/* Returns the number of seconds since last agent connection, or -1 if error. */
double OS_AgentAntiquity(const char *id)
{
struct stat file_stat;
char file_name[OS_FLSIZE];
char *full_name = getFullnameById(id);
if (!full_name)
return -1;
snprintf(file_name, OS_FLSIZE - 1, "%s/%s", AGENTINFO_DIR, full_name);
if (stat(file_name, &file_stat) < 0)
return -1;
return difftime(time(NULL), file_stat.st_mtime);
}
int remove_agent()
{
FILE *fp;
char *user_input;
char u_id[FILE_SIZE + 1];
int id_exist;
u_id[FILE_SIZE] = '\0';
if (!print_agents(0, 0, 0)) {
printf(NO_AGENT);
return (0);
}
do {
printf(REMOVE_ID);
fflush(stdout);
user_input = getenv("OSSEC_AGENT_ID");
if (user_input == NULL) {
user_input = read_from_user();
} else {
printf("%s\n", user_input);
}
if (strcmp(user_input, QUIT) == 0) {
return (0);
}
strncpy(u_id, user_input, FILE_SIZE);
id_exist = IDExist(user_input);
if (!id_exist) {
printf(NO_ID, user_input);
/* Exit here if we are using environment variables
* and our ID does not exist
*/
if (getenv("OSSEC_AGENT_ID")) {
return (1);
}
}
} while (!id_exist);
do {
printf(REMOVE_CONFIRM);
fflush(stdout);
user_input = getenv("OSSEC_ACTION_CONFIRMED");
if (user_input == NULL) {
user_input = read_from_user();
} else {
printf("%s\n", user_input);
}
/* If user confirms */
if (user_input[0] == 'y' || user_input[0] == 'Y') {
/* Get full agent name */
char *full_name = getFullnameById(u_id);
if (!full_name) {
printf(NO_ID, u_id);
return (1);
}
fp = fopen(AUTH_FILE, "r+");
if (!fp) {
free(full_name);
ErrorExit(FOPEN_ERROR, ARGV0, AUTH_FILE, errno, strerror(errno));
}
#ifndef WIN32
chmod(AUTH_FILE, 0440);
#endif
/* Remove the agent, but keep the id */
fsetpos(fp, &fp_pos);
fprintf(fp, "%s #*#*#*#*#*#*#*#*#*#*#", u_id);
fclose(fp);
/* Remove counter for ID */
delete_agentinfo(full_name);
OS_RemoveCounter(u_id);
free(full_name);
full_name = NULL;
printf(REMOVE_DONE, u_id);
restart_necessary = 1;
break;
} else { /* if(user_input[0] == 'n' || user_input[0] == 'N') */
printf(REMOVE_NOT);
break;
}
} while (1);
return (0);
}
/* Backup agent information before force deleting */
void OS_BackupAgentInfo(const char *id)
{
char *path_backup;
char path_src[OS_FLSIZE];
char path_dst[OS_FLSIZE];
char *name = getFullnameById(id);
char *ip;
time_t timer = time(NULL);
int status = 0;
if (!name) {
merror("%s: ERROR: Agent id %s not found.", ARGV0, id);
return;
}
ip = strchr(name, '-');
*(ip++) = 0;
path_backup = OS_CreateBackupDir(id, name, ip, timer);
if (!path_backup) {
merror("%s: ERROR: Couldn't create backup directory.", ARGV0);
return;
}
/* agent-info */
snprintf(path_src, OS_FLSIZE, "%s/%s", AGENTINFO_DIR, name);
snprintf(path_dst, OS_FLSIZE, "%s/agent-info", path_backup);
status += link(path_src, path_dst);
/* syscheck */
snprintf(path_src, OS_FLSIZE, "%s/(%s) %s->syscheck", SYSCHECK_DIR, name, ip);
snprintf(path_dst, OS_FLSIZE, "%s/syscheck", path_backup);
status += link(path_src, path_dst);
snprintf(path_src, OS_FLSIZE, "%s/.(%s) %s->syscheck.cpt", SYSCHECK_DIR, name, ip);
snprintf(path_dst, OS_FLSIZE, "%s/syscheck.cpt", path_backup);
status += link(path_src, path_dst);
snprintf(path_src, OS_FLSIZE, "%s/(%s) %s->syscheck-registry", SYSCHECK_DIR, name, ip);
snprintf(path_dst, OS_FLSIZE, "%s/syscheck-registry", path_backup);
status += link(path_src, path_dst);
snprintf(path_src, OS_FLSIZE, "%s/.(%s) %s->syscheck-registry.cpt", SYSCHECK_DIR, name, ip);
snprintf(path_dst, OS_FLSIZE, "%s/syscheck-registry.cpt", path_backup);
status += link(path_src, path_dst);
/* rootcheck */
snprintf(path_src, OS_FLSIZE, "%s/(%s) %s->rootcheck", ROOTCHECK_DIR, name, ip);
snprintf(path_dst, OS_FLSIZE, "%s/rootcheck", path_backup);
status += link(path_src, path_dst);
if (status < 0) {
debug1("%s: Couldn't create some backup files.", ARGV0);
if (status == -6) {
debug1("%s: Backup directory empty. Removing %s", ARGV0, path_backup);
rmdir(path_backup);
}
}
free(name);
free(path_backup);
}
int OS_RemoveAgent(const char *u_id) {
FILE *fp;
int id_exist;
char *full_name;
long fp_seek;
size_t fp_read;
char *buffer;
char buf_curline[OS_BUFFER_SIZE];
struct stat fp_stat;
id_exist = IDExist(u_id);
if (!id_exist)
return 0;
full_name = getFullnameById(u_id);
fp = fopen(AUTH_FILE, "r");
if (!fp)
return 0;
chmod(AUTH_FILE, 0440);
if (stat(AUTH_FILE, &fp_stat) < 0) {
fclose(fp);
return 0;
}
buffer = malloc(fp_stat.st_size + 1);
if (!buffer) {
fclose(fp);
return 0;
}
fsetpos(fp, &fp_pos);
fp_seek = ftell(fp);
fseek(fp, 0, SEEK_SET);
fp_read = fread(buffer, sizeof(char), fp_seek, fp);
if (!fgets(buf_curline, OS_BUFFER_SIZE - 2, fp)) {
return 0;
}
#ifndef REUSE_ID
char *ptr_name = strchr(buf_curline, ' ');
if (!ptr_name) {
free(buffer);
fclose(fp);
return 0;
}
ptr_name++;
memmove(ptr_name + 1, ptr_name, strlen(ptr_name) + 1);
*ptr_name = '!';
size_t curline_len = strlen(buf_curline);
memcpy(buffer + fp_read, buf_curline, curline_len);
fp_read += curline_len;
#endif
if (!feof(fp))
fp_read += fread(buffer + fp_read, sizeof(char), fp_stat.st_size, fp);
fclose(fp);
fp = fopen(AUTH_FILE, "w");
if (!fp) {
free(buffer);
return 0;
}
fwrite(buffer, sizeof(char), fp_read, fp);
fclose(fp);
free(buffer);
if (full_name)
delete_agentinfo(full_name);
/* Remove counter for ID */
OS_RemoveCounter(u_id);
OS_RemoveAgentTimestamp(u_id);
return 1;
}
/* remove an agent */
int remove_agent()
{
FILE *fp;
char *user_input;
char u_id[FILE_SIZE +1];
u_id[FILE_SIZE] = '\0';
if(!print_agents(0, 0, 0))
{
printf(NO_AGENT);
return(0);
}
do
{
printf(REMOVE_ID);
fflush(stdout);
user_input = getenv("OSPATROL_AGENT_ID");
if (user_input == NULL || !IDExist(user_input)) {
user_input = read_from_user();
}
if(strcmp(user_input, QUIT) == 0)
return(0);
strncpy(u_id, user_input, FILE_SIZE);
if(!IDExist(user_input))
{
printf(NO_ID, user_input);
}
} while(!IDExist(user_input));
do
{
printf(REMOVE_CONFIRM);
fflush(stdout);
user_input = getenv("OSPATROL_ACTION_CONFIRMED");
if (user_input == NULL) {
user_input = read_from_user();
}
/* If user confirm */
if(user_input[0] == 'y' || user_input[0] == 'Y')
{
/* Getting full agent name */
char *full_name = getFullnameById(u_id);
if(!full_name)
{
ErrorExit(MEM_ERROR, ARGV0);
}
fp = fopen(AUTH_FILE, "r+");
if(!fp)
{
free(full_name);
ErrorExit(FOPEN_ERROR, ARGV0, AUTH_FILE);
}
#ifndef WIN32
chmod(AUTH_FILE, 0440);
#endif
/* Removing the agent, but keeping the id. */
fsetpos(fp, &fp_pos);
fprintf(fp, "%s #*#*#*#*#*#*#*#*#*#*#", u_id);
fclose(fp);
/* Remove counter for id */
delete_agentinfo(full_name);
OS_RemoveCounter(u_id);
free(full_name);
full_name = NULL;
printf(REMOVE_DONE, u_id);
restart_necessary = 1;
break;
}
else /* if(user_input[0] == 'n' || user_input[0] == 'N') */
{
printf(REMOVE_NOT);
break;
}
} while(1);
return(0);
}