3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
18 * Copyright (C) 2003 Daniel B. Cid <daniel@underlinux.com.br>
19 * http://www.ossec.net
21 * syscheck.c, 2004/03/17, Daniel B. Cid
24 /* Inclusion of syscheck into OSSEC */
30 #include "rootcheck/rootcheck.h"
32 int dump_syscheck_entry(config *syscheck, char *entry, int vals, int reg);
36 /* void read_internal()
37 * Reads syscheck internal options.
41 syscheck.tsleep = getDefine_Int("syscheck","sleep",0,64);
42 syscheck.sleep_after = getDefine_Int("syscheck","sleep_after",1,9999);
49 /* int Start_win32_Syscheck()
50 * syscheck main for windows
52 int Start_win32_Syscheck()
55 char *cfg = DEFAULTCPATH;
58 /* Zeroing the structure */
59 syscheck.workdir = DEFAULTDIR;
62 /* Checking if the configuration is present */
63 if(File_DateofChange(cfg) < 0)
64 ErrorExit(NO_CONFIG, ARGV0, cfg);
67 /* Read syscheck config */
68 if((r = Read_Syscheck_Config(cfg)) < 0)
70 ErrorExit(CONFIG_ERROR, ARGV0, cfg);
73 else if((r == 1) || (syscheck.disabled == 1))
77 merror(SK_NO_DIR, ARGV0);
78 dump_syscheck_entry(&syscheck, "", 0, 0);
80 else if(!syscheck.dir[0])
82 merror(SK_NO_DIR, ARGV0);
84 syscheck.dir[0] = NULL;
86 if(!syscheck.registry)
88 dump_syscheck_entry(&syscheck, "", 0, 1);
90 syscheck.registry[0] = NULL;
92 merror("%s: WARN: Syscheck disabled.", ARGV0);
96 /* Reading internal options */
100 /* Rootcheck config */
101 if(rootcheck_init(0) == 0)
103 syscheck.rootcheck = 1;
107 syscheck.rootcheck = 0;
108 merror("%s: WARN: Rootcheck module disabled.", ARGV0);
113 /* Printing options */
115 while(syscheck.registry[r] != NULL)
117 verbose("%s: INFO: Monitoring registry entry: '%s'.",
118 ARGV0, syscheck.registry[r]);
123 while(syscheck.dir[r] != NULL)
125 verbose("%s: INFO: Monitoring directory: '%s'.",
126 ARGV0, syscheck.dir[r]);
131 /* Start up message */
132 verbose(STARTUP_MSG, ARGV0, getpid());
137 sleep(syscheck.tsleep + 10);
140 /* Waiting if agent started properly. */
153 /* Syscheck unix main.
156 int main(int argc, char **argv)
159 int test_config = 0,run_foreground = 0;
161 char *cfg = DEFAULTCPATH;
164 /* Zeroing the structure */
165 syscheck.workdir = NULL;
168 /* Setting the name */
172 while((c = getopt(argc, argv, "VtdhfD:c:")) != -1)
190 ErrorExit("%s: -D needs an argument",ARGV0);
191 syscheck.workdir = optarg;
195 ErrorExit("%s: -c needs an argument",ARGV0);
208 /* Checking if the configuration is present */
209 if(File_DateofChange(cfg) < 0)
210 ErrorExit(NO_CONFIG, ARGV0, cfg);
213 /* Read syscheck config */
214 if((r = Read_Syscheck_Config(cfg)) < 0)
216 ErrorExit(CONFIG_ERROR, ARGV0, cfg);
218 else if((r == 1) || (syscheck.disabled == 1))
223 merror(SK_NO_DIR, ARGV0);
224 dump_syscheck_entry(&syscheck, "", 0, 0);
226 else if(!syscheck.dir[0])
229 merror(SK_NO_DIR, ARGV0);
231 syscheck.dir[0] = NULL;
234 merror("%s: WARN: Syscheck disabled.", ARGV0);
239 /* Reading internal options */
244 /* Rootcheck config */
245 if(rootcheck_init(test_config) == 0)
247 syscheck.rootcheck = 1;
251 syscheck.rootcheck = 0;
252 merror("%s: WARN: Rootcheck module disabled.", ARGV0);
256 /* Exit if testing config */
261 /* Setting default values */
262 if(syscheck.workdir == NULL)
263 syscheck.workdir = DEFAULTDIR;
272 /* Initial time to settle */
273 sleep(syscheck.tsleep + 2);
276 /* Connect to the queue */
277 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
279 merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
282 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
284 /* more 10 seconds of wait.. */
285 merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
287 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
288 ErrorExit(QUEUE_FATAL,ARGV0,DEFAULTQPATH);
293 /* Start the signal handling */
298 if(CreatePID(ARGV0, getpid()) < 0)
299 merror(PID_ERROR,ARGV0);
302 /* Start up message */
303 verbose(STARTUP_MSG, ARGV0, (int)getpid());
305 if(syscheck.rootcheck)
307 verbose(STARTUP_MSG, "ossec-rootcheck", (int)getpid());
311 /* Printing directories to be monitored. */
313 while(syscheck.dir[r] != NULL)
315 verbose("%s: INFO: Monitoring directory: '%s'.",
316 ARGV0, syscheck.dir[r]);
320 /* Checking directories set for real time. */
322 while(syscheck.dir[r] != NULL)
324 if(syscheck.opts[r] & CHECK_REALTIME)
327 verbose("%s: INFO: Directory set for real time monitoring: "
328 "'%s'.", ARGV0, syscheck.dir[r]);
330 verbose("%s: INFO: Directory set for real time monitoring: "
331 "'%s'.", ARGV0, syscheck.dir[r]);
333 verbose("%s: WARN: Ignoring flag for real time monitoring on "
334 "directory: '%s'.", ARGV0, syscheck.dir[r]);
342 sleep(syscheck.tsleep + 10);
345 /* Start the daemon */
350 #endif /* ifndef WIN32 */