-/* @(#) $Id$ */
-
/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
*
* and/or modify it under the terms of the GNU General Public
* License (version 2) as published by the FSF - Free Software
* Foundation.
- *
- * License details at the LICENSE file included with OSSEC or
- * online at: http://www.ossec.net/en/licensing.html
*/
-
#ifdef WIN32
#include "shared.h"
#endif
static LPTSTR g_lpszServiceName = "OssecSvc";
-static LPTSTR g_lpszServiceDisplayName = "OSSEC Hids";
-static LPTSTR g_lpszServiceDescription = "OSSEC Hids Windows Agent";
+static LPTSTR g_lpszServiceDisplayName = "OSSEC HIDS";
+static LPTSTR g_lpszServiceDescription = "OSSEC HIDS Windows Agent";
static SERVICE_STATUS ossecServiceStatus;
static SERVICE_STATUS_HANDLE ossecServiceStatusHandle;
-/* ServiceStart */
void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv);
-
-/* os_start_service: Starts ossec service */
+/* Start OSSEC-HIDS service */
int os_start_service()
{
int rc = 0;
SC_HANDLE schSCManager, schService;
-
- /* Removing from the services database */
+ /* Start the database */
schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
- if (schSCManager)
- {
- schService = OpenService(schSCManager,g_lpszServiceName,
+ if (schSCManager) {
+ schService = OpenService(schSCManager, g_lpszServiceName,
SC_MANAGER_ALL_ACCESS);
- if(schService)
- {
-
- if(StartService(schService, 0, NULL))
- {
+ if (schService) {
+ if (StartService(schService, 0, NULL)) {
rc = 1;
- }
- else
- {
- if(GetLastError() == ERROR_SERVICE_ALREADY_RUNNING)
- {
+ } else {
+ if (GetLastError() == ERROR_SERVICE_ALREADY_RUNNING) {
rc = -1;
}
}
-
+
CloseServiceHandle(schService);
}
CloseServiceHandle(schSCManager);
}
- return(rc);
+ return (rc);
}
-
-/* os_start_service: Starts ossec service */
+/* Stop OSSEC-HIDS service */
int os_stop_service()
{
int rc = 0;
SC_HANDLE schSCManager, schService;
-
- /* Removing from the services database */
+ /* Stop the service database */
schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
- if (schSCManager)
- {
- schService = OpenService(schSCManager,g_lpszServiceName,
+ if (schSCManager) {
+ schService = OpenService(schSCManager, g_lpszServiceName,
SC_MANAGER_ALL_ACCESS);
- if(schService)
- {
+ if (schService) {
SERVICE_STATUS lpServiceStatus;
-
- if(ControlService(schService,
- SERVICE_CONTROL_STOP, &lpServiceStatus))
- {
+
+ if (ControlService(schService, SERVICE_CONTROL_STOP, &lpServiceStatus)) {
rc = 1;
}
-
+
CloseServiceHandle(schService);
}
CloseServiceHandle(schSCManager);
}
- return(rc);
+ return (rc);
}
-
-/* int QueryService(): Checks if service is running. */
+/* Check if the OSSEC-HIDS agent service is running
+ * Returns 1 on success (running) or 0 if not running
+ */
int CheckServiceRunning()
{
int rc = 0;
SC_HANDLE schSCManager, schService;
-
- /* Removing from the services database */
+ /* Check service status */
schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
- if (schSCManager)
- {
- schService = OpenService(schSCManager,g_lpszServiceName,
+ if (schSCManager) {
+ schService = OpenService(schSCManager, g_lpszServiceName,
SC_MANAGER_ALL_ACCESS);
- if(schService)
- {
- /* Checking status */
+ if (schService) {
+ /* Check status */
SERVICE_STATUS lpServiceStatus;
-
- if(QueryServiceStatus(schService, &lpServiceStatus))
- {
- if(lpServiceStatus.dwCurrentState == SERVICE_RUNNING)
- {
+
+ if (QueryServiceStatus(schService, &lpServiceStatus)) {
+ if (lpServiceStatus.dwCurrentState == SERVICE_RUNNING) {
rc = 1;
}
}
CloseServiceHandle(schService);
}
-
+
CloseServiceHandle(schSCManager);
}
- return(rc);
+ return (rc);
}
-
-/* int InstallService()
- * Install the OSSEC HIDS agent service.
- */
+/* Install the OSSEC-HIDS agent service */
int InstallService(char *path)
{
- char buffer[MAX_PATH+1];
-
+ int ret;
SC_HANDLE schSCManager, schService;
LPCTSTR lpszBinaryPathName = NULL;
SERVICE_DESCRIPTION sdBuf;
-
-
- /* Cleaning up some variables */
- buffer[MAX_PATH] = '\0';
-
-
- /* Executable path -- it must be called with the
- * full path
- */
+
+ /* Uninstall service (if it exists) */
+ if (!UninstallService()) {
+ verbose("%s: ERROR: Failure running UninstallService().", ARGV0);
+ return (0);
+ }
+
+ /* Executable path -- it must be called with the full path */
lpszBinaryPathName = path;
-
- /* Opening the services database */
- schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
- if (schSCManager == NULL)
- {
+ /* Opening the service database */
+ schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
+
+ if (schSCManager == NULL) {
goto install_error;
}
- /* Creating the service */
- schService = CreateService(schSCManager,
+ /* Create the service */
+ schService = CreateService(schSCManager,
g_lpszServiceName,
g_lpszServiceDisplayName,
SERVICE_ALL_ACCESS,
SERVICE_ERROR_NORMAL,
lpszBinaryPathName,
NULL, NULL, NULL, NULL, NULL);
-
- if (schService == NULL)
- {
+
+ if (schService == NULL) {
+ CloseServiceHandle(schSCManager);
goto install_error;
}
- /* Setting description */
+ /* Set description */
sdBuf.lpDescription = g_lpszServiceDescription;
- if(!ChangeServiceConfig2(schService, SERVICE_CONFIG_DESCRIPTION, &sdBuf))
- {
- goto install_error;
- }
-
+ ret = ChangeServiceConfig2(schService, SERVICE_CONFIG_DESCRIPTION, &sdBuf);
+
CloseServiceHandle(schService);
CloseServiceHandle(schSCManager);
- printf(" [%s] Successfully added to the Services database.\n", ARGV0);
- return(1);
+ /* Check for errors */
+ if (!ret) {
+ goto install_error;
+ }
+ verbose("%s: INFO: Successfully added to the service database.", ARGV0);
+ return (1);
- install_error:
- {
+install_error: {
char local_msg[1025];
LPVOID lpMsgBuf;
-
+
memset(local_msg, 0, 1025);
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
0,
NULL);
- merror(local_msg, 1024, "[%s] Unable to create registry "
- "entry: %s", ARGV0,(LPCTSTR)lpMsgBuf);
- return(0);
+ verbose("%s: ERROR: Unable to create service entry: %s", ARGV0, (LPCTSTR)lpMsgBuf);
+ return (0);
}
}
-
-/* int UninstallService()
- * Uninstall the OSSEC HIDS agent service.
- */
-int UninstallService()
+/* Uninstall the OSSEC-HIDS agent service */
+int UninstallService()
{
+ int ret;
+ int rc = 0;
SC_HANDLE schSCManager, schService;
+ SERVICE_STATUS lpServiceStatus;
-
- /* Removing from the services database */
+ /* Remove from the service database */
schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
- if (schSCManager)
- {
- schService = OpenService(schSCManager,g_lpszServiceName,DELETE);
- if(schService)
- {
- if (DeleteService(schService))
-
- {
- CloseServiceHandle(schService);
- CloseServiceHandle(schSCManager);
-
- printf(" [%s] Successfully removed from "
- "the Services database.\n", ARGV0);
- return(1);
+ if (schSCManager) {
+ schService = OpenService(schSCManager, g_lpszServiceName, SERVICE_STOP | DELETE);
+ if (schService) {
+ if (CheckServiceRunning()) {
+ verbose("%s: INFO: Found (%s) service is running going to try and stop it.", ARGV0, g_lpszServiceName);
+ ret = ControlService(schService, SERVICE_CONTROL_STOP, &lpServiceStatus);
+ if (!ret) {
+ verbose("%s: ERROR: Failure stopping service (%s) before removing it (%ld).", ARGV0, g_lpszServiceName, GetLastError());
+ } else {
+ verbose("%s: INFO: Successfully stopped (%s).", ARGV0, g_lpszServiceName);
+ }
+ } else {
+ verbose("%s: INFO: Found (%s) service is not running.", ARGV0, g_lpszServiceName);
+ ret = 1;
+ }
+
+ if (ret && DeleteService(schService)) {
+ verbose("%s: INFO: Successfully removed (%s) from the service database.", ARGV0, g_lpszServiceName);
+ rc = 1;
}
CloseServiceHandle(schService);
+ } else {
+ verbose("%s: INFO: Service does not exist (%s) nothing to remove.", ARGV0, g_lpszServiceName);
+ rc = 1;
}
CloseServiceHandle(schSCManager);
}
- fprintf(stderr, " [%s] Error removing from "
- "the Services database.\n", ARGV0);
-
- return(0);
-}
-
+ if (!rc) {
+ verbose("%s: ERROR: Failure removing (%s) from the service database.", ARGV0, g_lpszServiceName);
+ }
+ return (rc);
+}
-/** VOID WINAPI OssecServiceCtrlHandler (DWORD dwOpcode)
- * "Signal" handler
- */
+/* "Signal" handler */
VOID WINAPI OssecServiceCtrlHandler(DWORD dwOpcode)
{
- switch(dwOpcode)
- {
+ switch (dwOpcode) {
case SERVICE_CONTROL_STOP:
ossecServiceStatus.dwCurrentState = SERVICE_STOPPED;
ossecServiceStatus.dwWin32ExitCode = 0;
ossecServiceStatus.dwCheckPoint = 0;
ossecServiceStatus.dwWaitHint = 0;
- verbose("%s: Received exit signal.", ARGV0);
+ verbose("%s: INFO: Received exit signal.", ARGV0);
SetServiceStatus (ossecServiceStatusHandle, &ossecServiceStatus);
- verbose("%s: Exiting...", ARGV0);
+ verbose("%s: INFO: Exiting...", ARGV0);
return;
default:
break;
}
return;
}
-
-/** void WinSetError()
- * Sets the error code in the services
- */
+/* Set the error code in the service */
void WinSetError()
{
OssecServiceCtrlHandler(SERVICE_CONTROL_STOP);
}
-
-/** int os_WinMain(int argc, char **argv)
- * Initializes OSSEC dispatcher
- */
-int os_WinMain(int argc, char **argv)
+/* Initialize OSSEC-HIDS dispatcher */
+int os_WinMain(__attribute__((unused)) int argc, __attribute__((unused)) char **argv)
{
- SERVICE_TABLE_ENTRY steDispatchTable[] =
- {
+ SERVICE_TABLE_ENTRY steDispatchTable[] = {
{ g_lpszServiceName, OssecServiceStart },
{ NULL, NULL }
};
- if(!StartServiceCtrlDispatcher(steDispatchTable))
- {
- merror("%s: Unable to set service information.", ARGV0);
- return(1);
+ if (!StartServiceCtrlDispatcher(steDispatchTable)) {
+ verbose("%s: INFO: Unable to set service information.", ARGV0);
+ return (1);
}
- return(1);
+ return (1);
}
-
-/** void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv)
- * Starts OSSEC service
- */
-void WINAPI OssecServiceStart (DWORD argc, LPTSTR *argv)
+/* Start OSSEC service */
+void WINAPI OssecServiceStart (__attribute__((unused)) DWORD argc, __attribute__((unused)) LPTSTR *argv)
{
ossecServiceStatus.dwServiceType = SERVICE_WIN32;
ossecServiceStatus.dwCurrentState = SERVICE_START_PENDING;
ossecServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
ossecServiceStatus.dwWin32ExitCode = 0;
- ossecServiceStatus.dwServiceSpecificExitCode= 0;
+ ossecServiceStatus.dwServiceSpecificExitCode = 0;
ossecServiceStatus.dwCheckPoint = 0;
ossecServiceStatus.dwWaitHint = 0;
- ossecServiceStatusHandle =
- RegisterServiceCtrlHandler(g_lpszServiceName,
+ ossecServiceStatusHandle =
+ RegisterServiceCtrlHandler(g_lpszServiceName,
OssecServiceCtrlHandler);
- if (ossecServiceStatusHandle == (SERVICE_STATUS_HANDLE)0)
- {
- merror("%s: RegisterServiceCtrlHandler failed.", ARGV0);
+ if (ossecServiceStatusHandle == (SERVICE_STATUS_HANDLE)0) {
+ verbose("%s: INFO: RegisterServiceCtrlHandler failed.", ARGV0);
return;
}
ossecServiceStatus.dwCheckPoint = 0;
ossecServiceStatus.dwWaitHint = 0;
- if (!SetServiceStatus(ossecServiceStatusHandle, &ossecServiceStatus))
- {
- merror("%s: SetServiceStatus error.", ARGV0);
+ if (!SetServiceStatus(ossecServiceStatusHandle, &ossecServiceStatus)) {
+ verbose("%s: INFO: SetServiceStatus error.", ARGV0);
return;
}
-
- #ifdef OSSECHIDS
- /* Starting process */
+#ifdef OSSECHIDS
+ /* Start process */
local_start();
- #endif
+#endif
}
-
-#endif
-/* EOF */
+#endif /* WIN32 */