObject(json_root, "data", "Policy and auditing database updated");
printf("%s", cJSON_PrintUnformatted(json_root));
} else
printf("\n** Policy and auditing database updated.\n\n");
exit(0);
}
}
/* Print information from an agent */
if (info_agent) {
int i;
char final_ip[128 + 1];
char final_mask[128 + 1];
keystore keys;
cJSON *json_events = NULL;
if (json_output)
json_events = cJSON_CreateArray();
if ((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0)) {
if (!(csv_output || json_output))
printf("\nPolicy and auditing events for local system '%s - %s':\n",
shost, "127.0.0.1");
print_rootcheck(NULL, NULL, NULL, resolved_only, csv_output,
json_events, show_last);
if (json_output) {
cJSON_AddNumberToObject(json_root, "error", 0);
cJSON_AddItemToObject(json_root, "data", json_events);
printf("%s", cJSON_PrintUnformatted(json_root));
}
} else {
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, agent_id);
if (i < 0) {
if (json_output) {
char json_buffer[1024];
snprintf(json_buffer, 1023, "Invalid agent id '%s'", agent_id);
cJSON_AddNumberToObject(json_root, "error", 13);
cJSON_AddStringToObject(json_root, "message", json_buffer);
printf("%s", cJSON_PrintUnformatted(json_root));
exit(1);
} else {
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
}
final_ip[128] = '\0';
final_mask[128] = '\0';
getNetmask(keys.keyentries[i]->ip->netmask,
final_mask, 128);
snprintf(final_ip, 128, "%s%s", keys.keyentries[i]->ip->ip,
final_mask);
if (!csv_output)
printf("\nPolicy and auditing events for agent "
"'%s (%s) - %s':\n",
keys.keyentries[i]->name, keys.keyentries[i]->id,
final_ip);
print_rootcheck(keys.keyentries[i]->name,
keys.keyentries[i]->ip->ip, NULL,
resolved_only, csv_output, json_events, show_last);
if (json_output) {
cJSON_AddNumberToObject(json_root, "error", 0);
cJSON_AddItemToObject(json_root, "data", json_events);
printf("%s", cJSON_PrintUnformatted(json_root));
}
}
exit(0);
}
if (json_output) {
cJSON_AddNumberToObject(json_root, "error", 10);
cJSON_AddStringToObject(json_root, "message", "Invalid argument combination");
printf("%s", cJSON_PrintUnformatted(json_root));
exit(1);
} else {
printf("\n** Invalid argument combination.\n");
helpmsg();
}
return (0);
}
