1 /* @(#) $Id: ./src/util/agent_control.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
14 #include "addagent/manage_agents.h"
19 #define ARGV0 "agent_control"
25 printf("\nOSSEC HIDS %s: Control remote agents.\n", ARGV0);
26 printf("Available options:\n");
27 printf("\t-h This help message.\n");
28 printf("\t-l List available (active or not) agents.\n");
29 printf("\t-lc List active agents.\n");
30 printf("\t-i <id> Extracts information from an agent.\n");
31 printf("\t-R <id> Restarts agent.\n");
32 printf("\t-r -a Runs the integrity/rootkit checking on all agents now.\n");
33 printf("\t-r -u <id> Runs the integrity/rootkit checking on one agent now.\n\n");
34 printf("\t-b <ip> Blocks the specified ip address.\n");
35 printf("\t-f <ar> Used with -b, specifies which response to run.\n");
36 printf("\t-L List available active responses.\n");
37 printf("\t-s Changes the output to CSV (comma delimited).\n");
43 int main(int argc, char **argv)
45 char *dir = DEFAULTDIR;
46 char *group = GROUPGLOBAL;
48 char *agent_id = NULL;
49 char *ip_address = NULL;
55 int c = 0, restart_syscheck = 0, restart_all_agents = 0, list_agents = 0;
56 int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0;
57 int list_responses = 0, end_time = 0, restart_agent = 0;
65 /* Setting the name */
76 while((c = getopt(argc, argv, "VehdlLcsaru:i:b:f:R:")) != -1)
112 merror("%s: -u needs an argument",ARGV0);
120 merror("%s: -b needs an argument",ARGV0);
128 merror("%s: -e needs an argument",ARGV0);
136 merror("%s: -R needs an argument",ARGV0);
143 restart_all_agents = 1;
153 /* Getting the group name */
154 gid = Privsep_GetGroup(group);
155 uid = Privsep_GetUser(user);
158 ErrorExit(USER_ERROR, ARGV0, user, group);
162 /* Setting the group */
163 if(Privsep_SetGroup(gid) < 0)
165 ErrorExit(SETGID_ERROR,ARGV0, group);
169 /* Chrooting to the default directory */
170 if(Privsep_Chroot(dir) < 0)
172 ErrorExit(CHROOT_ERROR, ARGV0, dir);
176 /* Inside chroot now */
180 /* Setting the user */
181 if(Privsep_SetUser(uid) < 0)
183 ErrorExit(SETUID_ERROR, ARGV0, user);
188 /* Getting servers hostname */
189 memset(shost, '\0', 512);
190 if(gethostname(shost, 512 -1) != 0)
192 strncpy(shost, "localhost", 32);
197 /* Listing responses. */
203 printf("\nOSSEC HIDS %s. Available active responses:\n", ARGV0);
206 fp = fopen(DEFAULTAR, "r");
211 while(fgets(buffer, 255, fp) != NULL)
218 r_cmd = strchr(buffer, ' ');
229 r_timeout = strchr(r_cmd, ' ');
234 if(strcmp(r_name, "restart-ossec0") == 0)
238 printf("\n Response name: %s, command: %s", r_name, r_cmd);
246 printf("\n No active response available.\n\n");
253 /* Listing available agents. */
258 printf("\nOSSEC HIDS %s. List of available agents:",
260 printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, Active/Local\n",
265 printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
267 print_agents(1, active_only, csv_output);
274 /* Checking if the provided ID is valid. */
277 if(strcmp(agent_id, "000") != 0)
281 agt_id = OS_IsAllowedID(&keys, agent_id);
284 printf("\n** Invalid agent id '%s'.\n", agent_id);
297 /* Printing information from an agent. */
301 char final_ip[128 +1];
302 char final_mask[128 +1];
303 agent_info *agt_info;
305 final_ip[128] = '\0';
306 final_mask[128] = '\0';
310 printf("\nOSSEC HIDS %s. Agent information:", ARGV0);
314 agt_status = get_agent_status(keys.keyentries[agt_id]->name,
315 keys.keyentries[agt_id]->ip->ip);
317 agt_info = get_agent_info(keys.keyentries[agt_id]->name,
318 keys.keyentries[agt_id]->ip->ip);
320 /* Getting netmask from ip. */
321 getNetmask(keys.keyentries[agt_id]->ip->netmask, final_mask, 128);
322 snprintf(final_ip, 128, "%s%s",keys.keyentries[agt_id]->ip->ip,
328 printf("\n Agent ID: %s\n", keys.keyentries[agt_id]->id);
329 printf(" Agent Name: %s\n", keys.keyentries[agt_id]->name);
330 printf(" IP address: %s\n", final_ip);
331 printf(" Status: %s\n\n",print_agent_status(agt_status));
335 printf("%s,%s,%s,%s,",
336 keys.keyentries[agt_id]->id,
337 keys.keyentries[agt_id]->name,
339 print_agent_status(agt_status));
344 agt_status = get_agent_status(NULL, NULL);
345 agt_info = get_agent_info(NULL, "127.0.0.1");
349 printf("\n Agent ID: 000 (local instance)\n");
350 printf(" Agent Name: %s\n", shost);
351 printf(" IP address: 127.0.0.1\n");
352 printf(" Status: %s/Local\n\n",print_agent_status(agt_status));
357 printf("000,%s,127.0.0.1,%s/Local,",
359 print_agent_status(agt_status));
367 printf(" Operating system: %s\n", agt_info->os);
368 printf(" Client version: %s\n", agt_info->version);
369 printf(" Last keep alive: %s\n\n", agt_info->last_keepalive);
374 printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
375 printf(" Syscheck last ended at: %s\n", agt_info->syscheck_endtime);
376 printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
377 printf(" Rootcheck last ended at: %s\n\n", agt_info->rootcheck_endtime);
381 printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
382 printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
387 printf("%s,%s,%s,%s,%s,\n",
390 agt_info->last_keepalive,
391 agt_info->syscheck_time,
392 agt_info->rootcheck_time);
400 /* Restarting syscheck every where. */
401 if(restart_all_agents && restart_syscheck)
404 /* Connecting to remoted. */
405 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
406 arq = connect_to_remoted();
409 printf("\n** Unable to connect to remoted.\n");
412 debug1("%s: DEBUG: Connected...", ARGV0);
415 /* Sending restart message to all agents. */
416 if(send_msg_to_agent(arq, HC_SK_RESTART, NULL, NULL) == 0)
418 printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on all agents.",
423 printf("\n** Unable to restart syscheck on all agents.\n");
432 if(restart_syscheck && agent_id)
435 /* Restart on the server. */
436 if(strcmp(agent_id, "000") == 0)
438 os_set_restart_syscheck();
440 printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck "
441 "locally.\n", ARGV0);
448 /* Connecting to remoted. */
449 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
450 arq = connect_to_remoted();
453 printf("\n** Unable to connect to remoted.\n");
456 debug1("%s: DEBUG: Connected...", ARGV0);
459 if(send_msg_to_agent(arq, HC_SK_RESTART, agent_id, NULL) == 0)
461 printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on agent: %s\n",
466 printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
474 if(restart_agent && agent_id)
476 /* Connecting to remoted. */
477 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
478 arq = connect_to_remoted();
481 printf("\n** Unable to connect to remoted.\n");
484 debug1("%s: DEBUG: Connected...", ARGV0);
487 if(send_msg_to_agent(arq, "restart-ossec0", agent_id, "null") == 0)
489 printf("\nOSSEC HIDS %s: Restarting agent: %s\n",
494 printf("\n** Unable to restart agent: %s\n", agent_id);
502 /* running active response on the specified agent id. */
503 if(ip_address && ar && agent_id)
505 /* Connecting to remoted. */
506 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
507 arq = connect_to_remoted();
510 printf("\n** Unable to connect to remoted.\n");
513 debug1("%s: DEBUG: Connected...", ARGV0);
516 if(send_msg_to_agent(arq, ar, agent_id, ip_address) == 0)
518 printf("\nOSSEC HIDS %s: Running active response '%s' on: %s\n",
519 ARGV0, ar, agent_id);
523 printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
531 printf("\n** Invalid argument combination.\n");