/* int Start_win32_Syscheck()
* syscheck main for windows
*/
int Start_win32_Syscheck()
{
int r = 0;
char *cfg = DEFAULTCPATH;
/* Zeroing the structure */
syscheck.workdir = DEFAULTDIR;
/* Checking if the configuration is present */
if(File_DateofChange(cfg) < 0)
ErrorExit(NO_CONFIG, ARGV0, cfg);
/* Read syscheck config */
if((r = Read_Syscheck_Config(cfg)) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
/* Disabled */
else if((r == 1) || (syscheck.disabled == 1))
{
if(!syscheck.dir)
{
merror(SK_NO_DIR, ARGV0);
dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
}
else if(!syscheck.dir[0])
{
merror(SK_NO_DIR, ARGV0);
}
syscheck.dir[0] = NULL;
if(!syscheck.registry)
{
dump_syscheck_entry(&syscheck, "", 0, 1, NULL);
}
syscheck.registry[0] = NULL;
merror("%s: WARN: Syscheck disabled.", ARGV0);
}
/* Reading internal options */
read_internal();
/* Rootcheck config */
if(rootcheck_init(0) == 0)
{
syscheck.rootcheck = 1;
}
else
{
syscheck.rootcheck = 0;
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
/* Printing options */
r = 0;
while(syscheck.registry[r] != NULL)
{
verbose("%s: INFO: Monitoring registry entry: '%s'.",
ARGV0, syscheck.registry[r]);
r++;
}
r = 0;
while(syscheck.dir[r] != NULL)
{
verbose("%s: INFO: Monitoring directory: '%s'.",
ARGV0, syscheck.dir[r]);
r++;
}
/* Start up message */
verbose(STARTUP_MSG, ARGV0, getpid());
/* Some sync time */
sleep(syscheck.tsleep + 10);
/* Waiting if agent started properly. */
os_wait();
start_daemon();
exit(0);
}
/* syscheck main for Windows */
int Start_win32_Syscheck()
{
int debug_level = 0;
int r = 0;
char *cfg = DEFAULTCPATH;
/* Read internal options */
read_internal(debug_level);
debug1(STARTED_MSG, ARGV0);
/* Check if the configuration is present */
if (File_DateofChange(cfg) < 0) {
ErrorExit(NO_CONFIG, ARGV0, cfg);
}
/* Read syscheck config */
if ((r = Read_Syscheck_Config(cfg)) < 0) {
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
} else if ((r == 1) || (syscheck.disabled == 1)) {
/* Disabled */
if (!syscheck.dir) {
merror(SK_NO_DIR, ARGV0);
dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
} else if (!syscheck.dir[0]) {
merror(SK_NO_DIR, ARGV0);
}
syscheck.dir[0] = NULL;
if (!syscheck.registry) {
dump_syscheck_entry(&syscheck, "", 0, 1, NULL);
}
syscheck.registry[0].entry = NULL;
merror("%s: WARN: Syscheck disabled.", ARGV0);
}
/* Rootcheck config */
if (rootcheck_init(0) == 0) {
syscheck.rootcheck = 1;
} else {
syscheck.rootcheck = 0;
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
/* Print options */
r = 0;
while (syscheck.registry[r].entry != NULL) {
verbose("%s: INFO: Monitoring registry entry: '%s%s'.",
ARGV0, syscheck.registry[r].entry, syscheck.registry[r].arch == ARCH_64BIT ? " [x64]" : "");
r++;
}
/* Print directories to be monitored */
r = 0;
while (syscheck.dir[r] != NULL) {
char optstr[ 100 ];
verbose("%s: INFO: Monitoring directory: '%s', with options %s.",
ARGV0, syscheck.dir[r],
syscheck_opts2str(optstr, sizeof( optstr ), syscheck.opts[r]));
r++;
}
/* Print ignores. */
if(syscheck.ignore)
for (r = 0; syscheck.ignore[r] != NULL; r++)
verbose("%s: INFO: ignoring: '%s'",
ARGV0, syscheck.ignore[r]);
/* Print files with no diff. */
if (syscheck.nodiff){
r = 0;
while (syscheck.nodiff[r] != NULL) {
verbose("%s: INFO: No diff for file: '%s'",
ARGV0, syscheck.nodiff[r]);
r++;
}
}
/* Start up message */
verbose(STARTUP_MSG, ARGV0, getpid());
/* Some sync time */
sleep(syscheck.tsleep + 10);
/* Wait if agent started properly */
os_wait();
start_daemon();
exit(0);
}
int main(int argc, char **argv)
{
int c,r;
int test_config = 0,run_foreground = 0;
char *cfg = DEFAULTCPATH;
/* Zeroing the structure */
syscheck.workdir = NULL;
/* Setting the name */
OS_SetName(ARGV0);
while((c = getopt(argc, argv, "VtdhfD:c:")) != -1)
{
switch(c)
{
case 'V':
print_version();
break;
case 'h':
help(ARGV0);
break;
case 'd':
nowDebug();
break;
case 'f':
run_foreground = 1;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
syscheck.workdir = optarg;
break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help(ARGV0);
break;
}
}
/* Checking if the configuration is present */
if(File_DateofChange(cfg) < 0)
ErrorExit(NO_CONFIG, ARGV0, cfg);
/* Read syscheck config */
if((r = Read_Syscheck_Config(cfg)) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
else if((r == 1) || (syscheck.disabled == 1))
{
if(!syscheck.dir)
{
if(!test_config)
merror(SK_NO_DIR, ARGV0);
dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
}
else if(!syscheck.dir[0])
{
if(!test_config)
merror(SK_NO_DIR, ARGV0);
}
syscheck.dir[0] = NULL;
if(!test_config)
{
merror("%s: WARN: Syscheck disabled.", ARGV0);
}
}
/* Reading internal options */
read_internal();
/* Rootcheck config */
if(rootcheck_init(test_config) == 0)
{
syscheck.rootcheck = 1;
}
else
{
syscheck.rootcheck = 0;
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
/* Exit if testing config */
if(test_config)
exit(0);
/* Setting default values */
if(syscheck.workdir == NULL)
syscheck.workdir = DEFAULTDIR;
if(!run_foreground)
{
nowDaemon();
goDaemon();
}
/* Initial time to settle */
sleep(syscheck.tsleep + 2);
/* Connect to the queue */
if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
{
merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
sleep(5);
if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
{
/* more 10 seconds of wait.. */
merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
sleep(10);
if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
ErrorExit(QUEUE_FATAL,ARGV0,DEFAULTQPATH);
}
}
/* Start the signal handling */
StartSIG(ARGV0);
/* Creating pid */
if(CreatePID(ARGV0, getpid()) < 0)
merror(PID_ERROR,ARGV0);
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
if(syscheck.rootcheck)
{
verbose(STARTUP_MSG, "ossec-rootcheck", (int)getpid());
}
/* Printing directories to be monitored. */
r = 0;
while(syscheck.dir[r] != NULL)
{
verbose("%s: INFO: Monitoring directory: '%s'.",
ARGV0, syscheck.dir[r]);
r++;
}
/* Checking directories set for real time. */
r = 0;
while(syscheck.dir[r] != NULL)
{
if(syscheck.opts[r] & CHECK_REALTIME)
{
#ifdef USEINOTIFY
verbose("%s: INFO: Directory set for real time monitoring: "
"'%s'.", ARGV0, syscheck.dir[r]);
#elif WIN32
verbose("%s: INFO: Directory set for real time monitoring: "
"'%s'.", ARGV0, syscheck.dir[r]);
#else
verbose("%s: WARN: Ignoring flag for real time monitoring on "
"directory: '%s'.", ARGV0, syscheck.dir[r]);
#endif
}
r++;
}
/* Some sync time */
sleep(syscheck.tsleep + 10);
/* Start the daemon */
start_daemon();
return(0);
}
/* Syscheck unix main */
int main(int argc, char **argv)
{
int c, r;
int debug_level = 0;
int test_config = 0, run_foreground = 0;
const char *cfg = DEFAULTCPATH;
/* Set the name */
OS_SetName(ARGV0);
while ((c = getopt(argc, argv, "Vtdhfc:")) != -1) {
switch (c) {
case 'V':
print_version();
break;
case 'h':
help_syscheckd();
break;
case 'd':
nowDebug();
debug_level ++;
break;
case 'f':
run_foreground = 1;
break;
case 'c':
if (!optarg) {
ErrorExit("%s: -c needs an argument", ARGV0);
}
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help_syscheckd();
break;
}
}
/* Read internal options */
read_internal(debug_level);
debug1(STARTED_MSG, ARGV0);
/* Check if the configuration is present */
if (File_DateofChange(cfg) < 0) {
ErrorExit(NO_CONFIG, ARGV0, cfg);
}
/* Read syscheck config */
if ((r = Read_Syscheck_Config(cfg)) < 0) {
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
} else if ((r == 1) || (syscheck.disabled == 1)) {
if (!syscheck.dir) {
if (!test_config) {
merror(SK_NO_DIR, ARGV0);
}
dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
} else if (!syscheck.dir[0]) {
if (!test_config) {
merror(SK_NO_DIR, ARGV0);
}
}
syscheck.dir[0] = NULL;
if (!test_config) {
merror("%s: WARN: Syscheck disabled.", ARGV0);
}
}
/* Rootcheck config */
if (rootcheck_init(test_config) == 0) {
syscheck.rootcheck = 1;
} else {
syscheck.rootcheck = 0;
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
/* Exit if testing config */
if (test_config) {
exit(0);
}
/* Setup libmagic */
#ifdef USE_MAGIC
init_magic(&magic_cookie);
#endif
if (!run_foreground) {
nowDaemon();
goDaemon();
}
/* Initial time to settle */
sleep(syscheck.tsleep + 2);
/* Connect to the queue */
if ((syscheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
sleep(5);
if ((syscheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
/* more 10 seconds of wait */
merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
sleep(10);
if ((syscheck.queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
}
}
}
/* Start signal handling */
StartSIG(ARGV0);
/* Create pid */
if (CreatePID(ARGV0, getpid()) < 0) {
ErrorExit(PID_ERROR, ARGV0);
}
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
if (syscheck.rootcheck) {
verbose(STARTUP_MSG, "ossec-rootcheck", (int)getpid());
}
/* Print directories to be monitored */
r = 0;
while (syscheck.dir[r] != NULL) {
char optstr[ 100 ];
verbose("%s: INFO: Monitoring directory: '%s', with options %s.",
ARGV0, syscheck.dir[r],
syscheck_opts2str(optstr, sizeof( optstr ), syscheck.opts[r]));
r++;
}
/* Print ignores. */
if(syscheck.ignore)
for (r = 0; syscheck.ignore[r] != NULL; r++)
verbose("%s: INFO: ignoring: '%s'",
ARGV0, syscheck.ignore[r]);
/* Print files with no diff. */
if (syscheck.nodiff){
r = 0;
while (syscheck.nodiff[r] != NULL) {
verbose("%s: INFO: No diff for file: '%s'",
ARGV0, syscheck.nodiff[r]);
r++;
}
}
/* Check directories set for real time */
r = 0;
while (syscheck.dir[r] != NULL) {
if (syscheck.opts[r] & CHECK_REALTIME) {
#ifdef INOTIFY_ENABLED
verbose("%s: INFO: Directory set for real time monitoring: "
"'%s'.", ARGV0, syscheck.dir[r]);
#elif defined(WIN32)
verbose("%s: INFO: Directory set for real time monitoring: "
"'%s'.", ARGV0, syscheck.dir[r]);
#else
verbose("%s: WARN: Ignoring flag for real time monitoring on "
"directory: '%s'.", ARGV0, syscheck.dir[r]);
#endif
}
r++;
}
/* Some sync time */
sleep(syscheck.tsleep + 10);
/* Start the daemon */
start_daemon();
}
