NAME="OSSEC HIDS"
-VERSION="v2.3"
+VERSION="v2.8.3"
AUTHOR="Trend Micro Inc."
DAEMONS="ossec-monitord ossec-logcollector ossec-remoted ossec-syscheckd ossec-analysisd ossec-maild ossec-execd ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
{
if [ "X$2" = "X" ]; then
echo ""
- echo "Enable options: database, client-syslog, agentless"
- echo "Usage: $0 enable [database|client-syslog|agentless]"
+ echo "Enable options: database, client-syslog, agentless, debug"
+ echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
exit 1;
fi
echo "CSYSLOG_DAEMON=ossec-csyslogd" >> ${PLIST};
elif [ "X$2" = "Xagentless" ]; then
echo "AGENTLESS_DAEMON=ossec-agentlessd" >> ${PLIST};
+ elif [ "X$2" = "Xdebug" ]; then
+ echo "DEBUG_CLI=\"-d\"" >> ${PLIST};
else
echo ""
echo "Invalid enable option."
echo ""
- echo "Enable options: database, client-syslog, agentless"
- echo "Usage: $0 enable [database|client-syslog|agentless]"
+ echo "Enable options: database, client-syslog, agentless, debug"
+ echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
exit 1;
fi
{
if [ "X$2" = "X" ]; then
echo ""
- echo "Disable options: database, client-syslog, agentless"
- echo "Usage: $0 disable [database|client-syslog|agentless]"
+ echo "Disable options: database, client-syslog, agentless, debug"
+ echo "Usage: $0 disable [database|client-syslog|agentless|debug]"
exit 1;
fi
echo "CSYSLOG_DAEMON=\"\"" >> ${PLIST};
elif [ "X$2" = "Xagentless" ]; then
echo "AGENTLESS_DAEMON=\"\"" >> ${PLIST};
+ elif [ "X$2" = "Xdebug" ]; then
+ echo "DEBUG_CLI=\"\"" >> ${PLIST};
else
echo ""
echo "Invalid disable option."
echo ""
- echo "Disable options: database, client-syslog, agentless"
- echo "Usage: $0 disable [database|client-syslog|agentless]"
+ echo "Disable options: database, client-syslog, agentless, debug"
+ echo "Usage: $0 disable [database|client-syslog|agentless|debug]"
exit 1;
fi
# Status function
status()
{
+ RETVAL=0
for i in ${DAEMONS}; do
pstatus ${i};
if [ $? = 0 ]; then
echo "${i} not running..."
+ RETVAL=1
else
echo "${i} is running..."
fi
- done
+ done
+ exit $RETVAL
}
+testconfig()
+{
+ # We first loop to check the config.
+ for i in ${SDAEMONS}; do
+ ${DIR}/bin/${i} -t ${DEBUG_CLI};
+ if [ $? != 0 ]; then
+ echo "${i}: Configuration error. Exiting"
+ unlock;
+ exit 1;
+ fi
+ done
+}
# Start function
start()
SDAEMONS="${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON} ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-remoted ossec-syscheckd ossec-monitord"
echo "Starting $NAME $VERSION (by $AUTHOR)..."
+ echo | ${DIR}/bin/ossec-logtest > /dev/null 2>&1;
+ if [ ! $? = 0 ]; then
+ echo "OSSEC analysisd: Testing rules failed. Configuration error. Exiting."
+ exit 1;
+ fi
lock;
checkpid;
- # We first loop to check the config.
- for i in ${SDAEMONS}; do
- ${DIR}/bin/${i} -t;
- if [ $? != 0 ]; then
- echo "${i}: Configuration error. Exiting"
- unlock;
- exit 1;
- fi
- done
# We actually start them now.
for i in ${SDAEMONS}; do
pstatus ${i};
if [ $? = 0 ]; then
- ${DIR}/bin/${i};
+ ${DIR}/bin/${i} ${DEBUG_CLI};
if [ $? != 0 ]; then
+ echo "${i} did not start correctly.";
unlock;
exit 1;
fi
case "$1" in
start)
+ testconfig
start
;;
stop)
stopa
;;
restart)
+ testconfig
stopa
+ sleep 1;
start
;;
+ reload)
+ DAEMONS="ossec-monitord ossec-logcollector ossec-remoted ossec-syscheckd ossec-analysisd ossec-maild ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
+ stopa
+ start
+ ;;
status)
status
;;