/** main **/
int main(int argc, char **argv)
{
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
char *agent_id = NULL;
char *fname = NULL;
int gid = 0;
int uid = 0;
int c = 0, info_agent = 0, update_syscheck = 0,
list_agents = 0, zero_counter = 0,
registry_only = 0;
int active_only = 0, csv_output = 0;
char shost[512];
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
while((c = getopt(argc, argv, "VhzrDdlcsu:i:f:")) != -1)
{
switch(c){
case 'V':
print_version();
break;
case 'h':
helpmsg();
break;
case 'D':
nowDebug();
break;
case 'l':
list_agents++;
break;
case 'z':
zero_counter = 1;
break;
case 'd':
zero_counter = 2;
break;
case 's':
csv_output = 1;
case 'c':
active_only++;
break;
case 'r':
registry_only = 1;
break;
case 'i':
info_agent++;
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
break;
case 'f':
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
fname = optarg;
break;
case 'u':
if(!optarg)
{
merror("%s: -u needs an argument",ARGV0);
helpmsg();
}
agent_id = optarg;
update_syscheck = 1;
break;
default:
helpmsg();
break;
}
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(gid < 0)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir);
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
/* Getting servers hostname */
memset(shost, '\0', 512);
if(gethostname(shost, 512 -1) != 0)
{
strncpy(shost, "localhost", 32);
return(0);
}
/* Listing available agents. */
if(list_agents)
{
if(!csv_output)
{
printf("\nOSSEC HIDS %s. List of available agents:",
ARGV0);
printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, "
"Active/Local\n", shost);
}
else
{
printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
}
print_agents(1, active_only, csv_output);
printf("\n");
exit(0);
}
/* Update syscheck database. */
if(update_syscheck)
{
/* Cleaning all agents (and server) db. */
if(strcmp(agent_id, "all") == 0)
{
DIR *sys_dir;
struct dirent *entry;
sys_dir = opendir(SYSCHECK_DIR);
if(!sys_dir)
{
ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR);
}
while((entry = readdir(sys_dir)) != NULL)
{
FILE *fp;
char full_path[OS_MAXSTR +1];
/* Do not even attempt to delete . and .. :) */
if((strcmp(entry->d_name,".") == 0)||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR,
entry->d_name);
fp = fopen(full_path, "w");
if(fp)
{
fclose(fp);
}
if(entry->d_name[0] == '.')
{
unlink(full_path);
}
}
closedir(sys_dir);
printf("\n** Integrity check database updated.\n\n");
exit(0);
}
else if((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0))
{
char final_dir[1024];
FILE *fp;
snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
unlink(final_dir);
/* Deleting cpt file */
snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
unlink(final_dir);
printf("\n** Integrity check database updated.\n\n");
exit(0);
}
/* Database from remote agents. */
else
{
int i;
keystore keys;
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, agent_id);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
/* Deleting syscheck */
delete_syscheck(keys.keyentries[i]->name,
keys.keyentries[i]->ip->ip, 0);
printf("\n** Integrity check database updated.\n\n");
exit(0);
}
}
/* Printing information from an agent. */
if(info_agent)
{
int i;
char final_ip[128 +1];
char final_mask[128 +1];
keystore keys;
if((strcmp(agent_id, "000") == 0) ||
(strcmp(agent_id, "local") == 0))
{
printf("\nIntegrity checking changes for local system '%s - %s':\n",
shost, "127.0.0.1");
if(fname)
{
printf("Detailed information for entries matching: '%s'\n",
fname);
}
print_syscheck(NULL,
NULL, fname, 0, 0,
csv_output, zero_counter);
}
else if(strchr(agent_id, '@'))
{
if(fname)
{
printf("Detailed information for entries matching: '%s'\n",
fname);
}
print_syscheck(agent_id, NULL, fname, registry_only, 0,
csv_output, zero_counter);
}
else
{
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, agent_id);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", agent_id);
helpmsg();
}
/* Getting netmask from ip. */
final_ip[128] = '\0';
final_mask[128] = '\0';
getNetmask(keys.keyentries[i]->ip->netmask, final_mask, 128);
snprintf(final_ip, 128, "%s%s",keys.keyentries[i]->ip->ip,
final_mask);
if(registry_only)
{
printf("\nIntegrity changes for 'Windows Registry' of"
" agent '%s (%s) - %s':\n",
keys.keyentries[i]->name, keys.keyentries[i]->id,
final_ip);
}
else
{
printf("\nIntegrity changes for agent "
"'%s (%s) - %s':\n",
keys.keyentries[i]->name, keys.keyentries[i]->id,
final_ip);
}
if(fname)
{
printf("Detailed information for entries matching: '%s'\n",
fname);
}
print_syscheck(keys.keyentries[i]->name,
keys.keyentries[i]->ip->ip, fname,
registry_only, 0, csv_output, zero_counter);
}
exit(0);
}
printf("\n** Invalid argument combination.\n");
helpmsg();
return(0);
}
/** main **/
int main(int argc, char **argv)
{
char *dir = DEFAULTDIR;
char *group = GROUPGLOBAL;
char *user = USER;
int gid;
int uid;
/* Setting the name */
OS_SetName(ARGV0);
/* user arguments */
if(argc < 2)
{
helpmsg();
}
/* Getting the group name */
gid = Privsep_GetGroup(group);
uid = Privsep_GetUser(user);
if(gid < 0)
{
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
{
ErrorExit(SETGID_ERROR,ARGV0, group);
}
/* Chrooting to the default directory */
if(Privsep_Chroot(dir) < 0)
{
ErrorExit(CHROOT_ERROR, ARGV0, dir);
}
/* Inside chroot now */
nowChroot();
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
{
ErrorExit(SETUID_ERROR, ARGV0, user);
}
/* User options */
if(strcmp(argv[1], "-h") == 0)
{
helpmsg();
}
else if(strcmp(argv[1], "-l") == 0)
{
printf("\nOSSEC HIDS %s: Updates the integrity check database.",
ARGV0);
print_agents(0, 0, 0);
printf("\n");
exit(0);
}
else if(strcmp(argv[1], "-u") == 0)
{
if(argc != 3)
{
printf("\n** Option -u requires an extra argument\n");
helpmsg();
}
}
else if(strcmp(argv[1], "-a") == 0)
{
DIR *sys_dir;
struct dirent *entry;
sys_dir = opendir(SYSCHECK_DIR);
if(!sys_dir)
{
ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR);
}
while((entry = readdir(sys_dir)) != NULL)
{
FILE *fp;
char full_path[OS_MAXSTR +1];
/* Do not even attempt to delete . and .. :) */
if((strcmp(entry->d_name,".") == 0)||
(strcmp(entry->d_name,"..") == 0))
{
continue;
}
snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR, entry->d_name);
fp = fopen(full_path, "w");
if(fp)
{
fclose(fp);
}
if(entry->d_name[0] == '.')
{
unlink(full_path);
}
}
closedir(sys_dir);
printf("\n** Integrity check database updated.\n\n");
exit(0);
}
else
{
printf("\n** Invalid option '%s'.\n", argv[1]);
helpmsg();
}
/* local */
if(strcmp(argv[2],"local") == 0)
{
char final_dir[1024];
FILE *fp;
snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
unlink(final_dir);
/* Deleting cpt file */
snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR);
fp = fopen(final_dir, "w");
if(fp)
{
fclose(fp);
}
/* unlink(final_dir); */
}
/* external agents */
else
{
int i;
keystore keys;
OS_ReadKeys(&keys);
i = OS_IsAllowedID(&keys, argv[2]);
if(i < 0)
{
printf("\n** Invalid agent id '%s'.\n", argv[2]);
helpmsg();
}
/* Deleting syscheck */
delete_syscheck(keys.keyentries[i]->name,keys.keyentries[i]->ip->ip,0);
}
printf("\n** Integrity check database updated.\n\n");
return(0);
}
