1 /* @(#) $Id: ./src/headers/defs.h, 2012/08/11 dcid Exp $
4 /* Copyright (C) 2009-2012 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
25 /* TRUE / FALSE definitions
30 /* Read / Write definitions
36 /* Size limit control */
37 #define OS_SIZE_8192 8192
38 #define OS_SIZE_6144 6144
39 #define OS_SIZE_4096 4096
40 #define OS_SIZE_2048 2048
41 #define OS_SIZE_1024 1024
42 #define OS_SIZE_256 256
43 #define OS_SIZE_128 128
45 #define OS_MAXSTR OS_SIZE_6144 /* Size for logs, sockets, etc */
46 #define OS_BUFFER_SIZE OS_SIZE_2048 /* Size of general buffers */
47 #define OS_FLSIZE OS_SIZE_256 /* Maximum file size */
48 #define OS_HEADER_SIZE OS_SIZE_128 /* Maximum header size */
49 #define OS_LOG_HEADER OS_SIZE_256 /* Maximum log header size */
50 #define IPSIZE 16 /* IP Address size */
53 /* Some Global names */
54 #define __name "OSSEC HIDS"
55 #define __version "v2.7"
56 #define __author "Trend Micro Inc."
57 #define __contact "contact@ossec.net"
58 #define __site "http://www.ossec.net"
60 This program is free software; you can redistribute it and/or modify\n\
61 it under the terms of the GNU General Public License (version 2) as \n\
62 published by the Free Software Foundation. For more details, go to \n\
63 http://www.ossec.net/main/license/\n"
65 /* Maximum allowed PID */
73 /* Max limit of 256 agents */
75 #define MAX_AGENTS 256
79 /* manager notification */
80 #define NOTIFY_TIME 600 /* every 10 minutes */
83 /* User Configuration */
85 #define MAILUSER "ossecm"
93 #define REMUSER "ossecr"
97 #define GROUPGLOBAL "ossec"
101 #define DEFAULTDIR "/var/ossec"
106 #define DEFAULTQUEUE "/queue/ossec/queue"
109 /* Active response files */
111 #define DEFAULTAR "/etc/shared/ar.conf"
112 #define AR_BINDIR "/active-response/bin"
113 #define AGENTCONFIGINT "/etc/shared/agent.conf"
114 #define AGENTCONFIG DEFAULTDIR "/etc/shared/agent.conf"
116 #define DEFAULTAR "shared/ar.conf"
117 #define AR_BINDIR "active-response/bin"
118 #define AGENTCONFIG "shared/agent.conf"
119 #define AGENTCONFIGINT "shared/agent.conf"
124 #define EXECQUEUE "/queue/alerts/execq"
127 /* Active response queue */
128 #define ARQUEUE "/queue/alerts/ar"
132 #define XML_DECODER "/etc/decoder.xml"
133 #define XML_LDECODER "/etc/local_decoder.xml"
136 /* Agent information location */
137 #define AGENTINFO_DIR "/queue/agent-info"
140 /* Syscheck directory */
141 #define SYSCHECK_DIR "/queue/syscheck"
143 /* Rootcheck directory */
144 #define ROOTCHECK_DIR "/queue/rootcheck"
147 #define DIFF_DIR "/queue/diff"
148 #define DIFF_DIR_PATH DEFAULTDIR DIFF_DIR
149 #define DIFF_NEW_FILE "new-entry"
150 #define DIFF_LAST_FILE "last-entry"
154 #define SYSCHECK "syscheck"
155 #define SYSCHECK_REG "syscheck-registry"
159 #define RULEPATH "/rules"
164 #define WAIT_FILE "/queue/ossec/.wait"
166 #define WAIT_FILE ".wait"
170 /* Agent information file */
172 #define AGENT_INFO_FILE "/queue/ossec/.agent_info"
173 #define AGENT_INFO_FILEP DEFAULTDIR AGENT_INFO_FILE
175 #define AGENT_INFO_FILE ".agent_info"
176 #define AGENT_INFO_FILEP AGENT_INFO_FILE
180 /* Syscheck restart */
182 #define SYSCHECK_RESTART "/var/run/.syscheck_run"
183 #define SYSCHECK_RESTART_PATH DEFAULTDIR SYSCHECK_RESTART
185 #define SYSCHECK_RESTART "syscheck/.syscheck_run"
186 #define SYSCHECK_RESTART_PATH "syscheck/.syscheck_run"
190 /* Agentless directories. */
191 #define AGENTLESSDIR "/agentless"
192 #define AGENTLESSPASS "/agentless/.passlist"
193 #define AGENTLESS_ENTRYDIR "/queue/agentless"
196 /* Internal definitions files */
198 #define OSSEC_DEFINES "/etc/internal_options.conf"
199 #define OSSEC_LDEFINES "/etc/local_internal_options.conf"
201 #define OSSEC_DEFINES "internal_options.conf"
202 #define OSSEC_LDEFINES "local_internal_options.conf"
206 /* Log directories */
207 #define EVENTS "/logs/archives"
208 #define EVENTS_DAILY "/logs/archives/archives.log"
209 #define ALERTS "/logs/alerts"
210 #define ALERTS_DAILY "/logs/alerts/alerts.log"
211 #define FWLOGS "/logs/firewall"
212 #define FWLOGS_DAILY "/logs/firewall/firewall.log"
215 /* Stats directories */
216 #define STATWQUEUE "/stats/weekly-average"
217 #define STATQUEUE "/stats/hourly-average"
218 #define STATSAVED "/stats/totals"
221 /* Authentication keys file */
223 #define KEYS_FILE "/etc/client.keys"
224 #define KEYSFILE_PATH DEFAULTDIR KEYS_FILE
226 #define KEYS_FILE "client.keys"
227 #define KEYSFILE_PATH KEYS_FILE
231 #define AUTH_FILE KEYS_FILE
235 /* Shared config directory */
237 #define SHAREDCFG_DIR "/etc/shared"
239 #define SHAREDCFG_DIR "shared"
242 /* Built in defines */
243 #define DEFAULTQPATH DEFAULTDIR DEFAULTQUEUE
246 #define OSSECCONF "/etc/ossec.conf"
247 #define DEFAULTCPATH DEFAULTDIR OSSECCONF
249 #define OSSECCONF "ossec.conf"
250 #define DEFAULTCPATH "ossec.conf"
254 #define DEFAULTARPATH DEFAULTDIR DEFAULTAR
255 #define AR_BINDIRPATH DEFAULTDIR AR_BINDIR
256 #define AGENTLESSDIRPATH DEFAULTDIR AGENTLESSDIR
257 #define AGENTLESSPASSPATH DEFAULTDIR AGENTLESSPASS
258 #define AGENTLESS_ENTRYDIRPATH DEFAULTDIR AGENTLESS_ENTRYDIR
260 #define DEFAULTARPATH "shared/ar.conf"
261 #define AR_BINDIRPATH "active-response/bin"
262 #define AGENTLESSDIRPATH AGENTLESSDIR
263 #define AGENTLESSPASSPATH AGENTLESSPASS
264 #define AGENTLESS_ENTRYDIRPATH AGENTLESS_ENTRYDIR
266 #define EXECQUEUEPATH DEFAULTDIR EXECQUEUE
269 #define SHAREDCFG_DIRPATH SHAREDCFG_DIR
271 #define SHAREDCFG_DIRPATH DEFAULTDIR SHAREDCFG_DIR
274 #define SHAREDCFG_FILE SHAREDCFG_DIR "/merged.mg"
275 #define SHAREDCFG_FILEPATH SHAREDCFG_DIRPATH "/merged.mg"
276 #define SHAREDCFG_FILENAME "merged.mg"
279 #define WAIT_FILE_PATH DEFAULTDIR WAIT_FILE
283 #ifndef DEFAULT_SECURE
284 #define DEFAULT_SECURE 1514 /* Default encrypted */
287 #ifndef DEFAULT_SYSLOG
288 #define DEFAULT_SYSLOG 514 /* Default syslog port - udp */
293 /* Xml global elements */
295 #define xml_global "global"
299 #define xml_alerts "alerts"
303 #define xml_rules "rules"
306 #ifndef xml_localfile
307 #define xml_localfile "localfile"
311 #define xml_remote "remote"
315 #define xml_client "client"
319 #define xml_execd "execd"
323 #define xml_syscheck "syscheck"
326 #ifndef xml_rootcheck
327 #define xml_rootcheck "rootcheck"
331 #define xml_command "command"
335 #define xml_ar "active-response"
338 #endif /* __OS_HEADERS */