/* Update the keys if changed */
int OS_UpdateKeys(keystore *keys)
{
if (keys->file_change != File_DateofChange(KEYS_FILE)) {
merror(ENCFILE_CHANGED, __local_name);
debug1("%s: DEBUG: Freekeys", __local_name);
OS_FreeKeys(keys);
debug1("%s: DEBUG: OS_ReadKeys", __local_name);
/* Read keys */
verbose(ENC_READ, __local_name);
OS_ReadKeys(keys);
debug1("%s: DEBUG: OS_StartCounter", __local_name);
OS_StartCounter(keys);
debug1("%s: DEBUG: OS_UpdateKeys completed", __local_name);
return (1);
}
return (0);
}
/** main **/
int main(int argc, char **argv)
{
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
char *agent_id = NULL;
int gid = 0;
int uid = 0;
int c = 0, info_agent = 0, update_rootcheck = 0,
list_agents = 0, show_last = 0,
resolved_only = 0;
int active_only = 0, csv_output = 0;
char shost[512];
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
while((c = getopt(argc, argv, "VhqrDdLlcsu:i:")) != -1)
{
switch(c){
case 'V':
print_version();
break;
case 'h':
helpmsg();
break;
case 'D':
nowDebug();
break;
case 'l':
list_agents++;
break;
case 's':
csv_output = 1;
break;
case 'c':
active_only++;
break;
case 'r':
resolved_only = 1;
break;
case 'q':
resolved_only = 2;
break;
case 'L':
show_last = 1;
break;
case 'i':
info_agent++;
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
break;
case 'u':
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
update_rootcheck = 1;
break;
default:
helpmsg();
break;
}
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(gid < 0)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir);
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
/* Getting servers hostname */
memset(shost, '\0', 512);
if(gethostname(shost, 512 -1) != 0)
{
strncpy(shost, "localhost", 32);
return(0);
}
/* Listing available agents. */
if(list_agents)
{
if(!csv_output)
{
printf("\nOSSEC HIDS %s. List of available agents:",
ARGV0);
printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, "
"Active/Local\n", shost);
}
else
{
printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
}
print_agents(1, active_only, csv_output);
printf("\n");
exit(0);
}
/* Update rootcheck database. */
if(update_rootcheck)
{
/* Cleaning all agents (and server) db. */
if(strcmp(agent_id, "all") == 0)
{
DIR *sys_dir;
struct dirent *entry;
sys_dir = opendir(ROOTCHECK_DIR);
if(!sys_dir)
{
ErrorExit("%s: Unable to open: '%s'", ARGV0, ROOTCHECK_DIR);
}
while((entry = readdir(sys_dir)) != NULL)
{
FILE *fp;
char full_path[OS_MAXSTR +1];
/* Do not even attempt to delete . and .. :) */
if((strcmp(entry->d_name,".") == 0)||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
snprintf(full_path, OS_MAXSTR,"%s/%s", ROOTCHECK_DIR,
entry->d_name);
fp = fopen(full_path, "w");
if(fp)
{
fclose(fp);
}
if(entry->d_name[0] == '.')
{
unlink(full_path);
}
}
closedir(sys_dir);
printf("\n** Policy and auditing database updated.\n\n");
exit(0);
}
else if((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0))
{
char final_dir[1024];
FILE *fp;
snprintf(final_dir, 1020, "/%s/rootcheck", ROOTCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
unlink(final_dir);
printf("\n** Policy and auditing database updated.\n\n");
exit(0);
}
/* Database from remote agents. */
else
{
int i;
keystore keys;
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, agent_id);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
/* Deleting syscheck */
delete_rootcheck(keys.keyentries[i]->name,
keys.keyentries[i]->ip->ip, 0);
printf("\n** Policy and auditing database updated.\n\n");
exit(0);
}
}
/* Printing information from an agent. */
if(info_agent)
{
int i;
char final_ip[128 +1];
char final_mask[128 +1];
keystore keys;
if((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0))
{
if(!csv_output)
printf("\nPolicy and auditing events for local system '%s - %s':\n",
shost, "127.0.0.1");
print_rootcheck(NULL,
NULL, NULL, resolved_only, csv_output, show_last);
}
else
{
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, agent_id);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
/* Getting netmask from ip. */
final_ip[128] = '\0';
final_mask[128] = '\0';
getNetmask(keys.keyentries[i]->ip->netmask,
final_mask, 128);
snprintf(final_ip, 128, "%s%s",keys.keyentries[i]->ip->ip,
final_mask);
if(!csv_output)
printf("\nPolicy and auditing events for agent "
"'%s (%s) - %s':\n",
keys.keyentries[i]->name, keys.keyentries[i]->id,
final_ip);
print_rootcheck(keys.keyentries[i]->name,
keys.keyentries[i]->ip->ip, NULL,
resolved_only, csv_output, show_last);
}
exit(0);
}
printf("\n** Invalid argument combination.\n");
helpmsg();
return(0);
}
/** main **/
int main(int argc, char **argv)
{
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
char *agent_id = NULL;
char *ip_address = NULL;
char *ar = NULL;
int arq = 0;
int gid = 0;
int uid = 0;
int c = 0, restart_syscheck = 0, restart_all_agents = 0, list_agents = 0;
int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0;
int list_responses = 0, end_time = 0, restart_agent = 0;
char shost[512];
keystore keys;
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
while((c = getopt(argc, argv, "VehdlLcsaru:i:b:f:R:")) != -1)
{
switch(c){
case 'V':
print_version();
break;
case 'h':
helpmsg();
break;
case 'd':
nowDebug();
break;
case 'L':
list_responses = 1;
break;
case 'e':
end_time = 1;
break;
case 'r':
restart_syscheck = 1;
break;
case 'l':
list_agents++;
break;
case 's':
csv_output = 1;
break;
case 'c':
active_only++;
break;
case 'i':
info_agent++;
case 'u':
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
break;
case 'b':
if(!optarg)
{
merror("%s: -b needs an argument",ARGV0);
helpmsg();
}
ip_address = optarg;
break;
case 'f':
if(!optarg)
{
merror("%s: -e needs an argument",ARGV0);
helpmsg();
}
ar = optarg;
break;
case 'R':
if(!optarg)
{
merror("%s: -R needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
restart_agent = 1;
case 'a':
restart_all_agents = 1;
break;
default:
helpmsg();
break;
}
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(gid < 0)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir);
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
/* Getting servers hostname */
memset(shost, '\0', 512);
if(gethostname(shost, 512 -1) != 0)
{
strncpy(shost, "localhost", 32);
return(0);
}
/* Listing responses. */
if(list_responses)
{
FILE *fp;
if(!csv_output)
{
printf("\nOSSEC HIDS %s. Available active responses:\n", ARGV0);
}
fp = fopen(DEFAULTAR, "r");
if(fp)
{
char buffer[256];
while(fgets(buffer, 255, fp) != NULL)
{
char *r_name;
char *r_cmd;
char *r_timeout;
r_name = buffer;
r_cmd = strchr(buffer, ' ');
if(!r_cmd)
continue;
*r_cmd = '\0';
r_cmd++;
if(*r_cmd == '-')
r_cmd++;
if(*r_cmd == ' ')
r_cmd++;
r_timeout = strchr(r_cmd, ' ');
if(!r_timeout)
continue;
*r_timeout = '\0';
if(strcmp(r_name, "restart-ossec0") == 0)
{
continue;
}
printf("\n Response name: %s, command: %s", r_name, r_cmd);
}
printf("\n\n");
fclose(fp);
}
else
{
printf("\n No active response available.\n\n");
}
exit(0);
}
/* Listing available agents. */
if(list_agents)
{
if(!csv_output)
{
printf("\nOSSEC HIDS %s. List of available agents:",
ARGV0);
printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, Active/Local\n",
shost);
}
else
{
printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
}
print_agents(1, active_only, csv_output);
printf("\n");
exit(0);
}
/* Checking if the provided ID is valid. */
if(agent_id != NULL)
{
if(strcmp(agent_id, "000") != 0)
{
OS_ReadKeys(&keys);
agt_id = OS_IsAllowedID(&keys, agent_id);
if(agt_id < 0)
{
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
}
else
{
/* server. */
agt_id = -1;
}
}
/* Printing information from an agent. */
if(info_agent)
{
int agt_status = 0;
char final_ip[IPSIZE + 4];
agent_info *agt_info;
final_ip[(sizeof final_ip) - 1] = '\0';
if(!csv_output)
printf("\nOSSEC HIDS %s. Agent information:", ARGV0);
if(agt_id != -1)
{
agt_status = get_agent_status(keys.keyentries[agt_id]->name,
keys.keyentries[agt_id]->ip->ip);
agt_info = get_agent_info(keys.keyentries[agt_id]->name,
keys.keyentries[agt_id]->ip->ip);
/* Getting full address/prefix length from ip. */
snprintf(final_ip, sizeof final_ip, "%s/%u",
keys.keyentries[agt_id]->ip->ip,
keys.keyentries[agt_id]->ip->prefixlength);
if(!csv_output)
{
printf("\n Agent ID: %s\n", keys.keyentries[agt_id]->id);
printf(" Agent Name: %s\n", keys.keyentries[agt_id]->name);
printf(" IP address: %s\n", final_ip);
printf(" Status: %s\n\n",print_agent_status(agt_status));
}
else
{
printf("%s,%s,%s,%s,",
keys.keyentries[agt_id]->id,
keys.keyentries[agt_id]->name,
final_ip,
print_agent_status(agt_status));
}
}
else
{
agt_status = get_agent_status(NULL, NULL);
agt_info = get_agent_info(NULL, "127.0.0.1");
if(!csv_output)
{
printf("\n Agent ID: 000 (local instance)\n");
printf(" Agent Name: %s\n", shost);
printf(" IP address: 127.0.0.1\n");
printf(" Status: %s/Local\n\n",print_agent_status(agt_status));
}
else
{
printf("000,%s,127.0.0.1,%s/Local,",
shost,
print_agent_status(agt_status));
}
}
if(!csv_output)
{
printf(" Operating system: %s\n", agt_info->os);
printf(" Client version: %s\n", agt_info->version);
printf(" Last keep alive: %s\n\n", agt_info->last_keepalive);
if(end_time)
{
printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
printf(" Syscheck last ended at: %s\n", agt_info->syscheck_endtime);
printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
printf(" Rootcheck last ended at: %s\n\n", agt_info->rootcheck_endtime);
}
else
{
printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
}
}
else
{
printf("%s,%s,%s,%s,%s,\n",
agt_info->os,
agt_info->version,
agt_info->last_keepalive,
agt_info->syscheck_time,
agt_info->rootcheck_time);
}
exit(0);
}
/* Restarting syscheck every where. */
if(restart_all_agents && restart_syscheck)
{
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
/* Sending restart message to all agents. */
if(send_msg_to_agent(arq, HC_SK_RESTART, NULL, NULL) == 0)
{
printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on all agents.",
ARGV0);
}
else
{
printf("\n** Unable to restart syscheck on all agents.\n");
exit(1);
}
exit(0);
}
if(restart_syscheck && agent_id)
{
/* Restart on the server. */
if(strcmp(agent_id, "000") == 0)
{
os_set_restart_syscheck();
printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck "
"locally.\n", ARGV0);
exit(0);
}
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
if(send_msg_to_agent(arq, HC_SK_RESTART, agent_id, NULL) == 0)
{
printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on agent: %s\n",
ARGV0, agent_id);
}
else
{
printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
exit(1);
}
exit(0);
}
if(restart_agent && agent_id)
{
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
if(send_msg_to_agent(arq, "restart-ossec0", agent_id, "null") == 0)
{
printf("\nOSSEC HIDS %s: Restarting agent: %s\n",
ARGV0, agent_id);
}
else
{
printf("\n** Unable to restart agent: %s\n", agent_id);
exit(1);
}
exit(0);
}
/* running active response on the specified agent id. */
if(ip_address && ar && agent_id)
{
/* Connecting to remoted. */
debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
arq = connect_to_remoted();
if(arq < 0)
{
printf("\n** Unable to connect to remoted.\n");
exit(1);
}
debug1("%s: DEBUG: Connected...", ARGV0);
if(send_msg_to_agent(arq, ar, agent_id, ip_address) == 0)
{
printf("\nOSSEC HIDS %s: Running active response '%s' on: %s\n",
ARGV0, ar, agent_id);
}
else
{
printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
exit(1);
}
exit(0);
}
printf("\n** Invalid argument combination.\n");
helpmsg();
return(0);
}
/* AgentdStart v0.2, 2005/11/09
* Starts the agent daemon.
*/
void AgentdStart(char *dir, int uid, int gid, char *user, char *group)
{
int rc = 0;
int pid = 0;
int maxfd = 0;
fd_set fdset;
struct timeval fdtimeout;
pid = getpid();
available_server = 0;
/* Going Daemon */
if (!run_foreground)
{
nowDaemon();
goDaemonLight();
}
/* Setting group ID */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR, ARGV0, group);
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR, ARGV0, dir);
nowChroot();
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR, ARGV0, user);
/* Create the queue. In this case we are going to create
* and read from it
* Exit if fails.
*/
if((agt->m_queue = StartMQ(DEFAULTQUEUE, READ)) < 0)
ErrorExit(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno));
maxfd = agt->m_queue;
agt->sock = -1;
/* Creating PID file */
if(CreatePID(ARGV0, getpid()) < 0)
merror(PID_ERROR,ARGV0);
/* Reading the private keys */
verbose(ENC_READ, ARGV0);
OS_ReadKeys(&keys);
OS_StartCounter(&keys);
/* cmoraes : changed the following call to
os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id);
*/
os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id,
agt->profile);
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* Initial random numbers */
#ifdef __OpenBSD__
srandomdev();
#else
srandom( time(0) + getpid()+ pid + getppid());
#endif
random();
/* Connecting UDP */
rc = 0;
while(rc < agt->rip_id)
{
verbose("%s: INFO: Server IP Address: %s", ARGV0, agt->rip[rc]);
rc++;
}
/* Trying to connect to the server */
if(!connect_server(0))
{
ErrorExit(UNABLE_CONN, ARGV0);
}
/* Setting max fd for select */
if(agt->sock > maxfd)
{
maxfd = agt->sock;
}
/* Connecting to the execd queue */
if(agt->execdq == 0)
{
if((agt->execdq = StartMQ(EXECQUEUE, WRITE)) < 0)
{
merror("%s: INFO: Unable to connect to the active response "
"queue (disabled).", ARGV0);
agt->execdq = -1;
}
}
/* Trying to connect to server */
os_setwait();
start_agent(1);
os_delwait();
/* Sending integrity message for agent configs */
intcheck_file(OSSECCONF, dir);
intcheck_file(OSSEC_DEFINES, dir);
/* Sending first notification */
run_notify();
/* Maxfd must be higher socket +1 */
maxfd++;
/* monitor loop */
while(1)
{
/* Monitoring all available sockets from here */
FD_ZERO(&fdset);
FD_SET(agt->sock, &fdset);
FD_SET(agt->m_queue, &fdset);
fdtimeout.tv_sec = 1;
fdtimeout.tv_usec = 0;
/* Continuously send notifications */
run_notify();
/* Wait with a timeout for any descriptor */
rc = select(maxfd, &fdset, NULL, NULL, &fdtimeout);
if(rc == -1)
{
ErrorExit(SELECT_ERROR, ARGV0);
}
else if(rc == 0)
{
continue;
}
/* For the receiver */
if(FD_ISSET(agt->sock, &fdset))
{
receive_msg();
}
/* For the forwarder */
if(FD_ISSET(agt->m_queue, &fdset))
{
EventForward();
}
}
}
/** main **/
int main(int argc, char **argv)
{
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
int gid;
int uid;
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(gid < 0)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir);
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
/* User options */
if(strcmp(argv[1], "-h") == 0)
{
helpmsg();
}
else if(strcmp(argv[1], "-l") == 0)
{
printf("\nOSSEC HIDS %s: Updates the integrity check database.",
ARGV0);
print_agents(0, 0, 0);
printf("\n");
exit(0);
}
else if(strcmp(argv[1], "-u") == 0)
{
if(argc != 3)
{
printf("\n** Option -u requires an extra argument\n");
helpmsg();
}
}
else if(strcmp(argv[1], "-a") == 0)
{
DIR *sys_dir;
struct dirent *entry;
sys_dir = opendir(SYSCHECK_DIR);
if(!sys_dir)
{
ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR);
}
while((entry = readdir(sys_dir)) != NULL)
{
FILE *fp;
char full_path[OS_MAXSTR +1];
/* Do not even attempt to delete . and .. :) */
if((strcmp(entry->d_name,".") == 0)||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR, entry->d_name);
fp = fopen(full_path, "w");
if(fp)
{
fclose(fp);
}
if(entry->d_name[0] == '.')
{
unlink(full_path);
}
}
closedir(sys_dir);
printf("\n** Integrity check database updated.\n\n");
exit(0);
}
else
{
printf("\n** Invalid option '%s'.\n", argv[1]);
helpmsg();
}
/* local */
if(strcmp(argv[2],"local") == 0)
{
char final_dir[1024];
FILE *fp;
snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
unlink(final_dir);
/* Deleting cpt file */
snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
/* unlink(final_dir); */
}
/* external agents */
else
{
int i;
keystore keys;
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, argv[2]);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", argv[2]);
helpmsg();
}
/* Deleting syscheck */
delete_syscheck(keys.keyentries[i]->name,keys.keyentries[i]->ip->ip,0);
}
printf("\n** Integrity check database updated.\n\n");
return(0);
}
/* Locally starts (after service/win init) */
int local_start()
{
int debug_level;
int accept_manager_commands = 0;
char *cfg = DEFAULTCPATH;
WSADATA wsaData;
DWORD threadID;
DWORD threadID2;
/* Starting logr */
logr = (agent *)calloc(1, sizeof(agent));
if(!logr)
{
ErrorExit(MEM_ERROR, ARGV0);
}
logr->port = DEFAULT_SECURE;
/* Getting debug level */
debug_level = getDefine_Int("windows","debug", 0, 2);
while(debug_level != 0)
{
nowDebug();
debug_level--;
}
accept_manager_commands = getDefine_Int("logcollector",
"remote_commands", 0, 1);
/* Configuration file not present */
if(File_DateofChange(cfg) < 0)
ErrorExit("%s: Configuration file '%s' not found",ARGV0,cfg);
/* Starting Winsock */
if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0)
{
ErrorExit("%s: WSAStartup() failed", ARGV0);
}
/* Read agent config */
debug1("%s: DEBUG: Reading agent configuration.", ARGV0);
if(ClientConf(cfg) < 0)
{
ErrorExit(CLIENT_ERROR,ARGV0);
}
if(logr->notify_time == 0)
{
logr->notify_time = NOTIFY_TIME;
}
if(logr->max_time_reconnect_try == 0 )
{
logr->max_time_reconnect_try = NOTIFY_TIME * 3;
}
if(logr->max_time_reconnect_try <= logr->notify_time)
{
logr->max_time_reconnect_try = (logr->notify_time * 3);
verbose("%s Max time to reconnect can't be less than notify_time(%d), using notify_time*3 (%d)",ARGV0,logr->notify_time,logr->max_time_reconnect_try);
}
verbose("%s Using notify time: %d and max time to reconnect: %d",ARGV0,logr->notify_time,logr->max_time_reconnect_try);
/* Reading logcollector config file */
debug1("%s: DEBUG: Reading logcollector configuration.", ARGV0);
if(LogCollectorConfig(cfg, accept_manager_commands) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
/* Checking auth keys */
if(!OS_CheckKeys())
{
ErrorExit(AG_NOKEYS_EXIT, ARGV0);
}
/* If there is not file to monitor, create a clean entry
* for the mark messages.
*/
if(logff == NULL)
{
os_calloc(2, sizeof(logreader), logff);
logff[0].file = NULL;
logff[0].ffile = NULL;
logff[0].logformat = NULL;
logff[0].fp = NULL;
logff[1].file = NULL;
logff[1].logformat = NULL;
merror(NO_FILE, ARGV0);
}
/* Reading execd config. */
if(!WinExecd_Start())
{
logr->execdq = -1;
}
/* Reading keys */
verbose(ENC_READ, ARGV0);
OS_ReadKeys(&keys);
OS_StartCounter(&keys);
os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id, NULL);
/* Initial random numbers */
srandom(time(0));
random();
/* Socket connection */
logr->sock = -1;
StartMQ(NULL, 0);
/* Starting mutex */
debug1("%s: DEBUG: Creating thread mutex.", ARGV0);
hMutex = CreateMutex(NULL, FALSE, NULL);
if(hMutex == NULL)
{
ErrorExit("%s: Error creating mutex.", ARGV0);
}
/* Starting syscheck thread */
if(CreateThread(NULL,
0,
(LPTHREAD_START_ROUTINE)skthread,
NULL,
0,
(LPDWORD)&threadID) == NULL)
{
merror(THREAD_ERROR, ARGV0);
}
/* Checking if server is connected */
os_setwait();
start_agent(1);
os_delwait();
/* Sending integrity message for agent configs */
intcheck_file(cfg, "");
intcheck_file(OSPATROL_DEFINES, "");
/* Starting receiver thread */
if(CreateThread(NULL,
0,
(LPTHREAD_START_ROUTINE)receiver_thread,
NULL,
0,
(LPDWORD)&threadID2) == NULL)
{
merror(THREAD_ERROR, ARGV0);
}
/* Sending agent information message */
send_win32_info(time(0));
/* Startting logcollector -- main process here */
LogCollectorStart();
WSACleanup();
return(0);
}
/* Handle secure connections */
void HandleSecure()
{
int agentid;
char buffer[OS_MAXSTR + 1];
char cleartext_msg[OS_MAXSTR + 1];
char srcip[IPSIZE + 1];
char *tmp_msg;
char srcmsg[OS_FLSIZE + 1];
ssize_t recv_b;
struct sockaddr_in peer_info;
socklen_t peer_size;
/* Send msg init */
send_msg_init();
/* Initialize key mutex */
keyupdate_init();
/* Initialize manager */
manager_init(0);
/* Create Active Response forwarder thread */
if (CreateThread(AR_Forward, (void *)NULL) != 0) {
ErrorExit(THREAD_ERROR, ARGV0);
}
/* Create wait_for_msgs thread */
if (CreateThread(wait_for_msgs, (void *)NULL) != 0) {
ErrorExit(THREAD_ERROR, ARGV0);
}
/* Connect to the message queue
* Exit if it fails.
*/
if ((logr.m_queue = StartMQ(DEFAULTQUEUE, WRITE)) < 0) {
ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQUEUE);
}
verbose(AG_AX_AGENTS, ARGV0, MAX_AGENTS);
/* Read authentication keys */
verbose(ENC_READ, ARGV0);
OS_ReadKeys(&keys);
OS_StartCounter(&keys);
/* Set up peer size */
peer_size = sizeof(peer_info);
logr.peer_size = sizeof(peer_info);
/* Initialize some variables */
memset(buffer, '\0', OS_MAXSTR + 1);
memset(cleartext_msg, '\0', OS_MAXSTR + 1);
memset(srcmsg, '\0', OS_FLSIZE + 1);
tmp_msg = NULL;
while (1) {
/* Receive message */
recv_b = recvfrom(logr.sock, buffer, OS_MAXSTR, 0,
(struct sockaddr *)&peer_info, &peer_size);
/* Nothing received */
if (recv_b <= 0) {
continue;
}
/* Set the source IP */
strncpy(srcip, inet_ntoa(peer_info.sin_addr), IPSIZE);
srcip[IPSIZE] = '\0';
/* Get a valid agent id */
if (buffer[0] == '!') {
tmp_msg = buffer;
tmp_msg++;
/* We need to make sure that we have a valid id
* and that we reduce the recv buffer size
*/
while (isdigit((int)*tmp_msg)) {
tmp_msg++;
recv_b--;
}
if (*tmp_msg != '!') {
merror(ENCFORMAT_ERROR, __local_name, srcip);
continue;
}
*tmp_msg = '\0';
tmp_msg++;
recv_b -= 2;
agentid = OS_IsAllowedDynamicID(&keys, buffer + 1, srcip);
if (agentid == -1) {
if (check_keyupdate()) {
agentid = OS_IsAllowedDynamicID(&keys, buffer + 1, srcip);
if (agentid == -1) {
merror(ENC_IP_ERROR, ARGV0, srcip);
continue;
}
} else {
merror(ENC_IP_ERROR, ARGV0, srcip);
continue;
}
}
} else {
agentid = OS_IsAllowedIP(&keys, srcip);
if (agentid < 0) {
if (check_keyupdate()) {
agentid = OS_IsAllowedIP(&keys, srcip);
if (agentid == -1) {
merror(DENYIP_WARN, ARGV0, srcip);
continue;
}
} else {
merror(DENYIP_WARN, ARGV0, srcip);
continue;
}
}
tmp_msg = buffer;
}
/* Decrypt the message */
tmp_msg = ReadSecMSG(&keys, tmp_msg, cleartext_msg,
agentid, recv_b - 1);
if (tmp_msg == NULL) {
/* If duplicated, a warning was already generated */
continue;
}
/* Check if it is a control message */
if (IsValidHeader(tmp_msg)) {
/* We need to save the peerinfo if it is a control msg */
memcpy(&keys.keyentries[agentid]->peer_info, &peer_info, peer_size);
keys.keyentries[agentid]->rcvd = time(0);
save_controlmsg((unsigned)agentid, tmp_msg);
continue;
}
/* Generate srcmsg */
snprintf(srcmsg, OS_FLSIZE, "(%s) %s", keys.keyentries[agentid]->name,
keys.keyentries[agentid]->ip->ip);
/* If we can't send the message, try to connect to the
* socket again. If it not exit.
*/
if (SendMSG(logr.m_queue, tmp_msg, srcmsg,
SECURE_MQ) < 0) {
merror(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno));
if ((logr.m_queue = StartMQ(DEFAULTQUEUE, WRITE)) < 0) {
ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQUEUE);
}
}
}
}
