3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
13 #include "read-agents.h"
14 #include "os_net/os_net.h"
17 /* Free the agent list in memory
19 void free_agents(char **agent_list)
27 if(agent_list[i] == NULL)
41 /* Print syscheck attributes. */
42 #define sk_strchr(x,y,z) z = strchr(x, y); if(z == NULL) return(0); else { *z = '\0'; z++; }
43 int _do_print_attrs_syscheck(char *prev_attrs, char *attrs, int csv_output,
44 int is_win, int number_of_changes)
46 char *p_size, *p_perm, *p_uid, *p_gid, *p_md5, *p_sha1;
47 char *size, *perm, *uid, *gid, *md5, *sha1;
52 /* Setting each value. */
54 sk_strchr(size, ':', perm);
55 sk_strchr(perm, ':', uid);
56 sk_strchr(uid, ':', gid);
57 sk_strchr(gid, ':', md5);
58 sk_strchr(md5, ':', sha1);
60 if(strcmp(attrs, "-1") == 0)
62 printf("File deleted. ");
65 else if(prev_attrs && (strcmp(prev_attrs, "-1") == 0))
67 printf("File restored. ");
71 printf("File changed. ");
73 sk_strchr(p_size, ':', p_perm);
74 sk_strchr(p_perm, ':', p_uid);
75 sk_strchr(p_uid, ':', p_gid);
76 sk_strchr(p_gid, ':', p_md5);
77 sk_strchr(p_md5, ':', p_sha1);
87 printf("File added to the database. ");
91 /* Fixing number of changes. */
92 if(prev_attrs && !number_of_changes)
94 number_of_changes = 1;
100 switch(number_of_changes)
103 printf("- 1st time modified.\n");
106 printf("- 2nd time modified.\n");
109 printf("- 3rd time modified.\n");
112 printf("- Being ignored (3 or more changes).\n");
122 perm_int = atoi(perm);
123 snprintf(perm_str, 35,
124 "%c%c%c%c%c%c%c%c%c",
125 (perm_int & S_IRUSR)? 'r' : '-',
126 (perm_int & S_IWUSR)? 'w' : '-',
128 (perm_int & S_ISUID)? 's' :
129 (perm_int & S_IXUSR)? 'x' : '-',
132 (perm_int & S_IRGRP)? 'r' : '-',
133 (perm_int & S_IWGRP)? 'w' : '-',
135 (perm_int & S_ISGID)? 's' :
136 (perm_int & S_IXGRP)? 'x' : '-',
139 (perm_int & S_IROTH)? 'r' : '-',
140 (perm_int & S_IWOTH)? 'w' : '-',
141 (perm_int & S_ISVTX)? 't' :
142 (perm_int & S_IXOTH)? 'x' : '-');
145 printf("Integrity checking values:\n");
146 printf(" Size:%s%s\n", (strcmp(size,p_size) == 0)? " ": " >", size);
149 printf(" Perm:%s%s\n", (strcmp(perm,p_perm) == 0)? " ": " >", perm_str);
150 printf(" Uid: %s%s\n", (strcmp(uid,p_uid) == 0)? " ": " >", uid);
151 printf(" Gid: %s%s\n", (strcmp(gid,p_gid) == 0)? " ": " >", gid);
153 printf(" Md5: %s%s\n", (strcmp(md5,p_md5) == 0)? " ": " >", md5);
154 printf(" Sha1:%s%s\n", (strcmp(sha1,p_sha1) == 0)? " ": " >", sha1);
157 /* Fixing entries. */
169 /* Print information about a specific file. */
170 int _do_print_file_syscheck(FILE *fp, char *fname,
171 int update_counter, int csv_output)
176 char read_day[24 +1];
177 char buf[OS_MAXSTR + 1];
184 buf[OS_MAXSTR] = '\0';
188 /* If the compilation failed, we don't need to free anything */
189 if(!OSMatch_Compile(fname, ®, 0))
191 printf("\n** ERROR: Invalid file name: '%s'\n", fname);
196 /* Creating list with files. */
197 files_list = OSStore_Create();
200 OSMatch_FreePattern(®);
205 /* Getting initial position. */
206 if(fgetpos(fp, &init_pos) != 0)
208 printf("\n** ERROR: fgetpos failed.\n");
213 while(fgets(buf, OS_MAXSTR, fp) != NULL)
215 if(buf[0] == '!' || buf[0] == '#')
217 int number_changes = 0;
218 time_t change_time = 0;
219 char *changed_file_name;
226 fgetpos(fp, &init_pos);
230 /* Removing new line. */
231 buf[strlen(buf) -1] = '\0';
234 /* with update counter, we only modify the last entry. */
235 if(update_counter && buf[0] == '#')
237 fgetpos(fp, &init_pos);
242 /* Checking number of changes. */
250 else if(buf[2] == '?')
256 changed_attrs = buf + 3;
259 changed_file_name = strchr(changed_attrs, '!');
260 if(!changed_file_name)
262 fgetpos(fp, &init_pos);
267 /* Getting time of change. */
268 changed_file_name[-1] = '\0';
270 change_time = (time_t)atoi(changed_file_name);
272 changed_file_name = strchr(changed_file_name, ' ');
276 /* Checking if the name should be printed. */
277 if(!OSMatch_Execute(changed_file_name, strlen(changed_file_name),
280 fgetpos(fp, &init_pos);
288 /* Reset the values. */
291 if(fsetpos(fp, &init_pos) != 0)
293 printf("\n** ERROR: fsetpos failed (unable to update "
298 if(update_counter == 2)
300 if(fprintf(fp, "!!?") <= 0)
302 printf("\n** ERROR: fputs failed (unable to update "
310 if(fprintf(fp, "!++") <= 0)
312 printf("\n** ERROR: fputs failed (unable to update "
318 printf("\n**Counter updated for file '%s'\n\n",
324 tm_time = localtime(&change_time);
325 strftime(read_day, 23, "%Y %h %d %T", tm_time);
328 printf("\n%s,%d - %s\n", read_day, number_changes,
331 printf("%s,%s,%d\n", read_day, changed_file_name,
335 prev_attrs = OSStore_Get(files_list, changed_file_name);
339 os_strdup(changed_attrs, new_attrs);
340 _do_print_attrs_syscheck(prev_attrs, changed_attrs,
342 changed_file_name[0] == '/'?0:1,
345 free(files_list->cur_node->data);
346 files_list->cur_node->data = new_attrs;
353 os_strdup(changed_attrs, new_attrs);
354 os_strdup(changed_file_name, new_name);
355 OSStore_Put(files_list, new_name, new_attrs);
356 _do_print_attrs_syscheck(NULL,
357 changed_attrs, csv_output,
358 changed_file_name[0] == '/'?0:1,
362 fgetpos(fp, &init_pos);
368 printf("\n** No entries found.\n");
370 OSMatch_FreePattern(®);
377 /* Print syscheck db (of modified files. */
378 int _do_print_syscheck(FILE *fp, int all_files, int csv_output)
383 char read_day[24 +1];
384 char saved_read_day[24 +1];
385 char buf[OS_MAXSTR + 1];
387 buf[OS_MAXSTR] = '\0';
389 saved_read_day[0] = '\0';
390 saved_read_day[24] = '\0';
392 while(fgets(buf, OS_MAXSTR, fp) != NULL)
394 if(buf[0] == '!' || buf[0] == '#')
396 int number_changes = 0;
397 time_t change_time = 0;
398 char *changed_file_name;
404 /* Removing new line. */
405 buf[strlen(buf) -1] = '\0';
408 /* Checking number of changes. */
416 else if(buf[2] == '?')
423 changed_file_name = strchr(buf +3, '!');
424 if(!changed_file_name)
431 /* Getting time of change. */
433 change_time = atoi(changed_file_name);
435 changed_file_name = strchr(changed_file_name, ' ');
438 tm_time = localtime(&change_time);
439 strftime(read_day, 23, "%Y %h %d", tm_time);
440 if(strcmp(read_day, saved_read_day) != 0)
443 printf("\nChanges for %s:\n", read_day);
444 strncpy(saved_read_day, read_day, 23);
446 strftime(read_day, 23, "%Y %h %d %T", tm_time);
449 printf("%s,%d - %s\n", read_day, number_changes,
452 printf("%s,%s,%d\n", read_day, changed_file_name,
457 if(!f_found && !csv_output)
459 printf("\n** No entries found.\n");
466 /* Print syscheck db (of modified files. */
467 int print_syscheck(char *sk_name, char *sk_ip, char *fname, int print_registry,
468 int all_files, int csv_output, int update_counter)
473 tmp_file[512] = '\0';
478 /* Printing database */
479 snprintf(tmp_file, 512, "%s/syscheck",
482 fp = fopen(tmp_file, "r+");
485 else if(sk_ip == NULL)
487 /* Printing database */
488 snprintf(tmp_file, 512, "%s/%s->syscheck",SYSCHECK_DIR, sk_name);
490 fp = fopen(tmp_file, "r+");
493 else if(!print_registry)
495 /* Printing database */
496 snprintf(tmp_file, 512, "%s/(%s) %s->syscheck",
501 fp = fopen(tmp_file, "r+");
506 /* Printing database for the windows registry. */
507 snprintf(tmp_file, 512, "%s/(%s) %s->syscheck-registry",
512 fp = fopen(tmp_file, "r+");
520 _do_print_syscheck(fp, all_files, csv_output);
524 _do_print_file_syscheck(fp, fname, update_counter, csv_output);
534 int _do_get_rootcheckscan(FILE *fp)
537 char buf[OS_MAXSTR + 1];
539 while(fgets(buf, OS_MAXSTR, fp) != NULL)
541 tmp_str = strstr(buf, "Starting rootcheck scan");
547 s_time = (time_t)atoi(tmp_str);
553 return((int)time(NULL));
558 /* Print syscheck db (of modified files. */
559 int _do_print_rootcheck(FILE *fp, int resolved, int time_last_scan,
560 int csv_output, int show_last)
568 /* Time from the message. */
574 char read_day[24 +1];
575 char buf[OS_MAXSTR + 1];
579 char *(ig_events[]) = {"Starting rootcheck scan",
580 "Ending rootcheck scan",
581 "Starting syscheck scan",
582 "Ending syscheck scan",
585 char *(ns_events[]) = {"Application Found:",
591 buf[OS_MAXSTR] = '\0';
597 fseek(fp, 0, SEEK_SET);
604 tm_time = localtime((time_t *)&time_last_scan);
605 strftime(read_day, 23, "%Y %h %d %T", tm_time);
607 printf("\nLast scan: %s\n\n", read_day);
610 printf("\nResolved events: \n\n");
612 printf("\nOutstanding events: \n\n");
616 while(fgets(buf, OS_MAXSTR, fp) != NULL)
618 /* Removing first ! */
620 s_time = (time_t)atoi(tmp_str);
623 /* Removing new line. */
624 tmp_str = strchr(buf, '\n');
629 /* Getting initial time. */
630 tmp_str = strchr(buf + 1, '!');
635 i_time = (time_t)atoi(tmp_str);
638 /* Getting the actual message. */
639 tmp_str = strchr(tmp_str, ' ');
646 /* Checking for resolved. */
647 if(time_last_scan > (s_time + 86400))
663 /* Checking events to ignore. */
667 if(strncmp(tmp_str, ig_events[i], strlen(ig_events[i]) -1) == 0)
675 /* Checking events that are not system audit. */
679 if(strncmp(tmp_str, ns_events[i], strlen(ns_events[i]) -1) == 0)
685 tm_time = localtime((time_t *)&s_time);
686 strftime(read_day, 23, "%Y %h %d %T", tm_time);
687 tm_time = localtime((time_t *)&i_time);
688 strftime(old_day, 23, "%Y %h %d %T", tm_time);
694 printf("%s (first time detected: %s)\n", read_day, old_day);
698 printf("%s\n\n", tmp_str);
702 printf("System Audit: %s\n\n", tmp_str);
707 printf("%s,%s,%s,%s%s\n", resolved == 0?"outstanding":"resolved",
709 ns_events[i] != NULL?"":"System Audit: ",
718 if(!f_found && !csv_output)
720 printf("** No entries found.\n");
728 /* Print rootcheck db */
729 int print_rootcheck(char *sk_name, char *sk_ip, char *fname, int resolved,
730 int csv_output, int show_last)
736 tmp_file[512] = '\0';
741 /* Printing database */
742 snprintf(tmp_file, 512, "%s/rootcheck",
745 fp = fopen(tmp_file, "r+");
750 /* Printing database */
751 snprintf(tmp_file, 512, "%s/(%s) %s->rootcheck",
756 fp = fopen(tmp_file, "r+");
762 /* Getting last time of scan. */
763 ltime = _do_get_rootcheckscan(fp);
768 _do_print_rootcheck(fp, 1, ltime, csv_output, 0);
770 else if(resolved == 2)
772 _do_print_rootcheck(fp, 0, ltime, csv_output, show_last);
776 _do_print_rootcheck(fp, 1, ltime, csv_output, 0);
777 _do_print_rootcheck(fp, 0, ltime, csv_output, show_last);
792 /* Delete syscheck db */
793 int delete_syscheck(char *sk_name, char *sk_ip, int full_delete)
798 tmp_file[512] = '\0';
800 /* Deleting related files */
801 snprintf(tmp_file, 512, "%s/(%s) %s->syscheck",
806 fp = fopen(tmp_file, "w");
814 /* Deleting cpt files */
815 snprintf(tmp_file, 512, "%s/.(%s) %s->syscheck.cpt",
820 fp = fopen(tmp_file, "w");
826 /* Deleting registry entries */
827 snprintf(tmp_file, 512, "%s/(%s) %s->syscheck-registry",
832 fp = fopen(tmp_file, "w");
839 /* Deleting cpt files */
840 snprintf(tmp_file, 512, "%s/.(%s) %s->syscheck-registry.cpt",
845 fp = fopen(tmp_file, "w");
855 /* Delete rootcheck db */
856 int delete_rootcheck(char *sk_name, char *sk_ip, int full_delete)
861 tmp_file[512] = '\0';
863 /* Deleting related files */
864 snprintf(tmp_file, 512, "%s/(%s) %s->rootcheck",
869 fp = fopen(tmp_file, "w");
884 int delete_agentinfo(char *name)
890 tmp_file[512] = '\0';
893 /* Deleting agent info */
894 snprintf(tmp_file, 512, "%s/%s", AGENTINFO_DIR, name);
898 /* Deleting syscheck */
900 sk_ip = strrchr(name, '-');
908 /* Deleting syscheck */
909 delete_syscheck(sk_name, sk_ip, 1);
916 /** char *print_agent_status(int status)
917 * Prints the text representation of the agent status.
919 char *print_agent_status(int status)
921 char *status_str = "Never connected";
923 if(status == GA_STATUS_ACTIVE)
925 status_str = "Active";
927 else if(status == GA_STATUS_NACTIVE)
929 status_str = "Disconnected";
936 /* non-windows functions from now on. */
940 /** int send_msg_to_agent(int socket, char *msg)
941 * Sends a message to an agent.
942 * returns -1 on error.
944 int send_msg_to_agent(int msocket, char *msg, char *agt_id, char *exec)
947 char agt_msg[OS_SIZE_1024 +1];
949 agt_msg[OS_SIZE_1024] = '\0';
954 snprintf(agt_msg, OS_SIZE_1024,
957 (agt_id == NULL)?ALL_AGENTS_C:NONE_C,
959 (agt_id != NULL)?SPECIFIC_AGENT_C:NONE_C,
960 agt_id != NULL? agt_id: "(null)",
965 snprintf(agt_msg, OS_SIZE_1024,
966 "%s %c%c%c %s %s - %s (from_the_server) (no_rule_id)",
968 (agt_id == NULL)?ALL_AGENTS_C:NONE_C,
970 (agt_id != NULL)?SPECIFIC_AGENT_C:NONE_C,
971 agt_id != NULL? agt_id: "(null)",
977 if((rc = OS_SendUnix(msocket, agt_msg, 0)) < 0)
979 if(rc == OS_SOCKBUSY)
981 merror("%s: ERROR: Remoted socket busy.", __local_name);
985 merror("%s: ERROR: Remoted socket error.", __local_name);
987 merror("%s: Error communicating with remoted queue (%d).",
998 /** int connect_to_remoted()
999 * Connects to remoted to be able to send messages to the agents.
1000 * Returns the socket on success or -1 on failure.
1002 int connect_to_remoted()
1006 if((arq = StartMQ(ARQUEUE, WRITE)) < 0)
1008 merror(ARQ_ERROR, __local_name);
1019 /* Internal funtion. Extract last time of scan from rootcheck/syscheck. */
1020 int _get_time_rkscan(char *agent_name, char *agent_ip, agent_info *agt_info)
1026 /* Agent name of null, means it is the server info. */
1027 if(agent_name == NULL)
1029 snprintf(buf, 1024, "%s/rootcheck",
1034 snprintf(buf, 1024, "%s/(%s) %s->rootcheck",
1035 ROOTCHECK_DIR, agent_name, agent_ip);
1039 /* If file is not there, set to unknown. */
1040 fp = fopen(buf, "r");
1043 os_strdup("Unknown", agt_info->rootcheck_time);
1044 os_strdup("Unknown", agt_info->rootcheck_endtime);
1045 os_strdup("Unknown", agt_info->syscheck_time);
1046 os_strdup("Unknown", agt_info->syscheck_endtime);
1051 while(fgets(buf, 1024, fp) != NULL)
1053 char *tmp_str = NULL;
1055 /* Removing new line. */
1056 tmp_str = strchr(buf, '\n');
1061 tmp_str = strstr(buf, "Starting syscheck scan");
1067 s_time = (time_t)atoi(tmp_str);
1069 os_strdup(ctime(&s_time), agt_info->syscheck_time);
1071 /* Removing new line. */
1072 tmp_str = strchr(agt_info->syscheck_time, '\n');
1079 tmp_str = strstr(buf, "Ending syscheck scan");
1085 s_time = (time_t)atoi(tmp_str);
1087 os_strdup(ctime(&s_time), agt_info->syscheck_endtime);
1089 /* Removing new line. */
1090 tmp_str = strchr(agt_info->syscheck_endtime, '\n');
1098 tmp_str = strstr(buf, "Starting rootcheck scan");
1104 s_time = (time_t)atoi(tmp_str);
1106 os_strdup(ctime(&s_time), agt_info->rootcheck_time);
1108 /* Removing new line. */
1109 tmp_str = strchr(agt_info->rootcheck_time, '\n');
1116 tmp_str = strstr(buf, "Ending rootcheck scan");
1122 s_time = (time_t)atoi(tmp_str);
1124 os_strdup(ctime(&s_time), agt_info->rootcheck_endtime);
1126 /* Removing new line. */
1127 tmp_str = strchr(agt_info->rootcheck_endtime, '\n');
1136 /* Setting unknown values. */
1137 if(!agt_info->rootcheck_time)
1138 os_strdup("Unknown", agt_info->rootcheck_time);
1139 if(!agt_info->rootcheck_endtime)
1140 os_strdup("Unknown", agt_info->rootcheck_endtime);
1141 if(!agt_info->syscheck_time)
1142 os_strdup("Unknown", agt_info->syscheck_time);
1143 if(!agt_info->syscheck_endtime)
1144 os_strdup("Unknown", agt_info->syscheck_endtime);
1152 /* Internal funtion. Extract last time of scan from rootcheck/syscheck. */
1153 char *_get_agent_keepalive(char *agent_name, char *agent_ip)
1156 struct stat file_status;
1159 /* No keep alive for the server. */
1162 return(strdup("Not available"));
1165 snprintf(buf, 1024, "%s/%s-%s", AGENTINFO_DIR, agent_name, agent_ip);
1166 if(stat(buf, &file_status) < 0)
1168 return(strdup("Unknown"));
1172 return(strdup(ctime(&file_status.st_mtime)));
1177 /* Internal funtion. Extracts operating system. */
1178 int _get_agent_os(char *agent_name, char *agent_ip, agent_info *agt_info)
1184 /* Getting server info. */
1187 char *ossec_version = NULL;
1188 agt_info->os = getuname();
1189 os_strdup(__name " " __version, agt_info->version);
1192 /* Removing new line. */
1193 ossec_version = strchr(agt_info->os, '\n');
1195 *ossec_version = '\0';
1198 ossec_version = strstr(agt_info->os, " - ");
1201 *ossec_version = '\0';
1205 if(strlen(agt_info->os) > 55)
1207 agt_info->os[52] = '.';
1208 agt_info->os[53] = '.';
1209 agt_info->os[54] = '\0';
1217 snprintf(buf, 1024, "%s/%s-%s", AGENTINFO_DIR, agent_name, agent_ip);
1218 fp = fopen(buf, "r");
1221 os_strdup("Unknown", agt_info->os);
1222 os_strdup("Unknown", agt_info->version);
1227 if(fgets(buf, 1024, fp))
1229 char *ossec_version = NULL;
1231 /* Removing new line. */
1232 ossec_version = strchr(buf, '\n');
1234 *ossec_version = '\0';
1237 ossec_version = strstr(buf, " - ");
1240 *ossec_version = '\0';
1243 os_calloc(1024 +1, sizeof(char), agt_info->version);
1244 strncpy(agt_info->version, ossec_version, 1024);
1248 if(strlen(buf) > 55)
1255 os_strdup(buf, agt_info->os);
1263 os_strdup("Unknown", agt_info->os);
1264 os_strdup("Unknown", agt_info->version);
1271 /** agent_info *get_agent_info(char *agent_name, char *agent_ip)
1272 * Get information from an agent.
1274 agent_info *get_agent_info(char *agent_name, char *agent_ip)
1277 char *agent_ip_pt = NULL;
1278 char *tmp_str = NULL;
1280 agent_info *agt_info = NULL;
1282 tmp_file[512] = '\0';
1285 /* Removing the "/", since it is not present on the file. */
1286 if((agent_ip_pt = strchr(agent_ip, '/')))
1288 *agent_ip_pt = '\0';
1292 /* Allocating memory for the info structure. */
1293 agt_info = calloc(1, sizeof(agent_info));
1296 /* Zeroing the values. */
1297 agt_info->rootcheck_time = NULL;
1298 agt_info->rootcheck_endtime = NULL;
1299 agt_info->syscheck_time = NULL;
1300 agt_info->syscheck_endtime = NULL;
1301 agt_info->os = NULL;
1302 agt_info->version = NULL;
1303 agt_info->last_keepalive = NULL;
1306 /* Getting information about the OS. */
1307 _get_agent_os(agent_name, agent_ip, agt_info);
1308 _get_time_rkscan(agent_name, agent_ip, agt_info);
1309 agt_info->last_keepalive = _get_agent_keepalive(agent_name, agent_ip);
1312 /* Removing new line from keep alive. */
1313 tmp_str = strchr(agt_info->last_keepalive, '\n');
1319 /* Setting back the ip address. */
1331 /** int get_agent_status(char *agent_name, char *agent_ip)
1332 * Gets the status of an agent, based on the name/ip.
1334 int get_agent_status(char *agent_name, char *agent_ip)
1337 char *agent_ip_pt = NULL;
1339 struct stat file_status;
1341 tmp_file[512] = '\0';
1345 if(agent_name == NULL)
1347 return(GA_STATUS_ACTIVE);
1351 /* Removing the "/", since it is not present on the file. */
1352 if((agent_ip_pt = strchr(agent_ip, '/')))
1354 *agent_ip_pt = '\0';
1357 snprintf(tmp_file, 512, "%s/%s-%s", AGENTINFO_DIR, agent_name, agent_ip);
1360 /* Setting back the ip address. */
1367 if(stat(tmp_file, &file_status) < 0)
1369 return(GA_STATUS_INV);
1373 if(file_status.st_mtime > (time(0) - (3*NOTIFY_TIME + 30)))
1375 return(GA_STATUS_ACTIVE);
1378 return(GA_STATUS_NACTIVE);
1383 /* List available agents.
1385 char **get_agents(int flag)
1389 char **f_files = NULL;
1392 struct dirent *entry;
1394 /* Opening the directory given */
1395 dp = opendir(AGENTINFO_DIR);
1398 merror("%s: Error opening directory: '%s': %s ",
1406 /* Reading directory */
1407 while((entry = readdir(dp)) != NULL)
1411 tmp_file[512] = '\0';
1413 /* Just ignore . and .. */
1414 if((strcmp(entry->d_name,".") == 0) ||
1415 (strcmp(entry->d_name,"..") == 0))
1418 snprintf(tmp_file, 512, "%s/%s", AGENTINFO_DIR, entry->d_name);
1423 struct stat file_status;
1425 if(stat(tmp_file, &file_status) < 0)
1428 if(file_status.st_mtime > (time(0) - (3*NOTIFY_TIME + 30)))
1431 if(flag == GA_NOTACTIVE)
1436 if(flag == GA_ACTIVE)
1441 f_files = (char **)realloc(f_files, (f_size +2) * sizeof(char *));
1444 ErrorExit(MEM_ERROR, __local_name);
1448 /* Adding agent entry */
1449 if(flag == GA_ALL_WSTATUS)
1453 snprintf(agt_stat, sizeof(agt_stat) -1, "%s %s",
1454 entry->d_name, status == 1?"active":"disconnected");
1456 os_strdup(agt_stat, f_files[f_size]);
1460 os_strdup(entry->d_name, f_files[f_size]);
1463 f_files[f_size +1] = NULL;
projects / ossec-hids.git / blob