# or stopping ossec-hids
# Author: Daniel B. Cid <daniel.cid@gmail.com>
-
# Getting where we are installed
LOCAL=`dirname $0`;
cd ${LOCAL}
DIR=`dirname $PWD`;
PLIST=${DIR}/bin/.process_list;
-
-### Do not modify bellow here ###
+### Do not modify below here ###
# Getting additional processes
ls -la ${PLIST} > /dev/null 2>&1
. ${PLIST};
fi
-
NAME="OSSEC HIDS"
-VERSION="v2.8.3"
-AUTHOR="Trend Micro Inc."
+VERSION="v3.3.0"
DAEMONS="ossec-monitord ossec-logcollector ossec-syscheckd ossec-analysisd ossec-maild ossec-execd ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
-
## Locking for the start/stop
LOCK="${DIR}/var/start-script-lock"
LOCK_PID="${LOCK}/pid"
-
# This number should be more than enough (even if it is
# started multiple times together). It will try for up
# to 10 attempts (or 10 seconds) to execute.
MAX_ITERATION="10"
-
-
-# Check pid
-checkpid()
-{
+checkpid() {
for i in ${DAEMONS}; do
for j in `cat ${DIR}/var/run/${i}*.pid 2>/dev/null`; do
ps -p $j |grep ossec >/dev/null 2>&1
if [ ! $? = 0 ]; then
echo "Deleting PID file '${DIR}/var/run/${i}-${j}.pid' not used..."
rm ${DIR}/var/run/${i}-${j}.pid
- fi
- done
- done
+ fi
+ done
+ done
}
-
-
-# Lock function
-lock()
-{
+lock() {
i=0;
-
+
# Providing a lock.
while [ 1 ]; do
mkdir ${LOCK} > /dev/null 2>&1
MSL=$?
if [ "${MSL}" = "0" ]; then
- # Lock aquired (setting the pid)
+ # Lock acquired (setting the pid)
echo "$$" > ${LOCK_PID}
return;
fi
if [ ! $? = 0 ]; then
# Pid is not present.
i=`expr $i + 1`;
- fi
+ fi
# We tried 10 times to acquire the lock.
if [ "$i" = "${MAX_ITERATION}" ]; then
done
}
-
-# Unlock function
unlock()
{
rm -rf ${LOCK}
}
-
-# Help message
help()
{
# Help message
exit 1;
}
-
-# Enables/disables additional daemons
+# Enables additional daemons
enable()
{
if [ "X$2" = "X" ]; then
echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
exit 1;
fi
-
+
if [ "X$2" = "Xdatabase" ]; then
echo "DB_DAEMON=ossec-dbd" >> ${PLIST};
elif [ "X$2" = "Xclient-syslog" ]; then
echo "CSYSLOG_DAEMON=ossec-csyslogd" >> ${PLIST};
elif [ "X$2" = "Xagentless" ]; then
- echo "AGENTLESS_DAEMON=ossec-agentlessd" >> ${PLIST};
- elif [ "X$2" = "Xdebug" ]; then
- echo "DEBUG_CLI=\"-d\"" >> ${PLIST};
+ echo "AGENTLESS_DAEMON=ossec-agentlessd" >> ${PLIST};
+ elif [ "X$2" = "Xdebug" ]; then
+ echo "DEBUG_CLI=\"-d\"" >> ${PLIST};
else
echo ""
echo "Invalid enable option."
echo "Enable options: database, client-syslog, agentless, debug"
echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
exit 1;
- fi
-
-
+ fi
}
-
-
-# Enables/disables additional daemons
+# Disables additional daemons
disable()
{
if [ "X$2" = "X" ]; then
echo "Usage: $0 disable [database|client-syslog|agentless,debug]"
exit 1;
fi
-
+
if [ "X$2" = "Xdatabase" ]; then
echo "DB_DAEMON=\"\"" >> ${PLIST};
elif [ "X$2" = "Xclient-syslog" ]; then
echo "CSYSLOG_DAEMON=\"\"" >> ${PLIST};
elif [ "X$2" = "Xagentless" ]; then
- echo "AGENTLESS_DAEMON=\"\"" >> ${PLIST};
- elif [ "X$2" = "Xdebug" ]; then
- echo "DEBUG_CLI=\"\"" >> ${PLIST};
+ echo "AGENTLESS_DAEMON=\"\"" >> ${PLIST};
+ elif [ "X$2" = "Xdebug" ]; then
+ echo "DEBUG_CLI=\"\"" >> ${PLIST};
else
echo ""
echo "Invalid disable option."
echo "Disable options: database, client-syslog, agentless, debug"
echo "Usage: $0 disable [database|client-syslog|agentless|debug]"
exit 1;
- fi
-
-
+ fi
}
-
-
-# Status function
status()
{
RETVAL=0
testconfig()
{
- # We first loop to check the config.
+ # We first loop to check the config
for i in ${SDAEMONS}; do
${DIR}/bin/${i} -t ${DEBUG_CLI};
if [ $? != 0 ]; then
echo "${i}: Configuration error. Exiting"
unlock;
exit 1;
- fi
+ fi
done
}
-
-# Start function
start()
{
SDAEMONS="${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON} ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-syscheckd ossec-monitord"
-
- echo "Starting $NAME $VERSION (by $AUTHOR)..."
+
+ echo "Starting $NAME $VERSION..."
echo | ${DIR}/bin/ossec-logtest > /dev/null 2>&1;
if [ ! $? = 0 ]; then
echo "ossec-analysisd: Configuration error. Exiting."
exit 1;
- fi
+ fi
lock;
checkpid;
-
# We actually start them now.
for i in ${SDAEMONS}; do
pstatus ${i};
if [ $? = 0 ]; then
${DIR}/bin/${i} ${DEBUG_CLI};
if [ $? != 0 ]; then
- echo "${i} did not start correctly.";
+ echo "${i} did not start correctly.";
unlock;
exit 1;
- fi
-
- echo "Started ${i}..."
+ fi
+ echo "Started ${i}..."
else
- echo "${i} already running..."
- fi
-
- done
+ echo "${i} already running..."
+ fi
+ done
# After we start we give 2 seconds for the daemons
# to internally create their PID files.
echo "Starting sub agent directory (for hybrid mode)"
${DIR}/ossec-agent/bin/ossec-control start
fi
-
+
echo "Completed."
}
-# Process status
pstatus()
{
pfile=$1;
-
+
# pfile must be set
if [ "X${pfile}" = "X" ]; then
return 0;
fi
-
+
ls ${DIR}/var/run/${pfile}*.pid > /dev/null 2>&1
if [ $? = 0 ]; then
for j in `cat ${DIR}/var/run/${pfile}*.pid 2>/dev/null`; do
rm -f ${DIR}/var/run/${pfile}-$j.pid
continue;
fi
-
+
kill -0 $j > /dev/null 2>&1
if [ $? = 0 ]; then
return 1;
- fi
- done
+ fi
+ done
fi
-
- return 0;
-}
+ return 0;
+}
-# Stop all
stopa()
{
lock;
pstatus ${i};
if [ $? = 1 ]; then
echo "Killing ${i} .. ";
-
kill `cat ${DIR}/var/run/${i}*.pid`;
else
- echo "${i} not running ..";
+ echo "${i} not running ..";
fi
-
rm -f ${DIR}/var/run/${i}*.pid
-
- done
-
+ done
+
unlock;
ls -la "${DIR}/ossec-agent/" >/dev/null 2>&1
echo "$NAME $VERSION Stopped"
}
-
### MAIN HERE ###
case "$1" in
- start)
+start)
testconfig
- start
- ;;
- stop)
- stopa
- ;;
- restart)
+ start
+ ;;
+stop)
+ stopa
+ ;;
+restart)
testconfig
- stopa
- sleep 1;
- start
- ;;
- status)
+ stopa
+ sleep 1;
+ start
+ ;;
+status)
status
- ;;
- help)
+ ;;
+help)
help
;;
- enable)
+enable)
enable $1 $2;
- ;;
- disable)
+ ;;
+disable)
disable $1 $2;
- ;;
- *)
+ ;;
+*)
help
esac
+