debian/ossec-hids/var/ossec/bin/ossec-server.sh

   1 #!/bin/sh
   2 # ossec-control        This shell script takes care of starting
   3 #                      or stopping ossec-hids
   4 # Author: Daniel B. Cid <daniel.cid@gmail.com>
   5
   6 # Getting where we are installed
   7 LOCAL=`dirname $0`;
   8 cd ${LOCAL}
   9 PWD=`pwd`
  10 DIR=`dirname $PWD`;
  11 PLIST=${DIR}/bin/.process_list;
  12
  13 ###  Do not modify below here ###
  14
  15 # Getting additional processes
  16 ls -la ${PLIST} > /dev/null 2>&1
  17 if [ $? = 0 ]; then
  18 . ${PLIST};
  19 fi
  20
  21 NAME="OSSEC HIDS"
  22 VERSION="v3.3.0"
  23
  24 [ -f /etc/ossec-init.conf ] && . /etc/ossec-init.conf;
  25
  26 DAEMONS="ossec-monitord ossec-logcollector ossec-remoted ossec-syscheckd ossec-analysisd ossec-maild ossec-execd ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
  27
  28 ## Locking for the start/stop
  29 LOCK="${DIR}/var/start-script-lock"
  30 LOCK_PID="${LOCK}/pid"
  31
  32 # This number should be more than enough (even if it is
  33 # started multiple times together). It will try for up
  34 # to 10 attempts (or 10 seconds) to execute.
  35 MAX_ITERATION="10"
  36
  37 checkpid()
  38 {
  39     for i in ${DAEMONS}; do
  40         for j in `cat ${DIR}/var/run/${i}*.pid 2>/dev/null`; do
  41             ps -p $j |grep ossec >/dev/null 2>&1
  42             if [ ! $? = 0 ]; then
  43                 echo "Deleting PID file '${DIR}/var/run/${i}-${j}.pid' not used..."
  44                 rm ${DIR}/var/run/${i}-${j}.pid
  45             fi
  46         done
  47     done
  48 }
  49
  50 lock()
  51 {
  52     i=0;
  53
  54     # Providing a lock.
  55     while [ 1 ]; do
  56         mkdir ${LOCK} > /dev/null 2>&1
  57         MSL=$?
  58         if [ "${MSL}" = "0" ]; then
  59             # Lock acquired (setting the pid)
  60             echo "$$" > ${LOCK_PID}
  61             return;
  62         fi
  63
  64         # Waiting 1 second before trying again
  65         sleep 1;
  66         i=`expr $i + 1`;
  67
  68         # If PID is not present, speed things a bit.
  69         kill -0 `cat ${LOCK_PID}` >/dev/null 2>&1
  70         if [ ! $? = 0 ]; then
  71             # Pid is not present.
  72             i=`expr $i + 1`;
  73         fi
  74
  75         # We tried 10 times to acquire the lock.
  76         if [ "$i" = "${MAX_ITERATION}" ]; then
  77             # Unlocking and executing
  78             unlock;
  79             mkdir ${LOCK} > /dev/null 2>&1
  80             echo "$$" > ${LOCK_PID}
  81             return;
  82         fi
  83     done
  84 }
  85
  86 unlock()
  87 {
  88     rm -rf ${LOCK}
  89 }
  90
  91 help()
  92 {
  93     # Help message
  94     echo ""
  95     echo "Usage: $0 {start|stop|reload|restart|status|enable|disable}";
  96     exit 1;
  97 }
  98
  99 # Enables additional daemons
 100 enable()
 101 {
 102     if [ "X$2" = "X" ]; then
 103         echo ""
 104         echo "Enable options: database, client-syslog, agentless, debug"
 105         echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
 106         exit 1;
 107     fi
 108
 109     if [ "X$2" = "Xdatabase" ]; then
 110         echo "DB_DAEMON=ossec-dbd" >> ${PLIST};
 111     elif [ "X$2" = "Xclient-syslog" ]; then
 112         echo "CSYSLOG_DAEMON=ossec-csyslogd" >> ${PLIST};
 113     elif [ "X$2" = "Xagentless" ]; then
 114         echo "AGENTLESS_DAEMON=ossec-agentlessd" >> ${PLIST};
 115     elif [ "X$2" = "Xdebug" ]; then
 116         echo "DEBUG_CLI=\"-d\"" >> ${PLIST};
 117     else
 118         echo ""
 119         echo "Invalid enable option."
 120         echo ""
 121         echo "Enable options: database, client-syslog, agentless, debug"
 122         echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
 123         exit 1;
 124     fi
 125 }
 126
 127 # Disables additional daemons
 128 disable()
 129 {
 130     if [ "X$2" = "X" ]; then
 131         echo ""
 132         echo "Disable options: database, client-syslog, agentless, debug"
 133         echo "Usage: $0 disable [database|client-syslog|agentless|debug]"
 134         exit 1;
 135     fi
 136
 137     if [ "X$2" = "Xdatabase" ]; then
 138         echo "DB_DAEMON=\"\"" >> ${PLIST};
 139     elif [ "X$2" = "Xclient-syslog" ]; then
 140         echo "CSYSLOG_DAEMON=\"\"" >> ${PLIST};
 141     elif [ "X$2" = "Xagentless" ]; then
 142         echo "AGENTLESS_DAEMON=\"\"" >> ${PLIST};
 143     elif [ "X$2" = "Xdebug" ]; then
 144         echo "DEBUG_CLI=\"\"" >> ${PLIST};
 145     else
 146         echo ""
 147         echo "Invalid disable option."
 148         echo ""
 149         echo "Disable options: database, client-syslog, agentless, debug"
 150         echo "Usage: $0 disable [database|client-syslog|agentless|debug]"
 151         exit 1;
 152     fi
 153 }
 154
 155 status()
 156 {
 157     RETVAL=0
 158     for i in ${DAEMONS}; do
 159         ## If ossec-maild is disabled, don't try to start it.
 160         if [ X"$i" = "Xossec-maild" ]; then
 161             grep "<email_notification>no<" ${DIR}/etc/ossec.conf >/dev/null 2>&1
 162             if [ $? = 0 ]; then
 163                 continue
 164             fi
 165         fi
 166
 167         pstatus ${i};
 168         if [ $? = 0 ]; then
 169             echo "${i} not running..."
 170             RETVAL=1
 171         else
 172             echo "${i} is running..."
 173         fi
 174     done
 175     exit $RETVAL
 176 }
 177
 178 testconfig()
 179 {
 180     # We first loop to check the config.
 181     for i in ${SDAEMONS}; do
 182         ${DIR}/bin/${i} -t ${DEBUG_CLI};
 183         if [ $? != 0 ]; then
 184             echo "${i}: Configuration error. Exiting"
 185             unlock;
 186             exit 1;
 187         fi
 188     done
 189 }
 190
 191 # Start function
 192 start()
 193 {
 194     SDAEMONS="${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON} ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-remoted ossec-syscheckd ossec-monitord"
 195
 196     echo "Starting $NAME $VERSION..."
 197     echo | ${DIR}/bin/ossec-logtest > /dev/null 2>&1;
 198     if [ ! $? = 0 ]; then
 199         echo "OSSEC analysisd: Testing rules failed. Configuration error. Exiting."
 200         exit 1;
 201     fi
 202     lock;
 203     checkpid;
 204
 205     # We actually start them now.
 206     for i in ${SDAEMONS}; do
 207
 208         ## If ossec-maild is disabled, don't try to start it.
 209         if [ X"$i" = "Xossec-maild" ]; then
 210              grep "<email_notification>no<" ${DIR}/etc/ossec.conf >/dev/null 2>&1
 211              if [ $? = 0 ]; then
 212                  continue
 213              fi
 214         fi
 215
 216         pstatus ${i};
 217         if [ $? = 0 ]; then
 218             ${DIR}/bin/${i} ${DEBUG_CLI};
 219             if [ $? != 0 ]; then
 220                 echo "${i} did not start correctly.";
 221                 unlock;
 222                 exit 1;
 223             fi
 224
 225             echo "Started ${i}..."
 226         else
 227             echo "${i} already running..."
 228         fi
 229     done
 230
 231     # After we start we give 2 seconds for the daemons
 232     # to internally create their PID files.
 233     sleep 2;
 234     unlock;
 235     echo "Completed."
 236 }
 237
 238 pstatus()
 239 {
 240     pfile=$1;
 241
 242     # pfile must be set
 243     if [ "X${pfile}" = "X" ]; then
 244         return 0;
 245     fi
 246
 247     ls ${DIR}/var/run/${pfile}*.pid > /dev/null 2>&1
 248     if [ $? = 0 ]; then
 249         for j in `cat ${DIR}/var/run/${pfile}*.pid 2>/dev/null`; do
 250             ps -p $j |grep ossec >/dev/null 2>&1
 251             if [ ! $? = 0 ]; then
 252                 echo "${pfile}: Process $j not used by ossec, removing .."
 253                 rm -f ${DIR}/var/run/${pfile}-$j.pid
 254                 continue;
 255             fi
 256
 257             kill -0 $j > /dev/null 2>&1
 258             if [ $? = 0 ]; then
 259                 return 1;
 260             fi
 261         done
 262     fi
 263
 264     return 0;
 265 }
 266
 267 stopa()
 268 {
 269     lock;
 270     checkpid;
 271     for i in ${DAEMONS}; do
 272         pstatus ${i};
 273         if [ $? = 1 ]; then
 274             echo "Killing ${i} .. ";
 275
 276             kill `cat ${DIR}/var/run/${i}*.pid`;
 277         else
 278             echo "${i} not running ..";
 279         fi
 280         rm -f ${DIR}/var/run/${i}*.pid
 281     done
 282
 283     unlock;
 284     echo "$NAME $VERSION Stopped"
 285 }
 286
 287 ### MAIN HERE ###
 288
 289 case "$1" in
 290 start)
 291     testconfig
 292     start
 293     ;;
 294 stop)
 295     stopa
 296     ;;
 297 restart)
 298     testconfig
 299     stopa
 300     sleep 1;
 301     start
 302     ;;
 303 reload)
 304     DAEMONS="ossec-monitord ossec-logcollector ossec-remoted ossec-syscheckd ossec-analysisd ossec-maild ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
 305     stopa
 306     start
 307     ;;
 308 status)
 309     status
 310     ;;
 311 help)
 312     help
 313     ;;
 314 enable)
 315     enable $1 $2;
 316     ;;
 317 disable)
 318     disable $1 $2;
 319     ;;
 320 *)
 321     help
 322 esac
 323