1 /* @(#) $Id: agent_control.c,v 1.11 2009/06/24 18:53:09 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
13 #include "addagent/manage_agents.h"
18 #define ARGV0 "agent_control"
24 printf("\nOSSEC HIDS %s: Control remote agents.\n", ARGV0);
25 printf("Available options:\n");
26 printf("\t-h This help message.\n");
27 printf("\t-l List available (active or not) agents.\n");
28 printf("\t-lc List active agents.\n");
29 printf("\t-i <id> Extracts information from an agent.\n");
30 printf("\t-R <id> Restarts agent.\n");
31 printf("\t-r -a Runs the integrity/rootkit checking on all agents now.\n");
32 printf("\t-r -u <id> Runs the integrity/rootkit checking on one agent now.\n\n");
33 printf("\t-b <ip> Blocks the specified ip address.\n");
34 printf("\t-f <ar> Used with -b, specifies which response to run.\n");
35 printf("\t-L List available active responses.\n");
36 printf("\t-s Changes the output to CSV (comma delimited).\n");
42 int main(int argc, char **argv)
44 char *dir = DEFAULTDIR;
45 char *group = GROUPGLOBAL;
47 char *agent_id = NULL;
48 char *ip_address = NULL;
54 int c = 0, restart_syscheck = 0, restart_all_agents = 0, list_agents = 0;
55 int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0;
56 int list_responses = 0, end_time = 0, restart_agent = 0;
64 /* Setting the name */
75 while((c = getopt(argc, argv, "VehdlLcsaru:i:b:f:R:")) != -1)
110 merror("%s: -u needs an argument",ARGV0);
118 merror("%s: -b needs an argument",ARGV0);
126 merror("%s: -e needs an argument",ARGV0);
134 merror("%s: -R needs an argument",ARGV0);
140 restart_all_agents = 1;
150 /* Getting the group name */
151 gid = Privsep_GetGroup(group);
152 uid = Privsep_GetUser(user);
155 ErrorExit(USER_ERROR, ARGV0, user, group);
159 /* Setting the group */
160 if(Privsep_SetGroup(gid) < 0)
162 ErrorExit(SETGID_ERROR,ARGV0, group);
166 /* Chrooting to the default directory */
167 if(Privsep_Chroot(dir) < 0)
169 ErrorExit(CHROOT_ERROR, ARGV0, dir);
173 /* Inside chroot now */
177 /* Setting the user */
178 if(Privsep_SetUser(uid) < 0)
180 ErrorExit(SETUID_ERROR, ARGV0, user);
185 /* Getting servers hostname */
186 memset(shost, '\0', 512);
187 if(gethostname(shost, 512 -1) != 0)
189 strncpy(shost, "localhost", 32);
194 /* Listing responses. */
200 printf("\nOSSEC HIDS %s. Available active responses:\n", ARGV0);
203 fp = fopen(DEFAULTAR, "r");
208 while(fgets(buffer, 255, fp) != NULL)
215 r_cmd = strchr(buffer, ' ');
226 r_timeout = strchr(r_cmd, ' ');
231 if(strcmp(r_name, "restart-ossec0") == 0)
235 printf("\n Response name: %s, command: %s", r_name, r_cmd);
243 printf("\n No active response available.\n\n");
250 /* Listing available agents. */
255 printf("\nOSSEC HIDS %s. List of available agents:",
257 printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, Active/Local\n",
262 printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
264 print_agents(1, active_only, csv_output);
271 /* Checking if the provided ID is valid. */
274 if(strcmp(agent_id, "000") != 0)
278 agt_id = OS_IsAllowedID(&keys, agent_id);
281 printf("\n** Invalid agent id '%s'.\n", agent_id);
294 /* Printing information from an agent. */
298 char final_ip[128 +1];
299 char final_mask[128 +1];
300 agent_info *agt_info;
302 final_ip[128] = '\0';
303 final_mask[128] = '\0';
307 printf("\nOSSEC HIDS %s. Agent information:", ARGV0);
311 agt_status = get_agent_status(keys.keyentries[agt_id]->name,
312 keys.keyentries[agt_id]->ip->ip);
314 agt_info = get_agent_info(keys.keyentries[agt_id]->name,
315 keys.keyentries[agt_id]->ip->ip);
317 /* Getting netmask from ip. */
318 getNetmask(keys.keyentries[agt_id]->ip->netmask, final_mask, 128);
319 snprintf(final_ip, 128, "%s%s",keys.keyentries[agt_id]->ip->ip,
325 printf("\n Agent ID: %s\n", keys.keyentries[agt_id]->id);
326 printf(" Agent Name: %s\n", keys.keyentries[agt_id]->name);
327 printf(" IP address: %s\n", final_ip);
328 printf(" Status: %s\n\n",print_agent_status(agt_status));
332 printf("%s,%s,%s,%s,",
333 keys.keyentries[agt_id]->id,
334 keys.keyentries[agt_id]->name,
336 print_agent_status(agt_status));
341 agt_status = get_agent_status(NULL, NULL);
342 agt_info = get_agent_info(NULL, "127.0.0.1");
346 printf("\n Agent ID: 000 (local instance)\n");
347 printf(" Agent Name: %s\n", shost);
348 printf(" IP address: 127.0.0.1\n");
349 printf(" Status: %s/Local\n\n",print_agent_status(agt_status));
354 printf("000,%s,127.0.0.1,%s/Local,",
356 print_agent_status(agt_status));
364 printf(" Operating system: %s\n", agt_info->os);
365 printf(" Client version: %s\n", agt_info->version);
366 printf(" Last keep alive: %s\n\n", agt_info->last_keepalive);
371 printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
372 printf(" Syscheck last ended at: %s\n", agt_info->syscheck_endtime);
373 printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
374 printf(" Rootcheck last ended at: %s\n\n", agt_info->rootcheck_endtime);
378 printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
379 printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
384 printf("%s,%s,%s,%s,%s,\n",
387 agt_info->last_keepalive,
388 agt_info->syscheck_time,
389 agt_info->rootcheck_time);
397 /* Restarting syscheck every where. */
398 if(restart_all_agents && restart_syscheck)
401 /* Connecting to remoted. */
402 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
403 arq = connect_to_remoted();
406 printf("\n** Unable to connect to remoted.\n");
409 debug1("%s: DEBUG: Connected...", ARGV0);
412 /* Sending restart message to all agents. */
413 if(send_msg_to_agent(arq, HC_SK_RESTART, NULL, NULL) == 0)
415 printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on all agents.",
420 printf("\n** Unable to restart syscheck on all agents.\n");
429 if(restart_syscheck && agent_id)
432 /* Restart on the server. */
433 if(strcmp(agent_id, "000") == 0)
435 os_set_restart_syscheck();
437 printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck "
438 "locally.\n", ARGV0);
445 /* Connecting to remoted. */
446 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
447 arq = connect_to_remoted();
450 printf("\n** Unable to connect to remoted.\n");
453 debug1("%s: DEBUG: Connected...", ARGV0);
456 if(send_msg_to_agent(arq, HC_SK_RESTART, agent_id, NULL) == 0)
458 printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on agent: %s\n",
463 printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
471 if(restart_agent && agent_id)
473 /* Connecting to remoted. */
474 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
475 arq = connect_to_remoted();
478 printf("\n** Unable to connect to remoted.\n");
481 debug1("%s: DEBUG: Connected...", ARGV0);
484 if(send_msg_to_agent(arq, "restart-ossec0", agent_id, "null") == 0)
486 printf("\nOSSEC HIDS %s: Restarting agent: %s\n",
491 printf("\n** Unable to restart agent: %s\n", agent_id);
499 /* running active response on the specified agent id. */
500 if(ip_address && ar && agent_id)
502 /* Connecting to remoted. */
503 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
504 arq = connect_to_remoted();
507 printf("\n** Unable to connect to remoted.\n");
510 debug1("%s: DEBUG: Connected...", ARGV0);
513 if(send_msg_to_agent(arq, ar, agent_id, ip_address) == 0)
515 printf("\nOSSEC HIDS %s: Running active response '%s' on: %s\n",
516 ARGV0, ar, agent_id);
520 printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
528 printf("\n** Invalid argument combination.\n");