1 /* @(#) $Id: syscheck.c,v 1.49 2009/11/18 19:07:42 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
18 * Copyright (C) 2003 Daniel B. Cid <daniel@underlinux.com.br>
19 * http://www.ossec.net
21 * syscheck.c, 2004/03/17, Daniel B. Cid
24 /* Inclusion of syscheck into OSSEC */
30 #include "rootcheck/rootcheck.h"
32 /* Definitions only used in here. */
33 #define SYSCHECK_DB SYSCHECK_DIR "/syschecklocal.db"
34 #define SYS_WIN_DB "syscheck/syschecklocal.db"
36 int dump_syscheck_entry(config *syscheck, char *entry, int vals, int reg);
40 /* void read_internal()
41 * Reads syscheck internal options.
45 syscheck.tsleep = getDefine_Int("syscheck","sleep",0,64);
46 syscheck.sleep_after = getDefine_Int("syscheck","sleep_after",1,9999);
53 /* int Start_win32_Syscheck()
54 * syscheck main for windows
56 int Start_win32_Syscheck()
59 char *cfg = DEFAULTCPATH;
62 /* Zeroing the structure */
63 syscheck.workdir = DEFAULTDIR;
66 /* Checking if the configuration is present */
67 if(File_DateofChange(cfg) < 0)
68 ErrorExit(NO_CONFIG, ARGV0, cfg);
71 /* Read syscheck config */
72 if((r = Read_Syscheck_Config(cfg)) < 0)
74 ErrorExit(CONFIG_ERROR, ARGV0, cfg);
77 else if((r == 1) || (syscheck.disabled == 1))
81 merror(SK_NO_DIR, ARGV0);
82 dump_syscheck_entry(&syscheck, "", 0, 0);
84 else if(!syscheck.dir[0])
86 merror(SK_NO_DIR, ARGV0);
88 syscheck.dir[0] = NULL;
90 if(!syscheck.registry)
92 dump_syscheck_entry(&syscheck, "", 0, 1);
94 syscheck.registry[0] = NULL;
96 merror("%s: WARN: Syscheck disabled.", ARGV0);
100 /* Reading internal options */
104 /* Rootcheck config */
105 if(rootcheck_init(0) == 0)
107 syscheck.rootcheck = 1;
111 syscheck.rootcheck = 0;
112 merror("%s: WARN: Rootcheck module disabled.", ARGV0);
117 /* Opening syscheck db file */
118 os_calloc(1024,sizeof(char), syscheck.db);
119 snprintf(syscheck.db,1023,"%s",SYS_WIN_DB);
122 /* Printing options */
124 while(syscheck.registry[r] != NULL)
126 verbose("%s: INFO: Monitoring registry entry: '%s'.",
127 ARGV0, syscheck.registry[r]);
132 while(syscheck.dir[r] != NULL)
134 verbose("%s: INFO: Monitoring directory: '%s'.",
135 ARGV0, syscheck.dir[r]);
140 /* Start up message */
141 verbose(STARTUP_MSG, ARGV0, getpid());
146 sleep(syscheck.tsleep + 10);
149 /* Waiting if agent started properly. */
153 /* Start the daemon checking against the syscheck.db */
163 /* Syscheck unix main.
166 int main(int argc, char **argv)
169 int test_config = 0,run_foreground = 0;
171 char *cfg = DEFAULTCPATH;
174 /* Zeroing the structure */
175 syscheck.workdir = NULL;
178 /* Setting the name */
182 while((c = getopt(argc, argv, "VtdhfD:c:")) != -1)
200 ErrorExit("%s: -D needs an argument",ARGV0);
201 syscheck.workdir = optarg;
205 ErrorExit("%s: -c needs an argument",ARGV0);
218 /* Checking if the configuration is present */
219 if(File_DateofChange(cfg) < 0)
220 ErrorExit(NO_CONFIG, ARGV0, cfg);
223 /* Read syscheck config */
224 if((r = Read_Syscheck_Config(cfg)) < 0)
226 ErrorExit(CONFIG_ERROR, ARGV0, cfg);
228 else if((r == 1) || (syscheck.disabled == 1))
233 merror(SK_NO_DIR, ARGV0);
234 dump_syscheck_entry(&syscheck, "", 0, 0);
236 else if(!syscheck.dir[0])
239 merror(SK_NO_DIR, ARGV0);
241 syscheck.dir[0] = NULL;
244 merror("%s: WARN: Syscheck disabled.", ARGV0);
249 /* Reading internal options */
254 /* Rootcheck config */
255 if(rootcheck_init(test_config) == 0)
257 syscheck.rootcheck = 1;
261 syscheck.rootcheck = 0;
262 merror("%s: WARN: Rootcheck module disabled.", ARGV0);
266 /* Exit if testing config */
271 /* Setting default values */
272 if(syscheck.workdir == NULL)
273 syscheck.workdir = DEFAULTDIR;
276 /* Creating a temporary fp */
277 syscheck.db = (char *)calloc(1024,sizeof(char));
278 if(syscheck.db == NULL)
279 ErrorExit(MEM_ERROR,ARGV0);
281 snprintf(syscheck.db,1023,"%s%s-%d%d.tmp",
295 /* Initial time to settle */
296 sleep(syscheck.tsleep + 2);
299 /* Connect to the queue */
300 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
302 merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
305 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
307 /* more 10 seconds of wait.. */
308 merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
310 if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
311 ErrorExit(QUEUE_FATAL,ARGV0,DEFAULTQPATH);
316 /* Start the signal handling */
321 if(CreatePID(ARGV0, getpid()) < 0)
322 merror(PID_ERROR,ARGV0);
325 /* Start up message */
326 verbose(STARTUP_MSG, ARGV0, (int)getpid());
328 if(syscheck.rootcheck)
330 verbose(STARTUP_MSG, "ossec-rootcheck", (int)getpid());
334 /* Printing directories to be monitored. */
336 while(syscheck.dir[r] != NULL)
338 verbose("%s: INFO: Monitoring directory: '%s'.",
339 ARGV0, syscheck.dir[r]);
343 /* Checking directories set for real time. */
345 while(syscheck.dir[r] != NULL)
347 if(syscheck.opts[r] & CHECK_REALTIME)
350 verbose("%s: INFO: Directory set for real time monitoring: "
351 "'%s'.", ARGV0, syscheck.dir[r]);
353 verbose("%s: INFO: Directory set for real time monitoring: "
354 "'%s'.", ARGV0, syscheck.dir[r]);
356 verbose("%s: WARN: Ignoring flag for real time monitoring on "
357 "directory: '%s'.", ARGV0, syscheck.dir[r]);
365 sleep(syscheck.tsleep + 10);
368 /* Start the daemon */
373 #endif /* ifndef WIN32 */