int main(int argc, char **argv) { int c, test_config = 0; int uid=0,gid=0; int do_chroot = 0; char *dir = DEFAULTDIR; char *user = USER; char *group = GROUPGLOBAL; char *cfg = DEFAULTCPATH; char *filter_by = NULL; char *filter_value = NULL; char *related_of = NULL; char *related_values = NULL; report_filter r_filter; /* Setting the name */ OS_SetName(ARGV0); r_filter.group = NULL; r_filter.rule = NULL; r_filter.level = NULL; r_filter.location = NULL; r_filter.srcip = NULL; r_filter.user = NULL; r_filter.files = NULL; r_filter.show_alerts = 0; r_filter.related_group = 0; r_filter.related_rule = 0; r_filter.related_level = 0; r_filter.related_location = 0; r_filter.related_srcip = 0; r_filter.related_user = 0; r_filter.related_file = 0; r_filter.report_name = NULL; while((c = getopt(argc, argv, "Vdhstu:g:D:c:f:v:n:r:NC")) != -1) { switch(c){ case 'V': print_version(); break; case 'h': report_help(); break; case 'd': nowDebug(); break; case 'n': if(!optarg) ErrorExit("%s: -n needs an argument",ARGV0); r_filter.report_name = optarg; break; case 'r': if(!optarg || !argv[optind]) ErrorExit("%s: -r needs two argument",ARGV0); related_of = optarg; related_values = argv[optind]; if(os_report_configfilter(related_of, related_values, &r_filter, REPORT_RELATED) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, "user argument"); } optind++; break; case 'f': if(!optarg) ErrorExit("%s: -f needs two argument",ARGV0); filter_by = optarg; filter_value = argv[optind]; if(os_report_configfilter(filter_by, filter_value, &r_filter, REPORT_FILTER) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, "user argument"); } optind++; break; case 'u': if(!optarg) ErrorExit("%s: -u needs an argument",ARGV0); user=optarg; break; case 'g': if(!optarg) ErrorExit("%s: -g needs an argument",ARGV0); group=optarg; break; case 'D': if(!optarg) ErrorExit("%s: -D needs an argument",ARGV0); dir=optarg; break; case 'c': if(!optarg) ErrorExit("%s: -c needs an argument",ARGV0); cfg = optarg; break; case 't': test_config = 1; break; case 's': r_filter.show_alerts = 1; break; case 'N': do_chroot = 0; break; case 'C': do_chroot = 1; break; default: report_help(); break; } } /* Starting daemon */ debug1(STARTED_MSG,ARGV0); /* Check if the user/group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if((uid < 0)||(gid < 0)) ErrorExit(USER_ERROR,ARGV0,user,group); /* Exit here if test config is set */ if(test_config) exit(0); /* Privilege separation */ if(Privsep_SetGroup(gid) < 0) ErrorExit(SETGID_ERROR,ARGV0,group); /* chrooting */ if (do_chroot) { if(Privsep_Chroot(dir) < 0) ErrorExit(CHROOT_ERROR,ARGV0,dir); nowChroot(); } else { chdir(dir); } /* Changing user */ if(Privsep_SetUser(uid) < 0) ErrorExit(SETUID_ERROR,ARGV0,user); debug1(PRIVSEP_MSG,ARGV0,dir,user); /* Signal manipulation */ StartSIG(ARGV0); /* Creating PID files */ if(CreatePID(ARGV0, getpid()) < 0) ErrorExit(PID_ERROR,ARGV0); /* Start up message */ verbose(STARTUP_MSG, ARGV0, (int)getpid()); /* the real stuff now */ os_ReportdStart(&r_filter); exit(0); }
int Read_CReports(XML_NODE node, void *config, void *config2) { int i = 0,s = 0; /* XML definitions */ char *xml_title = "title"; char *xml_type = "type"; char *xml_categories = "category"; char *xml_group = "group"; char *xml_rule = "rule"; char *xml_level = "level"; char *xml_location = "location"; char *xml_showlogs = "showlogs"; char *xml_srcip = "srcip"; char *xml_user = "******"; char *xml_frequency = "frequency"; char *xml_email = "email_to"; monitor_config *mon_config = (monitor_config *)config; /* Getting any configured entry. */ if(mon_config->reports) { while(mon_config->reports[s]) s++; } /* Allocating the memory for the config. */ os_realloc(mon_config->reports, (s + 2) * sizeof(report_config *), mon_config->reports); os_calloc(1, sizeof(report_config), mon_config->reports[s]); mon_config->reports[s + 1] = NULL; /* Zeroing the elements. */ mon_config->reports[s]->title = NULL; mon_config->reports[s]->args = NULL; mon_config->reports[s]->relations = NULL; mon_config->reports[s]->type = NULL; mon_config->reports[s]->emailto = NULL; mon_config->reports[s]->r_filter.group = NULL; mon_config->reports[s]->r_filter.rule = NULL; mon_config->reports[s]->r_filter.level = NULL; mon_config->reports[s]->r_filter.location = NULL; mon_config->reports[s]->r_filter.srcip = NULL; mon_config->reports[s]->r_filter.user = NULL; mon_config->reports[s]->r_filter.related_group = 0; mon_config->reports[s]->r_filter.related_rule = 0; mon_config->reports[s]->r_filter.related_level = 0; mon_config->reports[s]->r_filter.related_location = 0; mon_config->reports[s]->r_filter.related_srcip = 0; mon_config->reports[s]->r_filter.related_user = 0; mon_config->reports[s]->r_filter.report_name = NULL; mon_config->reports[s]->r_filter.show_alerts = 0; /* Reading the XML. */ while(node[i]) { if(!node[i]->element) { merror(XML_ELEMNULL, __local_name); return(OS_INVALID); } else if(!node[i]->content) { merror(XML_VALUENULL, __local_name, node[i]->element); return(OS_INVALID); } else if(strcmp(node[i]->element, xml_title) == 0) { if(!mon_config->reports[s]->title) { os_strdup(node[i]->content, mon_config->reports[s]->title); } } else if(strcmp(node[i]->element, xml_type) == 0) { if(strcmp(node[i]->content, "email") == 0) { if(!mon_config->reports[s]->type) { os_strdup(node[i]->content, mon_config->reports[s]->type); } } else { merror(XML_VALUEERR, __local_name,node[i]->element,node[i]->content); } } else if(strcmp(node[i]->element, xml_frequency) == 0) { } else if(strcmp(node[i]->element, xml_showlogs) == 0) { if(strcasecmp(node[i]->content, "yes") == 0) { mon_config->reports[s]->r_filter.show_alerts = 1; } } else if(strcmp(node[i]->element, xml_categories) == 0) { char *ncat = NULL; _filter_arg(node[i]->content); os_strdup(node[i]->content, ncat); if(os_report_configfilter("group", ncat, &mon_config->reports[s]->r_filter, REPORT_FILTER) < 0) { merror(CONFIG_ERROR, __local_name, "user argument"); } } else if((strcmp(node[i]->element, xml_group) == 0)|| (strcmp(node[i]->element, xml_rule) == 0)|| (strcmp(node[i]->element, xml_level) == 0)|| (strcmp(node[i]->element, xml_location) == 0)|| (strcmp(node[i]->element, xml_srcip) == 0)|| (strcmp(node[i]->element, xml_user) == 0)) { int reportf = REPORT_FILTER; char *ncat = NULL; _filter_arg(node[i]->content); if(node[i]->attributes && node[i]->values) { if(node[i]->attributes[0] && node[i]->values[0]) { if(strcmp(node[i]->attributes[0], "type") == 0) { if(strcmp(node[i]->values[0], "relation") == 0) { reportf = REPORT_RELATED; } else { merror("%s: WARN: Invalid value for 'relation' attribute: '%s'. (ignored).", __local_name, node[i]->values[0]); i++; continue; } } else { merror("%s: WARN: Invalid attribute: %s (ignored). ", __local_name, node[i]->attributes[0]); i++; continue; } } } os_strdup(node[i]->content, ncat); if(os_report_configfilter(node[i]->element, ncat, &mon_config->reports[s]->r_filter, reportf) < 0) { merror("%s: Invalid filter: %s:%s (ignored).", __local_name, node[i]->element, node[i]->content); } } else if(strcmp(node[i]->element, xml_email) == 0) { mon_config->reports[s]->emailto = os_AddStrArray(node[i]->content, mon_config->reports[s]->emailto); } else { merror(XML_INVELEM, __local_name, node[i]->element); return(OS_INVALID); } i++; } /* Setting proper report type. */ mon_config->reports[s]->r_filter.report_type = REPORT_TYPE_DAILY; if(mon_config->reports[s]->emailto == NULL) { if(mon_config->reports[s]->title) merror("%s: No \"email to\" configured for the report '%s'. Ignoring it.", __local_name, mon_config->reports[s]->title); else merror("%s: No \"email to\" and title configured for report. Ignoring it.", __local_name); } if(!mon_config->reports[s]->title) { os_strdup("OSSEC Report (unnamed)", mon_config->reports[s]->title); } mon_config->reports[s]->r_filter.report_name = mon_config->reports[s]->title; return(0); }