1 /* Copyright (C) 2010 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
13 static void help_reportd(void) __attribute__((noreturn));
16 /* Print help statement */
17 static void help_reportd()
20 print_out(" Generate reports (via stdin)");
21 print_out(" %s: -[Vhdtns] [-u user] [-g group] [-D dir] [-f filter value] [-r filter value]", ARGV0);
22 print_out(" -V Version and license message");
23 print_out(" -h This help message");
24 print_out(" -d Execute in debug mode. This parameter");
25 print_out(" can be specified multiple times");
26 print_out(" to increase the debug level.");
27 print_out(" -t Test configuration");
28 print_out(" -n Create description for the report");
29 print_out(" -s Show the alert dump");
30 print_out(" -u <user> User to run as (default: %s)", USER);
31 print_out(" -g <group> Group to run as (default: %s)", GROUPGLOBAL);
32 print_out(" -D <dir> Directory to chroot into (default: %s)", DEFAULTDIR);
33 print_out(" -f <filter> <value> Filter the results");
34 print_out(" -r <filter> <value> Show related entries");
35 print_out(" Filters allowed: group, rule, level, location,");
36 print_out(" user, srcip, filename");
37 print_out(" Examples:");
38 print_out(" -f group authentication_success (to filter on login success)");
39 print_out(" -f level 10 (to filter on level >= 10)");
40 print_out(" -f group authentication -r user srcip (to show srcip for all users)");
45 int main(int argc, char **argv)
47 int c, test_config = 0;
50 const char *dir = DEFAULTDIR;
51 const char *user = USER;
52 const char *group = GROUPGLOBAL;
54 const char *filter_by = NULL;
55 const char *filter_value = NULL;
57 const char *related_of = NULL;
58 const char *related_values = NULL;
59 report_filter r_filter;
64 r_filter.group = NULL;
66 r_filter.level = NULL;
67 r_filter.location = NULL;
68 r_filter.srcip = NULL;
70 r_filter.files = NULL;
71 r_filter.show_alerts = 0;
73 r_filter.related_group = 0;
74 r_filter.related_rule = 0;
75 r_filter.related_level = 0;
76 r_filter.related_location = 0;
77 r_filter.related_srcip = 0;
78 r_filter.related_user = 0;
79 r_filter.related_file = 0;
81 r_filter.report_name = NULL;
83 while ((c = getopt(argc, argv, "Vdhstu:g:D:f:v:n:r:")) != -1) {
96 ErrorExit("%s: -n needs an argument", ARGV0);
98 r_filter.report_name = optarg;
101 if (!optarg || !argv[optind]) {
102 ErrorExit("%s: -r needs two argument", ARGV0);
105 related_values = argv[optind];
107 if (os_report_configfilter(related_of, related_values,
108 &r_filter, REPORT_RELATED) < 0) {
109 ErrorExit(CONFIG_ERROR, ARGV0, "user argument");
115 ErrorExit("%s: -f needs two argument", ARGV0);
118 filter_value = argv[optind];
120 if (os_report_configfilter(filter_by, filter_value,
121 &r_filter, REPORT_FILTER) < 0) {
122 ErrorExit(CONFIG_ERROR, ARGV0, "user argument");
128 ErrorExit("%s: -u needs an argument", ARGV0);
134 ErrorExit("%s: -g needs an argument", ARGV0);
140 ErrorExit("%s: -D needs an argument", ARGV0);
148 r_filter.show_alerts = 1;
158 debug1(STARTED_MSG, ARGV0);
160 /* Check if the user/group given are valid */
161 uid = Privsep_GetUser(user);
162 gid = Privsep_GetGroup(group);
163 if (uid == (uid_t) - 1 || gid == (gid_t) - 1) {
164 ErrorExit(USER_ERROR, ARGV0, user, group);
167 /* Exit here if test config is set */
172 /* Privilege separation */
173 if (Privsep_SetGroup(gid) < 0) {
174 ErrorExit(SETGID_ERROR, ARGV0, group, errno, strerror(errno));
178 if (Privsep_Chroot(dir) < 0) {
179 ErrorExit(CHROOT_ERROR, ARGV0, dir, errno, strerror(errno));
184 if (Privsep_SetUser(uid) < 0) {
185 ErrorExit(SETUID_ERROR, ARGV0, user, errno, strerror(errno));
188 debug1(CHROOT_MSG, ARGV0, dir);
189 debug1(PRIVSEP_MSG, ARGV0, user);
191 /* Signal manipulation */
194 /* Create PID files */
195 if (CreatePID(ARGV0, getpid()) < 0) {
196 ErrorExit(PID_ERROR, ARGV0);
199 /* Start up message */
200 verbose(STARTUP_MSG, ARGV0, (int)getpid());
202 /* The real stuff now */
203 os_ReportdStart(&r_filter);