1 /* @(#) $Id: ./src/syscheckd/syscheck.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
19 * Copyright (C) 2003 Daniel B. Cid <daniel@underlinux.com.br>
20 * http://www.ossec.net
22 * syscheck.c, 2004/03/17, Daniel B. Cid
25 /* Inclusion of syscheck into OSSEC */
31 #include "rootcheck/rootcheck.h"
33 int dump_syscheck_entry(syscheck_config *syscheck, char *entry, int vals, int reg, char *restrictfile);
37 magic_t magic_cookie = 0;
39 void init_magic(magic_t* cookie_ptr)
41 if(!cookie_ptr || *cookie_ptr) return;
43 *cookie_ptr = magic_open(MAGIC_MIME_TYPE);
47 const char* err = magic_error(*cookie_ptr);
48 merror("%s: ERROR: Can't init libmagic: %s", ARGV0, err ? err : "unknown");
50 else if(magic_load(*cookie_ptr, NULL) < 0)
52 const char* err = magic_error(*cookie_ptr);
53 merror("%s: ERROR: Can't load magic file: %s", ARGV0, err ? err : "unknown");
54 magic_close(*cookie_ptr);
61 /* void read_internal()
62 * Reads syscheck internal options.
64 void read_internal(int debug_level)
66 syscheck.tsleep = getDefine_Int("syscheck","sleep",0,64);
67 syscheck.sleep_after = getDefine_Int("syscheck","sleep_after",1,9999);
69 /* Check current debug_level
70 * Command line setting takes precedence
74 /* Getting debug level */
75 debug_level = getDefine_Int("syscheck", "debug", 0, 2);
76 while(debug_level != 0)
88 /* int Start_win32_Syscheck()
89 * syscheck main for windows
91 int Start_win32_Syscheck()
95 char *cfg = DEFAULTCPATH;
98 /* Reading internal options */
99 read_internal(debug_level);
102 debug1(STARTED_MSG, ARGV0);
105 /* Zeroing the structure */
106 syscheck.workdir = DEFAULTDIR;
109 /* Checking if the configuration is present */
110 if(File_DateofChange(cfg) < 0)
111 ErrorExit(NO_CONFIG, ARGV0, cfg);
114 /* Read syscheck config */
115 if((r = Read_Syscheck_Config(cfg)) < 0)
117 ErrorExit(CONFIG_ERROR, ARGV0, cfg);
120 else if((r == 1) || (syscheck.disabled == 1))
124 merror(SK_NO_DIR, ARGV0);
125 dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
127 else if(!syscheck.dir[0])
129 merror(SK_NO_DIR, ARGV0);
131 syscheck.dir[0] = NULL;
133 if(!syscheck.registry)
135 dump_syscheck_entry(&syscheck, "", 0, 1, NULL);
137 syscheck.registry[0] = NULL;
139 merror("%s: WARN: Syscheck disabled.", ARGV0);
143 /* Rootcheck config */
144 if(rootcheck_init(0) == 0)
146 syscheck.rootcheck = 1;
150 syscheck.rootcheck = 0;
151 merror("%s: WARN: Rootcheck module disabled.", ARGV0);
156 /* Printing options */
158 while(syscheck.registry[r] != NULL)
160 verbose("%s: INFO: Monitoring registry entry: '%s'.",
161 ARGV0, syscheck.registry[r]);
166 while(syscheck.dir[r] != NULL)
168 verbose("%s: INFO: Monitoring directory: '%s'.",
169 ARGV0, syscheck.dir[r]);
174 /* Start up message */
175 verbose(STARTUP_MSG, ARGV0, getpid());
180 sleep(syscheck.tsleep + 10);
183 /* Waiting if agent started properly. */
196 /* Syscheck unix main.
199 int main(int argc, char **argv)
203 int test_config = 0,run_foreground = 0;
205 char *cfg = DEFAULTCPATH;
208 /* Zeroing the structure */
209 syscheck.workdir = NULL;
212 /* Setting the name */
216 while((c = getopt(argc, argv, "VtdhfD:c:")) != -1)
235 ErrorExit("%s: -D needs an argument",ARGV0);
236 syscheck.workdir = optarg;
240 ErrorExit("%s: -c needs an argument",ARGV0);
253 /* Reading internal options */
254 read_internal(debug_level);
257 debug1(STARTED_MSG, ARGV0);
260 /* Checking if the configuration is present */
261 if(File_DateofChange(cfg) < 0)
262 ErrorExit(NO_CONFIG, ARGV0, cfg);
265 /* Read syscheck config */
266 if((r = Read_Syscheck_Config(cfg)) < 0)
268 ErrorExit(CONFIG_ERROR, ARGV0, cfg);
270 else if((r == 1) || (syscheck.disabled == 1))
275 merror(SK_NO_DIR, ARGV0);
276 dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
278 else if(!syscheck.dir[0])
281 merror(SK_NO_DIR, ARGV0);
283 syscheck.dir[0] = NULL;
286 merror("%s: WARN: Syscheck disabled.", ARGV0);
291 /* Rootcheck config */
292 if(rootcheck_init(test_config) == 0)
294 syscheck.rootcheck = 1;
298 syscheck.rootcheck = 0;
299 merror("%s: WARN: Rootcheck module disabled.", ARGV0);
303 /* Exit if testing config */
308 /* Setting default values */
309 if(syscheck.workdir == NULL)
310 syscheck.workdir = DEFAULTDIR;
315 init_magic(&magic_cookie);
325 /* Initial time to settle */
326 sleep(syscheck.tsleep + 2);
329 /* Connect to the queue */
330 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
332 merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
335 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
337 /* more 10 seconds of wait.. */
338 merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
340 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
341 ErrorExit(QUEUE_FATAL,ARGV0,DEFAULTQPATH);
346 /* Start the signal handling */
351 if(CreatePID(ARGV0, getpid()) < 0)
352 merror(PID_ERROR,ARGV0);
355 /* Start up message */
356 verbose(STARTUP_MSG, ARGV0, (int)getpid());
358 if(syscheck.rootcheck)
360 verbose(STARTUP_MSG, "ossec-rootcheck", (int)getpid());
364 /* Printing directories to be monitored. */
366 while(syscheck.dir[r] != NULL)
368 verbose("%s: INFO: Monitoring directory: '%s'.",
369 ARGV0, syscheck.dir[r]);
373 /* Checking directories set for real time. */
375 while(syscheck.dir[r] != NULL)
377 if(syscheck.opts[r] & CHECK_REALTIME)
380 verbose("%s: INFO: Directory set for real time monitoring: "
381 "'%s'.", ARGV0, syscheck.dir[r]);
383 verbose("%s: INFO: Directory set for real time monitoring: "
384 "'%s'.", ARGV0, syscheck.dir[r]);
386 verbose("%s: WARN: Ignoring flag for real time monitoring on "
387 "directory: '%s'.", ARGV0, syscheck.dir[r]);
395 sleep(syscheck.tsleep + 10);
398 /* Start the daemon */
403 #endif /* ifndef WIN32 */