1 /* @(#) $Id: defs.h,v 1.77 2009/11/23 18:52:44 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
24 /* Read / Write definitions
30 /* Size limit control */
31 #define OS_SIZE_8192 8192
32 #define OS_SIZE_6144 6144
33 #define OS_SIZE_4096 4096
34 #define OS_SIZE_2048 2048
35 #define OS_SIZE_1024 1024
36 #define OS_SIZE_256 256
37 #define OS_SIZE_128 128
39 #define OS_MAXSTR OS_SIZE_6144 /* Size for logs, sockets, etc */
40 #define OS_BUFFER_SIZE OS_SIZE_2048 /* Size of general buffers */
41 #define OS_FLSIZE OS_SIZE_256 /* Maximum file size */
42 #define OS_HEADER_SIZE OS_SIZE_128 /* Maximum header size */
43 #define OS_LOG_HEADER OS_SIZE_256 /* Maximum log header size */
44 #define IPSIZE 16 /* IP Address size */
47 /* Some Global names */
48 #define __name "OSSEC HIDS"
49 #define __version "v2.3"
50 #define __author "Trend Micro Inc."
51 #define __contact "contact@ossec.net"
52 #define __site "http://www.ossec.net"
54 This program is free software; you can redistribute it and/or modify\n\
55 it under the terms of the GNU General Public License (version 3) as \n\
56 published by the Free Software Foundation. For more details, go to \n\
57 http://www.ossec.net/main/license/\n"
59 /* Maximum allowed PID */
67 /* Max limit of 256 agents */
69 #define MAX_AGENTS 256
73 /* manager notification */
74 #define NOTIFY_TIME 600 /* every 10 minutes */
77 /* User Configuration */
79 #define MAILUSER "ossecm"
87 #define REMUSER "ossecr"
91 #define GROUPGLOBAL "ossec"
95 #define DEFAULTDIR "/var/ossec"
100 #define DEFAULTQUEUE "/queue/ossec/queue"
103 /* Active response files */
105 #define DEFAULTAR "/etc/shared/ar.conf"
106 #define AR_BINDIR "/active-response/bin"
107 #define AGENTCONFIGINT "/etc/shared/agent.conf"
108 #define AGENTCONFIG DEFAULTDIR "/etc/shared/agent.conf"
110 #define DEFAULTAR "shared/ar.conf"
111 #define AR_BINDIR "active-response/bin"
112 #define AGENTCONFIG "shared/agent.conf"
113 #define AGENTCONFIGINT "shared/agent.conf"
118 #define EXECQUEUE "/queue/alerts/execq"
121 /* Active response queue */
122 #define ARQUEUE "/queue/alerts/ar"
126 #define XML_DECODER "/etc/decoder.xml"
127 #define XML_LDECODER "/etc/local_decoder.xml"
130 /* Agent information location */
131 #define AGENTINFO_DIR "/queue/agent-info"
134 /* Syscheck directory */
135 #define SYSCHECK_DIR "/queue/syscheck"
137 /* Rootcheck directory */
138 #define ROOTCHECK_DIR "/queue/rootcheck"
141 #define DIFF_DIR "/queue/diff"
142 #define DIFF_DIR_PATH DEFAULTDIR DIFF_DIR
143 #define DIFF_NEW_FILE "new-entry"
144 #define DIFF_LAST_FILE "last-entry"
148 #define SYSCHECK "syscheck"
149 #define SYSCHECK_REG "syscheck-registry"
153 #define RULEPATH "/rules"
158 #define WAIT_FILE "/queue/ossec/.wait"
160 #define WAIT_FILE ".wait"
164 /* Agent information file */
166 #define AGENT_INFO_FILE "/queue/ossec/.agent_info"
167 #define AGENT_INFO_FILEP DEFAULTDIR AGENT_INFO_FILE
169 #define AGENT_INFO_FILE ".agent_info"
170 #define AGENT_INFO_FILEP AGENT_INFO_FILE
174 /* Syscheck restart */
176 #define SYSCHECK_RESTART "/var/run/.syscheck_run"
177 #define SYSCHECK_RESTART_PATH DEFAULTDIR SYSCHECK_RESTART
179 #define SYSCHECK_RESTART "syscheck/.syscheck_run"
180 #define SYSCHECK_RESTART_PATH "syscheck/.syscheck_run"
184 /* Agentless directories. */
185 #define AGENTLESSDIR "/agentless"
186 #define AGENTLESSPASS "/agentless/.passlist"
187 #define AGENTLESS_ENTRYDIR "/queue/agentless"
190 /* Internal definitions files */
192 #define OSSEC_DEFINES "/etc/internal_options.conf"
193 #define OSSEC_LDEFINES "/etc/local_internal_options.conf"
195 #define OSSEC_DEFINES "internal_options.conf"
196 #define OSSEC_LDEFINES "local_internal_options.conf"
200 /* Log directories */
201 #define EVENTS "/logs/archives"
202 #define EVENTS_DAILY "/logs/archives/archives.log"
203 #define ALERTS "/logs/alerts"
204 #define ALERTS_DAILY "/logs/alerts/alerts.log"
205 #define FWLOGS "/logs/firewall"
206 #define FWLOGS_DAILY "/logs/firewall/firewall.log"
209 /* Stats directories */
210 #define STATWQUEUE "/stats/weekly-average"
211 #define STATQUEUE "/stats/hourly-average"
212 #define STATSAVED "/stats/totals"
215 /* Authentication keys file */
217 #define KEYS_FILE "/etc/client.keys"
218 #define KEYSFILE_PATH DEFAULTDIR KEYS_FILE
220 #define KEYS_FILE "client.keys"
221 #define KEYSFILE_PATH KEYS_FILE
225 #define AUTH_FILE KEYS_FILE
229 /* Shared config directory */
231 #define SHAREDCFG_DIR "/etc/shared"
233 #define SHAREDCFG_DIR "shared"
236 /* Built in defines */
237 #define DEFAULTQPATH DEFAULTDIR DEFAULTQUEUE
240 #define OSSECCONF "/etc/ossec.conf"
241 #define DEFAULTCPATH DEFAULTDIR OSSECCONF
243 #define OSSECCONF "ossec.conf"
244 #define DEFAULTCPATH "ossec.conf"
248 #define DEFAULTARPATH DEFAULTDIR DEFAULTAR
249 #define AR_BINDIRPATH DEFAULTDIR AR_BINDIR
250 #define AGENTLESSDIRPATH DEFAULTDIR AGENTLESSDIR
251 #define AGENTLESSPASSPATH DEFAULTDIR AGENTLESSPASS
252 #define AGENTLESS_ENTRYDIRPATH DEFAULTDIR AGENTLESS_ENTRYDIR
254 #define DEFAULTARPATH "shared/ar.conf"
255 #define AR_BINDIRPATH "active-response/bin"
256 #define AGENTLESSDIRPATH AGENTLESSDIR
257 #define AGENTLESSPASSPATH AGENTLESSPASS
258 #define AGENTLESS_ENTRYDIRPATH AGENTLESS_ENTRYDIR
260 #define EXECQUEUEPATH DEFAULTDIR EXECQUEUE
263 #define SHAREDCFG_DIRPATH SHAREDCFG_DIR
265 #define SHAREDCFG_DIRPATH DEFAULTDIR SHAREDCFG_DIR
268 #define SHAREDCFG_FILE SHAREDCFG_DIR "/merged.mg"
269 #define SHAREDCFG_FILEPATH SHAREDCFG_DIRPATH "/merged.mg"
270 #define SHAREDCFG_FILENAME "merged.mg"
273 #define WAIT_FILE_PATH DEFAULTDIR WAIT_FILE
277 #ifndef DEFAULT_SECURE
278 #define DEFAULT_SECURE 1514 /* Default encrypted */
281 #ifndef DEFAULT_SYSLOG
282 #define DEFAULT_SYSLOG 514 /* Default syslog port - udp */
287 /* Xml global elements */
289 #define xml_global "global"
293 #define xml_alerts "alerts"
297 #define xml_rules "rules"
300 #ifndef xml_localfile
301 #define xml_localfile "localfile"
305 #define xml_remote "remote"
309 #define xml_client "client"
313 #define xml_execd "execd"
317 #define xml_syscheck "syscheck"
320 #ifndef xml_rootcheck
321 #define xml_rootcheck "rootcheck"
325 #define xml_command "command"
329 #define xml_ar "active-response"
332 #endif /* __OS_HEADERS */