1 /* @(#) $Id: ./src/util/agent_control.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
14 #include "addagent/manage_agents.h"
19 #define ARGV0 "agent_control"
25 printf("\nOSSEC HIDS %s: Control remote agents.\n", ARGV0);
26 printf("Available options:\n");
27 printf("\t-h This help message.\n");
28 printf("\t-l List available (active or not) agents.\n");
29 printf("\t-lc List active agents.\n");
30 printf("\t-i <id> Extracts information from an agent.\n");
31 printf("\t-R <id> Restarts agent.\n");
32 printf("\t-r -a Runs the integrity/rootkit checking on all agents now.\n");
33 printf("\t-r -u <id> Runs the integrity/rootkit checking on one agent now.\n\n");
34 printf("\t-b <ip> Blocks the specified ip address.\n");
35 printf("\t-f <ar> Used with -b, specifies which response to run.\n");
36 printf("\t-L List available active responses.\n");
37 printf("\t-s Changes the output to CSV (comma delimited).\n");
43 int main(int argc, char **argv)
45 char *dir = DEFAULTDIR;
46 char *group = GROUPGLOBAL;
48 char *agent_id = NULL;
49 char *ip_address = NULL;
55 int c = 0, restart_syscheck = 0, restart_all_agents = 0, list_agents = 0;
56 int info_agent = 0, agt_id = 0, active_only = 0, csv_output = 0;
57 int list_responses = 0, end_time = 0, restart_agent = 0;
65 /* Setting the name */
76 while((c = getopt(argc, argv, "VehdlLcsaru:i:b:f:R:")) != -1)
111 merror("%s: -u needs an argument",ARGV0);
119 merror("%s: -b needs an argument",ARGV0);
127 merror("%s: -e needs an argument",ARGV0);
135 merror("%s: -R needs an argument",ARGV0);
141 restart_all_agents = 1;
151 /* Getting the group name */
152 gid = Privsep_GetGroup(group);
153 uid = Privsep_GetUser(user);
156 ErrorExit(USER_ERROR, ARGV0, user, group);
160 /* Setting the group */
161 if(Privsep_SetGroup(gid) < 0)
163 ErrorExit(SETGID_ERROR,ARGV0, group);
167 /* Chrooting to the default directory */
168 if(Privsep_Chroot(dir) < 0)
170 ErrorExit(CHROOT_ERROR, ARGV0, dir);
174 /* Inside chroot now */
178 /* Setting the user */
179 if(Privsep_SetUser(uid) < 0)
181 ErrorExit(SETUID_ERROR, ARGV0, user);
186 /* Getting servers hostname */
187 memset(shost, '\0', 512);
188 if(gethostname(shost, 512 -1) != 0)
190 strncpy(shost, "localhost", 32);
195 /* Listing responses. */
201 printf("\nOSSEC HIDS %s. Available active responses:\n", ARGV0);
204 fp = fopen(DEFAULTAR, "r");
209 while(fgets(buffer, 255, fp) != NULL)
216 r_cmd = strchr(buffer, ' ');
227 r_timeout = strchr(r_cmd, ' ');
232 if(strcmp(r_name, "restart-ossec0") == 0)
236 printf("\n Response name: %s, command: %s", r_name, r_cmd);
244 printf("\n No active response available.\n\n");
251 /* Listing available agents. */
256 printf("\nOSSEC HIDS %s. List of available agents:",
258 printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, Active/Local\n",
263 printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
265 print_agents(1, active_only, csv_output);
272 /* Checking if the provided ID is valid. */
275 if(strcmp(agent_id, "000") != 0)
279 agt_id = OS_IsAllowedID(&keys, agent_id);
282 printf("\n** Invalid agent id '%s'.\n", agent_id);
295 /* Printing information from an agent. */
299 char final_ip[128 +1];
300 char final_mask[128 +1];
301 agent_info *agt_info;
303 final_ip[128] = '\0';
304 final_mask[128] = '\0';
308 printf("\nOSSEC HIDS %s. Agent information:", ARGV0);
312 agt_status = get_agent_status(keys.keyentries[agt_id]->name,
313 keys.keyentries[agt_id]->ip->ip);
315 agt_info = get_agent_info(keys.keyentries[agt_id]->name,
316 keys.keyentries[agt_id]->ip->ip);
318 /* Getting netmask from ip. */
319 getNetmask(keys.keyentries[agt_id]->ip->netmask, final_mask, 128);
320 snprintf(final_ip, 128, "%s%s",keys.keyentries[agt_id]->ip->ip,
326 printf("\n Agent ID: %s\n", keys.keyentries[agt_id]->id);
327 printf(" Agent Name: %s\n", keys.keyentries[agt_id]->name);
328 printf(" IP address: %s\n", final_ip);
329 printf(" Status: %s\n\n",print_agent_status(agt_status));
333 printf("%s,%s,%s,%s,",
334 keys.keyentries[agt_id]->id,
335 keys.keyentries[agt_id]->name,
337 print_agent_status(agt_status));
342 agt_status = get_agent_status(NULL, NULL);
343 agt_info = get_agent_info(NULL, "127.0.0.1");
347 printf("\n Agent ID: 000 (local instance)\n");
348 printf(" Agent Name: %s\n", shost);
349 printf(" IP address: 127.0.0.1\n");
350 printf(" Status: %s/Local\n\n",print_agent_status(agt_status));
355 printf("000,%s,127.0.0.1,%s/Local,",
357 print_agent_status(agt_status));
365 printf(" Operating system: %s\n", agt_info->os);
366 printf(" Client version: %s\n", agt_info->version);
367 printf(" Last keep alive: %s\n\n", agt_info->last_keepalive);
372 printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
373 printf(" Syscheck last ended at: %s\n", agt_info->syscheck_endtime);
374 printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
375 printf(" Rootcheck last ended at: %s\n\n", agt_info->rootcheck_endtime);
379 printf(" Syscheck last started at: %s\n", agt_info->syscheck_time);
380 printf(" Rootcheck last started at: %s\n", agt_info->rootcheck_time);
385 printf("%s,%s,%s,%s,%s,\n",
388 agt_info->last_keepalive,
389 agt_info->syscheck_time,
390 agt_info->rootcheck_time);
398 /* Restarting syscheck every where. */
399 if(restart_all_agents && restart_syscheck)
402 /* Connecting to remoted. */
403 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
404 arq = connect_to_remoted();
407 printf("\n** Unable to connect to remoted.\n");
410 debug1("%s: DEBUG: Connected...", ARGV0);
413 /* Sending restart message to all agents. */
414 if(send_msg_to_agent(arq, HC_SK_RESTART, NULL, NULL) == 0)
416 printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on all agents.",
421 printf("\n** Unable to restart syscheck on all agents.\n");
430 if(restart_syscheck && agent_id)
433 /* Restart on the server. */
434 if(strcmp(agent_id, "000") == 0)
436 os_set_restart_syscheck();
438 printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck "
439 "locally.\n", ARGV0);
446 /* Connecting to remoted. */
447 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
448 arq = connect_to_remoted();
451 printf("\n** Unable to connect to remoted.\n");
454 debug1("%s: DEBUG: Connected...", ARGV0);
457 if(send_msg_to_agent(arq, HC_SK_RESTART, agent_id, NULL) == 0)
459 printf("\nOSSEC HIDS %s: Restarting Syscheck/Rootcheck on agent: %s\n",
464 printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
472 if(restart_agent && agent_id)
474 /* Connecting to remoted. */
475 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
476 arq = connect_to_remoted();
479 printf("\n** Unable to connect to remoted.\n");
482 debug1("%s: DEBUG: Connected...", ARGV0);
485 if(send_msg_to_agent(arq, "restart-ossec0", agent_id, "null") == 0)
487 printf("\nOSSEC HIDS %s: Restarting agent: %s\n",
492 printf("\n** Unable to restart agent: %s\n", agent_id);
500 /* running active response on the specified agent id. */
501 if(ip_address && ar && agent_id)
503 /* Connecting to remoted. */
504 debug1("%s: DEBUG: Connecting to remoted...", ARGV0);
505 arq = connect_to_remoted();
508 printf("\n** Unable to connect to remoted.\n");
511 debug1("%s: DEBUG: Connected...", ARGV0);
514 if(send_msg_to_agent(arq, ar, agent_id, ip_address) == 0)
516 printf("\nOSSEC HIDS %s: Running active response '%s' on: %s\n",
517 ARGV0, ar, agent_id);
521 printf("\n** Unable to restart syscheck on agent: %s\n", agent_id);
529 printf("\n** Invalid argument combination.\n");