int main(int argc, char **argv)
{
int c, test_config = 0;
int uid=0,gid=0;
int do_chroot = 0;
char *dir = DEFAULTDIR;
char *user = USER;
char *group = GROUPGLOBAL;
char *cfg = DEFAULTCPATH;
char *filter_by = NULL;
char *filter_value = NULL;
char *related_of = NULL;
char *related_values = NULL;
report_filter r_filter;
/* Setting the name */
OS_SetName(ARGV0);
r_filter.group = NULL;
r_filter.rule = NULL;
r_filter.level = NULL;
r_filter.location = NULL;
r_filter.srcip = NULL;
r_filter.user = NULL;
r_filter.files = NULL;
r_filter.show_alerts = 0;
r_filter.related_group = 0;
r_filter.related_rule = 0;
r_filter.related_level = 0;
r_filter.related_location = 0;
r_filter.related_srcip = 0;
r_filter.related_user = 0;
r_filter.related_file = 0;
r_filter.report_name = NULL;
while((c = getopt(argc, argv, "Vdhstu:g:D:c:f:v:n:r:NC")) != -1)
{
switch(c){
case 'V':
print_version();
break;
case 'h':
report_help();
break;
case 'd':
nowDebug();
break;
case 'n':
if(!optarg)
ErrorExit("%s: -n needs an argument",ARGV0);
r_filter.report_name = optarg;
break;
case 'r':
if(!optarg || !argv[optind])
ErrorExit("%s: -r needs two argument",ARGV0);
related_of = optarg;
related_values = argv[optind];
if(os_report_configfilter(related_of, related_values,
&r_filter, REPORT_RELATED) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, "user argument");
}
optind++;
break;
case 'f':
if(!optarg)
ErrorExit("%s: -f needs two argument",ARGV0);
filter_by = optarg;
filter_value = argv[optind];
if(os_report_configfilter(filter_by, filter_value,
&r_filter, REPORT_FILTER) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, "user argument");
}
optind++;
break;
case 'u':
if(!optarg)
ErrorExit("%s: -u needs an argument",ARGV0);
user=optarg;
break;
case 'g':
if(!optarg)
ErrorExit("%s: -g needs an argument",ARGV0);
group=optarg;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
case 's':
r_filter.show_alerts = 1;
break;
case 'N':
do_chroot = 0;
break;
case 'C':
do_chroot = 1;
break;
default:
report_help();
break;
}
}
/* Starting daemon */
debug1(STARTED_MSG,ARGV0);
/* Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
ErrorExit(USER_ERROR,ARGV0,user,group);
/* Exit here if test config is set */
if(test_config)
exit(0);
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
/* chrooting */
if (do_chroot) {
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
nowChroot();
} else {
chdir(dir);
}
/* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
debug1(PRIVSEP_MSG,ARGV0,dir,user);
/* Signal manipulation */
StartSIG(ARGV0);
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* the real stuff now */
os_ReportdStart(&r_filter);
exit(0);
}
int Read_CReports(XML_NODE node, void *config, void *config2)
{
int i = 0,s = 0;
/* XML definitions */
char *xml_title = "title";
char *xml_type = "type";
char *xml_categories = "category";
char *xml_group = "group";
char *xml_rule = "rule";
char *xml_level = "level";
char *xml_location = "location";
char *xml_showlogs = "showlogs";
char *xml_srcip = "srcip";
char *xml_user = "******";
char *xml_frequency = "frequency";
char *xml_email = "email_to";
monitor_config *mon_config = (monitor_config *)config;
/* Getting any configured entry. */
if(mon_config->reports)
{
while(mon_config->reports[s])
s++;
}
/* Allocating the memory for the config. */
os_realloc(mon_config->reports, (s + 2) * sizeof(report_config *),
mon_config->reports);
os_calloc(1, sizeof(report_config), mon_config->reports[s]);
mon_config->reports[s + 1] = NULL;
/* Zeroing the elements. */
mon_config->reports[s]->title = NULL;
mon_config->reports[s]->args = NULL;
mon_config->reports[s]->relations = NULL;
mon_config->reports[s]->type = NULL;
mon_config->reports[s]->emailto = NULL;
mon_config->reports[s]->r_filter.group = NULL;
mon_config->reports[s]->r_filter.rule = NULL;
mon_config->reports[s]->r_filter.level = NULL;
mon_config->reports[s]->r_filter.location = NULL;
mon_config->reports[s]->r_filter.srcip = NULL;
mon_config->reports[s]->r_filter.user = NULL;
mon_config->reports[s]->r_filter.related_group = 0;
mon_config->reports[s]->r_filter.related_rule = 0;
mon_config->reports[s]->r_filter.related_level = 0;
mon_config->reports[s]->r_filter.related_location = 0;
mon_config->reports[s]->r_filter.related_srcip = 0;
mon_config->reports[s]->r_filter.related_user = 0;
mon_config->reports[s]->r_filter.report_name = NULL;
mon_config->reports[s]->r_filter.show_alerts = 0;
/* Reading the XML. */
while(node[i])
{
if(!node[i]->element)
{
merror(XML_ELEMNULL, __local_name);
return(OS_INVALID);
}
else if(!node[i]->content)
{
merror(XML_VALUENULL, __local_name, node[i]->element);
return(OS_INVALID);
}
else if(strcmp(node[i]->element, xml_title) == 0)
{
if(!mon_config->reports[s]->title)
{
os_strdup(node[i]->content, mon_config->reports[s]->title);
}
}
else if(strcmp(node[i]->element, xml_type) == 0)
{
if(strcmp(node[i]->content, "email") == 0)
{
if(!mon_config->reports[s]->type)
{
os_strdup(node[i]->content, mon_config->reports[s]->type);
}
}
else
{
merror(XML_VALUEERR, __local_name,node[i]->element,node[i]->content);
}
}
else if(strcmp(node[i]->element, xml_frequency) == 0)
{
}
else if(strcmp(node[i]->element, xml_showlogs) == 0)
{
if(strcasecmp(node[i]->content, "yes") == 0)
{
mon_config->reports[s]->r_filter.show_alerts = 1;
}
}
else if(strcmp(node[i]->element, xml_categories) == 0)
{
char *ncat = NULL;
_filter_arg(node[i]->content);
os_strdup(node[i]->content, ncat);
if(os_report_configfilter("group", ncat,
&mon_config->reports[s]->r_filter, REPORT_FILTER) < 0)
{
merror(CONFIG_ERROR, __local_name, "user argument");
}
}
else if((strcmp(node[i]->element, xml_group) == 0)||
(strcmp(node[i]->element, xml_rule) == 0)||
(strcmp(node[i]->element, xml_level) == 0)||
(strcmp(node[i]->element, xml_location) == 0)||
(strcmp(node[i]->element, xml_srcip) == 0)||
(strcmp(node[i]->element, xml_user) == 0))
{
int reportf = REPORT_FILTER;
char *ncat = NULL;
_filter_arg(node[i]->content);
if(node[i]->attributes && node[i]->values)
{
if(node[i]->attributes[0] && node[i]->values[0])
{
if(strcmp(node[i]->attributes[0], "type") == 0)
{
if(strcmp(node[i]->values[0], "relation") == 0)
{
reportf = REPORT_RELATED;
}
else
{
merror("%s: WARN: Invalid value for 'relation' attribute: '%s'. (ignored).", __local_name, node[i]->values[0]);
i++;
continue;
}
}
else
{
merror("%s: WARN: Invalid attribute: %s (ignored). ", __local_name, node[i]->attributes[0]);
i++;
continue;
}
}
}
os_strdup(node[i]->content, ncat);
if(os_report_configfilter(node[i]->element, ncat,
&mon_config->reports[s]->r_filter, reportf) < 0)
{
merror("%s: Invalid filter: %s:%s (ignored).", __local_name, node[i]->element, node[i]->content);
}
}
else if(strcmp(node[i]->element, xml_email) == 0)
{
mon_config->reports[s]->emailto = os_AddStrArray(node[i]->content, mon_config->reports[s]->emailto);
}
else
{
merror(XML_INVELEM, __local_name, node[i]->element);
return(OS_INVALID);
}
i++;
}
/* Setting proper report type. */
mon_config->reports[s]->r_filter.report_type = REPORT_TYPE_DAILY;
if(mon_config->reports[s]->emailto == NULL)
{
if(mon_config->reports[s]->title)
merror("%s: No \"email to\" configured for the report '%s'. Ignoring it.", __local_name, mon_config->reports[s]->title);
else
merror("%s: No \"email to\" and title configured for report. Ignoring it.", __local_name);
}
if(!mon_config->reports[s]->title)
{
os_strdup("OSSEC Report (unnamed)", mon_config->reports[s]->title);
}
mon_config->reports[s]->r_filter.report_name = mon_config->reports[s]->title;
return(0);
}
