2 # ossec-control This shell script takes care of starting
3 # or stopping ossec-hids
4 # Author: Daniel B. Cid <daniel.cid@gmail.com>
6 # Getting where we are installed
11 PLIST=${DIR}/bin/.process_list;
13 ### Do not modify below here ###
15 # Getting additional processes
16 ls -la ${PLIST} > /dev/null 2>&1
24 [ -f /etc/ossec-init.conf ] && . /etc/ossec-init.conf;
26 DAEMONS="ossec-monitord ossec-logcollector ossec-remoted ossec-syscheckd ossec-analysisd ossec-maild ossec-execd ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
28 ## Locking for the start/stop
29 LOCK="${DIR}/var/start-script-lock"
30 LOCK_PID="${LOCK}/pid"
32 # This number should be more than enough (even if it is
33 # started multiple times together). It will try for up
34 # to 10 attempts (or 10 seconds) to execute.
39 for i in ${DAEMONS}; do
40 for j in `cat ${DIR}/var/run/${i}*.pid 2>/dev/null`; do
41 ps -p $j |grep ossec >/dev/null 2>&1
43 echo "Deleting PID file '${DIR}/var/run/${i}-${j}.pid' not used..."
44 rm ${DIR}/var/run/${i}-${j}.pid
56 mkdir ${LOCK} > /dev/null 2>&1
58 if [ "${MSL}" = "0" ]; then
59 # Lock acquired (setting the pid)
60 echo "$$" > ${LOCK_PID}
64 # Waiting 1 second before trying again
68 # If PID is not present, speed things a bit.
69 kill -0 `cat ${LOCK_PID}` >/dev/null 2>&1
75 # We tried 10 times to acquire the lock.
76 if [ "$i" = "${MAX_ITERATION}" ]; then
77 # Unlocking and executing
79 mkdir ${LOCK} > /dev/null 2>&1
80 echo "$$" > ${LOCK_PID}
95 echo "Usage: $0 {start|stop|reload|restart|status|enable|disable}";
99 # Enables additional daemons
102 if [ "X$2" = "X" ]; then
104 echo "Enable options: database, client-syslog, agentless, debug"
105 echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
109 if [ "X$2" = "Xdatabase" ]; then
110 echo "DB_DAEMON=ossec-dbd" >> ${PLIST};
111 elif [ "X$2" = "Xclient-syslog" ]; then
112 echo "CSYSLOG_DAEMON=ossec-csyslogd" >> ${PLIST};
113 elif [ "X$2" = "Xagentless" ]; then
114 echo "AGENTLESS_DAEMON=ossec-agentlessd" >> ${PLIST};
115 elif [ "X$2" = "Xdebug" ]; then
116 echo "DEBUG_CLI=\"-d\"" >> ${PLIST};
119 echo "Invalid enable option."
121 echo "Enable options: database, client-syslog, agentless, debug"
122 echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
127 # Disables additional daemons
130 if [ "X$2" = "X" ]; then
132 echo "Disable options: database, client-syslog, agentless, debug"
133 echo "Usage: $0 disable [database|client-syslog|agentless|debug]"
137 if [ "X$2" = "Xdatabase" ]; then
138 echo "DB_DAEMON=\"\"" >> ${PLIST};
139 elif [ "X$2" = "Xclient-syslog" ]; then
140 echo "CSYSLOG_DAEMON=\"\"" >> ${PLIST};
141 elif [ "X$2" = "Xagentless" ]; then
142 echo "AGENTLESS_DAEMON=\"\"" >> ${PLIST};
143 elif [ "X$2" = "Xdebug" ]; then
144 echo "DEBUG_CLI=\"\"" >> ${PLIST};
147 echo "Invalid disable option."
149 echo "Disable options: database, client-syslog, agentless, debug"
150 echo "Usage: $0 disable [database|client-syslog|agentless|debug]"
158 for i in ${DAEMONS}; do
159 ## If ossec-maild is disabled, don't try to start it.
160 if [ X"$i" = "Xossec-maild" ]; then
161 grep "<email_notification>no<" ${DIR}/etc/ossec.conf >/dev/null 2>&1
169 echo "${i} not running..."
172 echo "${i} is running..."
180 # We first loop to check the config.
181 for i in ${SDAEMONS}; do
182 ${DIR}/bin/${i} -t ${DEBUG_CLI};
184 echo "${i}: Configuration error. Exiting"
194 SDAEMONS="${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON} ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-remoted ossec-syscheckd ossec-monitord"
196 echo "Starting $NAME $VERSION..."
197 echo | ${DIR}/bin/ossec-logtest > /dev/null 2>&1;
198 if [ ! $? = 0 ]; then
199 echo "OSSEC analysisd: Testing rules failed. Configuration error. Exiting."
205 # We actually start them now.
206 for i in ${SDAEMONS}; do
208 ## If ossec-maild is disabled, don't try to start it.
209 if [ X"$i" = "Xossec-maild" ]; then
210 grep "<email_notification>no<" ${DIR}/etc/ossec.conf >/dev/null 2>&1
218 ${DIR}/bin/${i} ${DEBUG_CLI};
220 echo "${i} did not start correctly.";
225 echo "Started ${i}..."
227 echo "${i} already running..."
231 # After we start we give 2 seconds for the daemons
232 # to internally create their PID files.
243 if [ "X${pfile}" = "X" ]; then
247 ls ${DIR}/var/run/${pfile}*.pid > /dev/null 2>&1
249 for j in `cat ${DIR}/var/run/${pfile}*.pid 2>/dev/null`; do
250 ps -p $j |grep ossec >/dev/null 2>&1
251 if [ ! $? = 0 ]; then
252 echo "${pfile}: Process $j not used by ossec, removing .."
253 rm -f ${DIR}/var/run/${pfile}-$j.pid
257 kill -0 $j > /dev/null 2>&1
271 for i in ${DAEMONS}; do
274 echo "Killing ${i} .. ";
276 kill `cat ${DIR}/var/run/${i}*.pid`;
278 echo "${i} not running ..";
280 rm -f ${DIR}/var/run/${i}*.pid
284 echo "$NAME $VERSION Stopped"
304 DAEMONS="ossec-monitord ossec-logcollector ossec-remoted ossec-syscheckd ossec-analysisd ossec-maild ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"