-/* @(#) $Id: syscheck.c,v 1.49 2009/11/18 19:07:42 dcid Exp $ */
+/* @(#) $Id: ./src/syscheckd/syscheck.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
#include "rootcheck/rootcheck.h"
-/* Definitions only used in here. */
-#define SYSCHECK_DB SYSCHECK_DIR "/syschecklocal.db"
-#define SYS_WIN_DB "syscheck/syschecklocal.db"
+int dump_syscheck_entry(syscheck_config *syscheck, char *entry, int vals, int reg, char *restrictfile);
+
+#ifdef USE_MAGIC
+#include <magic.h>
+magic_t magic_cookie = 0;
+
+void init_magic(magic_t* cookie_ptr)
+{
+ if(!cookie_ptr || *cookie_ptr) return;
-int dump_syscheck_entry(config *syscheck, char *entry, int vals, int reg);
+ *cookie_ptr = magic_open(MAGIC_MIME_TYPE);
+ if(!*cookie_ptr)
+ {
+ const char* err = magic_error(*cookie_ptr);
+ merror("%s: ERROR: Can't init libmagic: %s", ARGV0, err ? err : "unknown");
+ }
+ else if(magic_load(*cookie_ptr, NULL) < 0)
+ {
+ const char* err = magic_error(*cookie_ptr);
+ merror("%s: ERROR: Can't load magic file: %s", ARGV0, err ? err : "unknown");
+ magic_close(*cookie_ptr);
+ *cookie_ptr = 0;
+ }
+}
+#endif
/* void read_internal()
* Reads syscheck internal options.
*/
-void read_internal()
+void read_internal(int debug_level)
{
syscheck.tsleep = getDefine_Int("syscheck","sleep",0,64);
syscheck.sleep_after = getDefine_Int("syscheck","sleep_after",1,9999);
+ /* Check current debug_level
+ * Command line setting takes precedence
+ */
+ if (debug_level == 0)
+ {
+ /* Getting debug level */
+ debug_level = getDefine_Int("syscheck", "debug", 0, 2);
+ while(debug_level != 0)
+ {
+ nowDebug();
+ debug_level--;
+ }
+ }
+
return;
}
*/
int Start_win32_Syscheck()
{
+ int debug_level = 0;
int r = 0;
char *cfg = DEFAULTCPATH;
+ /* Reading internal options */
+ read_internal(debug_level);
+
+
+ debug1(STARTED_MSG, ARGV0);
+
+
/* Zeroing the structure */
syscheck.workdir = DEFAULTDIR;
if(!syscheck.dir)
{
merror(SK_NO_DIR, ARGV0);
- dump_syscheck_entry(&syscheck, "", 0, 0);
+ dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
}
else if(!syscheck.dir[0])
{
if(!syscheck.registry)
{
- dump_syscheck_entry(&syscheck, "", 0, 1);
+ dump_syscheck_entry(&syscheck, "", 0, 1, NULL);
}
syscheck.registry[0] = NULL;
}
- /* Reading internal options */
- read_internal();
-
-
/* Rootcheck config */
if(rootcheck_init(0) == 0)
{
syscheck.rootcheck = 0;
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
-
-
- /* Opening syscheck db file */
- os_calloc(1024,sizeof(char), syscheck.db);
- snprintf(syscheck.db,1023,"%s",SYS_WIN_DB);
/* Printing options */
r = 0;
while(syscheck.registry[r] != NULL)
{
- verbose("%s: INFO: Monitoring registry entry: '%s'.",
+ verbose("%s: INFO: Monitoring registry entry: '%s'.",
ARGV0, syscheck.registry[r]);
r++;
}
-
+
r = 0;
while(syscheck.dir[r] != NULL)
{
/* Start up message */
verbose(STARTUP_MSG, ARGV0, getpid());
-
-
-
+
+
+
/* Some sync time */
sleep(syscheck.tsleep + 10);
/* Waiting if agent started properly. */
os_wait();
-
- /* Start the daemon checking against the syscheck.db */
+
start_daemon();
exit(0);
-}
+}
#endif
/* Syscheck unix main.
*/
-#ifndef WIN32
+#ifndef WIN32
int main(int argc, char **argv)
{
int c,r;
+ int debug_level = 0;
int test_config = 0,run_foreground = 0;
-
+
char *cfg = DEFAULTCPATH;
-
-
+
+
/* Zeroing the structure */
syscheck.workdir = NULL;
/* Setting the name */
OS_SetName(ARGV0);
-
-
+
+
while((c = getopt(argc, argv, "VtdhfD:c:")) != -1)
{
switch(c)
break;
case 'd':
nowDebug();
+ debug_level = 1;
break;
case 'f':
run_foreground = 1;
break;
case 't':
test_config = 1;
- break;
+ break;
default:
help(ARGV0);
- break;
+ break;
}
}
+ /* Reading internal options */
+ read_internal(debug_level);
+
+
+ debug1(STARTED_MSG, ARGV0);
+
+
/* Checking if the configuration is present */
if(File_DateofChange(cfg) < 0)
ErrorExit(NO_CONFIG, ARGV0, cfg);
{
if(!test_config)
merror(SK_NO_DIR, ARGV0);
- dump_syscheck_entry(&syscheck, "", 0, 0);
+ dump_syscheck_entry(&syscheck, "", 0, 0, NULL);
}
else if(!syscheck.dir[0])
{
}
- /* Reading internal options */
- read_internal();
-
-
-
/* Rootcheck config */
if(rootcheck_init(test_config) == 0)
{
merror("%s: WARN: Rootcheck module disabled.", ARGV0);
}
-
+
/* Exit if testing config */
if(test_config)
exit(0);
-
+
/* Setting default values */
if(syscheck.workdir == NULL)
syscheck.workdir = DEFAULTDIR;
- /* Creating a temporary fp */
- syscheck.db = (char *)calloc(1024,sizeof(char));
- if(syscheck.db == NULL)
- ErrorExit(MEM_ERROR,ARGV0);
-
- snprintf(syscheck.db,1023,"%s%s-%d%d.tmp",
- syscheck.workdir,
- SYSCHECK_DB,
- (int)time(NULL),
- (int)getpid());
-
+ /* Setup libmagic */
+ #ifdef USE_MAGIC
+ init_magic(&magic_cookie);
+ #endif
- if (!run_foreground)
+ if(!run_foreground)
{
nowDaemon();
goDaemon();
}
-
+
/* Initial time to settle */
- sleep(syscheck.tsleep + 2);
-
-
+ sleep(syscheck.tsleep + 2);
+
+
/* Connect to the queue */
if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
- {
+ {
merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno));
sleep(5);
/* Start the signal handling */
StartSIG(ARGV0);
-
+
/* Creating pid */
if(CreatePID(ARGV0, getpid()) < 0)
}
r++;
}
-
-
+
+
/* Some sync time */
sleep(syscheck.tsleep + 10);
/* Start the daemon */
start_daemon();
- return(0);
+ return(0);
}
#endif /* ifndef WIN32 */
projects / ossec-hids.git / blobdiff