void prelude_start(char *profile, int argc, char **argv) { int ret; prelude_client = NULL; ret = prelude_init(&argc, argv); if (ret < 0) { merror("%s: %s: Unable to initialize the Prelude library: %s.", ARGV0, prelude_strsource(ret), prelude_strerror(ret)); return; } ret = prelude_client_new(&prelude_client, profile != NULL ? profile : DEFAULT_ANALYZER_NAME); if (!prelude_client) { merror("%s: %s: Unable to create a prelude client object: %s.", ARGV0, prelude_strsource(ret), prelude_strerror(ret)); return; } ret = setup_analyzer(prelude_client_get_analyzer(prelude_client)); if (ret < 0) { merror("%s: %s: Unable to setup analyzer: %s", ARGV0, prelude_strsource(ret), prelude_strerror(ret)); prelude_client_destroy(prelude_client, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); return; } ret = prelude_client_set_flags(prelude_client, prelude_client_get_flags(prelude_client) | PRELUDE_CLIENT_FLAGS_ASYNC_TIMER); if (ret < 0) { merror("%s: %s: Unable to set prelude client flags: %s.", ARGV0, prelude_strsource(ret), prelude_strerror(ret)); } /* Set uid and gid of ossec */ prelude_client_profile_set_uid(prelude_client_get_profile(prelude_client), Privsep_GetUser(USER)); prelude_client_profile_set_gid(prelude_client_get_profile(prelude_client), Privsep_GetGroup(GROUPGLOBAL)); ret = prelude_client_start(prelude_client); if (ret < 0) { merror("%s: %s: Unable to initialize prelude client: %s.", ARGV0, prelude_strsource(ret), prelude_strerror(ret)); prelude_client_destroy(prelude_client, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); return; } return; }
/** main **/ int main(int argc, char **argv) { char *dir = DEFAULTDIR; char *group = GROUPGLOBAL; char *user = USER; char *agent_id = NULL; int gid = 0; int uid = 0; int c = 0, info_agent = 0, update_rootcheck = 0, list_agents = 0, show_last = 0, resolved_only = 0; int active_only = 0, csv_output = 0; char shost[512]; /* Setting the name */ OS_SetName(ARGV0); /* user arguments */ if(argc < 2) { helpmsg(); } while((c = getopt(argc, argv, "VhqrDdLlcsu:i:")) != -1) { switch(c){ case 'V': print_version(); break; case 'h': helpmsg(); break; case 'D': nowDebug(); break; case 'l': list_agents++; break; case 's': csv_output = 1; break; case 'c': active_only++; break; case 'r': resolved_only = 1; break; case 'q': resolved_only = 2; break; case 'L': show_last = 1; break; case 'i': info_agent++; if(!optarg) { merror("%s: -u needs an argument",ARGV0); helpmsg(); } agent_id = optarg; break; case 'u': if(!optarg) { merror("%s: -u needs an argument",ARGV0); helpmsg(); } agent_id = optarg; update_rootcheck = 1; break; default: helpmsg(); break; } } /* Getting the group name */ gid = Privsep_GetGroup(group); uid = Privsep_GetUser(user); if(gid < 0) { ErrorExit(USER_ERROR, ARGV0, user, group); } /* Setting the group */ if(Privsep_SetGroup(gid) < 0) { ErrorExit(SETGID_ERROR,ARGV0, group); } /* Chrooting to the default directory */ if(Privsep_Chroot(dir) < 0) { ErrorExit(CHROOT_ERROR, ARGV0, dir); } /* Inside chroot now */ nowChroot(); /* Setting the user */ if(Privsep_SetUser(uid) < 0) { ErrorExit(SETUID_ERROR, ARGV0, user); } /* Getting servers hostname */ memset(shost, '\0', 512); if(gethostname(shost, 512 -1) != 0) { strncpy(shost, "localhost", 32); return(0); } /* Listing available agents. */ if(list_agents) { if(!csv_output) { printf("\nOSSEC HIDS %s. List of available agents:", ARGV0); printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, " "Active/Local\n", shost); } else { printf("000,%s (server),127.0.0.1,Active/Local,\n", shost); } print_agents(1, active_only, csv_output); printf("\n"); exit(0); } /* Update rootcheck database. */ if(update_rootcheck) { /* Cleaning all agents (and server) db. */ if(strcmp(agent_id, "all") == 0) { DIR *sys_dir; struct dirent *entry; sys_dir = opendir(ROOTCHECK_DIR); if(!sys_dir) { ErrorExit("%s: Unable to open: '%s'", ARGV0, ROOTCHECK_DIR); } while((entry = readdir(sys_dir)) != NULL) { FILE *fp; char full_path[OS_MAXSTR +1]; /* Do not even attempt to delete . and .. :) */ if((strcmp(entry->d_name,".") == 0)|| (strcmp(entry->d_name,"..") == 0)) { continue; } snprintf(full_path, OS_MAXSTR,"%s/%s", ROOTCHECK_DIR, entry->d_name); fp = fopen(full_path, "w"); if(fp) { fclose(fp); } if(entry->d_name[0] == '.') { unlink(full_path); } } closedir(sys_dir); printf("\n** Policy and auditing database updated.\n\n"); exit(0); } else if((strcmp(agent_id, "000") == 0) || (strcmp(agent_id, "local") == 0)) { char final_dir[1024]; FILE *fp; snprintf(final_dir, 1020, "/%s/rootcheck", ROOTCHECK_DIR); fp = fopen(final_dir, "w"); if(fp) { fclose(fp); } unlink(final_dir); printf("\n** Policy and auditing database updated.\n\n"); exit(0); } /* Database from remote agents. */ else { int i; keystore keys; OS_ReadKeys(&keys); i = OS_IsAllowedID(&keys, agent_id); if(i < 0) { printf("\n** Invalid agent id '%s'.\n", agent_id); helpmsg(); } /* Deleting syscheck */ delete_rootcheck(keys.keyentries[i]->name, keys.keyentries[i]->ip->ip, 0); printf("\n** Policy and auditing database updated.\n\n"); exit(0); } } /* Printing information from an agent. */ if(info_agent) { int i; char final_ip[128 +1]; char final_mask[128 +1]; keystore keys; if((strcmp(agent_id, "000") == 0) || (strcmp(agent_id, "local") == 0)) { if(!csv_output) printf("\nPolicy and auditing events for local system '%s - %s':\n", shost, "127.0.0.1"); print_rootcheck(NULL, NULL, NULL, resolved_only, csv_output, show_last); } else { OS_ReadKeys(&keys); i = OS_IsAllowedID(&keys, agent_id); if(i < 0) { printf("\n** Invalid agent id '%s'.\n", agent_id); helpmsg(); } /* Getting netmask from ip. */ final_ip[128] = '\0'; final_mask[128] = '\0'; getNetmask(keys.keyentries[i]->ip->netmask, final_mask, 128); snprintf(final_ip, 128, "%s%s",keys.keyentries[i]->ip->ip, final_mask); if(!csv_output) printf("\nPolicy and auditing events for agent " "'%s (%s) - %s':\n", keys.keyentries[i]->name, keys.keyentries[i]->id, final_ip); print_rootcheck(keys.keyentries[i]->name, keys.keyentries[i]->ip->ip, NULL, resolved_only, csv_output, show_last); } exit(0); } printf("\n** Invalid argument combination.\n"); helpmsg(); return(0); }
/** main **/ int main(int argc, char **argv) { char *dir = DEFAULTDIR; char *group = GROUPGLOBAL; char *user = USER; char *agent_id = NULL; char *ip_address = NULL; char *ar = NULL; int arq = 0; int gid = 0; int uid = 0; int c = 0, restart_syscheck = 0, restart_all_agents = 0, list_agents = 0; int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0; int list_responses = 0, end_time = 0, restart_agent = 0; char shost[512]; keystore keys; /* Setting the name */ OS_SetName(ARGV0); /* user arguments */ if(argc < 2) { helpmsg(); } while((c = getopt(argc, argv, "VehdlLcsaru:i:b:f:R:")) != -1) { switch(c){ case 'V': print_version(); break; case 'h': helpmsg(); break; case 'd': nowDebug(); break; case 'L': list_responses = 1; break; case 'e': end_time = 1; break; case 'r': restart_syscheck = 1; break; case 'l': list_agents++; break; case 's': csv_output = 1; break; case 'c': active_only++; break; case 'i': info_agent++; case 'u': if(!optarg) { merror("%s: -u needs an argument",ARGV0); helpmsg(); } agent_id = optarg; break; case 'b': if(!optarg) { merror("%s: -b needs an argument",ARGV0); helpmsg(); } ip_address = optarg; break; case 'f': if(!optarg) { merror("%s: -e needs an argument",ARGV0); helpmsg(); } ar = optarg; break; case 'R': if(!optarg) { merror("%s: -R needs an argument",ARGV0); helpmsg(); } agent_id = optarg; restart_agent = 1; case 'a': restart_all_agents = 1; break; default: helpmsg(); break; } } /* Getting the group name */ gid = Privsep_GetGroup(group); uid = Privsep_GetUser(user); if(gid < 0) { ErrorExit(USER_ERROR, ARGV0, user, group); } /* Setting the group */ if(Privsep_SetGroup(gid) < 0) { ErrorExit(SETGID_ERROR,ARGV0, group); } /* Chrooting to the default directory */ if(Privsep_Chroot(dir) < 0) { ErrorExit(CHROOT_ERROR, ARGV0, dir); } /* Inside chroot now */ nowChroot(); /* Setting the user */ if(Privsep_SetUser(uid) < 0) { ErrorExit(SETUID_ERROR, ARGV0, user); } /* Getting servers hostname */ memset(shost, '\0', 512); if(gethostname(shost, 512 -1) != 0) { strncpy(shost, "localhost", 32); return(0); } /* Listing responses. */ if(list_responses) { FILE *fp; if(!csv_output) { printf("\nOSSEC HIDS %s. Available active responses:\n", ARGV0); } fp = fopen(DEFAULTAR, "r"); if(fp) { char buffer[256]; while(fgets(buffer, 255, fp) != NULL) { char *r_name; char *r_cmd; char *r_timeout; r_name = buffer; r_cmd = strchr(buffer, ' '); if(!r_cmd) continue; *r_cmd = '\0'; r_cmd++; if(*r_cmd == '-') r_cmd++; if(*r_cmd == ' ') r_cmd++; r_timeout = strchr(r_cmd, ' '); if(!r_timeout) continue; *r_timeout = '\0'; if(strcmp(r_name, "restart-ossec0") == 0) { continue; } printf("\n Response name: %s, command: %s", r_name, r_cmd); } printf("\n\n"); fclose(fp); } else { printf("\n No active response available.\n\n"); } exit(0); } /* Listing available agents. */ if(list_agents) { if(!csv_output) { printf("\nOSSEC HIDS %s. List of available agents:", ARGV0); printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, Active/Local\n", shost); } else { printf("000,%s (server),127.0.0.1,Active/Local,\n", shost); } print_agents(1, active_only, csv_output); printf("\n"); exit(0); } /* Checking if the provided ID is valid. */ if(agent_id != NULL) { if(strcmp(agent_id, "000") != 0) { OS_ReadKeys(&keys); agt_id = OS_IsAllowedID(&keys, agent_id); if(agt_id < 0) { printf("\n** Invalid agent id '%s'.\n", agent_id); helpmsg(); } } else { /* server. */ agt_id = -1; } } /* Printing information from an agent. */ if(info_agent) { int agt_status = 0; char final_ip[IPSIZE + 4]; agent_info *agt_info; final_ip[(sizeof final_ip) - 1] = '\0'; if(!csv_output) printf("\nOSSEC HIDS %s. Agent information:", ARGV0); if(agt_id != -1) { agt_status = get_agent_status(keys.keyentries[agt_id]->name, keys.keyentries[agt_id]->ip->ip); agt_info = get_agent_info(keys.keyentries[agt_id]->name, keys.keyentries[agt_id]->ip->ip); /* Getting full address/prefix length from ip. */ snprintf(final_ip, sizeof final_ip, "%s/%u", keys.keyentries[agt_id]->ip->ip, keys.keyentries[agt_id]->ip->prefixlength); if(!csv_output) { printf("\n Agent ID: %s\n", keys.keyentries[agt_id]->id); printf(" Agent Name: %s\n", keys.keyentries[agt_id]->name); printf(" IP address: %s\n", final_ip); printf(" Status: %s\n\n",print_agent_status(agt_status)); } else { printf("%s,%s,%s,%s,", keys.keyentries[agt_id]->id, keys.keyentries[agt_id]->name, final_ip, print_agent_status(agt_status)); } } else { agt_status = get_agent_status(NULL, NULL); agt_info = get_agent_info(NULL, "127.0.0.1"); if(!csv_output) { printf("\n Agent ID: 000 (local instance)\n"); printf(" Agent Name: %s\n", shost); printf(" IP address: 127.0.0.1\n"); printf(" Status: %s/Local\n\n",print_agent_status(agt_status)); } else { printf("000,%s,127.0.0.1,%s/Local,", shost, print_agent_status(agt_status)); } } if(!csv_output) { printf(" Operating system: %s\n", agt_info->os); printf(" Client version: %s\n", agt_info->version); printf(" Last keep alive: %s\n\n", agt_info->last_keepalive); if(end_time) { printf(" Syscheck last started at: %s\n", agt_info->syscheck_time); printf(" Syscheck last ended at: %s\n", agt_info->syscheck_endtime); printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time); printf(" Rootcheck last ended at: %s\n\n", agt_info->rootcheck_endtime); } else { printf(" Syscheck last started at: %s\n", agt_info->syscheck_time); printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time); } } else { printf("%s,%s,%s,%s,%s,\n", agt_info->os, agt_info->version, agt_info->last_keepalive, agt_info->syscheck_time, agt_info->rootcheck_time); } exit(0); } /* Restarting syscheck every where. */ if(restart_all_agents && restart_syscheck) { /* Connecting to remoted. */ debug1("%s: DEBUG: Connecting to remoted...", ARGV0); arq = connect_to_remoted(); if(arq < 0) { printf("\n** Unable to connect to remoted.\n"); exit(1); } debug1("%s: DEBUG: Connected...", ARGV0); /* Sending restart message to all agents. */ if(send_msg_to_agent(arq, HC_SK_RESTART, NULL, NULL) == 0) { printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on all agents.", ARGV0); } else { printf("\n** Unable to restart syscheck on all agents.\n"); exit(1); } exit(0); } if(restart_syscheck && agent_id) { /* Restart on the server. */ if(strcmp(agent_id, "000") == 0) { os_set_restart_syscheck(); printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck " "locally.\n", ARGV0); exit(0); } /* Connecting to remoted. */ debug1("%s: DEBUG: Connecting to remoted...", ARGV0); arq = connect_to_remoted(); if(arq < 0) { printf("\n** Unable to connect to remoted.\n"); exit(1); } debug1("%s: DEBUG: Connected...", ARGV0); if(send_msg_to_agent(arq, HC_SK_RESTART, agent_id, NULL) == 0) { printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on agent: %s\n", ARGV0, agent_id); } else { printf("\n** Unable to restart syscheck on agent: %s\n", agent_id); exit(1); } exit(0); } if(restart_agent && agent_id) { /* Connecting to remoted. */ debug1("%s: DEBUG: Connecting to remoted...", ARGV0); arq = connect_to_remoted(); if(arq < 0) { printf("\n** Unable to connect to remoted.\n"); exit(1); } debug1("%s: DEBUG: Connected...", ARGV0); if(send_msg_to_agent(arq, "restart-ossec0", agent_id, "null") == 0) { printf("\nOSSEC HIDS %s: Restarting agent: %s\n", ARGV0, agent_id); } else { printf("\n** Unable to restart agent: %s\n", agent_id); exit(1); } exit(0); } /* running active response on the specified agent id. */ if(ip_address && ar && agent_id) { /* Connecting to remoted. */ debug1("%s: DEBUG: Connecting to remoted...", ARGV0); arq = connect_to_remoted(); if(arq < 0) { printf("\n** Unable to connect to remoted.\n"); exit(1); } debug1("%s: DEBUG: Connected...", ARGV0); if(send_msg_to_agent(arq, ar, agent_id, ip_address) == 0) { printf("\nOSSEC HIDS %s: Running active response '%s' on: %s\n", ARGV0, ar, agent_id); } else { printf("\n** Unable to restart syscheck on agent: %s\n", agent_id); exit(1); } exit(0); } printf("\n** Invalid argument combination.\n"); helpmsg(); return(0); }
int main(int argc, char **argv) { int i = 0,c = 0; int uid = 0, gid = 0; int debug_level = 0; int test_config = 0,run_foreground = 0; char *cfg = DEFAULTCPATH; char *dir = DEFAULTDIR; char *user = REMUSER; char *group = GROUPGLOBAL; /* Setting the name -- must be done ASAP */ OS_SetName(ARGV0); while((c = getopt(argc, argv, "Vdthfu:g:c:D:")) != -1){ switch(c){ case 'V': print_version(); break; case 'h': help_remoted(); break; case 'd': nowDebug(); debug_level = 1; break; case 'f': run_foreground = 1; break; case 'u': if(!optarg) ErrorExit("%s: -u needs an argument",ARGV0); user = optarg; break; case 'g': if(!optarg) ErrorExit("%s: -g needs an argument",ARGV0); group = optarg; break; case 't': test_config = 1; break; case 'c': if (!optarg) ErrorExit("%s: -c need an argument", ARGV0); cfg = optarg; break; case 'D': if(!optarg) ErrorExit("%s: -D needs an argument",ARGV0); dir = optarg; break; default: help_remoted(); break; } } /* Check current debug_level * Command line setting takes precedence */ if (debug_level == 0) { /* Getting debug level */ debug_level = getDefine_Int("remoted", "debug", 0, 2); while(debug_level != 0) { nowDebug(); debug_level--; } } debug1(STARTED_MSG,ARGV0); /* Return 0 if not configured */ if(RemotedConfig(cfg, &logr) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, cfg); } /* Exit if test_config is set */ if(test_config) exit(0); if(logr.conn == NULL) { /* Not configured. */ exit(0); } /* Check if the user and group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if((uid < 0)||(gid < 0)) ErrorExit(USER_ERROR, ARGV0, user, group); /* pid before going daemon */ i = getpid(); if(!run_foreground) { nowDaemon(); goDaemon(); } /* Setting new group */ if(Privsep_SetGroup(gid) < 0) ErrorExit(SETGID_ERROR, ARGV0, group); /* Going on chroot */ if(Privsep_Chroot(dir) < 0) ErrorExit(CHROOT_ERROR,ARGV0,dir); nowChroot(); /* Starting the signal manipulation */ StartSIG(ARGV0); /* Creating some randoness */ #ifdef __OpenBSD__ srandomdev(); #else srandom( time(0) + getpid()+ i); #endif random(); /* Start up message */ verbose(STARTUP_MSG, ARGV0, (int)getpid()); /* Really starting the program. */ i = 0; while(logr.conn[i] != 0) { /* Forking for each connection handler */ if(fork() == 0) { /* On the child */ debug1("%s: DEBUG: Forking remoted: '%d'.",ARGV0, i); HandleRemote(i, uid); } else { i++; continue; } } /* Done over here */ return(0); }
/** main **/ int main(int argc, char **argv) { int clear_daily = 0; int clear_weekly = 0; char *dir = DEFAULTDIR; char *group = GROUPGLOBAL; char *user = USER; int gid; int uid; /* Setting the name */ OS_SetName(ARGV0); /* user arguments */ if(argc != 2) { helpmsg(); } /* Getting the group name */ gid = Privsep_GetGroup(group); uid = Privsep_GetUser(user); if(gid < 0) { ErrorExit(USER_ERROR, ARGV0, user, group); } /* Setting the group */ if(Privsep_SetGroup(gid) < 0) { ErrorExit(SETGID_ERROR,ARGV0, group); } /* Chrooting to the default directory */ if(Privsep_Chroot(dir) < 0) { ErrorExit(CHROOT_ERROR, ARGV0, dir); } /* Inside chroot now */ nowChroot(); /* Setting the user */ if(Privsep_SetUser(uid) < 0) { ErrorExit(SETUID_ERROR, ARGV0, user); } /* User options */ if(strcmp(argv[1], "-h") == 0) { helpmsg(); } else if(strcmp(argv[1], "-a") == 0) { clear_daily = 1; clear_weekly = 1; } else if(strcmp(argv[1], "-d") == 0) { clear_daily = 1; } else if(strcmp(argv[1], "-w") == 0) { clear_weekly = 1; } else { printf("\n** Invalid option '%s'.\n", argv[1]); helpmsg(); } /* Clear daily files */ if(clear_daily) { char *daily_dir = STATQUEUE; DIR *daily; struct dirent *entry; daily = opendir(daily_dir); if(!daily) { ErrorExit("%s: Unable to open: '%s'", ARGV0, daily_dir); } while((entry = readdir(daily)) != NULL) { char full_path[OS_MAXSTR +1]; /* Do not even attempt to delete . and .. :) */ if((strcmp(entry->d_name,".") == 0)|| (strcmp(entry->d_name,"..") == 0)) { continue; } /* Remove file */ full_path[OS_MAXSTR] = '\0'; snprintf(full_path, OS_MAXSTR, "%s/%s", daily_dir, entry->d_name); unlink(full_path); } closedir(daily); } /* Clear weekly averages */ if(clear_weekly) { int i = 0; while(i <= 6) { char *daily_dir = STATWQUEUE; char dir_path[OS_MAXSTR +1]; DIR *daily; struct dirent *entry; snprintf(dir_path, OS_MAXSTR, "%s/%d", daily_dir, i); daily = opendir(dir_path); if(!daily) { ErrorExit("%s: Unable to open: '%s' (no stats)", ARGV0, dir_path); } while((entry = readdir(daily)) != NULL) { char full_path[OS_MAXSTR +1]; /* Do not even attempt to delete . and .. :) */ if((strcmp(entry->d_name,".") == 0)|| (strcmp(entry->d_name,"..") == 0)) { continue; } /* Remove file */ full_path[OS_MAXSTR] = '\0'; snprintf(full_path, OS_MAXSTR, "%s/%s", dir_path, entry->d_name); unlink(full_path); } i++; closedir(daily); } } printf("\n** Internal stats clear.\n\n"); return(0); }
int main(int argc, char **argv) { int c, test_config = 0; int uid=0,gid=0; int do_chroot = 0; char *dir = DEFAULTDIR; char *user = USER; char *group = GROUPGLOBAL; char *cfg = DEFAULTCPATH; char *filter_by = NULL; char *filter_value = NULL; char *related_of = NULL; char *related_values = NULL; report_filter r_filter; /* Setting the name */ OS_SetName(ARGV0); r_filter.group = NULL; r_filter.rule = NULL; r_filter.level = NULL; r_filter.location = NULL; r_filter.srcip = NULL; r_filter.user = NULL; r_filter.files = NULL; r_filter.show_alerts = 0; r_filter.related_group = 0; r_filter.related_rule = 0; r_filter.related_level = 0; r_filter.related_location = 0; r_filter.related_srcip = 0; r_filter.related_user = 0; r_filter.related_file = 0; r_filter.report_name = NULL; while((c = getopt(argc, argv, "Vdhstu:g:D:c:f:v:n:r:NC")) != -1) { switch(c){ case 'V': print_version(); break; case 'h': report_help(); break; case 'd': nowDebug(); break; case 'n': if(!optarg) ErrorExit("%s: -n needs an argument",ARGV0); r_filter.report_name = optarg; break; case 'r': if(!optarg || !argv[optind]) ErrorExit("%s: -r needs two argument",ARGV0); related_of = optarg; related_values = argv[optind]; if(os_report_configfilter(related_of, related_values, &r_filter, REPORT_RELATED) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, "user argument"); } optind++; break; case 'f': if(!optarg) ErrorExit("%s: -f needs two argument",ARGV0); filter_by = optarg; filter_value = argv[optind]; if(os_report_configfilter(filter_by, filter_value, &r_filter, REPORT_FILTER) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, "user argument"); } optind++; break; case 'u': if(!optarg) ErrorExit("%s: -u needs an argument",ARGV0); user=optarg; break; case 'g': if(!optarg) ErrorExit("%s: -g needs an argument",ARGV0); group=optarg; break; case 'D': if(!optarg) ErrorExit("%s: -D needs an argument",ARGV0); dir=optarg; break; case 'c': if(!optarg) ErrorExit("%s: -c needs an argument",ARGV0); cfg = optarg; break; case 't': test_config = 1; break; case 's': r_filter.show_alerts = 1; break; case 'N': do_chroot = 0; break; case 'C': do_chroot = 1; break; default: report_help(); break; } } /* Starting daemon */ debug1(STARTED_MSG,ARGV0); /* Check if the user/group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if((uid < 0)||(gid < 0)) ErrorExit(USER_ERROR,ARGV0,user,group); /* Exit here if test config is set */ if(test_config) exit(0); /* Privilege separation */ if(Privsep_SetGroup(gid) < 0) ErrorExit(SETGID_ERROR,ARGV0,group); /* chrooting */ if (do_chroot) { if(Privsep_Chroot(dir) < 0) ErrorExit(CHROOT_ERROR,ARGV0,dir); nowChroot(); } else { chdir(dir); } /* Changing user */ if(Privsep_SetUser(uid) < 0) ErrorExit(SETUID_ERROR,ARGV0,user); debug1(PRIVSEP_MSG,ARGV0,dir,user); /* Signal manipulation */ StartSIG(ARGV0); /* Creating PID files */ if(CreatePID(ARGV0, getpid()) < 0) ErrorExit(PID_ERROR,ARGV0); /* Start up message */ verbose(STARTUP_MSG, ARGV0, (int)getpid()); /* the real stuff now */ os_ReportdStart(&r_filter); exit(0); }
/* main, v0.2, 2005/11/09 */ int main(int argc, char **argv) { int c = 0; int test_config = 0; int debug_level = 0; char *dir = DEFAULTDIR; char *user = USER; char *group = GROUPGLOBAL; char *cfg = DEFAULTCPATH; int uid = 0; int gid = 0; run_foreground = 0; /* Setting the name */ OS_SetName(ARGV0); while((c = getopt(argc, argv, "Vtdfhu:g:D:c:")) != -1){ switch(c){ case 'V': print_version(); break; case 'h': help_agentd(); break; case 'd': nowDebug(); debug_level = 1; break; case 'f': run_foreground = 1; break; case 'u': if(!optarg) ErrorExit("%s: -u needs an argument",ARGV0); user = optarg; break; case 'g': if(!optarg) ErrorExit("%s: -g needs an argument",ARGV0); group = optarg; break; case 't': test_config = 1; break; case 'D': if(!optarg) ErrorExit("%s: -D needs an argument",ARGV0); dir = optarg; break; case 'c': if(!optarg) ErrorExit("%s: -c needs an argument.",ARGV0); cfg = optarg; break; default: help_agentd(); break; } } debug1(STARTED_MSG, ARGV0); agt = (agent *)calloc(1, sizeof(agent)); if(!agt) { ErrorExit(MEM_ERROR, ARGV0); } /* Check current debug_level * Command line setting takes precedence */ if (debug_level == 0) { /* Getting debug level */ debug_level = getDefine_Int("agent","debug", 0, 2); while(debug_level != 0) { nowDebug(); debug_level--; } } /* Reading config */ if(ClientConf(cfg) < 0) { ErrorExit(CLIENT_ERROR,ARGV0); } if(!agt->rip) { merror(AG_INV_IP, ARGV0); ErrorExit(CLIENT_ERROR,ARGV0); } if(agt->notify_time == 0) { agt->notify_time = NOTIFY_TIME; } if(agt->max_time_reconnect_try == 0 ) { agt->max_time_reconnect_try = NOTIFY_TIME * 3; } if(agt->max_time_reconnect_try <= agt->notify_time) { agt->max_time_reconnect_try = (agt->notify_time * 3); verbose("%s: INFO: Max time to reconnect can't be less than notify_time(%d), using notify_time*3 (%d)",ARGV0,agt->notify_time,agt->max_time_reconnect_try); } verbose("%s: INFO: Using notify time: %d and max time to reconnect: %d",ARGV0,agt->notify_time,agt->max_time_reconnect_try); /* Checking auth keys */ if(!OS_CheckKeys()) { ErrorExit(AG_NOKEYS_EXIT, ARGV0); } /* Check if the user/group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if((uid < 0)||(gid < 0)) { ErrorExit(USER_ERROR,ARGV0,user,group); } /* Exit if test config */ if(test_config) exit(0); /* Starting the signal manipulation */ StartSIG(ARGV0); /* Agentd Start */ AgentdStart(dir, uid, gid, user, group); return(0); }
int main(int argc, char **argv) { int test_config = 0; int c = 0; char *ut_str = NULL; const char *dir = DEFAULTDIR; const char *cfg = DEFAULTCPATH; const char *user = USER; const char *group = GROUPGLOBAL; uid_t uid; gid_t gid; int quiet = 0; /* Set the name */ OS_SetName(ARGV0); thishour = 0; today = 0; prev_year = 0; full_output = 0; alert_only = 0; active_responses = NULL; memset(prev_month, '\0', 4); #ifdef LIBGEOIP_ENABLED geoipdb = NULL; #endif while ((c = getopt(argc, argv, "VatvdhU:D:c:q")) != -1) { switch (c) { case 'V': print_version(); break; case 't': test_config = 1; break; case 'h': help_logtest(); break; case 'd': nowDebug(); break; case 'U': if (!optarg) { ErrorExit("%s: -U needs an argument", ARGV0); } ut_str = optarg; break; case 'D': if (!optarg) { ErrorExit("%s: -D needs an argument", ARGV0); } dir = optarg; break; case 'c': if (!optarg) { ErrorExit("%s: -c needs an argument", ARGV0); } cfg = optarg; break; case 'a': alert_only = 1; break; case 'q': quiet = 1; break; case 'v': full_output = 1; break; default: help_logtest(); break; } } /* Read configuration file */ if (GlobalConf(cfg) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, cfg); } debug1(READ_CONFIG, ARGV0); #ifdef LIBGEOIP_ENABLED Config.geoip_jsonout = getDefine_Int("analysisd", "geoip_jsonout", 0, 1); /* Opening GeoIP DB */ if(Config.geoipdb_file) { geoipdb = GeoIP_open(Config.geoipdb_file, GEOIP_INDEX_CACHE); if (geoipdb == NULL) { merror("%s: Unable to open GeoIP database from: %s (disabling GeoIP).", ARGV0, Config.geoipdb_file); } } #endif /* Get server hostname */ memset(__shost, '\0', 512); if (gethostname(__shost, 512 - 1) != 0) { strncpy(__shost, OSSEC_SERVER, 512 - 1); } else { char *_ltmp; /* Remove domain part if available */ _ltmp = strchr(__shost, '.'); if (_ltmp) { *_ltmp = '\0'; } } /* Check if the user/group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if (uid == (uid_t) - 1 || gid == (gid_t) - 1) { ErrorExit(USER_ERROR, ARGV0, user, group); } /* Set the group */ if (Privsep_SetGroup(gid) < 0) { ErrorExit(SETGID_ERROR, ARGV0, group, errno, strerror(errno)); } /* Chroot */ if (Privsep_Chroot(dir) < 0) { ErrorExit(CHROOT_ERROR, ARGV0, dir, errno, strerror(errno)); } nowChroot(); /* * Anonymous Section: Load rules, decoders, and lists * * As lists require two pass loading of rules that make use of list lookups * are created with blank database structs, and need to be filled in after * completion of all rules and lists. */ { { /* Load decoders */ /* Initialize the decoders list */ OS_CreateOSDecoderList(); if (!Config.decoders) { /* Legacy loading */ /* Read decoders */ if (!ReadDecodeXML("etc/decoder.xml")) { ErrorExit(CONFIG_ERROR, ARGV0, XML_DECODER); } /* Read local ones */ c = ReadDecodeXML("etc/local_decoder.xml"); if (!c) { if ((c != -2)) { ErrorExit(CONFIG_ERROR, ARGV0, XML_LDECODER); } } else { verbose("%s: INFO: Reading local decoder file.", ARGV0); } } else { /* New loaded based on file specified in ossec.conf */ char **decodersfiles; decodersfiles = Config.decoders; while ( decodersfiles && *decodersfiles) { if(!quiet) { verbose("%s: INFO: Reading decoder file %s.", ARGV0, *decodersfiles); } if (!ReadDecodeXML(*decodersfiles)) { ErrorExit(CONFIG_ERROR, ARGV0, *decodersfiles); } free(*decodersfiles); decodersfiles++; } } /* Load decoders */ SetDecodeXML(); } { /* Load Lists */ /* Initialize the lists of list struct */ Lists_OP_CreateLists(); /* Load each list into list struct */ { char **listfiles; listfiles = Config.lists; while (listfiles && *listfiles) { verbose("%s: INFO: Reading the lists file: '%s'", ARGV0, *listfiles); if (Lists_OP_LoadList(*listfiles) < 0) { ErrorExit(LISTS_ERROR, ARGV0, *listfiles); } free(*listfiles); listfiles++; } free(Config.lists); Config.lists = NULL; } } { /* Load Rules */ /* Create the rules list */ Rules_OP_CreateRules(); /* Read the rules */ { char **rulesfiles; rulesfiles = Config.includes; while (rulesfiles && *rulesfiles) { debug1("%s: INFO: Reading rules file: '%s'", ARGV0, *rulesfiles); if (Rules_OP_ReadRules(*rulesfiles) < 0) { ErrorExit(RULES_ERROR, ARGV0, *rulesfiles); } free(*rulesfiles); rulesfiles++; } free(Config.includes); Config.includes = NULL; } /* Find all rules with that require list lookups and attache the * the correct list struct to the rule. This keeps rules from * having to search thought the list of lists for the correct file * during rule evaluation. */ OS_ListLoadRules(); } } /* Fix the levels/accuracy */ { int total_rules; RuleNode *tmp_node = OS_GetFirstRule(); total_rules = _setlevels(tmp_node, 0); debug1("%s: INFO: Total rules enabled: '%d'", ARGV0, total_rules); } /* Creating a rules hash (for reading alerts from other servers) */ { RuleNode *tmp_node = OS_GetFirstRule(); Config.g_rules_hash = OSHash_Create(); if (!Config.g_rules_hash) { ErrorExit(MEM_ERROR, ARGV0, errno, strerror(errno)); } AddHash_Rule(tmp_node); } if (test_config == 1) { exit(0); } /* Set the user */ if (Privsep_SetUser(uid) < 0) { ErrorExit(SETUID_ERROR, ARGV0, user, errno, strerror(errno)); } /* Start up message */ verbose(STARTUP_MSG, ARGV0, getpid()); /* Going to main loop */ OS_ReadMSG(ut_str); exit(0); }
int main_analysisd(int argc, char **argv) #endif { int c = 0, m_queue = 0, test_config = 0,run_foreground = 0; int debug_level = 0; char *dir = DEFAULTDIR; char *user = USER; char *group = GROUPGLOBAL; int uid = 0,gid = 0; char *cfg = DEFAULTCPATH; /* Setting the name */ OS_SetName(ARGV0); thishour = 0; today = 0; prev_year = 0; memset(prev_month, '\0', 4); hourly_alerts = 0; hourly_events = 0; hourly_syscheck = 0; hourly_firewall = 0; while((c = getopt(argc, argv, "Vtdhfu:g:D:c:")) != -1){ switch(c){ case 'V': print_version(); break; case 'h': help_analysisd(); break; case 'd': nowDebug(); debug_level = 1; break; case 'f': run_foreground = 1; break; case 'u': if(!optarg) ErrorExit("%s: -u needs an argument",ARGV0); user = optarg; break; case 'g': if(!optarg) ErrorExit("%s: -g needs an argument",ARGV0); group = optarg; break; case 'D': if(!optarg) ErrorExit("%s: -D needs an argument",ARGV0); dir = optarg; break; case 'c': if(!optarg) ErrorExit("%s: -c needs an argument",ARGV0); cfg = optarg; break; case 't': test_config = 1; break; default: help_analysisd(); break; } } /* Check current debug_level * Command line setting takes precedence */ if (debug_level == 0) { /* Getting debug level */ debug_level = getDefine_Int("analysisd", "debug", 0, 2); while(debug_level != 0) { nowDebug(); debug_level--; } } /* Starting daemon */ debug1(STARTED_MSG,ARGV0); DEBUG_MSG("%s: DEBUG: Starting on debug mode - %d ", ARGV0, (int)time(0)); /*Check if the user/group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if((uid < 0)||(gid < 0)) ErrorExit(USER_ERROR,ARGV0,user,group); /* Found user */ debug1(FOUND_USER, ARGV0); /* Initializing Active response */ AR_Init(); if(AR_ReadConfig(cfg) < 0) { ErrorExit(CONFIG_ERROR,ARGV0, cfg); } debug1(ASINIT, ARGV0); /* Reading configuration file */ if(GlobalConf(cfg) < 0) { ErrorExit(CONFIG_ERROR,ARGV0, cfg); } debug1(READ_CONFIG, ARGV0); /* Fixing Config.ar */ Config.ar = ar_flag; if(Config.ar == -1) Config.ar = 0; /* Getting servers hostname */ memset(__shost, '\0', 512); if(gethostname(__shost, 512 -1) != 0) { strncpy(__shost, OSSEC_SERVER, 512 -1); } else { char *_ltmp; /* Remove domain part if available */ _ltmp = strchr(__shost, '.'); if(_ltmp) *_ltmp = '\0'; } /* going on Daemon mode */ if(!test_config && !run_foreground) { nowDaemon(); goDaemon(); } /* Starting prelude */ #ifdef PRELUDE if(Config.prelude) { prelude_start(Config.prelude_profile, argc, argv); } #endif /* Starting zeromq */ #ifdef ZEROMQ_OUTPUT if(Config.zeromq_output) { zeromq_output_start(Config.zeromq_output_uri, argc, argv); } #endif /* Opening the Picviz socket */ if(Config.picviz) { OS_PicvizOpen(Config.picviz_socket); if(chown(Config.picviz_socket, uid, gid) == -1) { ErrorExit(CHOWN_ERROR, ARGV0, Config.picviz_socket); } } /* Setting the group */ if(Privsep_SetGroup(gid) < 0) ErrorExit(SETGID_ERROR,ARGV0,group); /* Chrooting */ if(Privsep_Chroot(dir) < 0) ErrorExit(CHROOT_ERROR,ARGV0,dir); nowChroot(); /* * Anonymous Section: Load rules, decoders, and lists * * As lists require two pass loading of rules that make use of list lookups * are created with blank database structs, and need to be filled in after * completion of all rules and lists. */ { { /* Initializing the decoders list */ OS_CreateOSDecoderList(); if(!Config.decoders) { /* Legacy loading */ /* Reading decoders */ if(!ReadDecodeXML(XML_DECODER)) { ErrorExit(CONFIG_ERROR, ARGV0, XML_DECODER); } /* Reading local ones. */ c = ReadDecodeXML(XML_LDECODER); if(!c) { if((c != -2)) ErrorExit(CONFIG_ERROR, ARGV0, XML_LDECODER); } else { if(!test_config) verbose("%s: INFO: Reading local decoder file.", ARGV0); } } else { /* New loaded based on file speified in ossec.conf */ char **decodersfiles; decodersfiles = Config.decoders; while( decodersfiles && *decodersfiles) { if(!test_config) verbose("%s: INFO: Reading decoder file %s.", ARGV0, *decodersfiles); if(!ReadDecodeXML(*decodersfiles)) ErrorExit(CONFIG_ERROR, ARGV0, *decodersfiles); free(*decodersfiles); decodersfiles++; } } /* Load decoders */ SetDecodeXML(); } { /* Load Lists */ /* Initializing the lists of list struct */ Lists_OP_CreateLists(); /* Load each list into list struct */ { char **listfiles; listfiles = Config.lists; while(listfiles && *listfiles) { if(!test_config) verbose("%s: INFO: Reading loading the lists file: '%s'", ARGV0, *listfiles); if(Lists_OP_LoadList(*listfiles) < 0) ErrorExit(LISTS_ERROR, ARGV0, *listfiles); free(*listfiles); listfiles++; } free(Config.lists); Config.lists = NULL; } } { /* Load Rules */ /* Creating the rules list */ Rules_OP_CreateRules(); /* Reading the rules */ { char **rulesfiles; rulesfiles = Config.includes; while(rulesfiles && *rulesfiles) { if(!test_config) verbose("%s: INFO: Reading rules file: '%s'", ARGV0, *rulesfiles); if(Rules_OP_ReadRules(*rulesfiles) < 0) ErrorExit(RULES_ERROR, ARGV0, *rulesfiles); free(*rulesfiles); rulesfiles++; } free(Config.includes); Config.includes = NULL; } /* Find all rules with that require list lookups and attache the * the correct list struct to the rule. This keeps rules from having to * search thought the list of lists for the correct file during rule evaluation. */ OS_ListLoadRules(); } } /* Fixing the levels/accuracy */ { int total_rules; RuleNode *tmp_node = OS_GetFirstRule(); total_rules = _setlevels(tmp_node, 0); if(!test_config) verbose("%s: INFO: Total rules enabled: '%d'", ARGV0, total_rules); } /* Creating a rules hash (for reading alerts from other servers). */ { RuleNode *tmp_node = OS_GetFirstRule(); Config.g_rules_hash = OSHash_Create(); if(!Config.g_rules_hash) { ErrorExit(MEM_ERROR, ARGV0); } AddHash_Rule(tmp_node); } /* Ignored files on syscheck */ { char **files; files = Config.syscheck_ignore; while(files && *files) { if(!test_config) verbose("%s: INFO: Ignoring file: '%s'", ARGV0, *files); files++; } } /* Checking if log_fw is enabled. */ Config.logfw = getDefine_Int("analysisd", "log_fw", 0, 1); /* Success on the configuration test */ if(test_config) exit(0); /* Verbose message */ debug1(PRIVSEP_MSG, ARGV0, dir, user); /* Signal manipulation */ StartSIG(ARGV0); /* Setting the user */ if(Privsep_SetUser(uid) < 0) ErrorExit(SETUID_ERROR,ARGV0,user); /* Creating the PID file */ if(CreatePID(ARGV0, getpid()) < 0) ErrorExit(PID_ERROR,ARGV0); /* Setting the queue */ if((m_queue = StartMQ(DEFAULTQUEUE,READ)) < 0) ErrorExit(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno)); /* White list */ if(Config.white_list == NULL) { if(Config.ar) verbose("%s: INFO: No IP in the white list for active reponse.", ARGV0); } else { if(Config.ar) { os_ip **wl; int wlc = 0; wl = Config.white_list; while(*wl) { verbose("%s: INFO: White listing IP: '%s'",ARGV0, (*wl)->ip); wl++;wlc++; } verbose("%s: INFO: %d IPs in the white list for active response.", ARGV0, wlc); } } /* Hostname White list */ if(Config.hostname_white_list == NULL) { if(Config.ar) verbose("%s: INFO: No Hostname in the white list for active reponse.", ARGV0); } else { if(Config.ar) { int wlc = 0; OSMatch **wl; wl = Config.hostname_white_list; while(*wl) { char **tmp_pts = (*wl)->patterns; while(*tmp_pts) { verbose("%s: INFO: White listing Hostname: '%s'",ARGV0,*tmp_pts); wlc++; tmp_pts++; } wl++; } verbose("%s: INFO: %d Hostname(s) in the white list for active response.", ARGV0, wlc); } } /* Start up message */ verbose(STARTUP_MSG, ARGV0, (int)getpid()); /* Going to main loop */ OS_ReadMSG(m_queue); if (Config.picviz) { OS_PicvizClose(); } exit(0); }
/** main **/ int main(int argc, char **argv) { char *dir = DEFAULTDIR; char *group = GROUPGLOBAL; char *user = USER; char *msg; char **agent_list; int gid; int uid; int flag = 0; /* Setting the name */ OS_SetName(ARGV0); /* user arguments */ if(argc < 2) { helpmsg(); } /* Getting the group name */ gid = Privsep_GetGroup(group); uid = Privsep_GetUser(user); if(gid < 0) { ErrorExit(USER_ERROR, ARGV0, user, group); } /* Setting the group */ if(Privsep_SetGroup(gid) < 0) { ErrorExit(SETGID_ERROR,ARGV0, group); } /* Chrooting to the default directory */ if(Privsep_Chroot(dir) < 0) { ErrorExit(CHROOT_ERROR, ARGV0, dir); } /* Inside chroot now */ nowChroot(); /* Setting the user */ if(Privsep_SetUser(uid) < 0) { ErrorExit(SETUID_ERROR, ARGV0, user); } /* User options */ if(strcmp(argv[1], "-h") == 0) { helpmsg(); } else if(strcmp(argv[1], "-a") == 0) { flag = GA_ALL; msg = "is available."; } else if(strcmp(argv[1], "-c") == 0) { flag = GA_ACTIVE; msg = "is active."; } else if(strcmp(argv[1], "-n") == 0) { flag = GA_NOTACTIVE; msg = "is not active."; } else { printf("\n** Invalid option '%s'.\n", argv[1]); helpmsg(); } agent_list = get_agents(flag); if(agent_list) { char **agent_list_pt = agent_list; while(*agent_list) { printf("%s %s\n", *agent_list, msg); agent_list++; } free_agents(agent_list_pt); } else { printf("** No agent available.\n"); } return(0); }
/** main **/ int main(int argc, char **argv) { char *dir = DEFAULTDIR; char *group = GROUPGLOBAL; char *user = USER; int gid; int uid; /* Setting the name */ OS_SetName(ARGV0); /* user arguments */ if(argc < 2) { helpmsg(); } /* Getting the group name */ gid = Privsep_GetGroup(group); uid = Privsep_GetUser(user); if(gid < 0) { ErrorExit(USER_ERROR, ARGV0, user, group); } /* Setting the group */ if(Privsep_SetGroup(gid) < 0) { ErrorExit(SETGID_ERROR,ARGV0, group); } /* Chrooting to the default directory */ if(Privsep_Chroot(dir) < 0) { ErrorExit(CHROOT_ERROR, ARGV0, dir); } /* Inside chroot now */ nowChroot(); /* Setting the user */ if(Privsep_SetUser(uid) < 0) { ErrorExit(SETUID_ERROR, ARGV0, user); } /* User options */ if(strcmp(argv[1], "-h") == 0) { helpmsg(); } else if(strcmp(argv[1], "-l") == 0) { printf("\nOSSEC HIDS %s: Updates the integrity check database.", ARGV0); print_agents(0, 0, 0); printf("\n"); exit(0); } else if(strcmp(argv[1], "-u") == 0) { if(argc != 3) { printf("\n** Option -u requires an extra argument\n"); helpmsg(); } } else if(strcmp(argv[1], "-a") == 0) { DIR *sys_dir; struct dirent *entry; sys_dir = opendir(SYSCHECK_DIR); if(!sys_dir) { ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR); } while((entry = readdir(sys_dir)) != NULL) { FILE *fp; char full_path[OS_MAXSTR +1]; /* Do not even attempt to delete . and .. :) */ if((strcmp(entry->d_name,".") == 0)|| (strcmp(entry->d_name,"..") == 0)) { continue; } snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR, entry->d_name); fp = fopen(full_path, "w"); if(fp) { fclose(fp); } if(entry->d_name[0] == '.') { unlink(full_path); } } closedir(sys_dir); printf("\n** Integrity check database updated.\n\n"); exit(0); } else { printf("\n** Invalid option '%s'.\n", argv[1]); helpmsg(); } /* local */ if(strcmp(argv[2],"local") == 0) { char final_dir[1024]; FILE *fp; snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR); fp = fopen(final_dir, "w"); if(fp) { fclose(fp); } unlink(final_dir); /* Deleting cpt file */ snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR); fp = fopen(final_dir, "w"); if(fp) { fclose(fp); } /* unlink(final_dir); */ } /* external agents */ else { int i; keystore keys; OS_ReadKeys(&keys); i = OS_IsAllowedID(&keys, argv[2]); if(i < 0) { printf("\n** Invalid agent id '%s'.\n", argv[2]); helpmsg(); } /* Deleting syscheck */ delete_syscheck(keys.keyentries[i]->name,keys.keyentries[i]->ip->ip,0); } printf("\n** Integrity check database updated.\n\n"); return(0); }
/** int main(int argc, char **argv) */ int main(int argc, char **argv) { int c = 0; char *dir = DEFAULTDIR; char *user = USER; char *group = GROUPGLOBAL; int uid = 0,gid = 0; int force = 0; char *cfg = DEFAULTCPATH; /* Setting the name */ OS_SetName(ARGV0); thishour = 0; today = 0; prev_year = 0; memset(prev_month, '\0', 4); while((c = getopt(argc, argv, "Vdhfu:g:D:c:")) != -1){ switch(c){ case 'V': print_version(); break; case 'h': makelist_help(ARGV0); break; case 'd': nowDebug(); break; case 'u': if(!optarg) ErrorExit("%s: -u needs an argument",ARGV0); user = optarg; break; case 'g': if(!optarg) ErrorExit("%s: -g needs an argument",ARGV0); group = optarg; break; case 'D': if(!optarg) ErrorExit("%s: -D needs an argument",ARGV0); dir = optarg; case 'c': if(!optarg) ErrorExit("%s: -c needs an argument",ARGV0); cfg = optarg; break; case 'f': force = 1; break; default: help(ARGV0); break; } } /*Check if the user/group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if((uid < 0)||(gid < 0)) ErrorExit(USER_ERROR,ARGV0,user,group); /* Found user */ debug1(FOUND_USER, ARGV0); /* Reading configuration file */ if(GlobalConf(cfg) < 0) { ErrorExit(CONFIG_ERROR,ARGV0, cfg); } debug1(READ_CONFIG, ARGV0); /* Setting the group */ if(Privsep_SetGroup(gid) < 0) ErrorExit(SETGID_ERROR,ARGV0,group); /* Chrooting */ if(Privsep_Chroot(dir) < 0) ErrorExit(CHROOT_ERROR,ARGV0,dir); nowChroot(); /* Createing the lists for use in rules */ Lists_OP_CreateLists(); /* Reading the lists */ { char **listfiles; listfiles = Config.lists; while(listfiles && *listfiles) { if(Lists_OP_LoadList(*listfiles) < 0) ErrorExit(LISTS_ERROR, ARGV0, *listfiles); free(*listfiles); listfiles++; } free(Config.lists); Config.lists = NULL; } Lists_OP_MakeAll(force); exit(0); }
/* main, v0.2, 2005/11/09 */ int main(int argc, char **argv) { int c = 0; int test_config = 0; char *dir = DEFAULTDIR; char *user = USER; char *group = GROUPGLOBAL; int uid = 0; int gid = 0; /* Setting the name */ OS_SetName(ARGV0); while((c = getopt(argc, argv, "Vtdhu:g:D:")) != -1){ switch(c){ case 'V': print_version(); break; case 'h': help(ARGV0); break; case 'd': nowDebug(); break; case 'u': if(!optarg) ErrorExit("%s: -u needs an argument",ARGV0); user = optarg; break; case 'g': if(!optarg) ErrorExit("%s: -g needs an argument",ARGV0); group = optarg; break; case 't': test_config = 1; break; case 'D': if(!optarg) ErrorExit("%s: -D needs an argument",ARGV0); dir = optarg; break; } } debug1(STARTED_MSG, ARGV0); logr = (agent *)calloc(1, sizeof(agent)); if(!logr) { ErrorExit(MEM_ERROR, ARGV0); } /* Reading config */ if(ClientConf(DEFAULTCPATH) < 0) { ErrorExit(CLIENT_ERROR,ARGV0); } if(!logr->rip) { merror(AG_INV_IP, ARGV0); ErrorExit(CLIENT_ERROR,ARGV0); } /* Checking auth keys */ if(!OS_CheckKeys()) { ErrorExit(AG_NOKEYS_EXIT, ARGV0); } /* Check if the user/group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if((uid < 0)||(gid < 0)) { ErrorExit(USER_ERROR,ARGV0,user,group); } /* Exit if test config */ if(test_config) exit(0); /* Starting the signal manipulation */ StartSIG(ARGV0); /* Agentd Start */ AgentdStart(dir, uid, gid, user, group); return(0); }
int main(int argc, char **argv) { int i = 0, c = 0; uid_t uid; gid_t gid; int debug_level = 0; int test_config = 0, run_foreground = 0; const char *cfg = DEFAULTCPATH; const char *dir = DEFAULTDIR; const char *user = REMUSER; const char *group = GROUPGLOBAL; /* Set the name */ OS_SetName(ARGV0); while ((c = getopt(argc, argv, "Vdthfu:g:c:D:")) != -1) { switch (c) { case 'V': print_version(); break; case 'h': help_remoted(); break; case 'd': nowDebug(); debug_level = 1; break; case 'f': run_foreground = 1; break; case 'u': if (!optarg) { ErrorExit("%s: -u needs an argument", ARGV0); } user = optarg; break; case 'g': if (!optarg) { ErrorExit("%s: -g needs an argument", ARGV0); } group = optarg; break; case 't': test_config = 1; break; case 'c': if (!optarg) { ErrorExit("%s: -c need an argument", ARGV0); } cfg = optarg; break; case 'D': if (!optarg) { ErrorExit("%s: -D needs an argument", ARGV0); } dir = optarg; break; default: help_remoted(); break; } } /* Check current debug_level * Command line setting takes precedence */ if (debug_level == 0) { /* Get debug level */ debug_level = getDefine_Int("remoted", "debug", 0, 2); while (debug_level != 0) { nowDebug(); debug_level--; } } debug1(STARTED_MSG, ARGV0); /* Return 0 if not configured */ if (RemotedConfig(cfg, &logr) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, cfg); } /* Exit if test_config is set */ if (test_config) { exit(0); } if (logr.conn == NULL) { /* Not configured */ exit(0); } /* Don't exit when client.keys empty (if set) */ if (getDefine_Int("remoted", "pass_empty_keyfile", 0, 1)) { OS_PassEmptyKeyfile(); } /* Check if the user and group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if (uid == (uid_t) - 1 || gid == (gid_t) - 1) { ErrorExit(USER_ERROR, ARGV0, user, group); } /* Setup random */ srandom_init(); /* pid before going daemon */ i = getpid(); if (!run_foreground) { nowDaemon(); goDaemon(); } /* Set new group */ if (Privsep_SetGroup(gid) < 0) { ErrorExit(SETGID_ERROR, ARGV0, group, errno, strerror(errno)); } /* chroot */ if (Privsep_Chroot(dir) < 0) { ErrorExit(CHROOT_ERROR, ARGV0, dir, errno, strerror(errno)); } nowChroot(); /* Start the signal manipulation */ StartSIG(ARGV0); /* Ignore SIGPIPE, it will be detected on recv */ signal(SIGPIPE, SIG_IGN); random(); /* Start up message */ verbose(STARTUP_MSG, ARGV0, (int)getpid()); /* Really start the program */ i = 0; while (logr.conn[i] != 0) { /* Fork for each connection handler */ if (fork() == 0) { /* On the child */ debug1("%s: DEBUG: Forking remoted: '%d'.", ARGV0, i); logr.position = i; HandleRemote(uid); } else { i++; continue; } } return (0); }
int main(int argc, char **argv) { int c, test_config = 0,run_foreground = 0; int uid = 0,gid = 0; const char *dir = DEFAULTDIR; const char *user = MAILUSER; const char *group = GROUPGLOBAL; const char *cfg = DEFAULTCPATH; /* Mail Structure */ MailConfig mail; /* Setting the name */ OS_SetName(ARGV0); while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){ switch(c){ case 'V': print_version(); break; case 'h': help_maild(); break; case 'd': nowDebug(); break; case 'f': run_foreground = 1; break; case 'u': if(!optarg) ErrorExit("%s: -u needs an argument",ARGV0); user=optarg; break; case 'g': if(!optarg) ErrorExit("%s: -g needs an argument",ARGV0); group=optarg; break; case 'D': if(!optarg) ErrorExit("%s: -D needs an argument",ARGV0); dir=optarg; break; case 'c': if(!optarg) ErrorExit("%s: -c needs an argument",ARGV0); cfg = optarg; break; case 't': test_config = 1; break; default: help_maild(); break; } } /* Starting daemon */ debug1(STARTED_MSG,ARGV0); /*Check if the user/group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if((uid < 0)||(gid < 0)) ErrorExit(USER_ERROR,ARGV0,user,group); /* Reading configuration */ if(MailConf(test_config, cfg, &mail) < 0) ErrorExit(CONFIG_ERROR, ARGV0, cfg); /* Reading internal options */ mail.strict_checking = getDefine_Int("maild", "strict_checking", 0, 1); /* Get groupping */ mail.groupping = getDefine_Int("maild", "groupping", 0, 1); /* Getting subject type */ mail.subject_full = getDefine_Int("maild", "full_subject", 0, 1); #ifdef GEOIP /* Get GeoIP */ mail.geoip = getDefine_Int("maild", "geoip", 0, 1); #endif /* Exit here if test config is set */ if(test_config) exit(0); if(!run_foreground) { nowDaemon(); goDaemon(); } /* Privilege separation */ if(Privsep_SetGroup(gid) < 0) ErrorExit(SETGID_ERROR,ARGV0,group); /* chrooting */ if(Privsep_Chroot(dir) < 0) ErrorExit(CHROOT_ERROR,ARGV0,dir); nowChroot(); /* Changing user */ if(Privsep_SetUser(uid) < 0) ErrorExit(SETUID_ERROR,ARGV0,user); debug1(PRIVSEP_MSG,ARGV0,dir,user); /* Signal manipulation */ StartSIG(ARGV0); /* Creating PID files */ if(CreatePID(ARGV0, getpid()) < 0) ErrorExit(PID_ERROR, ARGV0); /* Start up message */ verbose(STARTUP_MSG, ARGV0, (int)getpid()); /* the real daemon now */ OS_Run(&mail); }
int main(int argc, char **argv) { int c, test_config = 0,run_foreground = 0; int uid = 0,gid = 0; /* Using MAILUSER (read only) */ char *dir = DEFAULTDIR; char *user = MAILUSER; char *group = GROUPGLOBAL; char *cfg = DEFAULTCPATH; /* Database Structure */ SyslogConfig **syslog_config = NULL; /* Setting the name */ OS_SetName(ARGV0); while((c = getopt(argc, argv, "vVdhtfu:g:D:c:")) != -1) { switch(c) { case 'V': print_version(); break; case 'v': print_version(); break; case 'h': help(ARGV0); break; case 'd': nowDebug(); break; case 'f': run_foreground = 1; break; case 'u': if(!optarg) ErrorExit("%s: -u needs an argument",ARGV0); user=optarg; break; case 'g': if(!optarg) ErrorExit("%s: -g needs an argument",ARGV0); group=optarg; break; case 'D': if(!optarg) ErrorExit("%s: -D needs an argument",ARGV0); dir=optarg; case 'c': if(!optarg) ErrorExit("%s: -c needs an argument",ARGV0); cfg = optarg; break; case 't': test_config = 1; break; default: help(ARGV0); break; } } /* Starting daemon */ debug1(STARTED_MSG, ARGV0); /* Check if the user/group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if((uid < 0)||(gid < 0)) { ErrorExit(USER_ERROR, ARGV0, user, group); } /* Reading configuration */ syslog_config = OS_ReadSyslogConf(test_config, cfg, syslog_config); /* Getting servers hostname */ memset(__shost, '\0', 512); if(gethostname(__shost, 512 -1) != 0) { ErrorExit("%s: ERROR: gethostname() failed", ARGV0); } else { char *ltmp; /* Remove domain part if available */ ltmp = strchr(__shost, '.'); if(ltmp) *ltmp = '\0'; } /* Exit here if test config is set */ if(test_config) exit(0); if (!run_foreground) { /* Going on daemon mode */ nowDaemon(); goDaemon(); } /* Not configured */ if(!syslog_config || !syslog_config[0]) { verbose("%s: INFO: Remote syslog server not configured. " "Clean exit.", ARGV0); exit(0); } /* Privilege separation */ if(Privsep_SetGroup(gid) < 0) ErrorExit(SETGID_ERROR,ARGV0,group); /* chrooting */ if(Privsep_Chroot(dir) < 0) ErrorExit(CHROOT_ERROR,ARGV0,dir); /* Now on chroot */ nowChroot(); /* Changing user */ if(Privsep_SetUser(uid) < 0) ErrorExit(SETUID_ERROR,ARGV0,user); /* Basic start up completed. */ debug1(PRIVSEP_MSG,ARGV0,dir,user); /* Signal manipulation */ StartSIG(ARGV0); /* Creating PID files */ if(CreatePID(ARGV0, getpid()) < 0) ErrorExit(PID_ERROR, ARGV0); /* Start up message */ verbose(STARTUP_MSG, ARGV0, (int)getpid()); /* the real daemon now */ OS_CSyslogD(syslog_config); exit(0); }
int main(int argc, char **argv) { int c, test_config = 0, run_foreground = 0; int uid=0,gid=0; char *dir = DEFAULTDIR; char *user = USER; char *group = GROUPGLOBAL; char *cfg = DEFAULTCPATH; /* Initializing global variables */ mond.a_queue = 0; /* Setting the name */ OS_SetName(ARGV0); while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){ switch(c){ case 'V': print_version(); break; case 'h': help(ARGV0); break; case 'd': nowDebug(); break; case 'f': run_foreground = 1; break; case 'u': if(!optarg) ErrorExit("%s: -u needs an argument",ARGV0); user=optarg; break; case 'g': if(!optarg) ErrorExit("%s: -g needs an argument",ARGV0); group=optarg; break; case 'D': if(!optarg) ErrorExit("%s: -D needs an argument",ARGV0); dir=optarg; case 'c': if(!optarg) ErrorExit("%s: -c needs an argument",ARGV0); cfg = optarg; break; case 't': test_config = 1; break; default: help(ARGV0); break; } } /* Starting daemon */ debug1(STARTED_MSG,ARGV0); /*Check if the user/group given are valid */ uid = Privsep_GetUser(user); gid = Privsep_GetGroup(group); if((uid < 0)||(gid < 0)) ErrorExit(USER_ERROR,ARGV0,user,group); /* Getting config options */ mond.day_wait = getDefine_Int("monitord", "day_wait", 5,240); mond.compress = getDefine_Int("monitord", "compress", 0,1); mond.sign = getDefine_Int("monitord","sign",0,1); mond.monitor_agents = getDefine_Int("monitord","monitor_agents",0,1); mond.agents = NULL; mond.smtpserver = NULL; mond.emailfrom = NULL; c = 0; c|= CREPORTS; if(ReadConfig(c, cfg, &mond, NULL) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, cfg); } /* If we have any reports configured, read smtp/emailfrom */ if(mond.reports) { OS_XML xml; char *tmpsmtp; char *(xml_smtp[])={"ossec_config", "global", "smtp_server", NULL}; char *(xml_from[])={"ossec_config", "global", "email_from", NULL}; if(OS_ReadXML(cfg, &xml) < 0) { ErrorExit(CONFIG_ERROR, ARGV0, cfg); } tmpsmtp = OS_GetOneContentforElement(&xml,xml_smtp); mond.emailfrom = OS_GetOneContentforElement(&xml,xml_from); if(tmpsmtp && mond.emailfrom) { mond.smtpserver = OS_GetHost(tmpsmtp, 5); if(!mond.smtpserver) { merror(INVALID_SMTP, ARGV0, tmpsmtp); if(mond.emailfrom) free(mond.emailfrom); mond.emailfrom = NULL; merror("%s: Invalid SMTP server. Disabling email reports.", ARGV0); } } else { if(tmpsmtp) free(tmpsmtp); if(mond.emailfrom) free(mond.emailfrom); mond.emailfrom = NULL; merror("%s: SMTP server or 'email from' missing. Disabling email reports.", ARGV0); } OS_ClearXML(&xml); } /* Exit here if test config is set */ if(test_config) exit(0); if (!run_foreground) { /* Going on daemon mode */ nowDaemon(); goDaemon(); } /* Privilege separation */ if(Privsep_SetGroup(gid) < 0) ErrorExit(SETGID_ERROR,ARGV0,group); /* chrooting */ if(Privsep_Chroot(dir) < 0) ErrorExit(CHROOT_ERROR,ARGV0,dir); nowChroot(); /* Changing user */ if(Privsep_SetUser(uid) < 0) ErrorExit(SETUID_ERROR,ARGV0,user); debug1(PRIVSEP_MSG,ARGV0,dir,user); /* Signal manipulation */ StartSIG(ARGV0); /* Creating PID files */ if(CreatePID(ARGV0, getpid()) < 0) ErrorExit(PID_ERROR,ARGV0); /* Start up message */ verbose(STARTUP_MSG, ARGV0, (int)getpid()); /* the real daemon now */ Monitord(); exit(0); }