1 /* @(#) $Id: syscheck_control.c,v 1.5 2009/08/05 18:02:14 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
13 #include "addagent/manage_agents.h"
18 #define ARGV0 "syscheck_control"
24 printf("\nOSSEC HIDS %s: Manages the integrity checking database.\n",
26 printf("Available options:\n");
27 printf("\t-h This help message.\n");
28 printf("\t-l List available (active or not) agents.\n");
29 printf("\t-lc List only active agents.\n");
30 printf("\t-u <id> Updates (clear) the database for the agent.\n");
31 printf("\t-u all Updates (clear) the database for all agents.\n");
32 printf("\t-i <id> List modified files for the agent.\n");
33 printf("\t-r -i <id> List modified registry entries for the agent "
35 printf("\t-f <file> Prints information about a modified file.\n");
36 printf("\t-z Used with the -f, zeroes the auto-ignore counter.\n");
37 printf("\t-d Used with the -f, ignores that file.\n");
38 printf("\t-s Changes the output to CSV (comma delimited).\n");
44 int main(int argc, char **argv)
46 char *dir = DEFAULTDIR;
47 char *group = GROUPGLOBAL;
49 char *agent_id = NULL;
54 int c = 0, info_agent = 0, update_syscheck = 0,
55 list_agents = 0, zero_counter = 0,
57 int active_only = 0, csv_output = 0;
63 /* Setting the name */
74 while((c = getopt(argc, argv, "VhzrDdlcsu:i:f:")) != -1)
107 merror("%s: -u needs an argument",ARGV0);
115 merror("%s: -u needs an argument",ARGV0);
123 merror("%s: -u needs an argument",ARGV0);
137 /* Getting the group name */
138 gid = Privsep_GetGroup(group);
139 uid = Privsep_GetUser(user);
142 ErrorExit(USER_ERROR, ARGV0, user, group);
146 /* Setting the group */
147 if(Privsep_SetGroup(gid) < 0)
149 ErrorExit(SETGID_ERROR,ARGV0, group);
153 /* Chrooting to the default directory */
154 if(Privsep_Chroot(dir) < 0)
156 ErrorExit(CHROOT_ERROR, ARGV0, dir);
160 /* Inside chroot now */
164 /* Setting the user */
165 if(Privsep_SetUser(uid) < 0)
167 ErrorExit(SETUID_ERROR, ARGV0, user);
172 /* Getting servers hostname */
173 memset(shost, '\0', 512);
174 if(gethostname(shost, 512 -1) != 0)
176 strncpy(shost, "localhost", 32);
182 /* Listing available agents. */
187 printf("\nOSSEC HIDS %s. List of available agents:",
189 printf("\n ID: 000, Name: %s (server), IP: 127.0.0.1, "
190 "Active/Local\n", shost);
194 printf("000,%s (server),127.0.0.1,Active/Local,\n", shost);
196 print_agents(1, active_only, csv_output);
203 /* Update syscheck database. */
206 /* Cleaning all agents (and server) db. */
207 if(strcmp(agent_id, "all") == 0)
210 struct dirent *entry;
212 sys_dir = opendir(SYSCHECK_DIR);
215 ErrorExit("%s: Unable to open: '%s'", ARGV0, SYSCHECK_DIR);
218 while((entry = readdir(sys_dir)) != NULL)
221 char full_path[OS_MAXSTR +1];
223 /* Do not even attempt to delete . and .. :) */
224 if((strcmp(entry->d_name,".") == 0)||
225 (strcmp(entry->d_name,"..") == 0))
230 snprintf(full_path, OS_MAXSTR,"%s/%s", SYSCHECK_DIR,
233 fp = fopen(full_path, "w");
238 if(entry->d_name[0] == '.')
245 printf("\n** Integrity check database updated.\n\n");
249 else if((strcmp(agent_id, "000") == 0) ||
250 (strcmp(agent_id, "local") == 0))
252 char final_dir[1024];
254 snprintf(final_dir, 1020, "/%s/syscheck", SYSCHECK_DIR);
256 fp = fopen(final_dir, "w");
264 /* Deleting cpt file */
265 snprintf(final_dir, 1020, "/%s/.syscheck.cpt", SYSCHECK_DIR);
267 fp = fopen(final_dir, "w");
274 printf("\n** Integrity check database updated.\n\n");
278 /* Database from remote agents. */
286 i = OS_IsAllowedID(&keys, agent_id);
289 printf("\n** Invalid agent id '%s'.\n", agent_id);
293 /* Deleting syscheck */
294 delete_syscheck(keys.keyentries[i]->name,
295 keys.keyentries[i]->ip->ip, 0);
297 printf("\n** Integrity check database updated.\n\n");
303 /* Printing information from an agent. */
307 char final_ip[128 +1];
308 char final_mask[128 +1];
312 if((strcmp(agent_id, "000") == 0) ||
313 (strcmp(agent_id, "local") == 0))
315 printf("\nIntegrity checking changes for local system '%s - %s':\n",
319 printf("Detailed information for entries matching: '%s'\n",
325 csv_output, zero_counter);
327 else if(strchr(agent_id, '@'))
331 printf("Detailed information for entries matching: '%s'\n",
334 print_syscheck(agent_id, NULL, fname, registry_only, 0,
335 csv_output, zero_counter);
342 i = OS_IsAllowedID(&keys, agent_id);
345 printf("\n** Invalid agent id '%s'.\n", agent_id);
349 /* Getting netmask from ip. */
350 final_ip[128] = '\0';
351 final_mask[128] = '\0';
352 getNetmask(keys.keyentries[i]->ip->netmask, final_mask, 128);
353 snprintf(final_ip, 128, "%s%s",keys.keyentries[i]->ip->ip,
358 printf("\nIntegrity changes for 'Windows Registry' of"
359 " agent '%s (%s) - %s':\n",
360 keys.keyentries[i]->name, keys.keyentries[i]->id,
365 printf("\nIntegrity changes for agent "
367 keys.keyentries[i]->name, keys.keyentries[i]->id,
373 printf("Detailed information for entries matching: '%s'\n",
376 print_syscheck(keys.keyentries[i]->name,
377 keys.keyentries[i]->ip->ip, fname,
378 registry_only, 0, csv_output, zero_counter);
387 printf("\n** Invalid argument combination.\n");