3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
20 #include "logcollector.h"
22 #include "os_net/os_net.h"
23 #include "os_execd/execd.h"
24 #include "os_crypto/md5/md5_op.h"
27 #define ARGV0 "ossec-agent"
30 time_t __win32_curr_time = 0;
31 time_t __win32_shared_time = 0;
32 char *__win32_uname = NULL;
33 char *__win32_shared = NULL;
38 int Start_win32_Syscheck();
39 void send_win32_info(time_t curr_time);
45 printf("\nOSSEC HIDS %s %s .\n", ARGV0, __version);
46 printf("Available options:\n");
47 printf("\t-h This help message.\n");
48 printf("\thelp This help message.\n");
49 printf("\tinstall-service Installs as a service\n");
50 printf("\tuninstall-service Uninstalls as a service\n");
51 printf("\tstart Manually starts (not from services)\n");
55 /* syscheck main thread */
58 verbose("%s: Starting syscheckd thread.", ARGV0);
60 Start_win32_Syscheck();
66 /** main(int argc, char **argv)
69 int main(int argc, char **argv)
72 char mypath[OS_MAXSTR +1];
73 char myfile[OS_MAXSTR +1];
75 /* Setting the name */
80 mypath[OS_MAXSTR] = '\0';
81 myfile[OS_MAXSTR] = '\0';
84 /* mypath is going to be the whole path of the file */
85 strncpy(mypath, argv[0], OS_MAXSTR);
86 tmpstr = strrchr(mypath, '\\');
89 /* tmpstr is now the file name */
92 strncpy(myfile, tmpstr, OS_MAXSTR);
96 strncpy(myfile, argv[0], OS_MAXSTR);
101 getcwd(mypath, OS_MAXSTR -1);
102 strncat(mypath, "\\", OS_MAXSTR - (strlen(mypath) + 2));
103 strncat(mypath, myfile, OS_MAXSTR - (strlen(mypath) + 2));
108 if(strcmp(argv[1], "install-service") == 0)
110 return(InstallService(mypath));
112 else if(strcmp(argv[1], "uninstall-service") == 0)
114 return(UninstallService());
116 else if(strcmp(argv[1], "start") == 0)
118 return(local_start());
120 else if(strcmp(argv[1], "-h") == 0)
124 else if(strcmp(argv[1], "help") == 0)
130 merror("%s: Unknown option: %s", ARGV0, argv[1]);
137 if(!os_WinMain(argc, argv))
139 ErrorExit("%s: Unable to start WinMain.", ARGV0);
146 /* Locally starts (after service/win init) */
150 char *cfg = DEFAULTCPATH;
157 logr = (agent *)calloc(1, sizeof(agent));
160 ErrorExit(MEM_ERROR, ARGV0);
162 logr->port = DEFAULT_SECURE;
165 /* Getting debug level */
166 debug_level = getDefine_Int("windows","debug", 0, 2);
167 while(debug_level != 0)
175 /* Configuration file not present */
176 if(File_DateofChange(cfg) < 0)
177 ErrorExit("%s: Configuration file '%s' not found",ARGV0,cfg);
180 /* Starting Winsock */
181 if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0)
183 ErrorExit("%s: WSAStartup() failed", ARGV0);
187 /* Read agent config */
188 debug1("%s: DEBUG: Reading agent configuration.", ARGV0);
189 if(ClientConf(cfg) < 0)
191 ErrorExit(CLIENT_ERROR,ARGV0);
195 /* Reading logcollector config file */
196 debug1("%s: DEBUG: Reading logcollector configuration.", ARGV0);
197 if(LogCollectorConfig(cfg) < 0)
199 ErrorExit(CONFIG_ERROR, ARGV0, cfg);
203 /* Checking auth keys */
206 ErrorExit(AG_NOKEYS_EXIT, ARGV0);
211 /* If there is not file to monitor, create a clean entry
212 * for the mark messages.
216 os_calloc(2, sizeof(logreader), logff);
217 logff[0].file = NULL;
218 logff[0].ffile = NULL;
219 logff[0].logformat = NULL;
221 logff[1].file = NULL;
222 logff[1].logformat = NULL;
224 merror(NO_FILE, ARGV0);
228 /* Reading execd config. */
229 if(!WinExecd_Start())
236 verbose(ENC_READ, ARGV0);
239 OS_StartCounter(&keys);
240 os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id);
243 /* Initial random numbers */
248 /* Socket connection */
254 debug1("%s: DEBUG: Creating thread mutex.", ARGV0);
255 hMutex = CreateMutex(NULL, FALSE, NULL);
258 ErrorExit("%s: Error creating mutex.", ARGV0);
263 /* Starting syscheck thread */
264 if(CreateThread(NULL,
266 (LPTHREAD_START_ROUTINE)skthread,
269 (LPDWORD)&threadID) == NULL)
271 merror(THREAD_ERROR, ARGV0);
276 /* Checking if server is connected */
284 /* Sending integrity message for agent configs */
285 intcheck_file(cfg, "");
286 intcheck_file(OSSEC_DEFINES, "");
289 /* Starting receiver thread */
290 if(CreateThread(NULL,
292 (LPTHREAD_START_ROUTINE)receiver_thread,
295 (LPDWORD)&threadID2) == NULL)
297 merror(THREAD_ERROR, ARGV0);
301 /* Sending agent information message */
302 send_win32_info(time(0));
305 /* Startting logcollector -- main process here */
313 /* SendMSG for windows */
314 int SendMSG(int queue, char *message, char *locmsg, char loc)
321 char tmpstr[OS_MAXSTR+2];
322 char crypt_msg[OS_MAXSTR +2];
326 tmpstr[OS_MAXSTR +1] = '\0';
327 crypt_msg[OS_MAXSTR +1] = '\0';
330 debug2("%s: DEBUG: Attempting to send message to server.", ARGV0);
332 /* Using a mutex to synchronize the writes */
335 dwWaitResult = WaitForSingleObject(hMutex, 1000000L);
337 if(dwWaitResult != WAIT_OBJECT_0)
342 merror("%s: Error waiting mutex (timeout).", ARGV0);
346 merror("%s: Error waiting mutex (abandoned).", ARGV0);
349 merror("%s: Error waiting mutex.", ARGV0);
365 /* Check if the server has responded */
366 if((cu_time - available_server) > (NOTIFY_TIME - 180))
368 debug1("%s: DEBUG: Sending info to server (c1)...", ARGV0);
369 send_win32_info(cu_time);
372 /* Attempting to send message again. */
373 if((cu_time - available_server) > NOTIFY_TIME)
376 send_win32_info(cu_time);
379 if((cu_time - available_server) > NOTIFY_TIME)
381 send_win32_info(cu_time);
386 /* If we reached here, the server is unavailable for a while. */
387 if((cu_time - available_server) > ((3 * NOTIFY_TIME) - 180))
392 /* Last attempt before going into reconnect mode. */
393 debug1("%s: DEBUG: Sending info to server (c3)...", ARGV0);
395 send_win32_info(cu_time);
396 if((cu_time - available_server) > ((3 * NOTIFY_TIME) - 180))
399 send_win32_info(cu_time);
404 /* Checking and generating log if unavailable. */
406 if((cu_time - available_server) > ((3 * NOTIFY_TIME) - 180))
408 int global_sleep = 1;
411 /* If response is not available, set lock and
414 verbose(SERVER_UNAV, ARGV0);
417 /* Going into reconnect mode. */
418 while((cu_time - available_server) > ((3*NOTIFY_TIME) - 180))
420 /* Sending information to see if server replies */
423 send_win32_info(cu_time);
439 /* If we have more than one server, try all. */
440 if(wi > 12 && logr->rip[1])
442 int curr_rip = logr->rip_id;
443 merror("%s: INFO: Trying next server ip in "
446 logr->rip[logr->rip_id + 1] != NULL?
447 logr->rip[logr->rip_id + 1]:
450 connect_server(logr->rip_id +1);
452 if(logr->rip_id != curr_rip)
457 else if(global_sleep == 2 || ((global_sleep % mod_sleep) == 0) ||
460 connect_server(logr->rip_id +1);
463 sleep(wi + global_sleep);
470 if(global_sleep > 30)
477 verbose(AG_CONNECTED, ARGV0, logr->rip[logr->rip_id],
479 verbose(SERVER_UP, ARGV0);
490 /* Send notification */
491 else if((cu_time - __win32_curr_time) > (NOTIFY_TIME - 200))
493 debug1("%s: DEBUG: Sending info to server (ctime2)...", ARGV0);
494 send_win32_info(cu_time);
499 /* locmsg cannot have the C:, as we use it as delimiter */
500 pl = strchr(locmsg, ':');
503 /* Setting pl after the ":" if it exists. */
512 debug2("%s: DEBUG: Sending message to server: '%s'", ARGV0, message);
514 snprintf(tmpstr,OS_MAXSTR,"%c:%s:%s", loc, pl, message);
516 _ssize = CreateSecMSG(&keys, tmpstr, crypt_msg, 0);
519 /* Returns NULL if can't create encrypted message */
522 merror(SEC_ERROR,ARGV0);
523 if(!ReleaseMutex(hMutex))
525 merror("%s: Error releasing mutex.", ARGV0);
531 /* Send _ssize of crypt_msg */
532 if(OS_SendUDPbySize(logr->sock, _ssize, crypt_msg) < 0)
534 merror(SEND_ERROR,ARGV0, "server");
538 if(!ReleaseMutex(hMutex))
540 merror("%s: Error releasing mutex.", ARGV0);
546 /* StartMQ for windows */
547 int StartMQ(char * path, short int type)
549 /* Connecting to the server. */
552 if((path == NULL) && (type == 0))
561 /* Send win32 info to server */
562 void send_win32_info(time_t curr_time)
565 char tmp_msg[OS_MAXSTR +2];
566 char crypt_msg[OS_MAXSTR +2];
568 tmp_msg[OS_MAXSTR +1] = '\0';
569 crypt_msg[OS_MAXSTR +1] = '\0';
572 debug1("%s: DEBUG: Sending keep alive message.", ARGV0);
576 __win32_curr_time = curr_time;
582 __win32_uname = getuname();
585 merror("%s: Error generating system information.", ARGV0);
586 os_strdup("Microsoft Windows - Unknown (unable to get system info)", __win32_uname);
591 /* Getting shared files list -- every 30 seconds only. */
592 if((__win32_curr_time - __win32_shared_time) > 30)
596 free(__win32_shared);
597 __win32_shared = NULL;
600 __win32_shared_time = __win32_curr_time;
604 /* get shared files */
607 __win32_shared = getsharedfiles();
610 __win32_shared = strdup("\0");
613 merror(MEM_ERROR, ARGV0);
621 /* creating message */
622 if(File_DateofChange(AGENTCONFIGINT) > 0)
625 if(OS_MD5_File(AGENTCONFIGINT, md5sum) != 0)
627 snprintf(tmp_msg, OS_SIZE_1024, "#!-%s\n%s", __win32_uname, __win32_shared);
631 snprintf(tmp_msg, OS_SIZE_1024, "#!-%s / %s\n%s", __win32_uname, md5sum, __win32_shared);
636 snprintf(tmp_msg, OS_SIZE_1024, "#!-%s\n%s", __win32_uname, __win32_shared);
640 /* creating message */
641 debug1("%s: DEBUG: Sending keep alive: %s", ARGV0, tmp_msg);
643 msg_size = CreateSecMSG(&keys, tmp_msg, crypt_msg, 0);
647 merror(SEC_ERROR, ARGV0);
651 /* Sending UDP message */
652 if(OS_SendUDPbySize(logr->sock, msg_size, crypt_msg) < 0)
654 merror(SEND_ERROR, ARGV0, "server");