1 /* Copyright (C) 2009-2019 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
10 /* Global Definitions */
24 /* Size limit control */
25 #define OS_SIZE_8192 8192
26 #define OS_SIZE_6144 6144
27 #define OS_SIZE_4096 4096
28 #define OS_SIZE_2048 2048
29 #define OS_SIZE_1024 1024
30 #define OS_SIZE_256 256
31 #define OS_SIZE_128 128
33 #define OS_MAXSTR OS_SIZE_6144 /* Size for logs, sockets, etc */
34 #define OS_BUFFER_SIZE OS_SIZE_2048 /* Size of general buffers */
35 #define OS_FLSIZE OS_SIZE_256 /* Maximum file size */
36 #define OS_HEADER_SIZE OS_SIZE_128 /* Maximum header size */
37 #define OS_LOG_HEADER OS_SIZE_256 /* Maximum log header size */
38 #define IPSIZE INET6_ADDRSTRLEN /* IP Address size */
40 /* Some global names */
41 #define __ossec_name "OSSEC HIDS"
42 #define __version "v3.3.0"
43 #define __author "OSSEC Foundation"
44 #define __contact "contact@ossec.net"
45 #define __site "https://www.ossec.net"
47 This program is free software; you can redistribute it and/or modify\n\
48 it under the terms of the GNU General Public License (version 2) as \n\
49 published by the Free Software Foundation. For more details, go to \n\
50 http://www.ossec.net/main/license/\n"
52 /* Maximum allowed PID */
59 /* Limit of 256 agents */
61 #define MAX_AGENTS 256
64 /* First ID assigned by authd */
65 #ifndef AUTHD_FIRST_ID
66 #define AUTHD_FIRST_ID 1024
69 /* Notify the manager */
70 #define NOTIFY_TIME 600 /* ... every 600 seconds (10 minutes) */
72 /* User Configuration */
74 #define MAILUSER "ossecm"
82 #define REMUSER "ossecr"
86 #define GROUPGLOBAL "ossec"
90 #define DEFAULTDIR "/var/ossec"
94 #define DEFAULTQUEUE "/queue/ossec/queue"
96 /* Active Response files */
98 #define DEFAULTAR "/etc/shared/ar.conf"
99 #define AR_BINDIR "/active-response/bin"
100 #define AGENTCONFIGINT "/etc/shared/agent.conf"
101 #define AGENTCONFIG DEFAULTDIR "/etc/shared/agent.conf"
103 #define DEFAULTAR "shared/ar.conf"
104 #define AR_BINDIR "active-response/bin"
105 #define AGENTCONFIG "shared/agent.conf"
106 #define AGENTCONFIGINT "shared/agent.conf"
110 #define EXECQUEUE "/queue/alerts/execq"
112 /* Active Response queue */
113 #define ARQUEUE "/queue/alerts/ar"
116 #define XML_DECODER "/etc/decoder.xml"
117 #define XML_LDECODER "/etc/local_decoder.xml"
119 /* Agent information location */
120 #define AGENTINFO_DIR "/queue/agent-info"
122 /* Syscheck directory */
123 #define SYSCHECK_DIR "/queue/syscheck"
125 /* Rootcheck directory */
126 #define ROOTCHECK_DIR "/queue/rootcheck"
129 #define DIFF_DIR "/queue/diff"
130 #define DIFF_DIR_PATH DEFAULTDIR DIFF_DIR
131 #define DIFF_NEW_FILE "new-entry"
132 #define DIFF_LAST_FILE "last-entry"
135 #define SYSCHECK "syscheck"
136 #define SYSCHECK_REG "syscheck-registry"
139 #define RULEPATH "/rules"
143 #define WAIT_FILE "/queue/ossec/.wait"
145 #define WAIT_FILE ".wait"
148 /* Agent information file */
150 #define AGENT_INFO_FILE "/queue/ossec/.agent_info"
151 #define AGENT_INFO_FILEP DEFAULTDIR AGENT_INFO_FILE
153 #define AGENT_INFO_FILE ".agent_info"
154 #define AGENT_INFO_FILEP AGENT_INFO_FILE
157 /* Syscheck restart */
159 #define SYSCHECK_RESTART "/var/run/.syscheck_run"
160 #define SYSCHECK_RESTART_PATH DEFAULTDIR SYSCHECK_RESTART
162 #define SYSCHECK_RESTART "syscheck/.syscheck_run"
163 #define SYSCHECK_RESTART_PATH "syscheck/.syscheck_run"
166 /* Agentless directories */
167 #define AGENTLESSDIR "/agentless"
168 #define AGENTLESSPASS "/agentless/.passlist"
169 #define AGENTLESS_ENTRYDIR "/queue/agentless"
171 /* Internal definitions files */
173 #define OSSEC_DEFINES "/etc/internal_options.conf"
174 #define OSSEC_LDEFINES "/etc/local_internal_options.conf"
176 #define OSSEC_DEFINES "internal_options.conf"
177 #define OSSEC_LDEFINES "local_internal_options.conf"
180 /* Log directories */
181 #define EVENTS "/logs/archives"
182 #define EVENTS_DAILY "/logs/archives/archives.log"
183 #define ALERTS "/logs/alerts"
184 #define ALERTS_PATH DEFAULTDIR ALERTS
185 #define ALERTS_DAILY "/logs/alerts/alerts.log"
186 #define ALERTSJSON_DAILY "/logs/alerts/alerts.json"
187 #define FWLOGS "/logs/firewall"
188 #define FWLOGS_DAILY "/logs/firewall/firewall.log"
189 #define EVENTSJSON_DAILY "/logs/archives/archives.json"
191 /* Stats directories */
192 #define STATWQUEUE "/stats/weekly-average"
193 #define STATQUEUE "/stats/hourly-average"
194 #define STATSAVED "/stats/totals"
196 /* Authentication keys file */
198 #define KEYS_FILE "/etc/client.keys"
199 #define AUTHD_PASS "/etc/authd.pass"
200 #define KEYSFILE_PATH DEFAULTDIR KEYS_FILE
201 #define AUTHDPASS_PATH DEFAULTDIR AUTHD_PASS
203 #define KEYS_FILE "client.keys"
204 #define KEYSFILE_PATH KEYS_FILE
205 #define AUTHD_PASS "authd.pass"
206 #define AUTHDPASS_PATH AUTHD_PASS
210 #define AUTH_FILE KEYS_FILE
213 /* Shared config directory */
215 #define SHAREDCFG_DIR "/etc/shared"
217 #define SHAREDCFG_DIR "shared"
220 /* Built-in defines */
221 #define DEFAULTQPATH DEFAULTDIR DEFAULTQUEUE
224 #define OSSECCONF "/etc/ossec.conf"
225 #define DEFAULTCPATH DEFAULTDIR OSSECCONF
227 #define OSSECCONF "ossec.conf"
228 #define DEFAULTCPATH "ossec.conf"
232 #define DEFAULTARPATH DEFAULTDIR DEFAULTAR
233 #define AR_BINDIRPATH DEFAULTDIR AR_BINDIR
234 #define AGENTLESSDIRPATH DEFAULTDIR AGENTLESSDIR
235 #define AGENTLESSPASSPATH DEFAULTDIR AGENTLESSPASS
236 #define AGENTLESS_ENTRYDIRPATH DEFAULTDIR AGENTLESS_ENTRYDIR
238 #define DEFAULTARPATH "shared/ar.conf"
239 #define AR_BINDIRPATH "active-response/bin"
240 #define AGENTLESSDIRPATH AGENTLESSDIR
241 #define AGENTLESSPASSPATH AGENTLESSPASS
242 #define AGENTLESS_ENTRYDIRPATH AGENTLESS_ENTRYDIR
244 #define EXECQUEUEPATH DEFAULTDIR EXECQUEUE
247 #define SHAREDCFG_DIRPATH SHAREDCFG_DIR
249 #define SHAREDCFG_DIRPATH DEFAULTDIR SHAREDCFG_DIR
252 #define SHAREDCFG_FILE SHAREDCFG_DIR "/merged.mg"
253 #define SHAREDCFG_FILEPATH SHAREDCFG_DIRPATH "/merged.mg"
254 #define SHAREDCFG_FILENAME "merged.mg"
256 #define WAIT_FILE_PATH DEFAULTDIR WAIT_FILE
258 #define TMP_DIR "tmp"
260 /* Windows COMSPEC */
261 #define COMSPEC "C:\\Windows\\System32\\cmd.exe"
264 #ifndef DEFAULT_SECURE
265 #define DEFAULT_SECURE "1514" /* Default encrypted */
268 #ifndef DEFAULT_SYSLOG
269 #define DEFAULT_SYSLOG "514" /* Default syslog port - udp */
272 /* XML global elements */
274 #define xml_global "global"
278 #define xml_alerts "alerts"
282 #define xml_rules "rules"
285 #ifndef xml_localfile
286 #define xml_localfile "localfile"
290 #define xml_remote "remote"
294 #define xml_client "client"
298 #define xml_execd "execd"
302 #define xml_syscheck "syscheck"
305 #ifndef xml_rootcheck
306 #define xml_rootcheck "rootcheck"
310 #define xml_command "command"
314 #define xml_ar "active-response"
317 #endif /* __OS_HEADERS */