1 /* @(#) $Id: win_agent.c,v 1.56 2009/12/01 20:27:01 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
20 #include "logcollector.h"
22 #include "os_net/os_net.h"
23 #include "os_execd/execd.h"
24 #include "os_crypto/md5/md5_op.h"
27 #define ARGV0 "ossec-agent"
30 time_t __win32_curr_time = 0;
31 time_t __win32_shared_time = 0;
32 char *__win32_uname = NULL;
33 char *__win32_shared = NULL;
38 int Start_win32_Syscheck();
39 void send_win32_info(time_t curr_time);
45 printf("\nOSSEC HIDS %s %s .\n", ARGV0, __version);
46 printf("Available options:\n");
47 printf("\t-h This help message.\n");
48 printf("\thelp This help message.\n");
49 printf("\tinstall-service Installs as a service\n");
50 printf("\tuninstall-service Uninstalls as a service\n");
51 printf("\tstart Manually starts (not from services)\n");
55 /* syscheck main thread */
58 verbose("%s: Starting syscheckd thread.", ARGV0);
60 Start_win32_Syscheck();
66 /** main(int argc, char **argv)
69 int main(int argc, char **argv)
72 char mypath[OS_MAXSTR +1];
73 char myfile[OS_MAXSTR +1];
75 /* Setting the name */
80 mypath[OS_MAXSTR] = '\0';
81 myfile[OS_MAXSTR] = '\0';
84 /* mypath is going to be the whole path of the file */
85 strncpy(mypath, argv[0], OS_MAXSTR);
86 tmpstr = strrchr(mypath, '\\');
89 /* tmpstr is now the file name */
92 strncpy(myfile, tmpstr, OS_MAXSTR);
96 strncpy(myfile, argv[0], OS_MAXSTR);
101 getcwd(mypath, OS_MAXSTR -1);
102 strncat(mypath, "\\", OS_MAXSTR - (strlen(mypath) + 2));
103 strncat(mypath, myfile, OS_MAXSTR - (strlen(mypath) + 2));
108 if(strcmp(argv[1], "install-service") == 0)
110 return(InstallService(mypath));
112 else if(strcmp(argv[1], "uninstall-service") == 0)
114 return(UninstallService());
116 else if(strcmp(argv[1], "start") == 0)
118 return(local_start());
120 else if(strcmp(argv[1], "-h") == 0)
124 else if(strcmp(argv[1], "help") == 0)
130 merror("%s: Unknown option: %s", ARGV0, argv[1]);
137 if(!os_WinMain(argc, argv))
139 ErrorExit("%s: Unable to start WinMain.", ARGV0);
146 /* Locally starts (after service/win init) */
150 char *cfg = DEFAULTCPATH;
157 logr = (agent *)calloc(1, sizeof(agent));
160 ErrorExit(MEM_ERROR, ARGV0);
162 logr->port = DEFAULT_SECURE;
165 /* Getting debug level */
166 debug_level = getDefine_Int("windows","debug", 0, 2);
167 while(debug_level != 0)
175 /* Configuration file not present */
176 if(File_DateofChange(cfg) < 0)
177 ErrorExit("%s: Configuration file '%s' not found",ARGV0,cfg);
180 /* Starting Winsock */
181 if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0)
183 ErrorExit("%s: WSAStartup() failed", ARGV0);
187 /* Read agent config */
188 debug1("%s: DEBUG: Reading agent configuration.", ARGV0);
189 if(ClientConf(cfg) < 0)
191 ErrorExit(CLIENT_ERROR,ARGV0);
195 /* Reading logcollector config file */
196 debug1("%s: DEBUG: Reading logcollector configuration.", ARGV0);
197 if(LogCollectorConfig(cfg) < 0)
199 ErrorExit(CONFIG_ERROR, ARGV0, cfg);
203 /* Checking auth keys */
206 ErrorExit(AG_NOKEYS_EXIT, ARGV0);
211 /* If there is not file to monitor, create a clean entry
212 * for the mark messages.
216 os_calloc(2, sizeof(logreader), logff);
217 logff[0].file = NULL;
218 logff[0].ffile = NULL;
219 logff[0].logformat = NULL;
221 logff[1].file = NULL;
222 logff[1].logformat = NULL;
224 merror(NO_FILE, ARGV0);
228 /* Reading execd config. */
229 if(!WinExecd_Start())
236 verbose(ENC_READ, ARGV0);
239 OS_StartCounter(&keys);
240 os_write_agent_info(keys.keyentries[0]->name, NULL, keys.keyentries[0]->id);
243 /* Initial random numbers */
248 /* Socket connection */
254 debug1("%s: DEBUG: Creating thread mutex.", ARGV0);
255 hMutex = CreateMutex(NULL, FALSE, NULL);
258 ErrorExit("%s: Error creating mutex.", ARGV0);
263 /* Starting syscheck thread */
264 if(CreateThread(NULL,
266 (LPTHREAD_START_ROUTINE)skthread,
269 (LPDWORD)&threadID) == NULL)
271 merror(THREAD_ERROR, ARGV0);
276 /* Checking if server is connected */
284 /* Sending integrity message for agent configs */
285 intcheck_file(cfg, "");
286 intcheck_file(OSSEC_DEFINES, "");
289 /* Starting receiver thread */
290 if(CreateThread(NULL,
292 (LPTHREAD_START_ROUTINE)receiver_thread,
295 (LPDWORD)&threadID2) == NULL)
297 merror(THREAD_ERROR, ARGV0);
301 /* Sending agent information message */
302 send_win32_info(time(0));
305 /* Startting logcollector -- main process here */
313 /* SendMSG for windows */
314 int SendMSG(int queue, char *message, char *locmsg, char loc)
321 char tmpstr[OS_MAXSTR+2];
322 char crypt_msg[OS_MAXSTR +2];
326 tmpstr[OS_MAXSTR +1] = '\0';
327 crypt_msg[OS_MAXSTR +1] = '\0';
330 debug2("%s: DEBUG: Attempting to send message to server.", ARGV0);
332 /* Using a mutex to synchronize the writes */
335 dwWaitResult = WaitForSingleObject(hMutex, 1000000L);
337 if(dwWaitResult != WAIT_OBJECT_0)
342 merror("%s: Error waiting mutex (timeout).", ARGV0);
346 merror("%s: Error waiting mutex (abandoned).", ARGV0);
349 merror("%s: Error waiting mutex.", ARGV0);
364 /* Check if the server has responded */
365 if((cu_time - available_server) > (NOTIFY_TIME - 180))
367 debug1("%s: DEBUG: Sending info to server (c1)...", ARGV0);
368 send_win32_info(cu_time);
371 /* Attempting to send message again. */
372 if((cu_time - available_server) > NOTIFY_TIME)
375 send_win32_info(cu_time);
378 if((cu_time - available_server) > NOTIFY_TIME)
380 send_win32_info(cu_time);
385 /* If we reached here, the server is unavailable for a while. */
386 if((cu_time - available_server) > ((3 * NOTIFY_TIME) - 180))
391 /* Last attempt before going into reconnect mode. */
392 debug1("%s: DEBUG: Sending info to server (c3)...", ARGV0);
394 send_win32_info(cu_time);
395 if((cu_time - available_server) > ((3 * NOTIFY_TIME) - 180))
398 send_win32_info(cu_time);
403 /* Checking and generating log if unavailable. */
405 if((cu_time - available_server) > ((3 * NOTIFY_TIME) - 180))
407 int global_sleep = 1;
410 /* If response is not available, set lock and
413 verbose(SERVER_UNAV, ARGV0);
416 /* Going into reconnect mode. */
417 while((cu_time - available_server) > ((3*NOTIFY_TIME) - 180))
419 /* Sending information to see if server replies */
422 send_win32_info(cu_time);
438 /* If we have more than one server, try all. */
439 if(wi > 12 && logr->rip[1])
441 int curr_rip = logr->rip_id;
442 merror("%s: INFO: Trying next server ip in "
445 logr->rip[logr->rip_id + 1] != NULL?
446 logr->rip[logr->rip_id + 1]:
449 connect_server(logr->rip_id +1);
451 if(logr->rip_id != curr_rip)
456 else if(global_sleep == 2 || ((global_sleep % mod_sleep) == 0) ||
459 connect_server(logr->rip_id +1);
462 sleep(wi + global_sleep);
469 if(global_sleep > 30)
476 verbose(AG_CONNECTED, ARGV0, logr->rip[logr->rip_id],
478 verbose(SERVER_UP, ARGV0);
484 /* Send notification */
485 else if((cu_time - __win32_curr_time) > (NOTIFY_TIME - 200))
487 debug1("%s: DEBUG: Sending info to server (ctime2)...", ARGV0);
488 send_win32_info(cu_time);
493 /* locmsg cannot have the C:, as we use it as delimiter */
494 pl = strchr(locmsg, ':');
497 /* Setting pl after the ":" if it exists. */
506 debug2("%s: DEBUG: Sending message to server: '%s'", ARGV0, message);
508 snprintf(tmpstr,OS_MAXSTR,"%c:%s:%s", loc, pl, message);
510 _ssize = CreateSecMSG(&keys, tmpstr, crypt_msg, 0);
513 /* Returns NULL if can't create encrypted message */
516 merror(SEC_ERROR,ARGV0);
517 if(!ReleaseMutex(hMutex))
519 merror("%s: Error releasing mutex.", ARGV0);
525 /* Send _ssize of crypt_msg */
526 if(OS_SendUDPbySize(logr->sock, _ssize, crypt_msg) < 0)
528 merror(SEND_ERROR,ARGV0, "server");
532 if(!ReleaseMutex(hMutex))
534 merror("%s: Error releasing mutex.", ARGV0);
540 /* StartMQ for windows */
541 int StartMQ(char * path, short int type)
543 /* Connecting to the server. */
546 if((path == NULL) && (type == 0))
555 /* Send win32 info to server */
556 void send_win32_info(time_t curr_time)
559 char tmp_msg[OS_MAXSTR +2];
560 char crypt_msg[OS_MAXSTR +2];
562 tmp_msg[OS_MAXSTR +1] = '\0';
563 crypt_msg[OS_MAXSTR +1] = '\0';
566 debug1("%s: DEBUG: Sending keep alive message.", ARGV0);
570 __win32_curr_time = curr_time;
576 __win32_uname = getuname();
579 merror("%s: Error generating system information.", ARGV0);
580 os_strdup("Microsoft Windows - Unknown (unable to get system info)", __win32_uname);
585 /* Getting shared files list -- every 30 seconds only. */
586 if((__win32_curr_time - __win32_shared_time) > 30)
590 free(__win32_shared);
591 __win32_shared = NULL;
594 __win32_shared_time = __win32_curr_time;
598 /* get shared files */
601 __win32_shared = getsharedfiles();
604 __win32_shared = strdup("\0");
607 merror(MEM_ERROR, ARGV0);
615 /* creating message */
616 if(File_DateofChange(AGENTCONFIGINT) > 0)
619 if(OS_MD5_File(AGENTCONFIGINT, md5sum) != 0)
621 snprintf(tmp_msg, OS_SIZE_1024, "#!-%s\n%s", __win32_uname, __win32_shared);
625 snprintf(tmp_msg, OS_SIZE_1024, "#!-%s / %s\n%s", __win32_uname, md5sum, __win32_shared);
630 snprintf(tmp_msg, OS_SIZE_1024, "#!-%s\n%s", __win32_uname, __win32_shared);
634 /* creating message */
635 debug1("%s: DEBUG: Sending keep alive: %s", ARGV0, tmp_msg);
637 msg_size = CreateSecMSG(&keys, tmp_msg, crypt_msg, 0);
641 merror(SEC_ERROR, ARGV0);
645 /* Sending UDP message */
646 if(OS_SendUDPbySize(logr->sock, msg_size, crypt_msg) < 0)
648 merror(SEND_ERROR, ARGV0, "server");
projects / ossec-hids.git / blob