1 /* @(#) $Id: ./src/win32/win_service.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
24 #define ARGV0 "ossec-agent"
27 static LPTSTR g_lpszServiceName = "OssecSvc";
28 static LPTSTR g_lpszServiceDisplayName = "OSSEC HIDS";
29 static LPTSTR g_lpszServiceDescription = "OSSEC HIDS Windows Agent";
31 static SERVICE_STATUS ossecServiceStatus;
32 static SERVICE_STATUS_HANDLE ossecServiceStatusHandle;
35 void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv);
39 /* os_start_service: Starts ossec service */
40 int os_start_service()
43 SC_HANDLE schSCManager, schService;
46 /* Removing from the services database */
47 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
50 schService = OpenService(schSCManager,g_lpszServiceName,
51 SC_MANAGER_ALL_ACCESS);
55 if(StartService(schService, 0, NULL))
61 if(GetLastError() == ERROR_SERVICE_ALREADY_RUNNING)
67 CloseServiceHandle(schService);
70 CloseServiceHandle(schSCManager);
77 /* os_start_service: Starts ossec service */
81 SC_HANDLE schSCManager, schService;
84 /* Removing from the services database */
85 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
88 schService = OpenService(schSCManager,g_lpszServiceName,
89 SC_MANAGER_ALL_ACCESS);
92 SERVICE_STATUS lpServiceStatus;
94 if(ControlService(schService,
95 SERVICE_CONTROL_STOP, &lpServiceStatus))
100 CloseServiceHandle(schService);
103 CloseServiceHandle(schSCManager);
110 /* int QueryService(): Checks if service is running. */
111 int CheckServiceRunning()
114 SC_HANDLE schSCManager, schService;
117 /* Removing from the services database */
118 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
121 schService = OpenService(schSCManager,g_lpszServiceName,
122 SC_MANAGER_ALL_ACCESS);
125 /* Checking status */
126 SERVICE_STATUS lpServiceStatus;
128 if(QueryServiceStatus(schService, &lpServiceStatus))
130 if(lpServiceStatus.dwCurrentState == SERVICE_RUNNING)
135 CloseServiceHandle(schService);
138 CloseServiceHandle(schSCManager);
145 /* int InstallService()
146 * Install the OSSEC HIDS agent service.
148 int InstallService(char *path)
150 char buffer[MAX_PATH+1];
152 SC_HANDLE schSCManager, schService;
153 LPCTSTR lpszBinaryPathName = NULL;
154 SERVICE_DESCRIPTION sdBuf;
157 /* Cleaning up some variables */
158 buffer[MAX_PATH] = '\0';
161 /* Executable path -- it must be called with the
164 lpszBinaryPathName = path;
166 /* Opening the services database */
167 schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
169 if (schSCManager == NULL)
174 /* Creating the service */
175 schService = CreateService(schSCManager,
177 g_lpszServiceDisplayName,
179 SERVICE_WIN32_OWN_PROCESS,
181 SERVICE_ERROR_NORMAL,
183 NULL, NULL, NULL, NULL, NULL);
185 if (schService == NULL)
190 /* Setting description */
191 sdBuf.lpDescription = g_lpszServiceDescription;
192 if(!ChangeServiceConfig2(schService, SERVICE_CONFIG_DESCRIPTION, &sdBuf))
197 CloseServiceHandle(schService);
198 CloseServiceHandle(schSCManager);
200 printf(" [%s] Successfully added to the Services database.\n", ARGV0);
206 char local_msg[1025];
209 memset(local_msg, 0, 1025);
211 FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
212 FORMAT_MESSAGE_FROM_SYSTEM |
213 FORMAT_MESSAGE_IGNORE_INSERTS,
216 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
221 merror(local_msg, 1024, "[%s] Unable to create registry "
222 "entry: %s", ARGV0,(LPCTSTR)lpMsgBuf);
228 /* int UninstallService()
229 * Uninstall the OSSEC HIDS agent service.
231 int UninstallService()
233 SC_HANDLE schSCManager, schService;
236 /* Removing from the services database */
237 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
240 schService = OpenService(schSCManager,g_lpszServiceName,DELETE);
243 if (DeleteService(schService))
246 CloseServiceHandle(schService);
247 CloseServiceHandle(schSCManager);
249 printf(" [%s] Successfully removed from "
250 "the Services database.\n", ARGV0);
253 CloseServiceHandle(schService);
255 CloseServiceHandle(schSCManager);
258 fprintf(stderr, " [%s] Error removing from "
259 "the Services database.\n", ARGV0);
266 /** VOID WINAPI OssecServiceCtrlHandler (DWORD dwOpcode)
269 VOID WINAPI OssecServiceCtrlHandler(DWORD dwOpcode)
273 case SERVICE_CONTROL_STOP:
274 ossecServiceStatus.dwCurrentState = SERVICE_STOPPED;
275 ossecServiceStatus.dwWin32ExitCode = 0;
276 ossecServiceStatus.dwCheckPoint = 0;
277 ossecServiceStatus.dwWaitHint = 0;
279 verbose("%s: Received exit signal.", ARGV0);
280 SetServiceStatus (ossecServiceStatusHandle, &ossecServiceStatus);
281 verbose("%s: Exiting...", ARGV0);
290 /** void WinSetError()
291 * Sets the error code in the services
295 OssecServiceCtrlHandler(SERVICE_CONTROL_STOP);
299 /** int os_WinMain(int argc, char **argv)
300 * Initializes OSSEC dispatcher
302 int os_WinMain(int argc, char **argv)
304 SERVICE_TABLE_ENTRY steDispatchTable[] =
306 { g_lpszServiceName, OssecServiceStart },
310 if(!StartServiceCtrlDispatcher(steDispatchTable))
312 merror("%s: Unable to set service information.", ARGV0);
320 /** void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv)
321 * Starts OSSEC service
323 void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv)
325 ossecServiceStatus.dwServiceType = SERVICE_WIN32;
326 ossecServiceStatus.dwCurrentState = SERVICE_START_PENDING;
327 ossecServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
328 ossecServiceStatus.dwWin32ExitCode = 0;
329 ossecServiceStatus.dwServiceSpecificExitCode= 0;
330 ossecServiceStatus.dwCheckPoint = 0;
331 ossecServiceStatus.dwWaitHint = 0;
333 ossecServiceStatusHandle =
334 RegisterServiceCtrlHandler(g_lpszServiceName,
335 OssecServiceCtrlHandler);
337 if (ossecServiceStatusHandle == (SERVICE_STATUS_HANDLE)0)
339 merror("%s: RegisterServiceCtrlHandler failed.", ARGV0);
343 ossecServiceStatus.dwCurrentState = SERVICE_RUNNING;
344 ossecServiceStatus.dwCheckPoint = 0;
345 ossecServiceStatus.dwWaitHint = 0;
347 if (!SetServiceStatus(ossecServiceStatusHandle, &ossecServiceStatus))
349 merror("%s: SetServiceStatus error.", ARGV0);
355 /* Starting process */