コード例 #1
0
ファイル: validate.c プロジェクト: ColdSmoke627/ossec-wazuh
/* Returns the number of seconds since last agent connection, or -1 if error. */
double OS_AgentAntiquity(const char *id)
{
    struct stat file_stat;
    char file_name[OS_FLSIZE];
    char *full_name = getFullnameById(id);

    if (!full_name)
        return -1;

    snprintf(file_name, OS_FLSIZE - 1, "%s/%s", AGENTINFO_DIR, full_name);

    if (stat(file_name, &file_stat) < 0)
        return -1;

    return difftime(time(NULL), file_stat.st_mtime);
}
コード例 #2
0
ファイル: manage_agents.c プロジェクト: nixfloyd/ossec-hids
int remove_agent()
{
    FILE *fp;
    char *user_input;
    char u_id[FILE_SIZE + 1];
    int id_exist;

    u_id[FILE_SIZE] = '\0';

    if (!print_agents(0, 0, 0)) {
        printf(NO_AGENT);
        return (0);
    }

    do {
        printf(REMOVE_ID);
        fflush(stdout);

        user_input = getenv("OSSEC_AGENT_ID");
        if (user_input == NULL) {
            user_input = read_from_user();
        } else {
            printf("%s\n", user_input);
        }

        if (strcmp(user_input, QUIT) == 0) {
            return (0);
        }

        strncpy(u_id, user_input, FILE_SIZE);

        id_exist = IDExist(user_input);

        if (!id_exist) {
            printf(NO_ID, user_input);

            /* Exit here if we are using environment variables
             * and our ID does not exist
             */
            if (getenv("OSSEC_AGENT_ID")) {
                return (1);
            }
        }
    } while (!id_exist);

    do {
        printf(REMOVE_CONFIRM);
        fflush(stdout);

        user_input = getenv("OSSEC_ACTION_CONFIRMED");
        if (user_input == NULL) {
            user_input = read_from_user();
        } else {
            printf("%s\n", user_input);
        }

        /* If user confirms */
        if (user_input[0] == 'y' || user_input[0] == 'Y') {
            /* Get full agent name */
            char *full_name = getFullnameById(u_id);
            if (!full_name) {
                printf(NO_ID, u_id);
                return (1);
            }

            fp = fopen(AUTH_FILE, "r+");
            if (!fp) {
                free(full_name);
                ErrorExit(FOPEN_ERROR, ARGV0, AUTH_FILE, errno, strerror(errno));
            }
#ifndef WIN32
            chmod(AUTH_FILE, 0440);
#endif

            /* Remove the agent, but keep the id */
            fsetpos(fp, &fp_pos);
            fprintf(fp, "%s #*#*#*#*#*#*#*#*#*#*#", u_id);

            fclose(fp);

            /* Remove counter for ID */
            delete_agentinfo(full_name);
            OS_RemoveCounter(u_id);
            free(full_name);
            full_name = NULL;

            printf(REMOVE_DONE, u_id);
            restart_necessary = 1;
            break;
        } else { /* if(user_input[0] == 'n' || user_input[0] == 'N') */
            printf(REMOVE_NOT);
            break;
        }
    } while (1);

    return (0);
}
コード例 #3
0
ファイル: validate.c プロジェクト: ColdSmoke627/ossec-wazuh
/* Backup agent information before force deleting */
void OS_BackupAgentInfo(const char *id)
{
    char *path_backup;
    char path_src[OS_FLSIZE];
    char path_dst[OS_FLSIZE];
    char *name = getFullnameById(id);
    char *ip;
    time_t timer = time(NULL);
    int status = 0;

    if (!name) {
        merror("%s: ERROR: Agent id %s not found.", ARGV0, id);
        return;
    }

    ip = strchr(name, '-');
    *(ip++) = 0;

    path_backup = OS_CreateBackupDir(id, name, ip, timer);

    if (!path_backup) {
        merror("%s: ERROR: Couldn't create backup directory.", ARGV0);
        return;
    }

    /* agent-info */
    snprintf(path_src, OS_FLSIZE, "%s/%s", AGENTINFO_DIR, name);
    snprintf(path_dst, OS_FLSIZE, "%s/agent-info", path_backup);
    status += link(path_src, path_dst);

    /* syscheck */
    snprintf(path_src, OS_FLSIZE, "%s/(%s) %s->syscheck", SYSCHECK_DIR, name, ip);
    snprintf(path_dst, OS_FLSIZE, "%s/syscheck", path_backup);
    status += link(path_src, path_dst);

    snprintf(path_src, OS_FLSIZE, "%s/.(%s) %s->syscheck.cpt", SYSCHECK_DIR, name, ip);
    snprintf(path_dst, OS_FLSIZE, "%s/syscheck.cpt", path_backup);
    status += link(path_src, path_dst);

    snprintf(path_src, OS_FLSIZE, "%s/(%s) %s->syscheck-registry", SYSCHECK_DIR, name, ip);
    snprintf(path_dst, OS_FLSIZE, "%s/syscheck-registry", path_backup);
    status += link(path_src, path_dst);

    snprintf(path_src, OS_FLSIZE, "%s/.(%s) %s->syscheck-registry.cpt", SYSCHECK_DIR, name, ip);
    snprintf(path_dst, OS_FLSIZE, "%s/syscheck-registry.cpt", path_backup);
    status += link(path_src, path_dst);

    /* rootcheck */
    snprintf(path_src, OS_FLSIZE, "%s/(%s) %s->rootcheck", ROOTCHECK_DIR, name, ip);
    snprintf(path_dst, OS_FLSIZE, "%s/rootcheck", path_backup);
    status += link(path_src, path_dst);

    if (status < 0) {
        debug1("%s: Couldn't create some backup files.", ARGV0);

        if (status == -6) {
            debug1("%s: Backup directory empty. Removing %s", ARGV0, path_backup);
            rmdir(path_backup);
        }
    }

    free(name);
    free(path_backup);
}
コード例 #4
0
ファイル: validate.c プロジェクト: ColdSmoke627/ossec-wazuh
int OS_RemoveAgent(const char *u_id) {
    FILE *fp;
    int id_exist;
    char *full_name;
    long fp_seek;
    size_t fp_read;
    char *buffer;
    char buf_curline[OS_BUFFER_SIZE];
    struct stat fp_stat;

    id_exist = IDExist(u_id);

    if (!id_exist)
        return 0;

    full_name = getFullnameById(u_id);
    fp = fopen(AUTH_FILE, "r");

    if (!fp)
        return 0;

    chmod(AUTH_FILE, 0440);

    if (stat(AUTH_FILE, &fp_stat) < 0) {
        fclose(fp);
        return 0;
    }

    buffer = malloc(fp_stat.st_size + 1);
    if (!buffer) {
        fclose(fp);
        return 0;
    }

    fsetpos(fp, &fp_pos);
    fp_seek = ftell(fp);
    fseek(fp, 0, SEEK_SET);
    fp_read = fread(buffer, sizeof(char), fp_seek, fp);

    if (!fgets(buf_curline, OS_BUFFER_SIZE - 2, fp)) {
        return 0;
    }

#ifndef REUSE_ID
    char *ptr_name = strchr(buf_curline, ' ');

    if (!ptr_name) {
        free(buffer);
        fclose(fp);
        return 0;
    }

    ptr_name++;

    memmove(ptr_name + 1, ptr_name, strlen(ptr_name) + 1);
    *ptr_name = '!';
    size_t curline_len = strlen(buf_curline);
    memcpy(buffer + fp_read, buf_curline, curline_len);
    fp_read += curline_len;
#endif

    if (!feof(fp))
        fp_read += fread(buffer + fp_read, sizeof(char), fp_stat.st_size, fp);

    fclose(fp);
    fp = fopen(AUTH_FILE, "w");

    if (!fp) {
        free(buffer);
        return 0;
    }

    fwrite(buffer, sizeof(char), fp_read, fp);
    fclose(fp);
    free(buffer);

    if (full_name)
        delete_agentinfo(full_name);

    /* Remove counter for ID */
    OS_RemoveCounter(u_id);

    OS_RemoveAgentTimestamp(u_id);
    return 1;
}
コード例 #5
0
ファイル: manage_agents.c プロジェクト: ospatrol/ospatrol
/* remove an agent */
int remove_agent()
{
    FILE *fp;
    char *user_input;
    char u_id[FILE_SIZE +1];

    u_id[FILE_SIZE] = '\0';

    if(!print_agents(0, 0, 0))
    {
        printf(NO_AGENT);
        return(0);
    }

    do
    {
      printf(REMOVE_ID);
      fflush(stdout);

      user_input = getenv("OSPATROL_AGENT_ID");
      if (user_input == NULL || !IDExist(user_input)) {
        user_input = read_from_user();
      }

      if(strcmp(user_input, QUIT) == 0)
          return(0);

      strncpy(u_id, user_input, FILE_SIZE);

      if(!IDExist(user_input))
      {
        printf(NO_ID, user_input);
      }
    } while(!IDExist(user_input));

    do
    {
        printf(REMOVE_CONFIRM);
        fflush(stdout);

        user_input = getenv("OSPATROL_ACTION_CONFIRMED");
        if (user_input == NULL) {
          user_input = read_from_user();
        }
        /* If user confirm */
        if(user_input[0] == 'y' || user_input[0] == 'Y')
        {
            /* Getting full agent name */
            char *full_name = getFullnameById(u_id);
            if(!full_name)
            {
                ErrorExit(MEM_ERROR, ARGV0);
            }

            fp = fopen(AUTH_FILE, "r+");
            if(!fp)
            {
                free(full_name);
                ErrorExit(FOPEN_ERROR, ARGV0, AUTH_FILE);
            }
            #ifndef WIN32
            chmod(AUTH_FILE, 0440);
            #endif


            /* Removing the agent, but keeping the id. */
            fsetpos(fp, &fp_pos);
            fprintf(fp, "%s #*#*#*#*#*#*#*#*#*#*#", u_id);

            fclose(fp);


            /* Remove counter for id */
            delete_agentinfo(full_name);
            OS_RemoveCounter(u_id);
            free(full_name);
            full_name = NULL;


            printf(REMOVE_DONE, u_id);
            restart_necessary = 1;
            break;
        }
        else /* if(user_input[0] == 'n' || user_input[0] == 'N') */
        {
            printf(REMOVE_NOT);
            break;
        }

    } while(1);

    return(0);
}