Exemple #1
0
/* Update the keys if changed */
int OS_UpdateKeys(keystore *keys)
{
    if (keys->file_change !=  File_DateofChange(KEYS_FILE)) {
        merror(ENCFILE_CHANGED, __local_name);
        debug1("%s: DEBUG: Freekeys", __local_name);

        OS_FreeKeys(keys);
        debug1("%s: DEBUG: OS_ReadKeys", __local_name);

        /* Read keys */
        verbose(ENC_READ, __local_name);

        OS_ReadKeys(keys);
        debug1("%s: DEBUG: OS_StartCounter", __local_name);

        OS_StartCounter(keys);
        debug1("%s: DEBUG: OS_UpdateKeys completed", __local_name);

        return (1);
    }
    return (0);
}
/** main **/
int main(int argc, char **argv)
{
    char *dir = DEFAULTDIR;
    char *group = GROUPGLOBAL;
    char *user = USER;
    char *agent_id = NULL;

    int gid = 0;
    int uid = 0;
    int c = 0, info_agent = 0, update_rootcheck = 0,
               list_agents = 0, show_last = 0,
               resolved_only = 0;
    int active_only = 0, csv_output = 0;

    char shost[512];
    
    
    
    /* Setting the name */
    OS_SetName(ARGV0);
        
    
    /* user arguments */
    if(argc < 2)
    {
        helpmsg();
    }


    while((c = getopt(argc, argv, "VhqrDdLlcsu:i:")) != -1)
    {
        switch(c){
            case 'V':
                print_version();
                break;
            case 'h':
                helpmsg();
                break;
            case 'D':
                nowDebug();
                break;
            case 'l':
                list_agents++;
                break;
            case 's':
                csv_output = 1;    
                break;
            case 'c':
                active_only++;
                break;    
            case 'r':
                resolved_only = 1;
                break;    
            case 'q':
                resolved_only = 2;
                break;    
            case 'L':
                show_last = 1;
                break;
            case 'i':
                info_agent++;
                if(!optarg)
                {
                    merror("%s: -u needs an argument",ARGV0);
                    helpmsg();
                }
                agent_id = optarg;
                break;
            case 'u':
                if(!optarg)
                {
                    merror("%s: -u needs an argument",ARGV0);
                    helpmsg();
                }
                agent_id = optarg;
                update_rootcheck = 1;
                break;
            default:
                helpmsg();
                break;
        }

    }
    
    
    /* Getting the group name */
    gid = Privsep_GetGroup(group);
    uid = Privsep_GetUser(user);
    if(gid < 0)
    {
	    ErrorExit(USER_ERROR, ARGV0, user, group);
    }
	
    
    /* Setting the group */
    if(Privsep_SetGroup(gid) < 0)
    {
	    ErrorExit(SETGID_ERROR,ARGV0, group);
    }
    
    
    /* Chrooting to the default directory */
    if(Privsep_Chroot(dir) < 0)
    {
        ErrorExit(CHROOT_ERROR, ARGV0, dir);
    }


    /* Inside chroot now */
    nowChroot();
 

    /* Setting the user */
    if(Privsep_SetUser(uid) < 0)
    {
        ErrorExit(SETUID_ERROR, ARGV0, user);
    }



    /* Getting servers hostname */
    memset(shost, '\0', 512);
    if(gethostname(shost, 512 -1) != 0)
    {
        strncpy(shost, "localhost", 32);
        return(0);
    }


    
    /* Listing available agents. */
    if(list_agents)
    {
        if(!csv_output)
        {
            printf("\nOSSEC HIDS %s. List of available agents:", 
                    ARGV0);
            printf("\n   ID: 000, Name: %s (server), IP: 127.0.0.1, "
                   "Active/Local\n", shost);
        }
        else
        {
            printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
        }
        print_agents(1, active_only, csv_output);
        printf("\n");
        exit(0);
    }
    


    /* Update rootcheck database. */
    if(update_rootcheck)
    {
        /* Cleaning all agents (and server) db. */
        if(strcmp(agent_id, "all") == 0)
        {
            DIR *sys_dir;
            struct dirent *entry;

            sys_dir = opendir(ROOTCHECK_DIR);
            if(!sys_dir)
            {
                ErrorExit("%s: Unable to open: '%s'", ARGV0, ROOTCHECK_DIR);
            }

            while((entry = readdir(sys_dir)) != NULL)
            {
                FILE *fp;
                char full_path[OS_MAXSTR +1];

                /* Do not even attempt to delete . and .. :) */
                if((strcmp(entry->d_name,".") == 0)||
                   (strcmp(entry->d_name,"..") == 0))
                {
                    continue;
                }

                snprintf(full_path, OS_MAXSTR,"%s/%s", ROOTCHECK_DIR, 
                         entry->d_name);

                fp = fopen(full_path, "w");
                if(fp)
                {
                    fclose(fp);
                }
                if(entry->d_name[0] == '.')
                {
                    unlink(full_path);
                }
            }

            closedir(sys_dir);
            printf("\n** Policy and auditing database updated.\n\n");
            exit(0);
        }

        else if((strcmp(agent_id, "000") == 0) || 
                (strcmp(agent_id, "local") == 0))
        {
            char final_dir[1024];
            FILE *fp;
            snprintf(final_dir, 1020, "/%s/rootcheck", ROOTCHECK_DIR);

            fp = fopen(final_dir, "w");
            if(fp)
            {
                fclose(fp);
            }
            unlink(final_dir);
            printf("\n** Policy and auditing database updated.\n\n");
            exit(0);
        }

        /* Database from remote agents. */
        else
        {
            int i;
            keystore keys;

            OS_ReadKeys(&keys);

            i = OS_IsAllowedID(&keys, agent_id);
            if(i < 0)
            {
                printf("\n** Invalid agent id '%s'.\n", agent_id);
                helpmsg();
            }

            /* Deleting syscheck */
            delete_rootcheck(keys.keyentries[i]->name,
                             keys.keyentries[i]->ip->ip, 0);

            printf("\n** Policy and auditing database updated.\n\n");
            exit(0);
        }
    }

    
    /* Printing information from an agent. */
    if(info_agent)
    {
        int i;
        char final_ip[128 +1];
        char final_mask[128 +1];
        keystore keys;


        if((strcmp(agent_id, "000") == 0) ||
           (strcmp(agent_id, "local") == 0))
        {
            if(!csv_output)
            printf("\nPolicy and auditing events for local system '%s - %s':\n",
                    shost, "127.0.0.1");
            
            print_rootcheck(NULL,
                            NULL, NULL, resolved_only, csv_output, show_last); 
        }
        else
        {

            OS_ReadKeys(&keys);

            i = OS_IsAllowedID(&keys, agent_id);
            if(i < 0)
            {
                printf("\n** Invalid agent id '%s'.\n", agent_id);
                helpmsg();
            }

            /* Getting netmask from ip. */
            final_ip[128] = '\0';
            final_mask[128] = '\0';
            getNetmask(keys.keyentries[i]->ip->netmask, 
                       final_mask, 128);
            snprintf(final_ip, 128, "%s%s",keys.keyentries[i]->ip->ip,
                     final_mask);

            if(!csv_output)
            printf("\nPolicy and auditing events for agent "
                       "'%s (%s) - %s':\n",
                       keys.keyentries[i]->name, keys.keyentries[i]->id, 
                       final_ip);

            print_rootcheck(keys.keyentries[i]->name,
                            keys.keyentries[i]->ip->ip, NULL, 
                            resolved_only, csv_output, show_last);

        }
        
        exit(0);
    }


    
    printf("\n** Invalid argument combination.\n");
    helpmsg();


    return(0);
}
/** main **/
int main(int argc, char **argv)
{
    char *dir = DEFAULTDIR;
    char *group = GROUPGLOBAL;
    char *user = USER;
    char *agent_id = NULL;
    char *ip_address = NULL;
    char *ar = NULL;

    int arq = 0;
    int gid = 0;
    int uid = 0;
    int c = 0, restart_syscheck = 0, restart_all_agents = 0, list_agents = 0;
    int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0;
    int list_responses = 0, end_time = 0, restart_agent = 0;

    char shost[512];

    keystore keys;



    /* Setting the name */
    OS_SetName(ARGV0);


    /* user arguments */
    if(argc < 2)
    {
        helpmsg();
    }


    while((c = getopt(argc, argv, "VehdlLcsaru:i:b:f:R:")) != -1)
    {
        switch(c){
            case 'V':
                print_version();
                break;
            case 'h':
                helpmsg();
                break;
            case 'd':
                nowDebug();
                break;
            case 'L':
                list_responses = 1;
                break;
            case 'e':
                end_time = 1;
                break;
            case 'r':
                restart_syscheck = 1;
                break;
            case 'l':
                list_agents++;
                break;
            case 's':
                csv_output = 1;
                break;
            case 'c':
                active_only++;
                break;
            case 'i':
                info_agent++;
            case 'u':
                if(!optarg)
                {
                    merror("%s: -u needs an argument",ARGV0);
                    helpmsg();
                }
                agent_id = optarg;
                break;
            case 'b':
                if(!optarg)
                {
                    merror("%s: -b needs an argument",ARGV0);
                    helpmsg();
                }
                ip_address = optarg;
                break;
            case 'f':
                if(!optarg)
                {
                    merror("%s: -e needs an argument",ARGV0);
                    helpmsg();
                }
                ar = optarg;
                break;
            case 'R':
                if(!optarg)
                {
                    merror("%s: -R needs an argument",ARGV0);
                    helpmsg();
                }
                agent_id = optarg;
                restart_agent = 1;
            case 'a':
                restart_all_agents = 1;
                break;
            default:
                helpmsg();
                break;
        }

    }


    /* Getting the group name */
    gid = Privsep_GetGroup(group);
    uid = Privsep_GetUser(user);
    if(gid < 0)
    {
	    ErrorExit(USER_ERROR, ARGV0, user, group);
    }
	

    /* Setting the group */
    if(Privsep_SetGroup(gid) < 0)
    {
	    ErrorExit(SETGID_ERROR,ARGV0, group);
    }


    /* Chrooting to the default directory */
    if(Privsep_Chroot(dir) < 0)
    {
        ErrorExit(CHROOT_ERROR, ARGV0, dir);
    }


    /* Inside chroot now */
    nowChroot();


    /* Setting the user */
    if(Privsep_SetUser(uid) < 0)
    {
        ErrorExit(SETUID_ERROR, ARGV0, user);
    }



    /* Getting servers hostname */
    memset(shost, '\0', 512);
    if(gethostname(shost, 512 -1) != 0)
    {
        strncpy(shost, "localhost", 32);
        return(0);
    }


    /* Listing responses. */
    if(list_responses)
    {
        FILE *fp;
        if(!csv_output)
        {
            printf("\nOSSEC HIDS %s. Available active responses:\n", ARGV0);
        }

        fp = fopen(DEFAULTAR, "r");
        if(fp)
        {
            char buffer[256];

            while(fgets(buffer, 255, fp) != NULL)
            {
                char *r_name;
                char *r_cmd;
                char *r_timeout;

                r_name = buffer;
                r_cmd = strchr(buffer, ' ');
                if(!r_cmd)
                    continue;

                *r_cmd = '\0';
                r_cmd++;
                if(*r_cmd == '-')
                    r_cmd++;
                if(*r_cmd == ' ')
                    r_cmd++;

                r_timeout = strchr(r_cmd, ' ');
                if(!r_timeout)
                    continue;
                *r_timeout = '\0';

                if(strcmp(r_name, "restart-ossec0") == 0)
                {
                    continue;
                }
                printf("\n   Response name: %s, command: %s", r_name, r_cmd);
            }

            printf("\n\n");
            fclose(fp);
        }
        else
        {
            printf("\n   No active response available.\n\n");
        }

        exit(0);
    }


    /* Listing available agents. */
    if(list_agents)
    {
        if(!csv_output)
        {
            printf("\nOSSEC HIDS %s. List of available agents:",
                    ARGV0);
            printf("\n   ID: 000, Name: %s (server), IP: 127.0.0.1, Active/Local\n",
                    shost);
        }
        else
        {
            printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
        }
        print_agents(1, active_only, csv_output);
        printf("\n");
        exit(0);
    }



    /* Checking if the provided ID is valid. */
    if(agent_id != NULL)
    {
        if(strcmp(agent_id, "000") != 0)
        {
            OS_ReadKeys(&keys);

            agt_id = OS_IsAllowedID(&keys, agent_id);
            if(agt_id < 0)
            {
                printf("\n** Invalid agent id '%s'.\n", agent_id);
                helpmsg();
            }
        }
        else
        {
            /* server. */
            agt_id = -1;
        }
    }



    /* Printing information from an agent. */
    if(info_agent)
    {
        int agt_status = 0;
        char final_ip[IPSIZE + 4];
        agent_info *agt_info;

        final_ip[(sizeof final_ip) - 1] = '\0';


        if(!csv_output)
            printf("\nOSSEC HIDS %s. Agent information:", ARGV0);

        if(agt_id != -1)
        {
            agt_status = get_agent_status(keys.keyentries[agt_id]->name,
                                          keys.keyentries[agt_id]->ip->ip);

            agt_info = get_agent_info(keys.keyentries[agt_id]->name,
                                      keys.keyentries[agt_id]->ip->ip);

            /* Getting full address/prefix length from ip. */
            snprintf(final_ip, sizeof final_ip, "%s/%u",
                     keys.keyentries[agt_id]->ip->ip,
                     keys.keyentries[agt_id]->ip->prefixlength);


            if(!csv_output)
            {
                printf("\n   Agent ID:   %s\n", keys.keyentries[agt_id]->id);
                printf("   Agent Name: %s\n", keys.keyentries[agt_id]->name);
                printf("   IP address: %s\n", final_ip);
                printf("   Status:     %s\n\n",print_agent_status(agt_status));
            }
            else
            {
                printf("%s,%s,%s,%s,",
                       keys.keyentries[agt_id]->id,
                       keys.keyentries[agt_id]->name,
                       final_ip,
                       print_agent_status(agt_status));
            }
        }
        else
        {
            agt_status = get_agent_status(NULL, NULL);
            agt_info = get_agent_info(NULL, "127.0.0.1");

            if(!csv_output)
            {
            printf("\n   Agent ID:   000 (local instance)\n");
            printf("   Agent Name: %s\n", shost);
            printf("   IP address: 127.0.0.1\n");
            printf("   Status:     %s/Local\n\n",print_agent_status(agt_status));
            }

            else
            {
                printf("000,%s,127.0.0.1,%s/Local,",
                        shost,
                        print_agent_status(agt_status));

            }
        }


        if(!csv_output)
        {
        printf("   Operating system:    %s\n", agt_info->os);
        printf("   Client version:      %s\n", agt_info->version);
        printf("   Last keep alive:     %s\n\n", agt_info->last_keepalive);


        if(end_time)
        {
        printf("   Syscheck last started at:  %s\n", agt_info->syscheck_time);
        printf("   Syscheck last ended   at:  %s\n", agt_info->syscheck_endtime);
        printf("   Rootcheck last started at: %s\n", agt_info->rootcheck_time);
        printf("   Rootcheck last ended   at: %s\n\n", agt_info->rootcheck_endtime);
        }
        else
        {
        printf("   Syscheck last started  at: %s\n", agt_info->syscheck_time);
        printf("   Rootcheck last started at: %s\n", agt_info->rootcheck_time);
        }
        }
        else
        {
            printf("%s,%s,%s,%s,%s,\n",
                   agt_info->os,
                   agt_info->version,
                   agt_info->last_keepalive,
                   agt_info->syscheck_time,
                   agt_info->rootcheck_time);
        }

        exit(0);
    }



    /* Restarting syscheck every where. */
    if(restart_all_agents && restart_syscheck)
    {

        /* Connecting to remoted. */
        debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
        arq = connect_to_remoted();
        if(arq < 0)
        {
            printf("\n** Unable to connect to remoted.\n");
            exit(1);
        }
        debug1("%s: DEBUG: Connected...", ARGV0);


        /* Sending restart message to all agents. */
        if(send_msg_to_agent(arq, HC_SK_RESTART, NULL, NULL) == 0)
        {
            printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on all agents.",
                    ARGV0);
        }
        else
        {
            printf("\n** Unable to restart syscheck on all agents.\n");
            exit(1);
        }

        exit(0);
    }



    if(restart_syscheck && agent_id)
    {

        /* Restart on the server. */
        if(strcmp(agent_id, "000") == 0)
        {
            os_set_restart_syscheck();

            printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck "
                   "locally.\n", ARGV0);

            exit(0);
        }



        /* Connecting to remoted. */
        debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
        arq = connect_to_remoted();
        if(arq < 0)
        {
            printf("\n** Unable to connect to remoted.\n");
            exit(1);
        }
        debug1("%s: DEBUG: Connected...", ARGV0);


        if(send_msg_to_agent(arq, HC_SK_RESTART, agent_id, NULL) == 0)
        {
            printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on agent: %s\n",
                    ARGV0, agent_id);
        }
        else
        {
            printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
            exit(1);
        }

        exit(0);
    }


    if(restart_agent && agent_id)
    {
        /* Connecting to remoted. */
        debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
        arq = connect_to_remoted();
        if(arq < 0)
        {
            printf("\n** Unable to connect to remoted.\n");
            exit(1);
        }
        debug1("%s: DEBUG: Connected...", ARGV0);


        if(send_msg_to_agent(arq, "restart-ossec0", agent_id, "null") == 0)
        {
            printf("\nOSSEC HIDS %s: Restarting agent: %s\n",
                    ARGV0, agent_id);
        }
        else
        {
            printf("\n** Unable to restart agent: %s\n", agent_id);
            exit(1);
        }

        exit(0);
    }


    /* running active response on the specified agent id. */
    if(ip_address && ar && agent_id)
    {
        /* Connecting to remoted. */
        debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
        arq = connect_to_remoted();
        if(arq < 0)
        {
            printf("\n** Unable to connect to remoted.\n");
            exit(1);
        }
        debug1("%s: DEBUG: Connected...", ARGV0);


        if(send_msg_to_agent(arq, ar, agent_id, ip_address) == 0)
        {
            printf("\nOSSEC HIDS %s: Running active response '%s' on: %s\n",
                    ARGV0, ar, agent_id);
        }
        else
        {
            printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
            exit(1);
        }

        exit(0);
    }


    printf("\n** Invalid argument combination.\n");
    helpmsg();


    return(0);
}
Exemple #4
0
/* AgentdStart v0.2, 2005/11/09
 * Starts the agent daemon.
 */
void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
{
    int rc = 0;
    int pid = 0;
    int maxfd = 0;

    fd_set fdset;

    struct timeval fdtimeout;


    pid = getpid();
    available_server = 0;


    /* Going Daemon */
    if (!run_foreground)
    {
       nowDaemon();
       goDaemonLight();
    }


    /* Setting group ID */
    if(Privsep_SetGroup(gid) < 0)
        ErrorExit(SETGID_ERROR, ARGV0, group);


    /* chrooting */
    if(Privsep_Chroot(dir) < 0)
        ErrorExit(CHROOT_ERROR, ARGV0, dir);


    nowChroot();


    if(Privsep_SetUser(uid) < 0)
        ErrorExit(SETUID_ERROR, ARGV0, user);


    /* Create the queue. In this case we are going to create
     * and read from it
     * Exit if fails.
     */
    if((agt->m_queue = StartMQ(DEFAULTQUEUE, READ)) < 0)
        ErrorExit(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno));

    maxfd = agt->m_queue;
    agt->sock = -1;



    /* Creating PID file */
    if(CreatePID(ARGV0, getpid()) < 0)
        merror(PID_ERROR,ARGV0);


    /* Reading the private keys  */
    verbose(ENC_READ, ARGV0);

    OS_ReadKeys(&keys);
    OS_StartCounter(&keys);

    /* cmoraes : changed the following call to
    os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id);
    */
    os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id,
                        agt->profile);


    /* Start up message */
    verbose(STARTUP_MSG, ARGV0, (int)getpid());


    /* Initial random numbers */
    #ifdef __OpenBSD__
    srandomdev();
    #else
    srandom( time(0) + getpid()+ pid + getppid());
    #endif

    random();


    /* Connecting UDP */
    rc = 0;
    while(rc < agt->rip_id)
    {
        verbose("%s: INFO: Server IP Address: %s", ARGV0, agt->rip[rc]);
        rc++;
    }


    /* Trying to connect to the server */
    if(!connect_server(0))
    {
        ErrorExit(UNABLE_CONN, ARGV0);
    }


    /* Setting max fd for select */
    if(agt->sock > maxfd)
    {
        maxfd = agt->sock;
    }


    /* Connecting to the execd queue */
    if(agt->execdq == 0)
    {
        if((agt->execdq = StartMQ(EXECQUEUE, WRITE)) < 0)
        {
            merror("%s: INFO: Unable to connect to the active response "
                   "queue (disabled).", ARGV0);
            agt->execdq = -1;
        }
    }



    /* Trying to connect to server */
    os_setwait();

    start_agent(1);

    os_delwait();


    /* Sending integrity message for agent configs */
    intcheck_file(OSSECCONF, dir);
    intcheck_file(OSSEC_DEFINES, dir);


    /* Sending first notification */
    run_notify();


    /* Maxfd must be higher socket +1 */
    maxfd++;


    /* monitor loop */
    while(1)
    {
        /* Monitoring all available sockets from here */
        FD_ZERO(&fdset);
        FD_SET(agt->sock, &fdset);
        FD_SET(agt->m_queue, &fdset);

        fdtimeout.tv_sec = 1;
        fdtimeout.tv_usec = 0;

        /* Continuously send notifications */
        run_notify();

        /* Wait with a timeout for any descriptor */
        rc = select(maxfd, &fdset, NULL, NULL, &fdtimeout);
        if(rc == -1)
        {
            ErrorExit(SELECT_ERROR, ARGV0);
        }


        else if(rc == 0)
        {
            continue;
        }


        /* For the receiver */
        if(FD_ISSET(agt->sock, &fdset))
        {
            receive_msg();
        }


        /* For the forwarder */
        if(FD_ISSET(agt->m_queue, &fdset))
        {
            EventForward();
        }
    }
}
/** main **/
int main(int argc, char **argv)
{
    char *dir = DEFAULTDIR;
    char *group = GROUPGLOBAL;
    char *user = USER;
    int gid;
    int uid;
    

    /* Setting the name */
    OS_SetName(ARGV0);
        
    
    /* user arguments */
    if(argc < 2)
    {
        helpmsg();
    }
    
    /* Getting the group name */
    gid = Privsep_GetGroup(group);
    uid = Privsep_GetUser(user);
    if(gid < 0)
    {
	    ErrorExit(USER_ERROR, ARGV0, user, group);
    }
	
    
    /* Setting the group */
    if(Privsep_SetGroup(gid) < 0)
    {
	    ErrorExit(SETGID_ERROR,ARGV0, group);
    }
    
    
    /* Chrooting to the default directory */
    if(Privsep_Chroot(dir) < 0)
    {
        ErrorExit(CHROOT_ERROR, ARGV0, dir);
    }


    /* Inside chroot now */
    nowChroot();
 

    /* Setting the user */
    if(Privsep_SetUser(uid) < 0)
    {
        ErrorExit(SETUID_ERROR, ARGV0, user);
    }
  
    /* User options */
    if(strcmp(argv[1], "-h") == 0)
    {
        helpmsg();
    }
    else if(strcmp(argv[1], "-l") == 0)
    {
        printf("\nOSSEC HIDS %s: Updates the integrity check database.", 
                                 ARGV0);
        print_agents(0, 0, 0);
        printf("\n");
        exit(0);
    }
    else if(strcmp(argv[1], "-u") == 0)
    {
        if(argc != 3)
        {
            printf("\n** Option -u requires an extra argument\n");
            helpmsg();
        }
    }
    else if(strcmp(argv[1], "-a") == 0)
    {
        DIR *sys_dir;
        struct dirent *entry;

        sys_dir = opendir(SYSCHECK_DIR);
        if(!sys_dir)
        {
            ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR);
        }

        while((entry = readdir(sys_dir)) != NULL)
        {
            FILE *fp;
            char full_path[OS_MAXSTR +1];

            /* Do not even attempt to delete . and .. :) */
            if((strcmp(entry->d_name,".") == 0)||
               (strcmp(entry->d_name,"..") == 0))
            {
                continue;
            }

            snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR, entry->d_name);
            
            fp = fopen(full_path, "w");
            if(fp)
            {
                fclose(fp);
            }
            if(entry->d_name[0] == '.')
            {
                unlink(full_path);
            }
        }

        closedir(sys_dir);
        printf("\n** Integrity check database updated.\n\n"); 
        exit(0);
    }
    else
    {
        printf("\n** Invalid option '%s'.\n", argv[1]);
        helpmsg();
    }

    
    /* local */
    if(strcmp(argv[2],"local") == 0)
    {
        char final_dir[1024];
        FILE *fp;
        snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR);
        
        fp = fopen(final_dir, "w");
        if(fp)
        {
            fclose(fp);
        }
        unlink(final_dir);


        /* Deleting cpt file */
        snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR);
        
        fp = fopen(final_dir, "w");
        if(fp)
        {
            fclose(fp);
        }
        /* unlink(final_dir); */
    }

    /* external agents */
    else
    {
        int i;
        keystore keys;

        OS_ReadKeys(&keys);

        i = OS_IsAllowedID(&keys, argv[2]);
        if(i < 0)
        {
            printf("\n** Invalid agent id '%s'.\n", argv[2]);
            helpmsg();
        }
        
        /* Deleting syscheck */
        delete_syscheck(keys.keyentries[i]->name,keys.keyentries[i]->ip->ip,0);
    }
   
    printf("\n** Integrity check database updated.\n\n"); 
    return(0);
}
Exemple #6
0
/* Locally starts (after service/win init) */
int local_start()
{
    int debug_level;
    int accept_manager_commands = 0;
    char *cfg = DEFAULTCPATH;
    WSADATA wsaData;
    DWORD  threadID;
    DWORD  threadID2;


    /* Starting logr */
    logr = (agent *)calloc(1, sizeof(agent));
    if(!logr)
    {
        ErrorExit(MEM_ERROR, ARGV0);
    }
    logr->port = DEFAULT_SECURE;

    /* Getting debug level */
    debug_level = getDefine_Int("windows","debug", 0, 2);
    while(debug_level != 0)
    {
        nowDebug();
        debug_level--;
    }
    accept_manager_commands = getDefine_Int("logcollector",
                              "remote_commands", 0, 1);




    /* Configuration file not present */
    if(File_DateofChange(cfg) < 0)
        ErrorExit("%s: Configuration file '%s' not found",ARGV0,cfg);


    /* Starting Winsock */
    if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0)
    {
        ErrorExit("%s: WSAStartup() failed", ARGV0);
    }


    /* Read agent config */
    debug1("%s: DEBUG: Reading agent configuration.", ARGV0);
    if(ClientConf(cfg) < 0)
    {
        ErrorExit(CLIENT_ERROR,ARGV0);
    }
    if(logr->notify_time == 0)
    {
        logr->notify_time = NOTIFY_TIME;
    }
    if(logr->max_time_reconnect_try == 0 )
    {
      logr->max_time_reconnect_try = NOTIFY_TIME * 3;
    }
    if(logr->max_time_reconnect_try <= logr->notify_time)
    {
      logr->max_time_reconnect_try = (logr->notify_time * 3);
      verbose("%s Max time to reconnect can't be less than notify_time(%d), using notify_time*3 (%d)",ARGV0,logr->notify_time,logr->max_time_reconnect_try);
    }
    verbose("%s Using notify time: %d and max time to reconnect: %d",ARGV0,logr->notify_time,logr->max_time_reconnect_try);

    /* Reading logcollector config file */
    debug1("%s: DEBUG: Reading logcollector configuration.", ARGV0);
    if(LogCollectorConfig(cfg, accept_manager_commands) < 0)
    {
        ErrorExit(CONFIG_ERROR, ARGV0, cfg);
    }


    /* Checking auth keys */
    if(!OS_CheckKeys())
    {
        ErrorExit(AG_NOKEYS_EXIT, ARGV0);
    }



    /* If there is not file to monitor, create a clean entry
     * for the mark messages.
     */
    if(logff == NULL)
    {
        os_calloc(2, sizeof(logreader), logff);
        logff[0].file = NULL;
        logff[0].ffile = NULL;
        logff[0].logformat = NULL;
        logff[0].fp = NULL;
        logff[1].file = NULL;
        logff[1].logformat = NULL;

        merror(NO_FILE, ARGV0);
    }


    /* Reading execd config. */
    if(!WinExecd_Start())
    {
        logr->execdq = -1;
    }


    /* Reading keys */
    verbose(ENC_READ, ARGV0);

    OS_ReadKeys(&keys);
    OS_StartCounter(&keys);
    os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id, NULL);


    /* Initial random numbers */
    srandom(time(0));
    random();


    /* Socket connection */
    logr->sock = -1;
    StartMQ(NULL, 0);


    /* Starting mutex */
    debug1("%s: DEBUG: Creating thread mutex.", ARGV0);
    hMutex = CreateMutex(NULL, FALSE, NULL);
    if(hMutex == NULL)
    {
        ErrorExit("%s: Error creating mutex.", ARGV0);
    }



    /* Starting syscheck thread */
    if(CreateThread(NULL,
                    0,
                    (LPTHREAD_START_ROUTINE)skthread,
                    NULL,
                    0,
                    (LPDWORD)&threadID) == NULL)
    {
        merror(THREAD_ERROR, ARGV0);
    }



    /* Checking if server is connected */
    os_setwait();

    start_agent(1);

    os_delwait();


    /* Sending integrity message for agent configs */
    intcheck_file(cfg, "");
    intcheck_file(OSPATROL_DEFINES, "");


    /* Starting receiver thread */
    if(CreateThread(NULL,
                    0,
                    (LPTHREAD_START_ROUTINE)receiver_thread,
                    NULL,
                    0,
                    (LPDWORD)&threadID2) == NULL)
    {
        merror(THREAD_ERROR, ARGV0);
    }


    /* Sending agent information message */
    send_win32_info(time(0));


    /* Startting logcollector -- main process here */
    LogCollectorStart();

    WSACleanup();
    return(0);
}
Exemple #7
0
/* Handle secure connections */
void HandleSecure()
{
    int agentid;
    char buffer[OS_MAXSTR + 1];
    char cleartext_msg[OS_MAXSTR + 1];
    char srcip[IPSIZE + 1];
    char *tmp_msg;
    char srcmsg[OS_FLSIZE + 1];
    ssize_t recv_b;
    struct sockaddr_in peer_info;
    socklen_t peer_size;

    /* Send msg init */
    send_msg_init();

    /* Initialize key mutex */
    keyupdate_init();

    /* Initialize manager */
    manager_init(0);

    /* Create Active Response forwarder thread */
    if (CreateThread(AR_Forward, (void *)NULL) != 0) {
        ErrorExit(THREAD_ERROR, ARGV0);
    }

    /* Create wait_for_msgs thread */
    if (CreateThread(wait_for_msgs, (void *)NULL) != 0) {
        ErrorExit(THREAD_ERROR, ARGV0);
    }

    /* Connect to the message queue
     * Exit if it fails.
     */
    if ((logr.m_queue = StartMQ(DEFAULTQUEUE, WRITE)) < 0) {
        ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQUEUE);
    }

    verbose(AG_AX_AGENTS, ARGV0, MAX_AGENTS);

    /* Read authentication keys */
    verbose(ENC_READ, ARGV0);

    OS_ReadKeys(&keys);


    OS_StartCounter(&keys);


    /* Set up peer size */
    peer_size = sizeof(peer_info);
    logr.peer_size = sizeof(peer_info);

    /* Initialize some variables */
    memset(buffer, '\0', OS_MAXSTR + 1);
    memset(cleartext_msg, '\0', OS_MAXSTR + 1);
    memset(srcmsg, '\0', OS_FLSIZE + 1);
    tmp_msg = NULL;

    while (1) {
        /* Receive message  */
        recv_b = recvfrom(logr.sock, buffer, OS_MAXSTR, 0,
                          (struct sockaddr *)&peer_info, &peer_size);

        /* Nothing received */
        if (recv_b <= 0) {
            continue;
        }

        /* Set the source IP */
        strncpy(srcip, inet_ntoa(peer_info.sin_addr), IPSIZE);
        srcip[IPSIZE] = '\0';

        /* Get a valid agent id */
        if (buffer[0] == '!') {
            tmp_msg = buffer;
            tmp_msg++;

            /* We need to make sure that we have a valid id
             * and that we reduce the recv buffer size
             */
            while (isdigit((int)*tmp_msg)) {
                tmp_msg++;
                recv_b--;
            }

            if (*tmp_msg != '!') {
                merror(ENCFORMAT_ERROR, __local_name, srcip);
                continue;
            }

            *tmp_msg = '\0';
            tmp_msg++;
            recv_b -= 2;

            agentid = OS_IsAllowedDynamicID(&keys, buffer + 1, srcip);

            if (agentid == -1) {
                if (check_keyupdate()) {
                    agentid = OS_IsAllowedDynamicID(&keys, buffer + 1, srcip);
                    if (agentid == -1) {
                        merror(ENC_IP_ERROR, ARGV0, srcip);
                        continue;
                    }
                } else {
                    merror(ENC_IP_ERROR, ARGV0, srcip);
                    continue;
                }
            }
        } else {
            agentid = OS_IsAllowedIP(&keys, srcip);

            if (agentid < 0) {
                if (check_keyupdate()) {
                    agentid = OS_IsAllowedIP(&keys, srcip);
                    if (agentid == -1) {
                        merror(DENYIP_WARN, ARGV0, srcip);
                        continue;
                    }
                } else {
                    merror(DENYIP_WARN, ARGV0, srcip);
                    continue;
                }
            }
            tmp_msg = buffer;

        }

        /* Decrypt the message */
        tmp_msg = ReadSecMSG(&keys, tmp_msg, cleartext_msg,
                             agentid, recv_b - 1);

        if (tmp_msg == NULL) {

            /* If duplicated, a warning was already generated */
            continue;
        }


        /* Check if it is a control message */
        if (IsValidHeader(tmp_msg)) {
            /* We need to save the peerinfo if it is a control msg */
            memcpy(&keys.keyentries[agentid]->peer_info, &peer_info, peer_size);
            keys.keyentries[agentid]->rcvd = time(0);

            save_controlmsg((unsigned)agentid, tmp_msg);

            continue;
        }

        /* Generate srcmsg */
        snprintf(srcmsg, OS_FLSIZE, "(%s) %s", keys.keyentries[agentid]->name,
                 keys.keyentries[agentid]->ip->ip);

        /* If we can't send the message, try to connect to the
         * socket again. If it not exit.
         */
        if (SendMSG(logr.m_queue, tmp_msg, srcmsg,
                    SECURE_MQ) < 0) {
            merror(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno));

            if ((logr.m_queue = StartMQ(DEFAULTQUEUE, WRITE)) < 0) {
                ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQUEUE);
            }
        }
    }
}