debian/ossec-hids/var/ossec/bin/ossec-local.sh

   1 #!/bin/sh
   2 # ossec-control        This shell script takes care of starting
   3 #                      or stopping ossec-hids
   4 # Author: Daniel B. Cid <daniel.cid@gmail.com>
   5
   6 # Getting where we are installed
   7 LOCAL=`dirname $0`;
   8 cd ${LOCAL}
   9 PWD=`pwd`
  10 DIR=`dirname $PWD`;
  11 PLIST=${DIR}/bin/.process_list;
  12
  13 ###  Do not modify below here ###
  14
  15 # Getting additional processes
  16 ls -la ${PLIST} > /dev/null 2>&1
  17 if [ $? = 0 ]; then
  18 . ${PLIST};
  19 fi
  20
  21 NAME="OSSEC HIDS"
  22 VERSION="v3.3.0"
  23 DAEMONS="ossec-monitord ossec-logcollector ossec-syscheckd ossec-analysisd ossec-maild ossec-execd ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
  24
  25 ## Locking for the start/stop
  26 LOCK="${DIR}/var/start-script-lock"
  27 LOCK_PID="${LOCK}/pid"
  28
  29 # This number should be more than enough (even if it is
  30 # started multiple times together). It will try for up
  31 # to 10 attempts (or 10 seconds) to execute.
  32 MAX_ITERATION="10"
  33
  34 checkpid() {
  35     for i in ${DAEMONS}; do
  36         for j in `cat ${DIR}/var/run/${i}*.pid 2>/dev/null`; do
  37             ps -p $j |grep ossec >/dev/null 2>&1
  38             if [ ! $? = 0 ]; then
  39                 echo "Deleting PID file '${DIR}/var/run/${i}-${j}.pid' not used..."
  40                 rm ${DIR}/var/run/${i}-${j}.pid
  41             fi
  42         done
  43     done
  44 }
  45
  46 lock() {
  47     i=0;
  48
  49     # Providing a lock.
  50     while [ 1 ]; do
  51         mkdir ${LOCK} > /dev/null 2>&1
  52         MSL=$?
  53         if [ "${MSL}" = "0" ]; then
  54             # Lock acquired (setting the pid)
  55             echo "$$" > ${LOCK_PID}
  56             return;
  57         fi
  58
  59         # Waiting 1 second before trying again
  60         sleep 1;
  61         i=`expr $i + 1`;
  62
  63         # If PID is not present, speed things a bit.
  64         kill -0 `cat ${LOCK_PID}` >/dev/null 2>&1
  65         if [ ! $? = 0 ]; then
  66             # Pid is not present.
  67             i=`expr $i + 1`;
  68         fi
  69
  70         # We tried 10 times to acquire the lock.
  71         if [ "$i" = "${MAX_ITERATION}" ]; then
  72             # Unlocking and executing
  73             unlock;
  74             mkdir ${LOCK} > /dev/null 2>&1
  75             echo "$$" > ${LOCK_PID}
  76             return;
  77         fi
  78     done
  79 }
  80
  81 unlock()
  82 {
  83     rm -rf ${LOCK}
  84 }
  85
  86 help()
  87 {
  88     # Help message
  89     echo ""
  90     echo "Usage: $0 {start|stop|restart|status|enable|disable}";
  91     exit 1;
  92 }
  93
  94 # Enables additional daemons
  95 enable()
  96 {
  97     if [ "X$2" = "X" ]; then
  98         echo ""
  99         echo "Enable options: database, client-syslog, agentless, debug"
 100         echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
 101         exit 1;
 102     fi
 103
 104     if [ "X$2" = "Xdatabase" ]; then
 105         echo "DB_DAEMON=ossec-dbd" >> ${PLIST};
 106     elif [ "X$2" = "Xclient-syslog" ]; then
 107         echo "CSYSLOG_DAEMON=ossec-csyslogd" >> ${PLIST};
 108     elif [ "X$2" = "Xagentless" ]; then
 109         echo "AGENTLESS_DAEMON=ossec-agentlessd" >> ${PLIST};
 110     elif [ "X$2" = "Xdebug" ]; then
 111         echo "DEBUG_CLI=\"-d\"" >> ${PLIST};
 112     else
 113         echo ""
 114         echo "Invalid enable option."
 115         echo ""
 116         echo "Enable options: database, client-syslog, agentless, debug"
 117         echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
 118         exit 1;
 119     fi
 120 }
 121
 122 # Disables additional daemons
 123 disable()
 124 {
 125     if [ "X$2" = "X" ]; then
 126         echo ""
 127         echo "Disable options: database, client-syslog, agentless, debug"
 128         echo "Usage: $0 disable [database|client-syslog|agentless,debug]"
 129         exit 1;
 130     fi
 131
 132     if [ "X$2" = "Xdatabase" ]; then
 133         echo "DB_DAEMON=\"\"" >> ${PLIST};
 134     elif [ "X$2" = "Xclient-syslog" ]; then
 135         echo "CSYSLOG_DAEMON=\"\"" >> ${PLIST};
 136     elif [ "X$2" = "Xagentless" ]; then
 137         echo "AGENTLESS_DAEMON=\"\"" >> ${PLIST};
 138     elif [ "X$2" = "Xdebug" ]; then
 139         echo "DEBUG_CLI=\"\"" >> ${PLIST};
 140     else
 141         echo ""
 142         echo "Invalid disable option."
 143         echo ""
 144         echo "Disable options: database, client-syslog, agentless, debug"
 145         echo "Usage: $0 disable [database|client-syslog|agentless|debug]"
 146         exit 1;
 147     fi
 148 }
 149
 150 status()
 151 {
 152     RETVAL=0
 153     for i in ${DAEMONS}; do
 154         pstatus ${i};
 155         if [ $? = 0 ]; then
 156             RETVAL=1
 157             echo "${i} not running..."
 158         else
 159             echo "${i} is running..."
 160         fi
 161     done
 162     exit $RETVAL
 163 }
 164
 165 testconfig()
 166 {
 167     # We first loop to check the config
 168     for i in ${SDAEMONS}; do
 169         ${DIR}/bin/${i} -t ${DEBUG_CLI};
 170         if [ $? != 0 ]; then
 171             echo "${i}: Configuration error. Exiting"
 172             unlock;
 173             exit 1;
 174         fi
 175     done
 176 }
 177
 178 start()
 179 {
 180     SDAEMONS="${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON} ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-syscheckd ossec-monitord"
 181
 182     echo "Starting $NAME $VERSION..."
 183     echo | ${DIR}/bin/ossec-logtest > /dev/null 2>&1;
 184     if [ ! $? = 0 ]; then
 185         echo "ossec-analysisd: Configuration error. Exiting."
 186         exit 1;
 187     fi
 188
 189     lock;
 190     checkpid;
 191
 192     # We actually start them now.
 193     for i in ${SDAEMONS}; do
 194         pstatus ${i};
 195         if [ $? = 0 ]; then
 196             ${DIR}/bin/${i} ${DEBUG_CLI};
 197             if [ $? != 0 ]; then
 198                 echo "${i} did not start correctly.";
 199                 unlock;
 200                 exit 1;
 201             fi
 202             echo "Started ${i}..."
 203         else
 204             echo "${i} already running..."
 205         fi
 206     done
 207
 208     # After we start we give 2 seconds for the daemons
 209     # to internally create their PID files.
 210     sleep 2;
 211     unlock;
 212
 213     ls -la "${DIR}/ossec-agent/" >/dev/null 2>&1
 214     if [ $? = 0 ]; then
 215         echo ""
 216         echo "Starting sub agent directory (for hybrid mode)"
 217         ${DIR}/ossec-agent/bin/ossec-control start
 218     fi
 219
 220     echo "Completed."
 221 }
 222
 223 pstatus()
 224 {
 225     pfile=$1;
 226
 227     # pfile must be set
 228     if [ "X${pfile}" = "X" ]; then
 229         return 0;
 230     fi
 231
 232     ls ${DIR}/var/run/${pfile}*.pid > /dev/null 2>&1
 233     if [ $? = 0 ]; then
 234         for j in `cat ${DIR}/var/run/${pfile}*.pid 2>/dev/null`; do
 235             ps -p $j |grep ossec >/dev/null 2>&1
 236             if [ ! $? = 0 ]; then
 237                 echo "${pfile}: Process $j not used by ossec, removing .."
 238                 rm -f ${DIR}/var/run/${pfile}-$j.pid
 239                 continue;
 240             fi
 241
 242             kill -0 $j > /dev/null 2>&1
 243             if [ $? = 0 ]; then
 244                 return 1;
 245             fi
 246         done
 247     fi
 248
 249     return 0;
 250 }
 251
 252 stopa()
 253 {
 254     lock;
 255     checkpid;
 256     for i in ${DAEMONS}; do
 257         pstatus ${i};
 258         if [ $? = 1 ]; then
 259             echo "Killing ${i} .. ";
 260             kill `cat ${DIR}/var/run/${i}*.pid`;
 261         else
 262             echo "${i} not running ..";
 263         fi
 264         rm -f ${DIR}/var/run/${i}*.pid
 265     done
 266
 267     unlock;
 268
 269     ls -la "${DIR}/ossec-agent/" >/dev/null 2>&1
 270     if [ $? = 0 ]; then
 271         echo ""
 272         echo "Stopping sub agent directory (for hybrid mode)"
 273         ${DIR}/ossec-agent/bin/ossec-control stop
 274     fi
 275     echo "$NAME $VERSION Stopped"
 276 }
 277
 278 ### MAIN HERE ###
 279
 280 case "$1" in
 281 start)
 282     testconfig
 283     start
 284     ;;
 285 stop)
 286     stopa
 287     ;;
 288 restart)
 289     testconfig
 290     stopa
 291     sleep 1;
 292     start
 293     ;;
 294 status)
 295     status
 296     ;;
 297 help)
 298     help
 299     ;;
 300 enable)
 301     enable $1 $2;
 302     ;;
 303 disable)
 304     disable $1 $2;
 305     ;;
 306 *)
 307     help
 308 esac
 309