1 /* @(#) $Id: ./src/syscheckd/syscheck.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
19 * Copyright (C) 2003 Daniel B. Cid <daniel@underlinux.com.br>
20 * http://www.ossec.net
22 * syscheck.c, 2004/03/17, Daniel B. Cid
25 /* Inclusion of syscheck into OSSEC */
31 #include "rootcheck/rootcheck.h"
33 int dump_syscheck_entry(config *syscheck, char *entry, int vals, int reg, char *restrictfile);
37 /* void read_internal()
38 * Reads syscheck internal options.
42 syscheck.tsleep = getDefine_Int("syscheck","sleep",0,64);
43 syscheck.sleep_after = getDefine_Int("syscheck","sleep_after",1,9999);
50 /* int Start_win32_Syscheck()
51 * syscheck main for windows
53 int Start_win32_Syscheck()
56 char *cfg = DEFAULTCPATH;
59 /* Zeroing the structure */
60 syscheck.workdir = DEFAULTDIR;
63 /* Checking if the configuration is present */
64 if(File_DateofChange(cfg) < 0)
65 ErrorExit(NO_CONFIG, ARGV0, cfg);
68 /* Read syscheck config */
69 if((r = Read_Syscheck_Config(cfg)) < 0)
71 ErrorExit(CONFIG_ERROR, ARGV0, cfg);
74 else if((r == 1) || (syscheck.disabled == 1))
78 merror(SK_NO_DIR, ARGV0);
79 dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
81 else if(!syscheck.dir[0])
83 merror(SK_NO_DIR, ARGV0);
85 syscheck.dir[0] = NULL;
87 if(!syscheck.registry)
89 dump_syscheck_entry(&syscheck, "", 0, 1, NULL);
91 syscheck.registry[0] = NULL;
93 merror("%s: WARN: Syscheck disabled.", ARGV0);
97 /* Reading internal options */
101 /* Rootcheck config */
102 if(rootcheck_init(0) == 0)
104 syscheck.rootcheck = 1;
108 syscheck.rootcheck = 0;
109 merror("%s: WARN: Rootcheck module disabled.", ARGV0);
114 /* Printing options */
116 while(syscheck.registry[r] != NULL)
118 verbose("%s: INFO: Monitoring registry entry: '%s'.",
119 ARGV0, syscheck.registry[r]);
124 while(syscheck.dir[r] != NULL)
126 verbose("%s: INFO: Monitoring directory: '%s'.",
127 ARGV0, syscheck.dir[r]);
132 /* Start up message */
133 verbose(STARTUP_MSG, ARGV0, getpid());
138 sleep(syscheck.tsleep + 10);
141 /* Waiting if agent started properly. */
154 /* Syscheck unix main.
157 int main(int argc, char **argv)
160 int test_config = 0,run_foreground = 0;
162 char *cfg = DEFAULTCPATH;
165 /* Zeroing the structure */
166 syscheck.workdir = NULL;
169 /* Setting the name */
173 while((c = getopt(argc, argv, "VtdhfD:c:")) != -1)
191 ErrorExit("%s: -D needs an argument",ARGV0);
192 syscheck.workdir = optarg;
196 ErrorExit("%s: -c needs an argument",ARGV0);
209 /* Checking if the configuration is present */
210 if(File_DateofChange(cfg) < 0)
211 ErrorExit(NO_CONFIG, ARGV0, cfg);
214 /* Read syscheck config */
215 if((r = Read_Syscheck_Config(cfg)) < 0)
217 ErrorExit(CONFIG_ERROR, ARGV0, cfg);
219 else if((r == 1) || (syscheck.disabled == 1))
224 merror(SK_NO_DIR, ARGV0);
225 dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
227 else if(!syscheck.dir[0])
230 merror(SK_NO_DIR, ARGV0);
232 syscheck.dir[0] = NULL;
235 merror("%s: WARN: Syscheck disabled.", ARGV0);
240 /* Reading internal options */
245 /* Rootcheck config */
246 if(rootcheck_init(test_config) == 0)
248 syscheck.rootcheck = 1;
252 syscheck.rootcheck = 0;
253 merror("%s: WARN: Rootcheck module disabled.", ARGV0);
257 /* Exit if testing config */
262 /* Setting default values */
263 if(syscheck.workdir == NULL)
264 syscheck.workdir = DEFAULTDIR;
273 /* Initial time to settle */
274 sleep(syscheck.tsleep + 2);
277 /* Connect to the queue */
278 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
280 merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
283 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
285 /* more 10 seconds of wait.. */
286 merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
288 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
289 ErrorExit(QUEUE_FATAL,ARGV0,DEFAULTQPATH);
294 /* Start the signal handling */
299 if(CreatePID(ARGV0, getpid()) < 0)
300 merror(PID_ERROR,ARGV0);
303 /* Start up message */
304 verbose(STARTUP_MSG, ARGV0, (int)getpid());
306 if(syscheck.rootcheck)
308 verbose(STARTUP_MSG, "ossec-rootcheck", (int)getpid());
312 /* Printing directories to be monitored. */
314 while(syscheck.dir[r] != NULL)
316 verbose("%s: INFO: Monitoring directory: '%s'.",
317 ARGV0, syscheck.dir[r]);
321 /* Checking directories set for real time. */
323 while(syscheck.dir[r] != NULL)
325 if(syscheck.opts[r] & CHECK_REALTIME)
328 verbose("%s: INFO: Directory set for real time monitoring: "
329 "'%s'.", ARGV0, syscheck.dir[r]);
331 verbose("%s: INFO: Directory set for real time monitoring: "
332 "'%s'.", ARGV0, syscheck.dir[r]);
334 verbose("%s: WARN: Ignoring flag for real time monitoring on "
335 "directory: '%s'.", ARGV0, syscheck.dir[r]);
343 sleep(syscheck.tsleep + 10);
346 /* Start the daemon */
351 #endif /* ifndef WIN32 */