X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;f=src%2Fsyscheckd%2Fsyscheck.c;h=11a1ada6ede95e48709f94de9d52f221932b7fd2;hb=927951d1c1ad45ba9e7325f07d996154a91c911b;hp=67a5879cca7ffb772d8aa0e4268e088c049f6331;hpb=301048b51990573e58a30dc4a5bb4ec285cad554;p=ossec-hids.git diff --git a/src/syscheckd/syscheck.c b/src/syscheckd/syscheck.c index 67a5879..11a1ada 100755 --- a/src/syscheckd/syscheck.c +++ b/src/syscheckd/syscheck.c @@ -1,4 +1,5 @@ -/* @(#) $Id$ */ +/* @(#) $Id: ./src/syscheckd/syscheck.c, 2011/09/08 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All rights reserved. @@ -8,7 +9,7 @@ * License (version 2) as published by the FSF - Free Software * Foundation. * - * License details at the LICENSE file included with OSSEC or + * License details at the LICENSE file included with OSSEC or * online at: http://www.ossec.net/en/licensing.html */ @@ -29,18 +30,56 @@ #include "rootcheck/rootcheck.h" -int dump_syscheck_entry(config *syscheck, char *entry, int vals, int reg); +int dump_syscheck_entry(syscheck_config *syscheck, char *entry, int vals, int reg, char *restrictfile); + +#ifdef USE_MAGIC +#include +magic_t magic_cookie = 0; + +void init_magic(magic_t* cookie_ptr) +{ + if(!cookie_ptr || *cookie_ptr) return; + *cookie_ptr = magic_open(MAGIC_MIME_TYPE); + + if(!*cookie_ptr) + { + const char* err = magic_error(*cookie_ptr); + merror("%s: ERROR: Can't init libmagic: %s", ARGV0, err ? err : "unknown"); + } + else if(magic_load(*cookie_ptr, NULL) < 0) + { + const char* err = magic_error(*cookie_ptr); + merror("%s: ERROR: Can't load magic file: %s", ARGV0, err ? err : "unknown"); + magic_close(*cookie_ptr); + *cookie_ptr = 0; + } +} +#endif /* void read_internal() * Reads syscheck internal options. */ -void read_internal() +void read_internal(int debug_level) { syscheck.tsleep = getDefine_Int("syscheck","sleep",0,64); syscheck.sleep_after = getDefine_Int("syscheck","sleep_after",1,9999); + /* Check current debug_level + * Command line setting takes precedence + */ + if (debug_level == 0) + { + /* Getting debug level */ + debug_level = getDefine_Int("syscheck", "debug", 0, 2); + while(debug_level != 0) + { + nowDebug(); + debug_level--; + } + } + return; } @@ -51,10 +90,18 @@ void read_internal() */ int Start_win32_Syscheck() { + int debug_level = 0; int r = 0; char *cfg = DEFAULTCPATH; + /* Reading internal options */ + read_internal(debug_level); + + + debug1(STARTED_MSG, ARGV0); + + /* Zeroing the structure */ syscheck.workdir = DEFAULTDIR; @@ -75,7 +122,7 @@ int Start_win32_Syscheck() if(!syscheck.dir) { merror(SK_NO_DIR, ARGV0); - dump_syscheck_entry(&syscheck, "", 0, 0); + dump_syscheck_entry(&syscheck, "", 0, 0, NULL); } else if(!syscheck.dir[0]) { @@ -85,7 +132,7 @@ int Start_win32_Syscheck() if(!syscheck.registry) { - dump_syscheck_entry(&syscheck, "", 0, 1); + dump_syscheck_entry(&syscheck, "", 0, 1, NULL); } syscheck.registry[0] = NULL; @@ -93,10 +140,6 @@ int Start_win32_Syscheck() } - /* Reading internal options */ - read_internal(); - - /* Rootcheck config */ if(rootcheck_init(0) == 0) { @@ -107,18 +150,18 @@ int Start_win32_Syscheck() syscheck.rootcheck = 0; merror("%s: WARN: Rootcheck module disabled.", ARGV0); } - + /* Printing options */ r = 0; while(syscheck.registry[r] != NULL) { - verbose("%s: INFO: Monitoring registry entry: '%s'.", + verbose("%s: INFO: Monitoring registry entry: '%s'.", ARGV0, syscheck.registry[r]); r++; } - + r = 0; while(syscheck.dir[r] != NULL) { @@ -130,9 +173,9 @@ int Start_win32_Syscheck() /* Start up message */ verbose(STARTUP_MSG, ARGV0, getpid()); - - - + + + /* Some sync time */ sleep(syscheck.tsleep + 10); @@ -140,35 +183,36 @@ int Start_win32_Syscheck() /* Waiting if agent started properly. */ os_wait(); - + start_daemon(); exit(0); -} +} #endif /* Syscheck unix main. */ -#ifndef WIN32 +#ifndef WIN32 int main(int argc, char **argv) { int c,r; + int debug_level = 0; int test_config = 0,run_foreground = 0; - + char *cfg = DEFAULTCPATH; - - + + /* Zeroing the structure */ syscheck.workdir = NULL; /* Setting the name */ OS_SetName(ARGV0); - - + + while((c = getopt(argc, argv, "VtdhfD:c:")) != -1) { switch(c) @@ -181,6 +225,7 @@ int main(int argc, char **argv) break; case 'd': nowDebug(); + debug_level = 1; break; case 'f': run_foreground = 1; @@ -197,14 +242,21 @@ int main(int argc, char **argv) break; case 't': test_config = 1; - break; + break; default: help(ARGV0); - break; + break; } } + /* Reading internal options */ + read_internal(debug_level); + + + debug1(STARTED_MSG, ARGV0); + + /* Checking if the configuration is present */ if(File_DateofChange(cfg) < 0) ErrorExit(NO_CONFIG, ARGV0, cfg); @@ -221,7 +273,7 @@ int main(int argc, char **argv) { if(!test_config) merror(SK_NO_DIR, ARGV0); - dump_syscheck_entry(&syscheck, "", 0, 0); + dump_syscheck_entry(&syscheck, "", 0, 0, NULL); } else if(!syscheck.dir[0]) { @@ -236,11 +288,6 @@ int main(int argc, char **argv) } - /* Reading internal options */ - read_internal(); - - - /* Rootcheck config */ if(rootcheck_init(test_config) == 0) { @@ -252,30 +299,36 @@ int main(int argc, char **argv) merror("%s: WARN: Rootcheck module disabled.", ARGV0); } - + /* Exit if testing config */ if(test_config) exit(0); - + /* Setting default values */ if(syscheck.workdir == NULL) syscheck.workdir = DEFAULTDIR; - if(!run_foreground) + /* Setup libmagic */ + #ifdef USE_MAGIC + init_magic(&magic_cookie); + #endif + + + if(!run_foreground) { nowDaemon(); goDaemon(); } - + /* Initial time to settle */ - sleep(syscheck.tsleep + 2); - - + sleep(syscheck.tsleep + 2); + + /* Connect to the queue */ if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - { + { merror(QUEUE_ERROR, ARGV0, DEFAULTQPATH, strerror(errno)); sleep(5); @@ -292,7 +345,7 @@ int main(int argc, char **argv) /* Start the signal handling */ StartSIG(ARGV0); - + /* Creating pid */ if(CreatePID(ARGV0, getpid()) < 0) @@ -336,8 +389,8 @@ int main(int argc, char **argv) } r++; } - - + + /* Some sync time */ sleep(syscheck.tsleep + 10); @@ -345,7 +398,7 @@ int main(int argc, char **argv) /* Start the daemon */ start_daemon(); - return(0); + return(0); } #endif /* ifndef WIN32 */