/* Update the keys if changed */ int OS_UpdateKeys(keystore *keys) { if (keys->file_change != File_DateofChange(KEYS_FILE)) { merror(ENCFILE_CHANGED, __local_name); debug1("%s: DEBUG: Freekeys", __local_name); OS_FreeKeys(keys); debug1("%s: DEBUG: OS_ReadKeys", __local_name); /* Read keys */ verbose(ENC_READ, __local_name); OS_ReadKeys(keys); debug1("%s: DEBUG: OS_StartCounter", __local_name); OS_StartCounter(keys); debug1("%s: DEBUG: OS_UpdateKeys completed", __local_name); return (1); } return (0); }
/** main **/ int main(int argc, char **argv) { char *dir = DEFAULTDIR; char *group = GROUPGLOBAL; char *user = USER; char *agent_id = NULL; int gid = 0; int uid = 0; int c = 0, info_agent = 0, update_rootcheck = 0, list_agents = 0, show_last = 0, resolved_only = 0; int active_only = 0, csv_output = 0; char shost[512]; /* Setting the name */ OS_SetName(ARGV0); /* user arguments */ if(argc < 2) { helpmsg(); } while((c = getopt(argc, argv, "VhqrDdLlcsu:i:")) != -1) { switch(c){ case 'V': print_version(); break; case 'h': helpmsg(); break; case 'D': nowDebug(); break; case 'l': list_agents++; break; case 's': csv_output = 1; break; case 'c': active_only++; break; case 'r': resolved_only = 1; break; case 'q': resolved_only = 2; break; case 'L': show_last = 1; break; case 'i': info_agent++; if(!optarg) { merror("%s: -u needs an argument",ARGV0); helpmsg(); } agent_id = optarg; break; case 'u': if(!optarg) { merror("%s: -u needs an argument",ARGV0); helpmsg(); } agent_id = optarg; update_rootcheck = 1; break; default: helpmsg(); break; } } /* Getting the group name */ gid = Privsep_GetGroup(group); uid = Privsep_GetUser(user); if(gid < 0) { ErrorExit(USER_ERROR, ARGV0, user, group); } /* Setting the group */ if(Privsep_SetGroup(gid) < 0) { ErrorExit(SETGID_ERROR,ARGV0, group); } /* Chrooting to the default directory */ if(Privsep_Chroot(dir) < 0) { ErrorExit(CHROOT_ERROR, ARGV0, dir); } /* Inside chroot now */ nowChroot(); /* Setting the user */ if(Privsep_SetUser(uid) < 0) { ErrorExit(SETUID_ERROR, ARGV0, user); } /* Getting servers hostname */ memset(shost, '\0', 512); if(gethostname(shost, 512 -1) != 0) { strncpy(shost, "localhost", 32); return(0); } /* Listing available agents. */ if(list_agents) { if(!csv_output) { printf("\nOSSEC HIDS %s. List of available agents:", ARGV0); printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, " "Active/Local\n", shost); } else { printf("000,%s (server),127.0.0.1,Active/Local,\n", shost); } print_agents(1, active_only, csv_output); printf("\n"); exit(0); } /* Update rootcheck database. */ if(update_rootcheck) { /* Cleaning all agents (and server) db. */ if(strcmp(agent_id, "all") == 0) { DIR *sys_dir; struct dirent *entry; sys_dir = opendir(ROOTCHECK_DIR); if(!sys_dir) { ErrorExit("%s: Unable to open: '%s'", ARGV0, ROOTCHECK_DIR); } while((entry = readdir(sys_dir)) != NULL) { FILE *fp; char full_path[OS_MAXSTR +1]; /* Do not even attempt to delete . and .. :) */ if((strcmp(entry->d_name,".") == 0)|| (strcmp(entry->d_name,"..") == 0)) { continue; } snprintf(full_path, OS_MAXSTR,"%s/%s", ROOTCHECK_DIR, entry->d_name); fp = fopen(full_path, "w"); if(fp) { fclose(fp); } if(entry->d_name[0] == '.') { unlink(full_path); } } closedir(sys_dir); printf("\n** Policy and auditing database updated.\n\n"); exit(0); } else if((strcmp(agent_id, "000") == 0) || (strcmp(agent_id, "local") == 0)) { char final_dir[1024]; FILE *fp; snprintf(final_dir, 1020, "/%s/rootcheck", ROOTCHECK_DIR); fp = fopen(final_dir, "w"); if(fp) { fclose(fp); } unlink(final_dir); printf("\n** Policy and auditing database updated.\n\n"); exit(0); } /* Database from remote agents. */ else { int i; keystore keys; OS_ReadKeys(&keys); i = OS_IsAllowedID(&keys, agent_id); if(i < 0) { printf("\n** Invalid agent id '%s'.\n", agent_id); helpmsg(); } /* Deleting syscheck */ delete_rootcheck(keys.keyentries[i]->name, keys.keyentries[i]->ip->ip, 0); printf("\n** Policy and auditing database updated.\n\n"); exit(0); } } /* Printing information from an agent. */ if(info_agent) { int i; char final_ip[128 +1]; char final_mask[128 +1]; keystore keys; if((strcmp(agent_id, "000") == 0) || (strcmp(agent_id, "local") == 0)) { if(!csv_output) printf("\nPolicy and auditing events for local system '%s - %s':\n", shost, "127.0.0.1"); print_rootcheck(NULL, NULL, NULL, resolved_only, csv_output, show_last); } else { OS_ReadKeys(&keys); i = OS_IsAllowedID(&keys, agent_id); if(i < 0) { printf("\n** Invalid agent id '%s'.\n", agent_id); helpmsg(); } /* Getting netmask from ip. */ final_ip[128] = '\0'; final_mask[128] = '\0'; getNetmask(keys.keyentries[i]->ip->netmask, final_mask, 128); snprintf(final_ip, 128, "%s%s",keys.keyentries[i]->ip->ip, final_mask); if(!csv_output) printf("\nPolicy and auditing events for agent " "'%s (%s) - %s':\n", keys.keyentries[i]->name, keys.keyentries[i]->id, final_ip); print_rootcheck(keys.keyentries[i]->name, keys.keyentries[i]->ip->ip, NULL, resolved_only, csv_output, show_last); } exit(0); } printf("\n** Invalid argument combination.\n"); helpmsg(); return(0); }
/** main **/ int main(int argc, char **argv) { char *dir = DEFAULTDIR; char *group = GROUPGLOBAL; char *user = USER; char *agent_id = NULL; char *ip_address = NULL; char *ar = NULL; int arq = 0; int gid = 0; int uid = 0; int c = 0, restart_syscheck = 0, restart_all_agents = 0, list_agents = 0; int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0; int list_responses = 0, end_time = 0, restart_agent = 0; char shost[512]; keystore keys; /* Setting the name */ OS_SetName(ARGV0); /* user arguments */ if(argc < 2) { helpmsg(); } while((c = getopt(argc, argv, "VehdlLcsaru:i:b:f:R:")) != -1) { switch(c){ case 'V': print_version(); break; case 'h': helpmsg(); break; case 'd': nowDebug(); break; case 'L': list_responses = 1; break; case 'e': end_time = 1; break; case 'r': restart_syscheck = 1; break; case 'l': list_agents++; break; case 's': csv_output = 1; break; case 'c': active_only++; break; case 'i': info_agent++; case 'u': if(!optarg) { merror("%s: -u needs an argument",ARGV0); helpmsg(); } agent_id = optarg; break; case 'b': if(!optarg) { merror("%s: -b needs an argument",ARGV0); helpmsg(); } ip_address = optarg; break; case 'f': if(!optarg) { merror("%s: -e needs an argument",ARGV0); helpmsg(); } ar = optarg; break; case 'R': if(!optarg) { merror("%s: -R needs an argument",ARGV0); helpmsg(); } agent_id = optarg; restart_agent = 1; case 'a': restart_all_agents = 1; break; default: helpmsg(); break; } } /* Getting the group name */ gid = Privsep_GetGroup(group); uid = Privsep_GetUser(user); if(gid < 0) { ErrorExit(USER_ERROR, ARGV0, user, group); } /* Setting the group */ if(Privsep_SetGroup(gid) < 0) { ErrorExit(SETGID_ERROR,ARGV0, group); } /* Chrooting to the default directory */ if(Privsep_Chroot(dir) < 0) { ErrorExit(CHROOT_ERROR, ARGV0, dir); } /* Inside chroot now */ nowChroot(); /* Setting the user */ if(Privsep_SetUser(uid) < 0) { ErrorExit(SETUID_ERROR, ARGV0, user); } /* Getting servers hostname */ memset(shost, '\0', 512); if(gethostname(shost, 512 -1) != 0) { strncpy(shost, "localhost", 32); return(0); } /* Listing responses. */ if(list_responses) { FILE *fp; if(!csv_output) { printf("\nOSSEC HIDS %s. Available active responses:\n", ARGV0); } fp = fopen(DEFAULTAR, "r"); if(fp) { char buffer[256]; while(fgets(buffer, 255, fp) != NULL) { char *r_name; char *r_cmd; char *r_timeout; r_name = buffer; r_cmd = strchr(buffer, ' '); if(!r_cmd) continue; *r_cmd = '\0'; r_cmd++; if(*r_cmd == '-') r_cmd++; if(*r_cmd == ' ') r_cmd++; r_timeout = strchr(r_cmd, ' '); if(!r_timeout) continue; *r_timeout = '\0'; if(strcmp(r_name, "restart-ossec0") == 0) { continue; } printf("\n Response name: %s, command: %s", r_name, r_cmd); } printf("\n\n"); fclose(fp); } else { printf("\n No active response available.\n\n"); } exit(0); } /* Listing available agents. */ if(list_agents) { if(!csv_output) { printf("\nOSSEC HIDS %s. List of available agents:", ARGV0); printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, Active/Local\n", shost); } else { printf("000,%s (server),127.0.0.1,Active/Local,\n", shost); } print_agents(1, active_only, csv_output); printf("\n"); exit(0); } /* Checking if the provided ID is valid. */ if(agent_id != NULL) { if(strcmp(agent_id, "000") != 0) { OS_ReadKeys(&keys); agt_id = OS_IsAllowedID(&keys, agent_id); if(agt_id < 0) { printf("\n** Invalid agent id '%s'.\n", agent_id); helpmsg(); } } else { /* server. */ agt_id = -1; } } /* Printing information from an agent. */ if(info_agent) { int agt_status = 0; char final_ip[IPSIZE + 4]; agent_info *agt_info; final_ip[(sizeof final_ip) - 1] = '\0'; if(!csv_output) printf("\nOSSEC HIDS %s. Agent information:", ARGV0); if(agt_id != -1) { agt_status = get_agent_status(keys.keyentries[agt_id]->name, keys.keyentries[agt_id]->ip->ip); agt_info = get_agent_info(keys.keyentries[agt_id]->name, keys.keyentries[agt_id]->ip->ip); /* Getting full address/prefix length from ip. */ snprintf(final_ip, sizeof final_ip, "%s/%u", keys.keyentries[agt_id]->ip->ip, keys.keyentries[agt_id]->ip->prefixlength); if(!csv_output) { printf("\n Agent ID: %s\n", keys.keyentries[agt_id]->id); printf(" Agent Name: %s\n", keys.keyentries[agt_id]->name); printf(" IP address: %s\n", final_ip); printf(" Status: %s\n\n",print_agent_status(agt_status)); } else { printf("%s,%s,%s,%s,", keys.keyentries[agt_id]->id, keys.keyentries[agt_id]->name, final_ip, print_agent_status(agt_status)); } } else { agt_status = get_agent_status(NULL, NULL); agt_info = get_agent_info(NULL, "127.0.0.1"); if(!csv_output) { printf("\n Agent ID: 000 (local instance)\n"); printf(" Agent Name: %s\n", shost); printf(" IP address: 127.0.0.1\n"); printf(" Status: %s/Local\n\n",print_agent_status(agt_status)); } else { printf("000,%s,127.0.0.1,%s/Local,", shost, print_agent_status(agt_status)); } } if(!csv_output) { printf(" Operating system: %s\n", agt_info->os); printf(" Client version: %s\n", agt_info->version); printf(" Last keep alive: %s\n\n", agt_info->last_keepalive); if(end_time) { printf(" Syscheck last started at: %s\n", agt_info->syscheck_time); printf(" Syscheck last ended at: %s\n", agt_info->syscheck_endtime); printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time); printf(" Rootcheck last ended at: %s\n\n", agt_info->rootcheck_endtime); } else { printf(" Syscheck last started at: %s\n", agt_info->syscheck_time); printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time); } } else { printf("%s,%s,%s,%s,%s,\n", agt_info->os, agt_info->version, agt_info->last_keepalive, agt_info->syscheck_time, agt_info->rootcheck_time); } exit(0); } /* Restarting syscheck every where. */ if(restart_all_agents && restart_syscheck) { /* Connecting to remoted. */ debug1("%s: DEBUG: Connecting to remoted...", ARGV0); arq = connect_to_remoted(); if(arq < 0) { printf("\n** Unable to connect to remoted.\n"); exit(1); } debug1("%s: DEBUG: Connected...", ARGV0); /* Sending restart message to all agents. */ if(send_msg_to_agent(arq, HC_SK_RESTART, NULL, NULL) == 0) { printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on all agents.", ARGV0); } else { printf("\n** Unable to restart syscheck on all agents.\n"); exit(1); } exit(0); } if(restart_syscheck && agent_id) { /* Restart on the server. */ if(strcmp(agent_id, "000") == 0) { os_set_restart_syscheck(); printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck " "locally.\n", ARGV0); exit(0); } /* Connecting to remoted. */ debug1("%s: DEBUG: Connecting to remoted...", ARGV0); arq = connect_to_remoted(); if(arq < 0) { printf("\n** Unable to connect to remoted.\n"); exit(1); } debug1("%s: DEBUG: Connected...", ARGV0); if(send_msg_to_agent(arq, HC_SK_RESTART, agent_id, NULL) == 0) { printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on agent: %s\n", ARGV0, agent_id); } else { printf("\n** Unable to restart syscheck on agent: %s\n", agent_id); exit(1); } exit(0); } if(restart_agent && agent_id) { /* Connecting to remoted. */ debug1("%s: DEBUG: Connecting to remoted...", ARGV0); arq = connect_to_remoted(); if(arq < 0) { printf("\n** Unable to connect to remoted.\n"); exit(1); } debug1("%s: DEBUG: Connected...", ARGV0); if(send_msg_to_agent(arq, "restart-ossec0", agent_id, "null") == 0) { printf("\nOSSEC HIDS %s: Restarting agent: %s\n", ARGV0, agent_id); } else { printf("\n** Unable to restart agent: %s\n", agent_id); exit(1); } exit(0); } /* running active response on the specified agent id. */ if(ip_address && ar && agent_id) { /* Connecting to remoted. */ debug1("%s: DEBUG: Connecting to remoted...", ARGV0); arq = connect_to_remoted(); if(arq < 0) { printf("\n** Unable to connect to remoted.\n"); exit(1); } debug1("%s: DEBUG: Connected...", ARGV0); if(send_msg_to_agent(arq, ar, agent_id, ip_address) == 0) { printf("\nOSSEC HIDS %s: Running active response '%s' on: %s\n", ARGV0, ar, agent_id); } else { printf("\n** Unable to restart syscheck on agent: %s\n", agent_id); exit(1); } exit(0); } printf("\n** Invalid argument combination.\n"); helpmsg(); return(0); }
/* AgentdStart v0.2, 2005/11/09 * Starts the agent daemon. */ void AgentdStart(char *dir, int uid, int gid, char *user, char *group) { int rc = 0; int pid = 0; int maxfd = 0; fd_set fdset; struct timeval fdtimeout; pid = getpid(); available_server = 0; /* Going Daemon */ if (!run_foreground) { nowDaemon(); goDaemonLight(); } /* Setting group ID */ if(Privsep_SetGroup(gid) < 0) ErrorExit(SETGID_ERROR, ARGV0, group); /* chrooting */ if(Privsep_Chroot(dir) < 0) ErrorExit(CHROOT_ERROR, ARGV0, dir); nowChroot(); if(Privsep_SetUser(uid) < 0) ErrorExit(SETUID_ERROR, ARGV0, user); /* Create the queue. In this case we are going to create * and read from it * Exit if fails. */ if((agt->m_queue = StartMQ(DEFAULTQUEUE, READ)) < 0) ErrorExit(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno)); maxfd = agt->m_queue; agt->sock = -1; /* Creating PID file */ if(CreatePID(ARGV0, getpid()) < 0) merror(PID_ERROR,ARGV0); /* Reading the private keys */ verbose(ENC_READ, ARGV0); OS_ReadKeys(&keys); OS_StartCounter(&keys); /* cmoraes : changed the following call to os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id); */ os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id, agt->profile); /* Start up message */ verbose(STARTUP_MSG, ARGV0, (int)getpid()); /* Initial random numbers */ #ifdef __OpenBSD__ srandomdev(); #else srandom( time(0) + getpid()+ pid + getppid()); #endif random(); /* Connecting UDP */ rc = 0; while(rc < agt->rip_id) { verbose("%s: INFO: Server IP Address: %s", ARGV0, agt->rip[rc]); rc++; } /* Trying to connect to the server */ if(!connect_server(0)) { ErrorExit(UNABLE_CONN, ARGV0); } /* Setting max fd for select */ if(agt->sock > maxfd) { maxfd = agt->sock; } /* Connecting to the execd queue */ if(agt->execdq == 0) { if((agt->execdq = StartMQ(EXECQUEUE, WRITE)) < 0) { merror("%s: INFO: Unable to connect to the active response " "queue (disabled).", ARGV0); agt->execdq = -1; } } /* Trying to connect to server */ os_setwait(); start_agent(1); os_delwait(); /* Sending integrity message for agent configs */ intcheck_file(OSSECCONF, dir); intcheck_file(OSSEC_DEFINES, dir); /* Sending first notification */ run_notify(); /* Maxfd must be higher socket +1 */ maxfd++; /* monitor loop */ while(1) { /* Monitoring all available sockets from here */ FD_ZERO(&fdset); FD_SET(agt->sock, &fdset); FD_SET(agt->m_queue, &fdset); fdtimeout.tv_sec = 1; fdtimeout.tv_usec = 0; /* Continuously send notifications */ run_notify(); /* Wait with a timeout for any descriptor */ rc = select(maxfd, &fdset, NULL, NULL, &fdtimeout); if(rc == -1) { ErrorExit(SELECT_ERROR, ARGV0); } else if(rc == 0) { continue; } /* For the receiver */ if(FD_ISSET(agt->sock, &fdset)) { receive_msg(); } /* For the forwarder */ if(FD_ISSET(agt->m_queue, &fdset)) { EventForward(); } } }
/** main **/ int main(int argc, char **argv) { char *dir = DEFAULTDIR; char *group = GROUPGLOBAL; char *user = USER; int gid; int uid; /* Setting the name */ OS_SetName(ARGV0); /* user arguments */ if(argc < 2) { helpmsg(); } /* Getting the group name */ gid = Privsep_GetGroup(group); uid = Privsep_GetUser(user); if(gid < 0) { ErrorExit(USER_ERROR, ARGV0, user, group); } /* Setting the group */ if(Privsep_SetGroup(gid) < 0) { ErrorExit(SETGID_ERROR,ARGV0, group); } /* Chrooting to the default directory */ if(Privsep_Chroot(dir) < 0) { ErrorExit(CHROOT_ERROR, ARGV0, dir); } /* Inside chroot now */ nowChroot(); /* Setting the user */ if(Privsep_SetUser(uid) < 0) { ErrorExit(SETUID_ERROR, ARGV0, user); } /* User options */ if(strcmp(argv[1], "-h") == 0) { helpmsg(); } else if(strcmp(argv[1], "-l") == 0) { printf("\nOSSEC HIDS %s: Updates the integrity check database.", ARGV0); print_agents(0, 0, 0); printf("\n"); exit(0); } else if(strcmp(argv[1], "-u") == 0) { if(argc != 3) { printf("\n** Option -u requires an extra argument\n"); helpmsg(); } } else if(strcmp(argv[1], "-a") == 0) { DIR *sys_dir; struct dirent *entry; sys_dir = opendir(SYSCHECK_DIR); if(!sys_dir) { ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR); } while((entry = readdir(sys_dir)) != NULL) { FILE *fp; char full_path[OS_MAXSTR +1]; /* Do not even attempt to delete . and .. :) */ if((strcmp(entry->d_name,".") == 0)|| (strcmp(entry->d_name,"..") == 0)) { continue; } snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR, entry->d_name); fp = fopen(full_path, "w"); if(fp) { fclose(fp); } if(entry->d_name[0] == '.') { unlink(full_path); } } closedir(sys_dir); printf("\n** Integrity check database updated.\n\n"); exit(0); } else { printf("\n** Invalid option '%s'.\n", argv[1]); helpmsg(); } /* local */ if(strcmp(argv[2],"local") == 0) { char final_dir[1024]; FILE *fp; snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR); fp = fopen(final_dir, "w"); if(fp) { fclose(fp); } unlink(final_dir); /* Deleting cpt file */ snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR); fp = fopen(final_dir, "w"); if(fp) { fclose(fp); } /* unlink(final_dir); */ } /* external agents */ else { int i; keystore keys; OS_ReadKeys(&keys); i = OS_IsAllowedID(&keys, argv[2]); if(i < 0) { printf("\n** Invalid agent id '%s'.\n", argv[2]); helpmsg(); } /* Deleting syscheck */ delete_syscheck(keys.keyentries[i]->name,keys.keyentries[i]->ip->ip,0); } printf("\n** Integrity check database updated.\n\n"); return(0); }
/* Locally starts (after service/win init) */ int local_start() { int debug_level; int accept_manager_commands = 0; char *cfg = DEFAULTCPATH; WSADATA wsaData; DWORD threadID; DWORD threadID2; /* Starting logr */ logr = (agent *)calloc(1, sizeof(agent)); if(!logr) { ErrorExit(MEM_ERROR, ARGV0); } logr->port = DEFAULT_SECURE; /* Getting debug level */ debug_level = getDefine_Int("windows","debug", 0, 2); while(debug_level != 0) { nowDebug(); debug_level--; } accept_manager_commands = getDefine_Int("logcollector", "remote_commands", 0, 1); /* Configuration file not present */ if(File_DateofChange(cfg) < 0) ErrorExit("%s: Configuration file '%s' not found",ARGV0,cfg); /* Starting Winsock */ if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0) { ErrorExit("%s: WSAStartup() failed", ARGV0); } /* Read agent config */ debug1("%s: DEBUG: Reading agent configuration.", ARGV0); if(ClientConf(cfg) < 0) { ErrorExit(CLIENT_ERROR,ARGV0); } if(logr->notify_time == 0) { logr->notify_time = NOTIFY_TIME; } if(logr->max_time_reconnect_try == 0 ) { logr->max_time_reconnect_try = NOTIFY_TIME * 3; } if(logr->max_time_reconnect_try <= logr->notify_time) { logr->max_time_reconnect_try = (logr->notify_time * 3); verbose("%s Max time to reconnect can't be less than notify_time(%d), using notify_time*3 (%d)",ARGV0,logr->notify_time,logr->max_time_reconnect_try); } verbose("%s Using notify time: %d and max time to reconnect: %d",ARGV0,logr->notify_time,logr->max_time_reconnect_try); /* Reading logcollector config file */ debug1("%s: DEBUG: Reading logcollector configuration.", ARGV0); if(LogCollectorConfig(cfg, accept_manager_commands) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, cfg); } /* Checking auth keys */ if(!OS_CheckKeys()) { ErrorExit(AG_NOKEYS_EXIT, ARGV0); } /* If there is not file to monitor, create a clean entry * for the mark messages. */ if(logff == NULL) { os_calloc(2, sizeof(logreader), logff); logff[0].file = NULL; logff[0].ffile = NULL; logff[0].logformat = NULL; logff[0].fp = NULL; logff[1].file = NULL; logff[1].logformat = NULL; merror(NO_FILE, ARGV0); } /* Reading execd config. */ if(!WinExecd_Start()) { logr->execdq = -1; } /* Reading keys */ verbose(ENC_READ, ARGV0); OS_ReadKeys(&keys); OS_StartCounter(&keys); os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id, NULL); /* Initial random numbers */ srandom(time(0)); random(); /* Socket connection */ logr->sock = -1; StartMQ(NULL, 0); /* Starting mutex */ debug1("%s: DEBUG: Creating thread mutex.", ARGV0); hMutex = CreateMutex(NULL, FALSE, NULL); if(hMutex == NULL) { ErrorExit("%s: Error creating mutex.", ARGV0); } /* Starting syscheck thread */ if(CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)skthread, NULL, 0, (LPDWORD)&threadID) == NULL) { merror(THREAD_ERROR, ARGV0); } /* Checking if server is connected */ os_setwait(); start_agent(1); os_delwait(); /* Sending integrity message for agent configs */ intcheck_file(cfg, ""); intcheck_file(OSPATROL_DEFINES, ""); /* Starting receiver thread */ if(CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)receiver_thread, NULL, 0, (LPDWORD)&threadID2) == NULL) { merror(THREAD_ERROR, ARGV0); } /* Sending agent information message */ send_win32_info(time(0)); /* Startting logcollector -- main process here */ LogCollectorStart(); WSACleanup(); return(0); }
/* Handle secure connections */ void HandleSecure() { int agentid; char buffer[OS_MAXSTR + 1]; char cleartext_msg[OS_MAXSTR + 1]; char srcip[IPSIZE + 1]; char *tmp_msg; char srcmsg[OS_FLSIZE + 1]; ssize_t recv_b; struct sockaddr_in peer_info; socklen_t peer_size; /* Send msg init */ send_msg_init(); /* Initialize key mutex */ keyupdate_init(); /* Initialize manager */ manager_init(0); /* Create Active Response forwarder thread */ if (CreateThread(AR_Forward, (void *)NULL) != 0) { ErrorExit(THREAD_ERROR, ARGV0); } /* Create wait_for_msgs thread */ if (CreateThread(wait_for_msgs, (void *)NULL) != 0) { ErrorExit(THREAD_ERROR, ARGV0); } /* Connect to the message queue * Exit if it fails. */ if ((logr.m_queue = StartMQ(DEFAULTQUEUE, WRITE)) < 0) { ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQUEUE); } verbose(AG_AX_AGENTS, ARGV0, MAX_AGENTS); /* Read authentication keys */ verbose(ENC_READ, ARGV0); OS_ReadKeys(&keys); OS_StartCounter(&keys); /* Set up peer size */ peer_size = sizeof(peer_info); logr.peer_size = sizeof(peer_info); /* Initialize some variables */ memset(buffer, '\0', OS_MAXSTR + 1); memset(cleartext_msg, '\0', OS_MAXSTR + 1); memset(srcmsg, '\0', OS_FLSIZE + 1); tmp_msg = NULL; while (1) { /* Receive message */ recv_b = recvfrom(logr.sock, buffer, OS_MAXSTR, 0, (struct sockaddr *)&peer_info, &peer_size); /* Nothing received */ if (recv_b <= 0) { continue; } /* Set the source IP */ strncpy(srcip, inet_ntoa(peer_info.sin_addr), IPSIZE); srcip[IPSIZE] = '\0'; /* Get a valid agent id */ if (buffer[0] == '!') { tmp_msg = buffer; tmp_msg++; /* We need to make sure that we have a valid id * and that we reduce the recv buffer size */ while (isdigit((int)*tmp_msg)) { tmp_msg++; recv_b--; } if (*tmp_msg != '!') { merror(ENCFORMAT_ERROR, __local_name, srcip); continue; } *tmp_msg = '\0'; tmp_msg++; recv_b -= 2; agentid = OS_IsAllowedDynamicID(&keys, buffer + 1, srcip); if (agentid == -1) { if (check_keyupdate()) { agentid = OS_IsAllowedDynamicID(&keys, buffer + 1, srcip); if (agentid == -1) { merror(ENC_IP_ERROR, ARGV0, srcip); continue; } } else { merror(ENC_IP_ERROR, ARGV0, srcip); continue; } } } else { agentid = OS_IsAllowedIP(&keys, srcip); if (agentid < 0) { if (check_keyupdate()) { agentid = OS_IsAllowedIP(&keys, srcip); if (agentid == -1) { merror(DENYIP_WARN, ARGV0, srcip); continue; } } else { merror(DENYIP_WARN, ARGV0, srcip); continue; } } tmp_msg = buffer; } /* Decrypt the message */ tmp_msg = ReadSecMSG(&keys, tmp_msg, cleartext_msg, agentid, recv_b - 1); if (tmp_msg == NULL) { /* If duplicated, a warning was already generated */ continue; } /* Check if it is a control message */ if (IsValidHeader(tmp_msg)) { /* We need to save the peerinfo if it is a control msg */ memcpy(&keys.keyentries[agentid]->peer_info, &peer_info, peer_size); keys.keyentries[agentid]->rcvd = time(0); save_controlmsg((unsigned)agentid, tmp_msg); continue; } /* Generate srcmsg */ snprintf(srcmsg, OS_FLSIZE, "(%s) %s", keys.keyentries[agentid]->name, keys.keyentries[agentid]->ip->ip); /* If we can't send the message, try to connect to the * socket again. If it not exit. */ if (SendMSG(logr.m_queue, tmp_msg, srcmsg, SECURE_MQ) < 0) { merror(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno)); if ((logr.m_queue = StartMQ(DEFAULTQUEUE, WRITE)) < 0) { ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQUEUE); } } } }