1 /* @(#) $Id: ./src/win32/win_service.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
24 #define ARGV0 "ossec-agent"
27 static LPTSTR g_lpszServiceName = "OssecSvc";
28 static LPTSTR g_lpszServiceDisplayName = "OSSEC HIDS";
29 static LPTSTR g_lpszServiceDescription = "OSSEC HIDS Windows Agent";
31 static SERVICE_STATUS ossecServiceStatus;
32 static SERVICE_STATUS_HANDLE ossecServiceStatusHandle;
35 void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv);
39 /* os_start_service: Starts ossec service */
40 int os_start_service()
43 SC_HANDLE schSCManager, schService;
46 /* Start the database */
47 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
50 schService = OpenService(schSCManager,g_lpszServiceName,
51 SC_MANAGER_ALL_ACCESS);
54 if(StartService(schService, 0, NULL))
60 if(GetLastError() == ERROR_SERVICE_ALREADY_RUNNING)
66 CloseServiceHandle(schService);
69 CloseServiceHandle(schSCManager);
76 /* os_stop_service: Stops ossec service */
80 SC_HANDLE schSCManager, schService;
83 /* Stop the service database */
84 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
87 schService = OpenService(schSCManager,g_lpszServiceName,
88 SC_MANAGER_ALL_ACCESS);
91 SERVICE_STATUS lpServiceStatus;
93 if(ControlService(schService, SERVICE_CONTROL_STOP, &lpServiceStatus))
98 CloseServiceHandle(schService);
101 CloseServiceHandle(schSCManager);
108 /* int CheckServiceRunning(): Checks if service is running. */
109 int CheckServiceRunning()
112 SC_HANDLE schSCManager, schService;
115 /* Checking service status */
116 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
119 schService = OpenService(schSCManager,g_lpszServiceName,
120 SC_MANAGER_ALL_ACCESS);
123 /* Checking status */
124 SERVICE_STATUS lpServiceStatus;
126 if(QueryServiceStatus(schService, &lpServiceStatus))
128 if(lpServiceStatus.dwCurrentState == SERVICE_RUNNING)
133 CloseServiceHandle(schService);
136 CloseServiceHandle(schSCManager);
143 /* int InstallService()
144 * Install the OSSEC HIDS agent service.
146 int InstallService(char *path)
150 SC_HANDLE schSCManager, schService;
151 LPCTSTR lpszBinaryPathName = NULL;
152 SERVICE_DESCRIPTION sdBuf;
155 /* Uninstall service (if it exists) */
156 if (!UninstallService())
158 verbose("%s: ERROR: Failure running UninstallService().", ARGV0);
163 /* Executable path -- it must be called with the
166 lpszBinaryPathName = path;
168 /* Opening the service database */
169 schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
171 if (schSCManager == NULL)
176 /* Creating the service */
177 schService = CreateService(schSCManager,
179 g_lpszServiceDisplayName,
181 SERVICE_WIN32_OWN_PROCESS,
183 SERVICE_ERROR_NORMAL,
185 NULL, NULL, NULL, NULL, NULL);
187 if (schService == NULL)
189 CloseServiceHandle(schSCManager);
193 /* Setting description */
194 sdBuf.lpDescription = g_lpszServiceDescription;
195 ret = ChangeServiceConfig2(schService, SERVICE_CONFIG_DESCRIPTION, &sdBuf);
197 CloseServiceHandle(schService);
198 CloseServiceHandle(schSCManager);
200 /* Check for errors */
207 verbose("%s: INFO: Successfully added to the service database.", ARGV0);
213 char local_msg[1025];
216 memset(local_msg, 0, 1025);
218 FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
219 FORMAT_MESSAGE_FROM_SYSTEM |
220 FORMAT_MESSAGE_IGNORE_INSERTS,
223 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
228 verbose("%s: ERROR: Unable to create service entry: %s", ARGV0, (LPCTSTR)lpMsgBuf);
234 /* int UninstallService()
235 * Uninstall the OSSEC HIDS agent service.
237 int UninstallService()
241 SC_HANDLE schSCManager, schService;
242 SERVICE_STATUS lpServiceStatus;
245 /* Removing from the service database */
246 schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
249 schService = OpenService(schSCManager,g_lpszServiceName,SERVICE_STOP|DELETE);
252 if(CheckServiceRunning())
254 verbose("%s: INFO: Found (%s) service is running going to try and stop it.", ARGV0, g_lpszServiceName);
255 ret = ControlService(schService, SERVICE_CONTROL_STOP, &lpServiceStatus);
258 verbose("%s: ERROR: Failure stopping service (%s) before removing it (%ld).", ARGV0, g_lpszServiceName, GetLastError());
262 verbose("%s: INFO: Successfully stopped (%s).", ARGV0, g_lpszServiceName);
267 verbose("%s: INFO: Found (%s) service is not running.", ARGV0, g_lpszServiceName);
271 if(ret && DeleteService(schService))
273 verbose("%s: INFO: Successfully removed (%s) from the service database.", ARGV0, g_lpszServiceName);
276 CloseServiceHandle(schService);
280 verbose("%s: INFO: Service does not exist (%s) nothing to remove.", ARGV0, g_lpszServiceName);
283 CloseServiceHandle(schSCManager);
288 verbose("%s: ERROR: Failure removing (%s) from the service database.", ARGV0, g_lpszServiceName);
296 /** VOID WINAPI OssecServiceCtrlHandler (DWORD dwOpcode)
299 VOID WINAPI OssecServiceCtrlHandler(DWORD dwOpcode)
303 case SERVICE_CONTROL_STOP:
304 ossecServiceStatus.dwCurrentState = SERVICE_STOPPED;
305 ossecServiceStatus.dwWin32ExitCode = 0;
306 ossecServiceStatus.dwCheckPoint = 0;
307 ossecServiceStatus.dwWaitHint = 0;
309 verbose("%s: INFO: Received exit signal.", ARGV0);
310 SetServiceStatus (ossecServiceStatusHandle, &ossecServiceStatus);
311 verbose("%s: INFO: Exiting...", ARGV0);
320 /** void WinSetError()
321 * Sets the error code in the service
325 OssecServiceCtrlHandler(SERVICE_CONTROL_STOP);
329 /** int os_WinMain(int argc, char **argv)
330 * Initializes OSSEC dispatcher
332 int os_WinMain(int argc, char **argv)
334 SERVICE_TABLE_ENTRY steDispatchTable[] =
336 { g_lpszServiceName, OssecServiceStart },
340 if(!StartServiceCtrlDispatcher(steDispatchTable))
342 verbose("%s: INFO: Unable to set service information.", ARGV0);
350 /** void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv)
351 * Starts OSSEC service
353 void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv)
355 ossecServiceStatus.dwServiceType = SERVICE_WIN32;
356 ossecServiceStatus.dwCurrentState = SERVICE_START_PENDING;
357 ossecServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
358 ossecServiceStatus.dwWin32ExitCode = 0;
359 ossecServiceStatus.dwServiceSpecificExitCode= 0;
360 ossecServiceStatus.dwCheckPoint = 0;
361 ossecServiceStatus.dwWaitHint = 0;
363 ossecServiceStatusHandle =
364 RegisterServiceCtrlHandler(g_lpszServiceName,
365 OssecServiceCtrlHandler);
367 if (ossecServiceStatusHandle == (SERVICE_STATUS_HANDLE)0)
369 verbose("%s: INFO: RegisterServiceCtrlHandler failed.", ARGV0);
373 ossecServiceStatus.dwCurrentState = SERVICE_RUNNING;
374 ossecServiceStatus.dwCheckPoint = 0;
375 ossecServiceStatus.dwWaitHint = 0;
377 if (!SetServiceStatus(ossecServiceStatusHandle, &ossecServiceStatus))
379 verbose("%s: INFO: SetServiceStatus error.", ARGV0);
385 /* Starting process */