-#!/bin/sh
-# ossec-control This shell script takes care of starting
-# or stopping ossec-hids
-# Author: Daniel B. Cid <daniel.cid@gmail.com>
-
-# Getting where we are installed
-LOCAL=`dirname $0`;
-cd ${LOCAL}
-PWD=`pwd`
-DIR=`dirname $PWD`;
-PLIST=${DIR}/bin/.process_list;
-
-### Do not modify below here ###
-
-# Getting additional processes
-ls -la ${PLIST} > /dev/null 2>&1
-if [ $? = 0 ]; then
-. ${PLIST};
-fi
-
-NAME="OSSEC HIDS"
-VERSION="v3.3.0"
-
-[ -f /etc/ossec-init.conf ] && . /etc/ossec-init.conf;
-
-DAEMONS="ossec-monitord ossec-logcollector ossec-remoted ossec-syscheckd ossec-analysisd ossec-maild ossec-execd ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
-
-## Locking for the start/stop
-LOCK="${DIR}/var/start-script-lock"
-LOCK_PID="${LOCK}/pid"
-
-# This number should be more than enough (even if it is
-# started multiple times together). It will try for up
-# to 10 attempts (or 10 seconds) to execute.
-MAX_ITERATION="10"
-
-checkpid()
-{
- for i in ${DAEMONS}; do
- for j in `cat ${DIR}/var/run/${i}*.pid 2>/dev/null`; do
- ps -p $j |grep ossec >/dev/null 2>&1
- if [ ! $? = 0 ]; then
- echo "Deleting PID file '${DIR}/var/run/${i}-${j}.pid' not used..."
- rm ${DIR}/var/run/${i}-${j}.pid
- fi
- done
- done
-}
-
-lock()
-{
- i=0;
-
- # Providing a lock.
- while [ 1 ]; do
- mkdir ${LOCK} > /dev/null 2>&1
- MSL=$?
- if [ "${MSL}" = "0" ]; then
- # Lock acquired (setting the pid)
- echo "$$" > ${LOCK_PID}
- return;
- fi
-
- # Waiting 1 second before trying again
- sleep 1;
- i=`expr $i + 1`;
-
- # If PID is not present, speed things a bit.
- kill -0 `cat ${LOCK_PID}` >/dev/null 2>&1
- if [ ! $? = 0 ]; then
- # Pid is not present.
- i=`expr $i + 1`;
- fi
-
- # We tried 10 times to acquire the lock.
- if [ "$i" = "${MAX_ITERATION}" ]; then
- # Unlocking and executing
- unlock;
- mkdir ${LOCK} > /dev/null 2>&1
- echo "$$" > ${LOCK_PID}
- return;
- fi
- done
-}
-
-unlock()
-{
- rm -rf ${LOCK}
-}
-
-help()
-{
- # Help message
- echo ""
- echo "Usage: $0 {start|stop|reload|restart|status|enable|disable}";
- exit 1;
-}
-
-# Enables additional daemons
-enable()
-{
- if [ "X$2" = "X" ]; then
- echo ""
- echo "Enable options: database, client-syslog, agentless, debug"
- echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
- exit 1;
- fi
-
- if [ "X$2" = "Xdatabase" ]; then
- echo "DB_DAEMON=ossec-dbd" >> ${PLIST};
- elif [ "X$2" = "Xclient-syslog" ]; then
- echo "CSYSLOG_DAEMON=ossec-csyslogd" >> ${PLIST};
- elif [ "X$2" = "Xagentless" ]; then
- echo "AGENTLESS_DAEMON=ossec-agentlessd" >> ${PLIST};
- elif [ "X$2" = "Xdebug" ]; then
- echo "DEBUG_CLI=\"-d\"" >> ${PLIST};
- else
- echo ""
- echo "Invalid enable option."
- echo ""
- echo "Enable options: database, client-syslog, agentless, debug"
- echo "Usage: $0 enable [database|client-syslog|agentless|debug]"
- exit 1;
- fi
-}
-
-# Disables additional daemons
-disable()
-{
- if [ "X$2" = "X" ]; then
- echo ""
- echo "Disable options: database, client-syslog, agentless, debug"
- echo "Usage: $0 disable [database|client-syslog|agentless|debug]"
- exit 1;
- fi
-
- if [ "X$2" = "Xdatabase" ]; then
- echo "DB_DAEMON=\"\"" >> ${PLIST};
- elif [ "X$2" = "Xclient-syslog" ]; then
- echo "CSYSLOG_DAEMON=\"\"" >> ${PLIST};
- elif [ "X$2" = "Xagentless" ]; then
- echo "AGENTLESS_DAEMON=\"\"" >> ${PLIST};
- elif [ "X$2" = "Xdebug" ]; then
- echo "DEBUG_CLI=\"\"" >> ${PLIST};
- else
- echo ""
- echo "Invalid disable option."
- echo ""
- echo "Disable options: database, client-syslog, agentless, debug"
- echo "Usage: $0 disable [database|client-syslog|agentless|debug]"
- exit 1;
- fi
-}
-
-status()
-{
- RETVAL=0
- for i in ${DAEMONS}; do
- ## If ossec-maild is disabled, don't try to start it.
- if [ X"$i" = "Xossec-maild" ]; then
- grep "<email_notification>no<" ${DIR}/etc/ossec.conf >/dev/null 2>&1
- if [ $? = 0 ]; then
- continue
- fi
- fi
-
- pstatus ${i};
- if [ $? = 0 ]; then
- echo "${i} not running..."
- RETVAL=1
- else
- echo "${i} is running..."
- fi
- done
- exit $RETVAL
-}
-
-testconfig()
-{
- # We first loop to check the config.
- for i in ${SDAEMONS}; do
- ${DIR}/bin/${i} -t ${DEBUG_CLI};
- if [ $? != 0 ]; then
- echo "${i}: Configuration error. Exiting"
- unlock;
- exit 1;
- fi
- done
-}
-
-# Start function
-start()
-{
- SDAEMONS="${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON} ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-remoted ossec-syscheckd ossec-monitord"
-
- echo "Starting $NAME $VERSION..."
- echo | ${DIR}/bin/ossec-logtest > /dev/null 2>&1;
- if [ ! $? = 0 ]; then
- echo "OSSEC analysisd: Testing rules failed. Configuration error. Exiting."
- exit 1;
- fi
- lock;
- checkpid;
-
- # We actually start them now.
- for i in ${SDAEMONS}; do
-
- ## If ossec-maild is disabled, don't try to start it.
- if [ X"$i" = "Xossec-maild" ]; then
- grep "<email_notification>no<" ${DIR}/etc/ossec.conf >/dev/null 2>&1
- if [ $? = 0 ]; then
- continue
- fi
- fi
-
- pstatus ${i};
- if [ $? = 0 ]; then
- ${DIR}/bin/${i} ${DEBUG_CLI};
- if [ $? != 0 ]; then
- echo "${i} did not start correctly.";
- unlock;
- exit 1;
- fi
-
- echo "Started ${i}..."
- else
- echo "${i} already running..."
- fi
- done
-
- # After we start we give 2 seconds for the daemons
- # to internally create their PID files.
- sleep 2;
- unlock;
- echo "Completed."
-}
-
-pstatus()
-{
- pfile=$1;
-
- # pfile must be set
- if [ "X${pfile}" = "X" ]; then
- return 0;
- fi
-
- ls ${DIR}/var/run/${pfile}*.pid > /dev/null 2>&1
- if [ $? = 0 ]; then
- for j in `cat ${DIR}/var/run/${pfile}*.pid 2>/dev/null`; do
- ps -p $j |grep ossec >/dev/null 2>&1
- if [ ! $? = 0 ]; then
- echo "${pfile}: Process $j not used by ossec, removing .."
- rm -f ${DIR}/var/run/${pfile}-$j.pid
- continue;
- fi
-
- kill -0 $j > /dev/null 2>&1
- if [ $? = 0 ]; then
- return 1;
- fi
- done
- fi
-
- return 0;
-}
-
-stopa()
-{
- lock;
- checkpid;
- for i in ${DAEMONS}; do
- pstatus ${i};
- if [ $? = 1 ]; then
- echo "Killing ${i} .. ";
-
- kill `cat ${DIR}/var/run/${i}*.pid`;
- else
- echo "${i} not running ..";
- fi
- rm -f ${DIR}/var/run/${i}*.pid
- done
-
- unlock;
- echo "$NAME $VERSION Stopped"
-}
-
-### MAIN HERE ###
-
-case "$1" in
-start)
- testconfig
- start
- ;;
-stop)
- stopa
- ;;
-restart)
- testconfig
- stopa
- sleep 1;
- start
- ;;
-reload)
- DAEMONS="ossec-monitord ossec-logcollector ossec-remoted ossec-syscheckd ossec-analysisd ossec-maild ${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON}"
- stopa
- start
- ;;
-status)
- status
- ;;
-help)
- help
- ;;
-enable)
- enable $1 $2;
- ;;
-disable)
- disable $1 $2;
- ;;
-*)
- help
-esac
-