/* void read_internal()
* Reads syscheck internal options.
*/
void read_internal()
{
syscheck.tsleep = getDefine_Int("syscheck","sleep",0,64);
syscheck.sleep_after = getDefine_Int("syscheck","sleep_after",1,9999);
return;
}
/* Read syscheck internal options */
static void read_internal(int debug_level)
{
syscheck.tsleep = (unsigned int) getDefine_Int("syscheck", "sleep", 0, 64);
syscheck.sleep_after = getDefine_Int("syscheck", "sleep_after", 1, 9999);
/* Check current debug_level
* Command line setting takes precedence
*/
if (debug_level == 0) {
debug_level = getDefine_Int("syscheck", "debug", 0, 2);
while (debug_level != 0) {
nowDebug();
debug_level--;
}
}
return;
}
int main(int argc, char **argv)
{
int i = 0, c = 0;
uid_t uid;
gid_t gid;
int debug_level = 0;
int test_config = 0, run_foreground = 0;
const char *cfg = DEFAULTCPATH;
const char *dir = DEFAULTDIR;
const char *user = REMUSER;
const char *group = GROUPGLOBAL;
/* Set the name */
OS_SetName(ARGV0);
while ((c = getopt(argc, argv, "Vdthfu:g:c:D:")) != -1) {
switch (c) {
case 'V':
print_version();
break;
case 'h':
help_remoted();
break;
case 'd':
nowDebug();
debug_level = 1;
break;
case 'f':
run_foreground = 1;
break;
case 'u':
if (!optarg) {
ErrorExit("%s: -u needs an argument", ARGV0);
}
user = optarg;
break;
case 'g':
if (!optarg) {
ErrorExit("%s: -g needs an argument", ARGV0);
}
group = optarg;
break;
case 't':
test_config = 1;
break;
case 'c':
if (!optarg) {
ErrorExit("%s: -c need an argument", ARGV0);
}
cfg = optarg;
break;
case 'D':
if (!optarg) {
ErrorExit("%s: -D needs an argument", ARGV0);
}
dir = optarg;
break;
default:
help_remoted();
break;
}
}
/* Check current debug_level
* Command line setting takes precedence
*/
if (debug_level == 0) {
/* Get debug level */
debug_level = getDefine_Int("remoted", "debug", 0, 2);
while (debug_level != 0) {
nowDebug();
debug_level--;
}
}
debug1(STARTED_MSG, ARGV0);
/* Return 0 if not configured */
if (RemotedConfig(cfg, &logr) < 0) {
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
/* Exit if test_config is set */
if (test_config) {
exit(0);
}
if (logr.conn == NULL) {
/* Not configured */
exit(0);
}
/* Don't exit when client.keys empty (if set) */
if (getDefine_Int("remoted", "pass_empty_keyfile", 0, 1)) {
OS_PassEmptyKeyfile();
}
/* Check if the user and group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if (uid == (uid_t) - 1 || gid == (gid_t) - 1) {
ErrorExit(USER_ERROR, ARGV0, user, group);
}
/* Setup random */
srandom_init();
/* pid before going daemon */
i = getpid();
if (!run_foreground) {
nowDaemon();
goDaemon();
}
/* Set new group */
if (Privsep_SetGroup(gid) < 0) {
ErrorExit(SETGID_ERROR, ARGV0, group, errno, strerror(errno));
}
/* chroot */
if (Privsep_Chroot(dir) < 0) {
ErrorExit(CHROOT_ERROR, ARGV0, dir, errno, strerror(errno));
}
nowChroot();
/* Start the signal manipulation */
StartSIG(ARGV0);
/* Ignore SIGPIPE, it will be detected on recv */
signal(SIGPIPE, SIG_IGN);
random();
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* Really start the program */
i = 0;
while (logr.conn[i] != 0) {
/* Fork for each connection handler */
if (fork() == 0) {
/* On the child */
debug1("%s: DEBUG: Forking remoted: '%d'.", ARGV0, i);
logr.position = i;
HandleRemote(uid);
} else {
i++;
continue;
}
}
return (0);
}
int main(int argc, char **argv)
{
int i = 0,c = 0;
int uid = 0, gid = 0;
int debug_level = 0;
int test_config = 0,run_foreground = 0;
char *cfg = DEFAULTCPATH;
char *dir = DEFAULTDIR;
char *user = REMUSER;
char *group = GROUPGLOBAL;
/* Setting the name -- must be done ASAP */
OS_SetName(ARGV0);
while((c = getopt(argc, argv, "Vdthfu:g:c:D:")) != -1){
switch(c){
case 'V':
print_version();
break;
case 'h':
help_remoted();
break;
case 'd':
nowDebug();
debug_level = 1;
break;
case 'f':
run_foreground = 1;
break;
case 'u':
if(!optarg)
ErrorExit("%s: -u needs an argument",ARGV0);
user = optarg;
break;
case 'g':
if(!optarg)
ErrorExit("%s: -g needs an argument",ARGV0);
group = optarg;
break;
case 't':
test_config = 1;
break;
case 'c':
if (!optarg)
ErrorExit("%s: -c need an argument", ARGV0);
cfg = optarg;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir = optarg;
break;
default:
help_remoted();
break;
}
}
/* Check current debug_level
* Command line setting takes precedence
*/
if (debug_level == 0)
{
/* Getting debug level */
debug_level = getDefine_Int("remoted", "debug", 0, 2);
while(debug_level != 0)
{
nowDebug();
debug_level--;
}
}
debug1(STARTED_MSG,ARGV0);
/* Return 0 if not configured */
if(RemotedConfig(cfg, &logr) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
/* Exit if test_config is set */
if(test_config)
exit(0);
if(logr.conn == NULL)
{
/* Not configured. */
exit(0);
}
/* Check if the user and group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
ErrorExit(USER_ERROR, ARGV0, user, group);
/* pid before going daemon */
i = getpid();
if(!run_foreground)
{
nowDaemon();
goDaemon();
}
/* Setting new group */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR, ARGV0, group);
/* Going on chroot */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
nowChroot();
/* Starting the signal manipulation */
StartSIG(ARGV0);
/* Creating some randoness */
#ifdef __OpenBSD__
srandomdev();
#else
srandom( time(0) + getpid()+ i);
#endif
random();
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* Really starting the program. */
i = 0;
while(logr.conn[i] != 0)
{
/* Forking for each connection handler */
if(fork() == 0)
{
/* On the child */
debug1("%s: DEBUG: Forking remoted: '%d'.",ARGV0, i);
HandleRemote(i, uid);
}
else
{
i++;
continue;
}
}
/* Done over here */
return(0);
}
/* main: v0.3: 2005/04/04 */
int main(int argc, char **argv)
{
int c;
int debug_level = 0;
int test_config = 0,run_foreground = 0;
int accept_manager_commands = 0;
const char *cfg = DEFAULTCPATH;
/* Setuping up random */
#ifndef WIN32
#ifdef __OpenBSD__
srandomdev();
#else
srandom((unsigned int)time(0));
#endif
#else
srandom(time(0))
#endif
/* Setting the name */
OS_SetName(ARGV0);
while((c = getopt(argc, argv, "Vtdhfc:")) != -1)
{
switch(c)
{
case 'V':
print_version();
break;
case 'h':
help_logcollector();
break;
case 'd':
nowDebug();
debug_level = 1;
break;
case 'f':
run_foreground = 1;
break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help_logcollector();
break;
}
}
/* Check current debug_level
* Command line setting takes precedence
*/
if (debug_level == 0)
{
/* Getting debug level */
debug_level = getDefine_Int("logcollector", "debug", 0, 2);
while(debug_level != 0)
{
nowDebug();
debug_level--;
}
}
debug1(STARTED_MSG,ARGV0);
accept_manager_commands = getDefine_Int("logcollector", "remote_commands",
0, 1);
/* Reading config file */
if(LogCollectorConfig(cfg, accept_manager_commands) < 0)
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
/* Getting loop timeout */
loop_timeout = getDefine_Int("logcollector",
"loop_timeout",
1, 120);
open_file_attempts = getDefine_Int("logcollector", "open_attempts",
2, 998);
/* Exit if test config */
if(test_config)
exit(0);
/* No file available to monitor -- continue */
if(logff == NULL)
{
os_calloc(2, sizeof(logreader), logff);
logff[0].file = NULL;
logff[0].ffile = NULL;
logff[0].logformat = NULL;
logff[0].fp = NULL;
logff[1].file = NULL;
logff[1].logformat = NULL;
merror(NO_FILE, ARGV0);
}
/* Starting signal handler */
StartSIG(ARGV0);
if (!run_foreground)
{
/* Going on daemon mode */
nowDaemon();
goDaemon();
}
/* Creating PID file */
if(CreatePID(ARGV0, getpid()) < 0)
merror(PID_ERROR, ARGV0);
/* Waiting 6 seconds for the analysisd/agentd to settle */
debug1("%s: DEBUG: Waiting main daemons to settle.", ARGV0);
sleep(6);
/* Starting the queue. */
if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
/* Main loop */
LogCollectorStart();
}
/** OS_StartCounter.
* Read counters for each agent.
*/
void OS_StartCounter(keystore *keys)
{
int i;
char rids_file[OS_FLSIZE +1];
rids_file[OS_FLSIZE] = '\0';
debug1("%s: OS_StartCounter: keysize: %d", __local_name, keys->keysize);
/* Starting receiving counter */
for(i = 0; i<=keys->keysize; i++)
{
/* On i == keysize, we deal with the
* sender counter.
*/
if(i == keys->keysize)
{
snprintf(rids_file, OS_FLSIZE, "%s/%s",
RIDS_DIR,
SENDER_COUNTER);
}
else
{
snprintf(rids_file, OS_FLSIZE, "%s/%s",
RIDS_DIR,
keys->keyentries[i]->id);
}
keys->keyentries[i]->fp = fopen(rids_file, "r+");
/* If nothing is there, try to open as write only */
if(!keys->keyentries[i]->fp)
{
keys->keyentries[i]->fp = fopen(rids_file, "w");
if(!keys->keyentries[i]->fp)
{
int my_error = errno;
/* Just in case we run out of file descriptiors */
if((i > 10) && (keys->keyentries[i -1]->fp))
{
fclose(keys->keyentries[i -1]->fp);
if(keys->keyentries[i -2]->fp)
{
fclose(keys->keyentries[i -2]->fp);
}
}
merror("%s: Unable to open agent file. errno: %d",
__local_name, my_error);
ErrorExit(FOPEN_ERROR, __local_name, rids_file);
}
}
else
{
unsigned int g_c = 0, l_c = 0;
if(fscanf(keys->keyentries[i]->fp,"%u:%u", &g_c, &l_c) != 2)
{
if(i == keys->keysize)
{
verbose("%s: INFO: No previous sender counter.", __local_name);
}
else
{
verbose("%s: INFO: No previous counter available for '%s'.",
__local_name,
keys->keyentries[i]->name);
}
g_c = 0;
l_c = 0;
}
if(i == keys->keysize)
{
verbose("%s: INFO: Assigning sender counter: %d:%d",
__local_name, g_c, l_c);
global_count = g_c;
local_count = l_c;
}
else
{
verbose("%s: INFO: Assigning counter for agent %s: '%d:%d'.",
__local_name, keys->keyentries[i]->name, g_c, l_c);
keys->keyentries[i]->global = g_c;
keys->keyentries[i]->local = l_c;
}
}
}
debug2("%s: DEBUG: Stored counter.", __local_name);
/* Getting counter values */
if(_s_recv_flush == 0)
{
_s_recv_flush = getDefine_Int("remoted",
"recv_counter_flush",
10, 999999);
}
/* Average printout values */
if(_s_comp_print == 0)
{
_s_comp_print = getDefine_Int("remoted",
"comp_average_printout",
10, 999999);
}
_s_verify_counter = getDefine_Int("remoted", "verify_msg_id" , 0, 1);
}
/* main, v0.2, 2005/11/09
*/
int main(int argc, char **argv)
{
int c = 0;
int test_config = 0;
int debug_level = 0;
char *dir = DEFAULTDIR;
char *user = USER;
char *group = GROUPGLOBAL;
char *cfg = DEFAULTCPATH;
int uid = 0;
int gid = 0;
run_foreground = 0;
/* Setting the name */
OS_SetName(ARGV0);
while((c = getopt(argc, argv, "Vtdfhu:g:D:c:")) != -1){
switch(c){
case 'V':
print_version();
break;
case 'h':
help_agentd();
break;
case 'd':
nowDebug();
debug_level = 1;
break;
case 'f':
run_foreground = 1;
break;
case 'u':
if(!optarg)
ErrorExit("%s: -u needs an argument",ARGV0);
user = optarg;
break;
case 'g':
if(!optarg)
ErrorExit("%s: -g needs an argument",ARGV0);
group = optarg;
break;
case 't':
test_config = 1;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir = optarg;
break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument.",ARGV0);
cfg = optarg;
break;
default:
help_agentd();
break;
}
}
debug1(STARTED_MSG, ARGV0);
agt = (agent *)calloc(1, sizeof(agent));
if(!agt)
{
ErrorExit(MEM_ERROR, ARGV0);
}
/* Check current debug_level
* Command line setting takes precedence
*/
if (debug_level == 0)
{
/* Getting debug level */
debug_level = getDefine_Int("agent","debug", 0, 2);
while(debug_level != 0)
{
nowDebug();
debug_level--;
}
}
/* Reading config */
if(ClientConf(cfg) < 0)
{
ErrorExit(CLIENT_ERROR,ARGV0);
}
if(!agt->rip)
{
merror(AG_INV_IP, ARGV0);
ErrorExit(CLIENT_ERROR,ARGV0);
}
if(agt->notify_time == 0)
{
agt->notify_time = NOTIFY_TIME;
}
if(agt->max_time_reconnect_try == 0 )
{
agt->max_time_reconnect_try = NOTIFY_TIME * 3;
}
if(agt->max_time_reconnect_try <= agt->notify_time)
{
agt->max_time_reconnect_try = (agt->notify_time * 3);
verbose("%s: INFO: Max time to reconnect can't be less than notify_time(%d), using notify_time*3 (%d)",ARGV0,agt->notify_time,agt->max_time_reconnect_try);
}
verbose("%s: INFO: Using notify time: %d and max time to reconnect: %d",ARGV0,agt->notify_time,agt->max_time_reconnect_try);
/* Checking auth keys */
if(!OS_CheckKeys())
{
ErrorExit(AG_NOKEYS_EXIT, ARGV0);
}
/* Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
{
ErrorExit(USER_ERROR,ARGV0,user,group);
}
/* Exit if test config */
if(test_config)
exit(0);
/* Starting the signal manipulation */
StartSIG(ARGV0);
/* Agentd Start */
AgentdStart(dir, uid, gid, user, group);
return(0);
}
int main(int argc, char **argv)
{
int c, test_config = 0,run_foreground = 0;
int uid = 0,gid = 0;
const char *dir = DEFAULTDIR;
const char *user = MAILUSER;
const char *group = GROUPGLOBAL;
const char *cfg = DEFAULTCPATH;
/* Mail Structure */
MailConfig mail;
/* Setting the name */
OS_SetName(ARGV0);
while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){
switch(c){
case 'V':
print_version();
break;
case 'h':
help_maild();
break;
case 'd':
nowDebug();
break;
case 'f':
run_foreground = 1;
break;
case 'u':
if(!optarg)
ErrorExit("%s: -u needs an argument",ARGV0);
user=optarg;
break;
case 'g':
if(!optarg)
ErrorExit("%s: -g needs an argument",ARGV0);
group=optarg;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help_maild();
break;
}
}
/* Starting daemon */
debug1(STARTED_MSG,ARGV0);
/*Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
ErrorExit(USER_ERROR,ARGV0,user,group);
/* Reading configuration */
if(MailConf(test_config, cfg, &mail) < 0)
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
/* Reading internal options */
mail.strict_checking = getDefine_Int("maild",
"strict_checking",
0, 1);
/* Get groupping */
mail.groupping = getDefine_Int("maild",
"groupping",
0, 1);
/* Getting subject type */
mail.subject_full = getDefine_Int("maild",
"full_subject",
0, 1);
#ifdef GEOIP
/* Get GeoIP */
mail.geoip = getDefine_Int("maild",
"geoip",
0, 1);
#endif
/* Exit here if test config is set */
if(test_config)
exit(0);
if(!run_foreground)
{
nowDaemon();
goDaemon();
}
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
nowChroot();
/* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
debug1(PRIVSEP_MSG,ARGV0,dir,user);
/* Signal manipulation */
StartSIG(ARGV0);
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR, ARGV0);
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* the real daemon now */
OS_Run(&mail);
}
int main_analysisd(int argc, char **argv)
#endif
{
int c = 0, m_queue = 0, test_config = 0,run_foreground = 0;
int debug_level = 0;
char *dir = DEFAULTDIR;
char *user = USER;
char *group = GROUPGLOBAL;
int uid = 0,gid = 0;
char *cfg = DEFAULTCPATH;
/* Setting the name */
OS_SetName(ARGV0);
thishour = 0;
today = 0;
prev_year = 0;
memset(prev_month, '\0', 4);
hourly_alerts = 0;
hourly_events = 0;
hourly_syscheck = 0;
hourly_firewall = 0;
while((c = getopt(argc, argv, "Vtdhfu:g:D:c:")) != -1){
switch(c){
case 'V':
print_version();
break;
case 'h':
help_analysisd();
break;
case 'd':
nowDebug();
debug_level = 1;
break;
case 'f':
run_foreground = 1;
break;
case 'u':
if(!optarg)
ErrorExit("%s: -u needs an argument",ARGV0);
user = optarg;
break;
case 'g':
if(!optarg)
ErrorExit("%s: -g needs an argument",ARGV0);
group = optarg;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir = optarg;
break;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help_analysisd();
break;
}
}
/* Check current debug_level
* Command line setting takes precedence
*/
if (debug_level == 0)
{
/* Getting debug level */
debug_level = getDefine_Int("analysisd", "debug", 0, 2);
while(debug_level != 0)
{
nowDebug();
debug_level--;
}
}
/* Starting daemon */
debug1(STARTED_MSG,ARGV0);
DEBUG_MSG("%s: DEBUG: Starting on debug mode - %d ", ARGV0, (int)time(0));
/*Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
ErrorExit(USER_ERROR,ARGV0,user,group);
/* Found user */
debug1(FOUND_USER, ARGV0);
/* Initializing Active response */
AR_Init();
if(AR_ReadConfig(cfg) < 0)
{
ErrorExit(CONFIG_ERROR,ARGV0, cfg);
}
debug1(ASINIT, ARGV0);
/* Reading configuration file */
if(GlobalConf(cfg) < 0)
{
ErrorExit(CONFIG_ERROR,ARGV0, cfg);
}
debug1(READ_CONFIG, ARGV0);
/* Fixing Config.ar */
Config.ar = ar_flag;
if(Config.ar == -1)
Config.ar = 0;
/* Getting servers hostname */
memset(__shost, '\0', 512);
if(gethostname(__shost, 512 -1) != 0)
{
strncpy(__shost, OSSEC_SERVER, 512 -1);
}
else
{
char *_ltmp;
/* Remove domain part if available */
_ltmp = strchr(__shost, '.');
if(_ltmp)
*_ltmp = '\0';
}
/* going on Daemon mode */
if(!test_config && !run_foreground)
{
nowDaemon();
goDaemon();
}
/* Starting prelude */
#ifdef PRELUDE
if(Config.prelude)
{
prelude_start(Config.prelude_profile, argc, argv);
}
#endif
/* Starting zeromq */
#ifdef ZEROMQ_OUTPUT
if(Config.zeromq_output)
{
zeromq_output_start(Config.zeromq_output_uri, argc, argv);
}
#endif
/* Opening the Picviz socket */
if(Config.picviz)
{
OS_PicvizOpen(Config.picviz_socket);
if(chown(Config.picviz_socket, uid, gid) == -1)
{
ErrorExit(CHOWN_ERROR, ARGV0, Config.picviz_socket);
}
}
/* Setting the group */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
/* Chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
nowChroot();
/*
* Anonymous Section: Load rules, decoders, and lists
*
* As lists require two pass loading of rules that make use of list lookups
* are created with blank database structs, and need to be filled in after
* completion of all rules and lists.
*/
{
{
/* Initializing the decoders list */
OS_CreateOSDecoderList();
if(!Config.decoders)
{ /* Legacy loading */
/* Reading decoders */
if(!ReadDecodeXML(XML_DECODER))
{
ErrorExit(CONFIG_ERROR, ARGV0, XML_DECODER);
}
/* Reading local ones. */
c = ReadDecodeXML(XML_LDECODER);
if(!c)
{
if((c != -2))
ErrorExit(CONFIG_ERROR, ARGV0, XML_LDECODER);
}
else
{
if(!test_config)
verbose("%s: INFO: Reading local decoder file.", ARGV0);
}
}
else
{ /* New loaded based on file speified in ossec.conf */
char **decodersfiles;
decodersfiles = Config.decoders;
while( decodersfiles && *decodersfiles)
{
if(!test_config)
verbose("%s: INFO: Reading decoder file %s.", ARGV0, *decodersfiles);
if(!ReadDecodeXML(*decodersfiles))
ErrorExit(CONFIG_ERROR, ARGV0, *decodersfiles);
free(*decodersfiles);
decodersfiles++;
}
}
/* Load decoders */
SetDecodeXML();
}
{ /* Load Lists */
/* Initializing the lists of list struct */
Lists_OP_CreateLists();
/* Load each list into list struct */
{
char **listfiles;
listfiles = Config.lists;
while(listfiles && *listfiles)
{
if(!test_config)
verbose("%s: INFO: Reading loading the lists file: '%s'", ARGV0, *listfiles);
if(Lists_OP_LoadList(*listfiles) < 0)
ErrorExit(LISTS_ERROR, ARGV0, *listfiles);
free(*listfiles);
listfiles++;
}
free(Config.lists);
Config.lists = NULL;
}
}
{ /* Load Rules */
/* Creating the rules list */
Rules_OP_CreateRules();
/* Reading the rules */
{
char **rulesfiles;
rulesfiles = Config.includes;
while(rulesfiles && *rulesfiles)
{
if(!test_config)
verbose("%s: INFO: Reading rules file: '%s'", ARGV0, *rulesfiles);
if(Rules_OP_ReadRules(*rulesfiles) < 0)
ErrorExit(RULES_ERROR, ARGV0, *rulesfiles);
free(*rulesfiles);
rulesfiles++;
}
free(Config.includes);
Config.includes = NULL;
}
/* Find all rules with that require list lookups and attache the
* the correct list struct to the rule. This keeps rules from having to
* search thought the list of lists for the correct file during rule evaluation.
*/
OS_ListLoadRules();
}
}
/* Fixing the levels/accuracy */
{
int total_rules;
RuleNode *tmp_node = OS_GetFirstRule();
total_rules = _setlevels(tmp_node, 0);
if(!test_config)
verbose("%s: INFO: Total rules enabled: '%d'", ARGV0, total_rules);
}
/* Creating a rules hash (for reading alerts from other servers). */
{
RuleNode *tmp_node = OS_GetFirstRule();
Config.g_rules_hash = OSHash_Create();
if(!Config.g_rules_hash)
{
ErrorExit(MEM_ERROR, ARGV0);
}
AddHash_Rule(tmp_node);
}
/* Ignored files on syscheck */
{
char **files;
files = Config.syscheck_ignore;
while(files && *files)
{
if(!test_config)
verbose("%s: INFO: Ignoring file: '%s'", ARGV0, *files);
files++;
}
}
/* Checking if log_fw is enabled. */
Config.logfw = getDefine_Int("analysisd",
"log_fw",
0, 1);
/* Success on the configuration test */
if(test_config)
exit(0);
/* Verbose message */
debug1(PRIVSEP_MSG, ARGV0, dir, user);
/* Signal manipulation */
StartSIG(ARGV0);
/* Setting the user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
/* Creating the PID file */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
/* Setting the queue */
if((m_queue = StartMQ(DEFAULTQUEUE,READ)) < 0)
ErrorExit(QUEUE_ERROR, ARGV0, DEFAULTQUEUE, strerror(errno));
/* White list */
if(Config.white_list == NULL)
{
if(Config.ar)
verbose("%s: INFO: No IP in the white list for active reponse.", ARGV0);
}
else
{
if(Config.ar)
{
os_ip **wl;
int wlc = 0;
wl = Config.white_list;
while(*wl)
{
verbose("%s: INFO: White listing IP: '%s'",ARGV0, (*wl)->ip);
wl++;wlc++;
}
verbose("%s: INFO: %d IPs in the white list for active response.",
ARGV0, wlc);
}
}
/* Hostname White list */
if(Config.hostname_white_list == NULL)
{
if(Config.ar)
verbose("%s: INFO: No Hostname in the white list for active reponse.",
ARGV0);
}
else
{
if(Config.ar)
{
int wlc = 0;
OSMatch **wl;
wl = Config.hostname_white_list;
while(*wl)
{
char **tmp_pts = (*wl)->patterns;
while(*tmp_pts)
{
verbose("%s: INFO: White listing Hostname: '%s'",ARGV0,*tmp_pts);
wlc++;
tmp_pts++;
}
wl++;
}
verbose("%s: INFO: %d Hostname(s) in the white list for active response.",
ARGV0, wlc);
}
}
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* Going to main loop */
OS_ReadMSG(m_queue);
if (Config.picviz)
{
OS_PicvizClose();
}
exit(0);
}
/* Locally starts (after service/win init) */
int local_start()
{
int debug_level;
int accept_manager_commands = 0;
char *cfg = DEFAULTCPATH;
WSADATA wsaData;
DWORD threadID;
DWORD threadID2;
/* Starting logr */
logr = (agent *)calloc(1, sizeof(agent));
if(!logr)
{
ErrorExit(MEM_ERROR, ARGV0);
}
logr->port = DEFAULT_SECURE;
/* Getting debug level */
debug_level = getDefine_Int("windows","debug", 0, 2);
while(debug_level != 0)
{
nowDebug();
debug_level--;
}
accept_manager_commands = getDefine_Int("logcollector",
"remote_commands", 0, 1);
/* Configuration file not present */
if(File_DateofChange(cfg) < 0)
ErrorExit("%s: Configuration file '%s' not found",ARGV0,cfg);
/* Starting Winsock */
if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0)
{
ErrorExit("%s: WSAStartup() failed", ARGV0);
}
/* Read agent config */
debug1("%s: DEBUG: Reading agent configuration.", ARGV0);
if(ClientConf(cfg) < 0)
{
ErrorExit(CLIENT_ERROR,ARGV0);
}
if(logr->notify_time == 0)
{
logr->notify_time = NOTIFY_TIME;
}
if(logr->max_time_reconnect_try == 0 )
{
logr->max_time_reconnect_try = NOTIFY_TIME * 3;
}
if(logr->max_time_reconnect_try <= logr->notify_time)
{
logr->max_time_reconnect_try = (logr->notify_time * 3);
verbose("%s Max time to reconnect can't be less than notify_time(%d), using notify_time*3 (%d)",ARGV0,logr->notify_time,logr->max_time_reconnect_try);
}
verbose("%s Using notify time: %d and max time to reconnect: %d",ARGV0,logr->notify_time,logr->max_time_reconnect_try);
/* Reading logcollector config file */
debug1("%s: DEBUG: Reading logcollector configuration.", ARGV0);
if(LogCollectorConfig(cfg, accept_manager_commands) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
/* Checking auth keys */
if(!OS_CheckKeys())
{
ErrorExit(AG_NOKEYS_EXIT, ARGV0);
}
/* If there is not file to monitor, create a clean entry
* for the mark messages.
*/
if(logff == NULL)
{
os_calloc(2, sizeof(logreader), logff);
logff[0].file = NULL;
logff[0].ffile = NULL;
logff[0].logformat = NULL;
logff[0].fp = NULL;
logff[1].file = NULL;
logff[1].logformat = NULL;
merror(NO_FILE, ARGV0);
}
/* Reading execd config. */
if(!WinExecd_Start())
{
logr->execdq = -1;
}
/* Reading keys */
verbose(ENC_READ, ARGV0);
OS_ReadKeys(&keys);
OS_StartCounter(&keys);
os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id, NULL);
/* Initial random numbers */
srandom(time(0));
random();
/* Socket connection */
logr->sock = -1;
StartMQ(NULL, 0);
/* Starting mutex */
debug1("%s: DEBUG: Creating thread mutex.", ARGV0);
hMutex = CreateMutex(NULL, FALSE, NULL);
if(hMutex == NULL)
{
ErrorExit("%s: Error creating mutex.", ARGV0);
}
/* Starting syscheck thread */
if(CreateThread(NULL,
0,
(LPTHREAD_START_ROUTINE)skthread,
NULL,
0,
(LPDWORD)&threadID) == NULL)
{
merror(THREAD_ERROR, ARGV0);
}
/* Checking if server is connected */
os_setwait();
start_agent(1);
os_delwait();
/* Sending integrity message for agent configs */
intcheck_file(cfg, "");
intcheck_file(OSPATROL_DEFINES, "");
/* Starting receiver thread */
if(CreateThread(NULL,
0,
(LPTHREAD_START_ROUTINE)receiver_thread,
NULL,
0,
(LPDWORD)&threadID2) == NULL)
{
merror(THREAD_ERROR, ARGV0);
}
/* Sending agent information message */
send_win32_info(time(0));
/* Startting logcollector -- main process here */
LogCollectorStart();
WSACleanup();
return(0);
}
int main(int argc, char **argv)
{
int test_config = 0;
int c = 0;
char *ut_str = NULL;
const char *dir = DEFAULTDIR;
const char *cfg = DEFAULTCPATH;
/* Set the name */
OS_SetName(ARGV0);
thishour = 0;
today = 0;
prev_year = 0;
full_output = 0;
alert_only = 0;
active_responses = NULL;
memset(prev_month, '\0', 4);
while ((c = getopt(argc, argv, "VatvdhU:D:c:")) != -1) {
switch (c) {
case 'V':
print_version();
break;
case 't':
test_config = 1;
break;
case 'h':
help_logtest();
break;
case 'd':
nowDebug();
break;
case 'U':
if (!optarg) {
ErrorExit("%s: -U needs an argument", ARGV0);
}
ut_str = optarg;
break;
case 'D':
if (!optarg) {
ErrorExit("%s: -D needs an argument", ARGV0);
}
dir = optarg;
break;
case 'c':
if (!optarg) {
ErrorExit("%s: -c needs an argument", ARGV0);
}
cfg = optarg;
break;
case 'a':
alert_only = 1;
break;
case 'v':
full_output = 1;
break;
default:
help_logtest();
break;
}
}
/* Read configuration file */
if (GlobalConf(cfg) < 0) {
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
debug1(READ_CONFIG, ARGV0);
/* Get server hostname */
memset(__shost, '\0', 512);
if (gethostname(__shost, 512 - 1) != 0) {
strncpy(__shost, OSSEC_SERVER, 512 - 1);
} else {
char *_ltmp;
/* Remove domain part if available */
_ltmp = strchr(__shost, '.');
if (_ltmp) {
*_ltmp = '\0';
}
}
if (chdir(dir) != 0) {
ErrorExit(CHROOT_ERROR, ARGV0, dir, errno, strerror(errno));
}
Config.decoder_order_size = (size_t)getDefine_Int("analysisd", "decoder_order_size", 8, MAX_DECODER_ORDER_SIZE);
/*
* Anonymous Section: Load rules, decoders, and lists
*
* As lists require two pass loading of rules that make use of list lookups
* are created with blank database structs, and need to be filled in after
* completion of all rules and lists.
*/
{
{
/* Load decoders */
/* Initialize the decoders list */
OS_CreateOSDecoderList();
if (!Config.decoders) {
/* Legacy loading */
/* Read decoders */
if (!ReadDecodeXML("etc/decoder.xml")) {
ErrorExit(CONFIG_ERROR, ARGV0, XML_DECODER);
}
/* Read local ones */
c = ReadDecodeXML("etc/local_decoder.xml");
if (!c) {
if ((c != -2)) {
ErrorExit(CONFIG_ERROR, ARGV0, XML_LDECODER);
}
} else {
verbose("%s: INFO: Reading local decoder file.", ARGV0);
}
} else {
/* New loaded based on file specified in ossec.conf */
char **decodersfiles;
decodersfiles = Config.decoders;
while ( decodersfiles && *decodersfiles) {
verbose("%s: INFO: Reading decoder file %s.", ARGV0, *decodersfiles);
if (!ReadDecodeXML(*decodersfiles)) {
ErrorExit(CONFIG_ERROR, ARGV0, *decodersfiles);
}
free(*decodersfiles);
decodersfiles++;
}
}
/* Load decoders */
SetDecodeXML();
}
{
/* Load Lists */
/* Initialize the lists of list struct */
Lists_OP_CreateLists();
/* Load each list into list struct */
{
char **listfiles;
listfiles = Config.lists;
while (listfiles && *listfiles) {
verbose("%s: INFO: Reading the lists file: '%s'", ARGV0, *listfiles);
if (Lists_OP_LoadList(*listfiles) < 0) {
ErrorExit(LISTS_ERROR, ARGV0, *listfiles);
}
free(*listfiles);
listfiles++;
}
free(Config.lists);
Config.lists = NULL;
}
}
{
/* Load Rules */
/* Create the rules list */
Rules_OP_CreateRules();
/* Read the rules */
{
char **rulesfiles;
rulesfiles = Config.includes;
while (rulesfiles && *rulesfiles) {
debug1("%s: INFO: Reading rules file: '%s'", ARGV0, *rulesfiles);
if (Rules_OP_ReadRules(*rulesfiles) < 0) {
ErrorExit(RULES_ERROR, ARGV0, *rulesfiles);
}
free(*rulesfiles);
rulesfiles++;
}
free(Config.includes);
Config.includes = NULL;
}
/* Find all rules with that require list lookups and attache the
* the correct list struct to the rule. This keeps rules from
* having to search thought the list of lists for the correct file
* during rule evaluation.
*/
OS_ListLoadRules();
}
}
/* Fix the levels/accuracy */
{
int total_rules;
RuleNode *tmp_node = OS_GetFirstRule();
total_rules = _setlevels(tmp_node, 0);
debug1("%s: INFO: Total rules enabled: '%d'", ARGV0, total_rules);
}
/* Creating a rules hash (for reading alerts from other servers) */
{
RuleNode *tmp_node = OS_GetFirstRule();
Config.g_rules_hash = OSHash_Create();
if (!Config.g_rules_hash) {
ErrorExit(MEM_ERROR, ARGV0, errno, strerror(errno));
}
AddHash_Rule(tmp_node);
}
if (test_config == 1) {
exit(0);
}
/* Start up message */
verbose(STARTUP_MSG, ARGV0, getpid());
/* Going to main loop */
OS_ReadMSG(ut_str);
exit(0);
}
int main(int argc, char **argv)
{
int c, test_config = 0, run_foreground = 0;
int uid=0,gid=0;
char *dir = DEFAULTDIR;
char *user = USER;
char *group = GROUPGLOBAL;
char *cfg = DEFAULTCPATH;
/* Initializing global variables */
mond.a_queue = 0;
/* Setting the name */
OS_SetName(ARGV0);
while((c = getopt(argc, argv, "Vdhtfu:g:D:c:")) != -1){
switch(c){
case 'V':
print_version();
break;
case 'h':
help(ARGV0);
break;
case 'd':
nowDebug();
break;
case 'f':
run_foreground = 1;
break;
case 'u':
if(!optarg)
ErrorExit("%s: -u needs an argument",ARGV0);
user=optarg;
break;
case 'g':
if(!optarg)
ErrorExit("%s: -g needs an argument",ARGV0);
group=optarg;
break;
case 'D':
if(!optarg)
ErrorExit("%s: -D needs an argument",ARGV0);
dir=optarg;
case 'c':
if(!optarg)
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
case 't':
test_config = 1;
break;
default:
help(ARGV0);
break;
}
}
/* Starting daemon */
debug1(STARTED_MSG,ARGV0);
/*Check if the user/group given are valid */
uid = Privsep_GetUser(user);
gid = Privsep_GetGroup(group);
if((uid < 0)||(gid < 0))
ErrorExit(USER_ERROR,ARGV0,user,group);
/* Getting config options */
mond.day_wait = getDefine_Int("monitord",
"day_wait",
5,240);
mond.compress = getDefine_Int("monitord",
"compress",
0,1);
mond.sign = getDefine_Int("monitord","sign",0,1);
mond.monitor_agents = getDefine_Int("monitord","monitor_agents",0,1);
mond.agents = NULL;
mond.smtpserver = NULL;
mond.emailfrom = NULL;
c = 0;
c|= CREPORTS;
if(ReadConfig(c, cfg, &mond, NULL) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
/* If we have any reports configured, read smtp/emailfrom */
if(mond.reports)
{
OS_XML xml;
char *tmpsmtp;
char *(xml_smtp[])={"ossec_config", "global", "smtp_server", NULL};
char *(xml_from[])={"ossec_config", "global", "email_from", NULL};
if(OS_ReadXML(cfg, &xml) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0, cfg);
}
tmpsmtp = OS_GetOneContentforElement(&xml,xml_smtp);
mond.emailfrom = OS_GetOneContentforElement(&xml,xml_from);
if(tmpsmtp && mond.emailfrom)
{
mond.smtpserver = OS_GetHost(tmpsmtp, 5);
if(!mond.smtpserver)
{
merror(INVALID_SMTP, ARGV0, tmpsmtp);
if(mond.emailfrom) free(mond.emailfrom);
mond.emailfrom = NULL;
merror("%s: Invalid SMTP server. Disabling email reports.", ARGV0);
}
}
else
{
if(tmpsmtp) free(tmpsmtp);
if(mond.emailfrom) free(mond.emailfrom);
mond.emailfrom = NULL;
merror("%s: SMTP server or 'email from' missing. Disabling email reports.", ARGV0);
}
OS_ClearXML(&xml);
}
/* Exit here if test config is set */
if(test_config)
exit(0);
if (!run_foreground)
{
/* Going on daemon mode */
nowDaemon();
goDaemon();
}
/* Privilege separation */
if(Privsep_SetGroup(gid) < 0)
ErrorExit(SETGID_ERROR,ARGV0,group);
/* chrooting */
if(Privsep_Chroot(dir) < 0)
ErrorExit(CHROOT_ERROR,ARGV0,dir);
nowChroot();
/* Changing user */
if(Privsep_SetUser(uid) < 0)
ErrorExit(SETUID_ERROR,ARGV0,user);
debug1(PRIVSEP_MSG,ARGV0,dir,user);
/* Signal manipulation */
StartSIG(ARGV0);
/* Creating PID files */
if(CreatePID(ARGV0, getpid()) < 0)
ErrorExit(PID_ERROR,ARGV0);
/* Start up message */
verbose(STARTUP_MSG, ARGV0, (int)getpid());
/* the real daemon now */
Monitord();
exit(0);
}
/** int FTS_Init()
* Starts the FTS module.
*/
int FTS_Init()
{
int fts_list_size;
char _line[OS_FLSIZE + 1];
_line[OS_FLSIZE] = '\0';
fts_list = OSList_Create();
if(!fts_list)
{
merror(LIST_ERROR, ARGV0);
return(0);
}
/* Creating store data */
fts_store = OSHash_Create();
if(!fts_store)
{
merror(LIST_ERROR, ARGV0);
return(0);
}
if(!OSHash_setSize(fts_store, 2048))
{
merror(LIST_ERROR, ARGV0);
return(0);
}
/* Getting default list size */
fts_list_size = getDefine_Int("analysisd",
"fts_list_size",
12,512);
/* Getting minimum string size */
fts_minsize_for_str = getDefine_Int("analysisd",
"fts_min_size_for_str",
6, 128);
if(!OSList_SetMaxSize(fts_list, fts_list_size))
{
merror(LIST_SIZE_ERROR, ARGV0);
return(0);
}
/* creating fts list */
fp_list = fopen(FTS_QUEUE, "r+");
if(!fp_list)
{
/* Create the file if we cant open it */
fp_list = fopen(FTS_QUEUE, "w+");
if(fp_list)
fclose(fp_list);
chmod(FTS_QUEUE, 0777);
fp_list = fopen(FTS_QUEUE, "r+");
if(!fp_list)
{
merror(FOPEN_ERROR, ARGV0, FTS_QUEUE);
return(0);
}
}
/* Adding content from the files to memory */
fseek(fp_list, 0, SEEK_SET);
while(fgets(_line, OS_FLSIZE , fp_list) != NULL)
{
char *tmp_s;
/* Removing new lines */
tmp_s = strchr(_line, '\n');
if(tmp_s)
{
*tmp_s = '\0';
}
os_strdup(_line, tmp_s);
if(OSHash_Add(fts_store, tmp_s, tmp_s) <= 0)
{
free(tmp_s);
merror(LIST_ADD_ERROR, ARGV0);
}
}
/* Creating ignore list */
fp_ignore = fopen(IG_QUEUE, "r+");
if(!fp_ignore)
{
/* Create the file if we cant open it */
fp_ignore = fopen(IG_QUEUE, "w+");
if(fp_ignore)
fclose(fp_ignore);
chmod(IG_QUEUE, 0777);
fp_ignore = fopen(IG_QUEUE, "r+");
if(!fp_ignore)
{
merror(FOPEN_ERROR, ARGV0, IG_QUEUE);
return(0);
}
}
debug1("%s: DEBUG: FTSInit completed.", ARGV0);
return(1);
}