/* Returns the number of seconds since last agent connection, or -1 if error. */ double OS_AgentAntiquity(const char *id) { struct stat file_stat; char file_name[OS_FLSIZE]; char *full_name = getFullnameById(id); if (!full_name) return -1; snprintf(file_name, OS_FLSIZE - 1, "%s/%s", AGENTINFO_DIR, full_name); if (stat(file_name, &file_stat) < 0) return -1; return difftime(time(NULL), file_stat.st_mtime); }
int remove_agent() { FILE *fp; char *user_input; char u_id[FILE_SIZE + 1]; int id_exist; u_id[FILE_SIZE] = '\0'; if (!print_agents(0, 0, 0)) { printf(NO_AGENT); return (0); } do { printf(REMOVE_ID); fflush(stdout); user_input = getenv("OSSEC_AGENT_ID"); if (user_input == NULL) { user_input = read_from_user(); } else { printf("%s\n", user_input); } if (strcmp(user_input, QUIT) == 0) { return (0); } strncpy(u_id, user_input, FILE_SIZE); id_exist = IDExist(user_input); if (!id_exist) { printf(NO_ID, user_input); /* Exit here if we are using environment variables * and our ID does not exist */ if (getenv("OSSEC_AGENT_ID")) { return (1); } } } while (!id_exist); do { printf(REMOVE_CONFIRM); fflush(stdout); user_input = getenv("OSSEC_ACTION_CONFIRMED"); if (user_input == NULL) { user_input = read_from_user(); } else { printf("%s\n", user_input); } /* If user confirms */ if (user_input[0] == 'y' || user_input[0] == 'Y') { /* Get full agent name */ char *full_name = getFullnameById(u_id); if (!full_name) { printf(NO_ID, u_id); return (1); } fp = fopen(AUTH_FILE, "r+"); if (!fp) { free(full_name); ErrorExit(FOPEN_ERROR, ARGV0, AUTH_FILE, errno, strerror(errno)); } #ifndef WIN32 chmod(AUTH_FILE, 0440); #endif /* Remove the agent, but keep the id */ fsetpos(fp, &fp_pos); fprintf(fp, "%s #*#*#*#*#*#*#*#*#*#*#", u_id); fclose(fp); /* Remove counter for ID */ delete_agentinfo(full_name); OS_RemoveCounter(u_id); free(full_name); full_name = NULL; printf(REMOVE_DONE, u_id); restart_necessary = 1; break; } else { /* if(user_input[0] == 'n' || user_input[0] == 'N') */ printf(REMOVE_NOT); break; } } while (1); return (0); }
/* Backup agent information before force deleting */ void OS_BackupAgentInfo(const char *id) { char *path_backup; char path_src[OS_FLSIZE]; char path_dst[OS_FLSIZE]; char *name = getFullnameById(id); char *ip; time_t timer = time(NULL); int status = 0; if (!name) { merror("%s: ERROR: Agent id %s not found.", ARGV0, id); return; } ip = strchr(name, '-'); *(ip++) = 0; path_backup = OS_CreateBackupDir(id, name, ip, timer); if (!path_backup) { merror("%s: ERROR: Couldn't create backup directory.", ARGV0); return; } /* agent-info */ snprintf(path_src, OS_FLSIZE, "%s/%s", AGENTINFO_DIR, name); snprintf(path_dst, OS_FLSIZE, "%s/agent-info", path_backup); status += link(path_src, path_dst); /* syscheck */ snprintf(path_src, OS_FLSIZE, "%s/(%s) %s->syscheck", SYSCHECK_DIR, name, ip); snprintf(path_dst, OS_FLSIZE, "%s/syscheck", path_backup); status += link(path_src, path_dst); snprintf(path_src, OS_FLSIZE, "%s/.(%s) %s->syscheck.cpt", SYSCHECK_DIR, name, ip); snprintf(path_dst, OS_FLSIZE, "%s/syscheck.cpt", path_backup); status += link(path_src, path_dst); snprintf(path_src, OS_FLSIZE, "%s/(%s) %s->syscheck-registry", SYSCHECK_DIR, name, ip); snprintf(path_dst, OS_FLSIZE, "%s/syscheck-registry", path_backup); status += link(path_src, path_dst); snprintf(path_src, OS_FLSIZE, "%s/.(%s) %s->syscheck-registry.cpt", SYSCHECK_DIR, name, ip); snprintf(path_dst, OS_FLSIZE, "%s/syscheck-registry.cpt", path_backup); status += link(path_src, path_dst); /* rootcheck */ snprintf(path_src, OS_FLSIZE, "%s/(%s) %s->rootcheck", ROOTCHECK_DIR, name, ip); snprintf(path_dst, OS_FLSIZE, "%s/rootcheck", path_backup); status += link(path_src, path_dst); if (status < 0) { debug1("%s: Couldn't create some backup files.", ARGV0); if (status == -6) { debug1("%s: Backup directory empty. Removing %s", ARGV0, path_backup); rmdir(path_backup); } } free(name); free(path_backup); }
int OS_RemoveAgent(const char *u_id) { FILE *fp; int id_exist; char *full_name; long fp_seek; size_t fp_read; char *buffer; char buf_curline[OS_BUFFER_SIZE]; struct stat fp_stat; id_exist = IDExist(u_id); if (!id_exist) return 0; full_name = getFullnameById(u_id); fp = fopen(AUTH_FILE, "r"); if (!fp) return 0; chmod(AUTH_FILE, 0440); if (stat(AUTH_FILE, &fp_stat) < 0) { fclose(fp); return 0; } buffer = malloc(fp_stat.st_size + 1); if (!buffer) { fclose(fp); return 0; } fsetpos(fp, &fp_pos); fp_seek = ftell(fp); fseek(fp, 0, SEEK_SET); fp_read = fread(buffer, sizeof(char), fp_seek, fp); if (!fgets(buf_curline, OS_BUFFER_SIZE - 2, fp)) { return 0; } #ifndef REUSE_ID char *ptr_name = strchr(buf_curline, ' '); if (!ptr_name) { free(buffer); fclose(fp); return 0; } ptr_name++; memmove(ptr_name + 1, ptr_name, strlen(ptr_name) + 1); *ptr_name = '!'; size_t curline_len = strlen(buf_curline); memcpy(buffer + fp_read, buf_curline, curline_len); fp_read += curline_len; #endif if (!feof(fp)) fp_read += fread(buffer + fp_read, sizeof(char), fp_stat.st_size, fp); fclose(fp); fp = fopen(AUTH_FILE, "w"); if (!fp) { free(buffer); return 0; } fwrite(buffer, sizeof(char), fp_read, fp); fclose(fp); free(buffer); if (full_name) delete_agentinfo(full_name); /* Remove counter for ID */ OS_RemoveCounter(u_id); OS_RemoveAgentTimestamp(u_id); return 1; }
/* remove an agent */ int remove_agent() { FILE *fp; char *user_input; char u_id[FILE_SIZE +1]; u_id[FILE_SIZE] = '\0'; if(!print_agents(0, 0, 0)) { printf(NO_AGENT); return(0); } do { printf(REMOVE_ID); fflush(stdout); user_input = getenv("OSPATROL_AGENT_ID"); if (user_input == NULL || !IDExist(user_input)) { user_input = read_from_user(); } if(strcmp(user_input, QUIT) == 0) return(0); strncpy(u_id, user_input, FILE_SIZE); if(!IDExist(user_input)) { printf(NO_ID, user_input); } } while(!IDExist(user_input)); do { printf(REMOVE_CONFIRM); fflush(stdout); user_input = getenv("OSPATROL_ACTION_CONFIRMED"); if (user_input == NULL) { user_input = read_from_user(); } /* If user confirm */ if(user_input[0] == 'y' || user_input[0] == 'Y') { /* Getting full agent name */ char *full_name = getFullnameById(u_id); if(!full_name) { ErrorExit(MEM_ERROR, ARGV0); } fp = fopen(AUTH_FILE, "r+"); if(!fp) { free(full_name); ErrorExit(FOPEN_ERROR, ARGV0, AUTH_FILE); } #ifndef WIN32 chmod(AUTH_FILE, 0440); #endif /* Removing the agent, but keeping the id. */ fsetpos(fp, &fp_pos); fprintf(fp, "%s #*#*#*#*#*#*#*#*#*#*#", u_id); fclose(fp); /* Remove counter for id */ delete_agentinfo(full_name); OS_RemoveCounter(u_id); free(full_name); full_name = NULL; printf(REMOVE_DONE, u_id); restart_necessary = 1; break; } else /* if(user_input[0] == 'n' || user_input[0] == 'N') */ { printf(REMOVE_NOT); break; } } while(1); return(0); }