1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
17 #define ARGV0 "ossec-agent"
20 static LPTSTR g_lpszServiceName = "OssecSvc";
21 static LPTSTR g_lpszServiceDisplayName = "OSSEC HIDS";
22 static LPTSTR g_lpszServiceDescription = "OSSEC HIDS Windows Agent";
24 static SERVICE_STATUS ossecServiceStatus;
25 static SERVICE_STATUS_HANDLE ossecServiceStatusHandle;
27 void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv);
30 /* Start OSSEC-HIDS service */
31 int os_start_service()
34 SC_HANDLE schSCManager, schService;
36 /* Start the database */
37 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
39 schService = OpenService(schSCManager, g_lpszServiceName,
40 SC_MANAGER_ALL_ACCESS);
42 if (StartService(schService, 0, NULL)) {
45 if (GetLastError() == ERROR_SERVICE_ALREADY_RUNNING) {
50 CloseServiceHandle(schService);
53 CloseServiceHandle(schSCManager);
59 /* Stop OSSEC-HIDS service */
63 SC_HANDLE schSCManager, schService;
65 /* Stop the service database */
66 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
68 schService = OpenService(schSCManager, g_lpszServiceName,
69 SC_MANAGER_ALL_ACCESS);
71 SERVICE_STATUS lpServiceStatus;
73 if (ControlService(schService, SERVICE_CONTROL_STOP, &lpServiceStatus)) {
77 CloseServiceHandle(schService);
80 CloseServiceHandle(schSCManager);
86 /* Check if the OSSEC-HIDS agent service is running
87 * Returns 1 on success (running) or 0 if not running
89 int CheckServiceRunning()
92 SC_HANDLE schSCManager, schService;
94 /* Check service status */
95 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
97 schService = OpenService(schSCManager, g_lpszServiceName,
98 SC_MANAGER_ALL_ACCESS);
101 SERVICE_STATUS lpServiceStatus;
103 if (QueryServiceStatus(schService, &lpServiceStatus)) {
104 if (lpServiceStatus.dwCurrentState == SERVICE_RUNNING) {
108 CloseServiceHandle(schService);
111 CloseServiceHandle(schSCManager);
117 /* Install the OSSEC-HIDS agent service */
118 int InstallService(char *path)
121 SC_HANDLE schSCManager, schService;
122 LPCTSTR lpszBinaryPathName = NULL;
123 SERVICE_DESCRIPTION sdBuf;
125 /* Uninstall service (if it exists) */
126 if (!UninstallService()) {
127 verbose("%s: ERROR: Failure running UninstallService().", ARGV0);
131 /* Executable path -- it must be called with the full path */
132 lpszBinaryPathName = path;
134 /* Opening the service database */
135 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
137 if (schSCManager == NULL) {
141 /* Create the service */
142 schService = CreateService(schSCManager,
144 g_lpszServiceDisplayName,
146 SERVICE_WIN32_OWN_PROCESS,
148 SERVICE_ERROR_NORMAL,
150 NULL, NULL, NULL, NULL, NULL);
152 if (schService == NULL) {
153 CloseServiceHandle(schSCManager);
157 /* Set description */
158 sdBuf.lpDescription = g_lpszServiceDescription;
159 ret = ChangeServiceConfig2(schService, SERVICE_CONFIG_DESCRIPTION, &sdBuf);
161 CloseServiceHandle(schService);
162 CloseServiceHandle(schSCManager);
164 /* Check for errors */
169 verbose("%s: INFO: Successfully added to the service database.", ARGV0);
173 char local_msg[1025];
176 memset(local_msg, 0, 1025);
178 FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
179 FORMAT_MESSAGE_FROM_SYSTEM |
180 FORMAT_MESSAGE_IGNORE_INSERTS,
183 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
188 verbose("%s: ERROR: Unable to create service entry: %s", ARGV0, (LPCTSTR)lpMsgBuf);
193 /* Uninstall the OSSEC-HIDS agent service */
194 int UninstallService()
198 SC_HANDLE schSCManager, schService;
199 SERVICE_STATUS lpServiceStatus;
201 /* Remove from the service database */
202 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
204 schService = OpenService(schSCManager, g_lpszServiceName, SERVICE_STOP | DELETE);
206 if (CheckServiceRunning()) {
207 verbose("%s: INFO: Found (%s) service is running going to try and stop it.", ARGV0, g_lpszServiceName);
208 ret = ControlService(schService, SERVICE_CONTROL_STOP, &lpServiceStatus);
210 verbose("%s: ERROR: Failure stopping service (%s) before removing it (%ld).", ARGV0, g_lpszServiceName, GetLastError());
212 verbose("%s: INFO: Successfully stopped (%s).", ARGV0, g_lpszServiceName);
215 verbose("%s: INFO: Found (%s) service is not running.", ARGV0, g_lpszServiceName);
219 if (ret && DeleteService(schService)) {
220 verbose("%s: INFO: Successfully removed (%s) from the service database.", ARGV0, g_lpszServiceName);
223 CloseServiceHandle(schService);
225 verbose("%s: INFO: Service does not exist (%s) nothing to remove.", ARGV0, g_lpszServiceName);
228 CloseServiceHandle(schSCManager);
232 verbose("%s: ERROR: Failure removing (%s) from the service database.", ARGV0, g_lpszServiceName);
238 /* "Signal" handler */
239 VOID WINAPI OssecServiceCtrlHandler(DWORD dwOpcode)
242 case SERVICE_CONTROL_STOP:
243 ossecServiceStatus.dwCurrentState = SERVICE_STOPPED;
244 ossecServiceStatus.dwWin32ExitCode = 0;
245 ossecServiceStatus.dwCheckPoint = 0;
246 ossecServiceStatus.dwWaitHint = 0;
248 verbose("%s: INFO: Received exit signal.", ARGV0);
249 SetServiceStatus (ossecServiceStatusHandle, &ossecServiceStatus);
250 verbose("%s: INFO: Exiting...", ARGV0);
258 /* Set the error code in the service */
261 OssecServiceCtrlHandler(SERVICE_CONTROL_STOP);
264 /* Initialize OSSEC-HIDS dispatcher */
265 int os_WinMain(__attribute__((unused)) int argc, __attribute__((unused)) char **argv)
267 SERVICE_TABLE_ENTRY steDispatchTable[] = {
268 { g_lpszServiceName, OssecServiceStart },
272 if (!StartServiceCtrlDispatcher(steDispatchTable)) {
273 verbose("%s: INFO: Unable to set service information.", ARGV0);
280 /* Start OSSEC service */
281 void WINAPI OssecServiceStart (__attribute__((unused)) DWORD argc, __attribute__((unused)) LPTSTR *argv)
283 ossecServiceStatus.dwServiceType = SERVICE_WIN32;
284 ossecServiceStatus.dwCurrentState = SERVICE_START_PENDING;
285 ossecServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
286 ossecServiceStatus.dwWin32ExitCode = 0;
287 ossecServiceStatus.dwServiceSpecificExitCode = 0;
288 ossecServiceStatus.dwCheckPoint = 0;
289 ossecServiceStatus.dwWaitHint = 0;
291 ossecServiceStatusHandle =
292 RegisterServiceCtrlHandler(g_lpszServiceName,
293 OssecServiceCtrlHandler);
295 if (ossecServiceStatusHandle == (SERVICE_STATUS_HANDLE)0) {
296 verbose("%s: INFO: RegisterServiceCtrlHandler failed.", ARGV0);
300 ossecServiceStatus.dwCurrentState = SERVICE_RUNNING;
301 ossecServiceStatus.dwCheckPoint = 0;
302 ossecServiceStatus.dwWaitHint = 0;
304 if (!SetServiceStatus(ossecServiceStatusHandle, &ossecServiceStatus)) {
305 verbose("%s: INFO: SetServiceStatus error.", ARGV0);