1 /* @(#) $Id: win_service.c,v 1.13 2009/06/24 18:53:10 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
23 #define ARGV0 "ossec-agent"
26 static LPTSTR g_lpszServiceName = "OssecSvc";
27 static LPTSTR g_lpszServiceDisplayName = "OSSEC Hids";
28 static LPTSTR g_lpszServiceDescription = "OSSEC Hids Windows Agent";
30 static SERVICE_STATUS ossecServiceStatus;
31 static SERVICE_STATUS_HANDLE ossecServiceStatusHandle;
34 void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv);
38 /* os_start_service: Starts ossec service */
39 int os_start_service()
42 SC_HANDLE schSCManager, schService;
45 /* Removing from the services database */
46 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
49 schService = OpenService(schSCManager,g_lpszServiceName,
50 SC_MANAGER_ALL_ACCESS);
54 if(StartService(schService, 0, NULL))
60 if(GetLastError() == ERROR_SERVICE_ALREADY_RUNNING)
66 CloseServiceHandle(schService);
69 CloseServiceHandle(schSCManager);
76 /* os_start_service: Starts ossec service */
80 SC_HANDLE schSCManager, schService;
83 /* Removing from the services database */
84 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
87 schService = OpenService(schSCManager,g_lpszServiceName,
88 SC_MANAGER_ALL_ACCESS);
91 SERVICE_STATUS lpServiceStatus;
93 if(ControlService(schService,
94 SERVICE_CONTROL_STOP, &lpServiceStatus))
99 CloseServiceHandle(schService);
102 CloseServiceHandle(schSCManager);
109 /* int QueryService(): Checks if service is running. */
110 int CheckServiceRunning()
113 SC_HANDLE schSCManager, schService;
116 /* Removing from the services database */
117 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
120 schService = OpenService(schSCManager,g_lpszServiceName,
121 SC_MANAGER_ALL_ACCESS);
124 /* Checking status */
125 SERVICE_STATUS lpServiceStatus;
127 if(QueryServiceStatus(schService, &lpServiceStatus))
129 if(lpServiceStatus.dwCurrentState == SERVICE_RUNNING)
134 CloseServiceHandle(schService);
137 CloseServiceHandle(schSCManager);
144 /* int InstallService()
145 * Install the OSSEC HIDS agent service.
147 int InstallService(char *path)
149 char buffer[MAX_PATH+1];
151 SC_HANDLE schSCManager, schService;
152 LPCTSTR lpszBinaryPathName = NULL;
153 SERVICE_DESCRIPTION sdBuf;
156 /* Cleaning up some variables */
157 buffer[MAX_PATH] = '\0';
160 /* Executable path -- it must be called with the
163 lpszBinaryPathName = path;
165 /* Opening the services database */
166 schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
168 if (schSCManager == NULL)
173 /* Creating the service */
174 schService = CreateService(schSCManager,
176 g_lpszServiceDisplayName,
178 SERVICE_WIN32_OWN_PROCESS,
180 SERVICE_ERROR_NORMAL,
182 NULL, NULL, NULL, NULL, NULL);
184 if (schService == NULL)
189 /* Setting description */
190 sdBuf.lpDescription = g_lpszServiceDescription;
191 if(!ChangeServiceConfig2(schService, SERVICE_CONFIG_DESCRIPTION, &sdBuf))
196 CloseServiceHandle(schService);
197 CloseServiceHandle(schSCManager);
199 printf(" [%s] Successfully added to the Services database.\n", ARGV0);
205 char local_msg[1025];
208 memset(local_msg, 0, 1025);
210 FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
211 FORMAT_MESSAGE_FROM_SYSTEM |
212 FORMAT_MESSAGE_IGNORE_INSERTS,
215 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
220 merror(local_msg, 1024, "[%s] Unable to create registry "
221 "entry: %s", ARGV0,(LPCTSTR)lpMsgBuf);
227 /* int UninstallService()
228 * Uninstall the OSSEC HIDS agent service.
230 int UninstallService()
232 SC_HANDLE schSCManager, schService;
235 /* Removing from the services database */
236 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
239 schService = OpenService(schSCManager,g_lpszServiceName,DELETE);
242 if (DeleteService(schService))
245 CloseServiceHandle(schService);
246 CloseServiceHandle(schSCManager);
248 printf(" [%s] Successfully removed from "
249 "the Services database.\n", ARGV0);
252 CloseServiceHandle(schService);
254 CloseServiceHandle(schSCManager);
257 fprintf(stderr, " [%s] Error removing from "
258 "the Services database.\n", ARGV0);
265 /** VOID WINAPI OssecServiceCtrlHandler (DWORD dwOpcode)
268 VOID WINAPI OssecServiceCtrlHandler(DWORD dwOpcode)
272 case SERVICE_CONTROL_STOP:
273 ossecServiceStatus.dwCurrentState = SERVICE_STOPPED;
274 ossecServiceStatus.dwWin32ExitCode = 0;
275 ossecServiceStatus.dwCheckPoint = 0;
276 ossecServiceStatus.dwWaitHint = 0;
278 verbose("%s: Received exit signal.", ARGV0);
279 SetServiceStatus (ossecServiceStatusHandle, &ossecServiceStatus);
280 verbose("%s: Exiting...", ARGV0);
289 /** void WinSetError()
290 * Sets the error code in the services
294 OssecServiceCtrlHandler(SERVICE_CONTROL_STOP);
298 /** int os_WinMain(int argc, char **argv)
299 * Initializes OSSEC dispatcher
301 int os_WinMain(int argc, char **argv)
303 SERVICE_TABLE_ENTRY steDispatchTable[] =
305 { g_lpszServiceName, OssecServiceStart },
309 if(!StartServiceCtrlDispatcher(steDispatchTable))
311 merror("%s: Unable to set service information.", ARGV0);
319 /** void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv)
320 * Starts OSSEC service
322 void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv)
324 ossecServiceStatus.dwServiceType = SERVICE_WIN32;
325 ossecServiceStatus.dwCurrentState = SERVICE_START_PENDING;
326 ossecServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
327 ossecServiceStatus.dwWin32ExitCode = 0;
328 ossecServiceStatus.dwServiceSpecificExitCode= 0;
329 ossecServiceStatus.dwCheckPoint = 0;
330 ossecServiceStatus.dwWaitHint = 0;
332 ossecServiceStatusHandle =
333 RegisterServiceCtrlHandler(g_lpszServiceName,
334 OssecServiceCtrlHandler);
336 if (ossecServiceStatusHandle == (SERVICE_STATUS_HANDLE)0)
338 merror("%s: RegisterServiceCtrlHandler failed.", ARGV0);
342 ossecServiceStatus.dwCurrentState = SERVICE_RUNNING;
343 ossecServiceStatus.dwCheckPoint = 0;
344 ossecServiceStatus.dwWaitHint = 0;
346 if (!SetServiceStatus(ossecServiceStatusHandle, &ossecServiceStatus))
348 merror("%s: SetServiceStatus error.", ARGV0);
354 /* Starting process */