[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] ossec-hids: config.c (HEAD) create_db.c (HEAD) run_check.c (HEAD) syscheck.c (HEAD) syscheck.h (HEAD) syscheck.conf (REMOVED) [dcid]
- To: dancid@xxxxxxxxxxxxxxx
- Subject: [ossec-dev] ossec-hids: config.c (HEAD) create_db.c (HEAD) run_check.c (HEAD) syscheck.c (HEAD) syscheck.h (HEAD) syscheck.conf (REMOVED) [dcid]
- From: OSSEC CVS <cvs-commit@xxxxxxxxx>
- Date: Tue, 5 Sep 2006 16:17:48 -0300 (ADT)
- Content-transfer-encoding: 8bit
Module name: ossec-hids
Changes by: dcid 06/09/05 16:17:46
Modified files:
config.c create_db.c run_check.c syscheck.c syscheck.h
Removed files:
syscheck.conf
Log message:
Description: Fixing september month issue. Adding support for new files on syscheck.
Reviewed by: dcid
Bug:
Index: config.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/syscheckd/config.c,v
diff -u -r1.10 -r1.11
--- config.c 13 Apr 2006 02:29:08 -0000 1.10
+++ config.c 5 Sep 2006 19:17:45 -0000 1.11
@@ -1,6 +1,6 @@
-/* $OSSEC, config.c, v0.2, 2005/07/14, Daniel B. Cid$ */
+/* @(#) $Id$ */
-/* Copyright (C) 2004,2005 Daniel B. Cid <dcid@xxxxxxxxx>
+/* Copyright (C) 2004-2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
*
* This program is a free software; you can redistribute it
@@ -10,16 +10,7 @@
*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
#include "shared.h"
-
-#include "os_xml/os_xml.h"
-#include "os_regex/os_regex.h"
-
#include "syscheck.h"
#include "config/config.h"
Index: create_db.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/syscheckd/create_db.c,v
diff -u -r1.9 -r1.10
--- create_db.c 21 Jul 2006 13:30:26 -0000 1.9
+++ create_db.c 5 Sep 2006 19:17:45 -0000 1.10
@@ -1,6 +1,6 @@
-/* $OSSEC, create_db.c, v0.3, 2005/10/05, Daniel B. Cid$ */
+/* @(#) $Id$ */
-/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
+/* Copyright (C) 2005,2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
*
* This program is a free software; you can redistribute it
@@ -9,34 +9,69 @@
* Foundation
*/
-/* v0.3 (2005/10/05): Adding st_mode, owner uid and group owner.
- * v0.2 (2005/08/22): Removing st_ctime, bug 1104
- * v0.1 (2005/07/15)
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <dirent.h>
-#include <errno.h>
-#include <limits.h>
-
+#include "shared.h"
+#include "syscheck.h"
#include "os_crypto/md5/md5_op.h"
#include "os_crypto/sha1/sha1_op.h"
-#include "headers/debug_op.h"
+/* flags for read_dir and read_file */
+#define CREATE_DB 1
+#define CHECK_DB 2
+int __counter = 0;
-#include "syscheck.h"
/** Prototypes **/
-int read_dir(char *dir_name, int opts);
+int read_dir(char *dir_name, int opts, int flag);
-int read_file(char *file_name, int opts)
+/* int check_file(char *file_name)
+ * Checks if the file is already in the database.
+ */
+int check_file(char *file_name)
+{
+ char buf[MAX_LINE +2];
+ buf[MAX_LINE +1] = '\0';
+
+ while(fgets(buf, MAX_LINE, syscheck.fp) != NULL)
+ {
+ if((buf[0] != '#') && (buf[0] != ' ') && (buf[0] != '\n'))
+ {
+ char *n_buf;
+
+ /* Removing the new line */
+ n_buf = strchr(buf,'\n');
+ if(n_buf == NULL)
+ continue;
+
+ *n_buf = '\0';
+
+
+ /* First 6 characters are for internal use */
+ n_buf = buf;
+ n_buf+=6;
+
+ n_buf = strchr(n_buf, ' ');
+ if(n_buf)
+ {
+ n_buf++;
+
+ /* Checking if name matches */
+ if(strcmp(n_buf, file_name) == 0)
+ return(1);
+ }
+ }
+ }
+
+ /* New file */
+ debug2("%s: DEBUG: new file '%s'.", ARGV0, file_name);
+ return(0);
+}
+
+
+
+/* int read_file(char *file_name, int opts, int flag)
+ * Reads and generates the integrity data of a file.
+ */
+int read_file(char *file_name, int opts, int flag)
{
struct stat statbuf;
@@ -73,7 +108,7 @@
verbose("%s: Reading dir: %s\n",ARGV0, file_name);
#endif
- return(read_dir(file_name, opts));
+ return(read_dir(file_name, opts, flag));
}
/* No S_ISLNK on windows */
@@ -111,7 +146,18 @@
}
}
-
+
+ if(flag == CHECK_DB)
+ {
+ /* File in the database already */
+ fseek(syscheck.fp, 0, SEEK_SET);
+ if(check_file(file_name))
+ {
+ return(0);
+ }
+ fseek(syscheck.fp, 0, SEEK_END);
+ }
+
fprintf(syscheck.fp,"%c%c%c%c%c%c%d:%d:%d:%d:%s:%s %s\n",
opts & CHECK_SIZE?'+':'-',
opts & CHECK_PERM?'+':'-',
@@ -127,6 +173,16 @@
opts & CHECK_SHA1SUM?sf_sum:"xxx",
file_name);
+
+ /* Sleeping in here too */
+ if(__counter >= (6 * syscheck.sleep_after))
+ {
+ sleep(syscheck.tsleep);
+ __counter = 0;
+ }
+ __counter++;
+
+
#ifdef DEBUG
verbose("%s: file '%s %s'",ARGV0, file_name, mf_sum);
#endif
@@ -141,10 +197,11 @@
return(0);
}
+
/* read_dir v0.1
*
*/
-int read_dir(char *dir_name, int opts)
+int read_dir(char *dir_name, int opts, int flag)
{
int dir_size;
@@ -155,26 +212,34 @@
f_name[PATH_MAX +1] = '\0';
+ /* Directory should be valid */
if((dir_name == NULL)||((dir_size = strlen(dir_name)) > PATH_MAX))
{
- merror("%s: Invalid directory given.",ARGV0);
+ if(flag == CREATE_DB)
+ merror(NULL_ERROR, ARGV0);
+
return(-1);
}
+
/* Opening the directory given */
dp = opendir(dir_name);
if(!dp)
{
if(errno == ENOTDIR)
{
- if(read_file(dir_name, opts) == 0)
+ if(read_file(dir_name, opts, flag) == 0)
return(0);
}
- merror("%s: Error opening directory: '%s': %s ",
+ if(flag == CREATE_DB)
+ {
+ merror("%s: Error opening directory: '%s': %s ",
ARGV0,
dir_name,
strerror(errno));
+ }
+
return(-1);
}
@@ -194,31 +259,48 @@
s_name += dir_size;
+
/* checking if the file name is already null terminated */
if(*(s_name-1) != '/')
*s_name++ = '/';
*s_name = '\0';
- strncpy(s_name, entry->d_name, PATH_MAX - dir_size -1);
- read_file(f_name, opts);
+ strncpy(s_name, entry->d_name, PATH_MAX - dir_size -2);
+ read_file(f_name, opts, flag);
}
closedir(dp);
-
return(0);
}
-/* create_db v0.1
- *
+
+/* int check_db()
+ * Checks database for new files.
+ */
+int check_db()
+{
+ int i = 0;
+
+ /* Read all available directories */
+ __counter = 0;
+ do
+ {
+ read_dir(syscheck.dir[i], syscheck.opts[i], CHECK_DB);
+ i++;
+ }while(syscheck.dir[i] != NULL);
+
+ return(0);
+}
+
+
+/* int create_db
+ * Creates the file database.
*/
int create_db()
{
int i = 0;
- char **dir_name;
- dir_name = syscheck.dir;
-
syscheck.fp = fopen(syscheck.db,"w+"); /* Read and write */
if(!syscheck.fp)
{
@@ -227,24 +309,26 @@
return(0);
}
+
/* Creating an local fp only */
- if(syscheck.notify == QUEUE)
- {
- unlink(syscheck.db);
- }
+ unlink(syscheck.db);
+
/* dir_name can't be null */
- if(dir_name == NULL || *dir_name == NULL)
+ if((syscheck.dir == NULL) || (syscheck.dir[0] == NULL))
{
merror("%s: No directories to check.",ARGV0);
return(-1);
}
+
+ /* Read all available directories */
+ __counter = 0;
do
{
- read_dir(dir_name[i], syscheck.opts[i]);
+ read_dir(syscheck.dir[i], syscheck.opts[i], CREATE_DB);
i++;
- }while(dir_name[i] != NULL);
+ }while(syscheck.dir[i] != NULL);
return(0);
Index: run_check.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/syscheckd/run_check.c,v
diff -u -r1.19 -r1.20
--- run_check.c 12 Jul 2006 19:47:00 -0000 1.19
+++ run_check.c 5 Sep 2006 19:17:45 -0000 1.20
@@ -1,6 +1,6 @@
-/* $OSSEC, run_check.c, v0.3, 2005/10/05, Daniel B. Cid$ */
+/* @(#) $Id$ */
-/* Copyright (C) 2005 Daniel B. Cid <dcid@xxxxxxxxx>
+/* Copyright (C) 2005-2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
*
* This program is a free software; you can redistribute it
@@ -9,46 +9,26 @@
* Foundation
*/
-/* v0.3 (2005/10/05): Adding st_mode, owner uid and group owner.
- * v0.2 (2005/08/22): Removing st_ctime, bug 1104
- * v0.1 (2005/07/15)
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <dirent.h>
-#include <errno.h>
-#include <limits.h>
-#include <time.h>
+#include "shared.h"
+#include "syscheck.h"
#include "os_crypto/md5/md5_op.h"
#include "os_crypto/sha1/sha1_op.h"
-#include "shared.h"
-
-#include "syscheck.h"
#ifndef WIN32
#include "rootcheck/rootcheck.h"
#endif
-#include "error_messages/error_messages.h"
-#define MAX_LINE PATH_MAX+256
/** Prototypes **/
int c_read_file(char *file_name, char *oldsum);
/* Global variables -- currently checksum, msg to alert */
-char c_sum[256 +1];
-char alert_msg[912 +1];
+char c_sum[256 +2];
+char alert_msg[912 +2];
/* notify_agent
@@ -80,9 +60,11 @@
void start_daemon()
{
time_t curr_time = 0;
+
#ifndef WIN32
time_t prev_time_rk = 0;
#endif
+
time_t prev_time_sk = 0;
@@ -90,30 +72,32 @@
verbose("%s: Starting daemon ..",ARGV0);
#endif
+
/* Zeroing memory */
- memset(c_sum, '\0', 256 +1);
- memset(alert_msg, '\0', 912 +1);
+ memset(c_sum, '\0', 256 +2);
+ memset(alert_msg, '\0', 912 +2);
/* some time to settle */
- sleep(30);
+ sleep(syscheck.tsleep * 10);
+
/* Send the integrity database to the agent */
- if(syscheck.notify == QUEUE)
{
char buf[MAX_LINE +1];
int file_count = 0;
buf[MAX_LINE] = '\0';
- if(fseek(syscheck.fp,0, SEEK_SET) == -1)
+ if(fseek(syscheck.fp, 0, SEEK_SET) == -1)
{
- ErrorExit("%s: Error setting the file pointer (fseek)",ARGV0);
+ ErrorExit(FSEEK_ERROR, ARGV0, "syscheck_db");
}
+
while(fgets(buf,MAX_LINE,syscheck.fp) != NULL)
{
- if(buf[0] != '#' && buf[0] != ' ' && buf[0] != '\n')
+ if((buf[0] != '#') && (buf[0] != ' ') && (buf[0] != '\n'))
{
char *n_buf;
@@ -133,14 +117,15 @@
/* A count and a sleep to avoid flooding the server.
- * Time or speed are not requirements in here
+ * Time or speed are not requirements in here
*/
file_count++;
- /* sleep 3 every 15 messages */
- if(file_count >= 15)
+
+ /* sleep X every Y files */
+ if(file_count >= syscheck.sleep_after)
{
- sleep(3);
+ sleep(syscheck.tsleep);
file_count = 0;
}
}
@@ -148,8 +133,8 @@
}
- /* before entering in daemon mode itself */
- sleep(30);
+ /* Before entering in daemon mode itself */
+ sleep(syscheck.tsleep * 10);
/* Check every SYSCHECK_WAIT */
@@ -160,7 +145,6 @@
/* If time elapsed is higher than the rootcheck_time,
* run it.
*/
- #ifdef OSSECHIDS
#ifndef WIN32
if((curr_time - prev_time_rk) > rootcheck.time)
{
@@ -169,16 +153,20 @@
prev_time_rk = curr_time;
}
#endif
- #endif
-
+
/* If time elapsed is higher than the syscheck time,
* run syscheck time.
*/
if((curr_time - prev_time_sk) > syscheck.time)
{
+ /* Looking for new files */
+ check_db();
+
/* Set syscheck.fp to the begining of the file */
fseek(syscheck.fp,0, SEEK_SET);
+
+ /* Checking for changes */
run_check();
prev_time_sk = curr_time;
@@ -194,13 +182,19 @@
*/
void run_check()
{
- char buf[MAX_LINE +1];
+ char buf[MAX_LINE +2];
int file_count = 0;
- buf[MAX_LINE] = '\0';
+ buf[MAX_LINE +1] = '\0';
+
+
+ /* Sending database completed message */
+ notify_agent(HC_SK_DB_COMPLETED);
+ debug2("%s: DEBUG: Sending database completed message.");
+
/* fgets garantee the null termination */
- while(fgets(buf,MAX_LINE,syscheck.fp) != NULL)
+ while(fgets(buf, MAX_LINE, syscheck.fp) != NULL)
{
/* Buf should be in the following format:
* header checksum file_name (checksum space filename)
@@ -222,29 +216,29 @@
* on the client side -- speed not necessary
*/
file_count++;
- if(file_count >= 30)
+ if(file_count >= (2*syscheck.sleep_after))
{
- sleep(2);
+ sleep(syscheck.tsleep);
file_count = 0;
}
/* Finding the file name */
- n_file = strchr(buf,' ');
+ n_file = strchr(buf, ' ');
if(n_file == NULL)
{
- merror("%s: Invalid entry in the integrity checking database. "
- "Wrong format for '%s'",ARGV0, buf);
-
+ merror("%s: Invalid entry in the integrity check database.",ARGV0);
continue;
}
/* Zeroing the ' ' and messing up with buf */
*n_file ='\0';
+
/* Setting n_file to the begining of the file name */
n_file++;
+
/* Removing the '\n' if present and setting it to \0 */
tmp_c = strchr(n_file,'\n');
if(tmp_c)
@@ -265,16 +259,10 @@
if(strcmp(c_sum,n_sum+6) != 0)
{
/* Sending the new checksum to the analysis server */
- if(syscheck.notify == QUEUE)
- {
- snprintf(alert_msg, 912, "%s %s",c_sum,n_file);
- notify_agent(alert_msg);
- }
- else
- {
- merror("%s: Checksum differ for file %s.",ARGV0,n_file);
- }
-
+ alert_msg[912 +1] = '\0';
+ snprintf(alert_msg, 912, "%s %s",c_sum,n_file);
+ notify_agent(alert_msg);
+
continue;
}
@@ -282,6 +270,7 @@
}
}
+
/* c_read_file
* Read file information and return a pointer
* to the checksum
@@ -309,16 +298,9 @@
if(lstat(file_name, &statbuf) < 0)
#endif
{
- if(syscheck.notify == QUEUE)
- {
- alert_msg[912] = '\0';
- snprintf(alert_msg, 912,"-1 %s",file_name);
- notify_agent(alert_msg);
- }
- else
- {
- merror("%s: Error accessing '%s'",ARGV0,file_name);
- }
+ alert_msg[912 +1] = '\0';
+ snprintf(alert_msg, 912,"-1 %s",file_name);
+ notify_agent(alert_msg);
return(-1);
}
@@ -377,7 +359,7 @@
}
}
-
+ c_sum[255] = '\0';
snprintf(c_sum,255,"%d:%d:%d:%d:%s:%s",
size == 0?0:(int)statbuf.st_size,
perm == 0?0:(int)statbuf.st_mode,
Index: syscheck.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/syscheckd/syscheck.c,v
diff -u -r1.18 -r1.19
--- syscheck.c 4 Sep 2006 20:39:23 -0000 1.18
+++ syscheck.c 5 Sep 2006 19:17:45 -0000 1.19
@@ -1,6 +1,6 @@
-/* $OSSEC, syscheck.c, v0.5, 2005/05/30, Daniel B. Cid$ */
+/* @(#) $Id$ */
-/* Copyright (C) 2003,2004,2005 Daniel B. Cid <dcid@xxxxxxxxx>
+/* Copyright (C) 2003-2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
*
* This program is a free software; you can redistribute it
@@ -8,7 +8,8 @@
* License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
+
+
/*
* Syscheck v 0.3
* Copyright (C) 2003 Daniel B. Cid <daniel@xxxxxxxxxxxxxxxxx>
@@ -17,38 +18,31 @@
* syscheck.c, 2004/03/17, Daniel B. Cid
*/
-/* Inclusion of the syscheck into the OSSEC HIDS system */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <unistd.h>
+/* Inclusion of syscheck into OSSEC */
-#include <sys/types.h>
-#include <time.h>
#include "shared.h"
#include "syscheck.h"
-#ifdef OSSECHIDS
- #ifndef WIN32
- #include "rootcheck/rootcheck.h"
- #endif
+#ifndef WIN32
+#include "rootcheck/rootcheck.h"
#endif
-#include "error_messages/error_messages.h"
-/** Prototypes **/
+/* void read_internal()
+ * Reads syscheck internal options.
+ */
+void read_internal()
+{
+ syscheck.tsleep = getDefine_Int("syscheck","sleep",1,64);
+ syscheck.sleep_after = getDefine_Int("syscheck","sleep_after",1,128);
-/* Read the new XML config */
-int Read_Syscheck_Config(char * cfgfile, config *cfg);
-/* create the database */
-int create_db();
+ return;
+}
-/* syscheck start for windows
- *
+/* int Start_win32_Syscheck()
+ * syscheck main for windows
*/
int Start_win32_Syscheck()
{
@@ -56,8 +50,7 @@
/* Zeroing the structure */
syscheck.workdir = DEFAULTDIR;
- syscheck.daemon = 1;
- syscheck.notify = QUEUE;
+
/* Checking if the configuration is present */
if(File_DateofChange(cfg) < 0)
@@ -65,62 +58,66 @@
/* Read syscheck config */
- if(Read_Syscheck_Config(cfg, &syscheck) < 0)
+ if(Read_Syscheck_Config(cfg) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0);
}
+
+ /* Reading internal options */
+ read_internal();
+
+
syscheck.db = (char *)calloc(1024,sizeof(char));
if(syscheck.db == NULL)
ErrorExit(MEM_ERROR,ARGV0);
snprintf(syscheck.db,1023,"%s",SYS_WIN_DB);
- /* Will create the db to store syscheck data */
- create_db();
- fflush(syscheck.fp);
- /* Some sync time */
- sleep(2);
+ /* Will create the db to store syscheck data */
+ create_db();
+ fflush(syscheck.fp);
+
+
+ /* Some sync time */
+ sleep(syscheck.tsleep);
- /* Start the daemon checking against the syscheck.db */
- start_daemon();
- exit(0);
+ /* Start the daemon checking against the syscheck.db */
+ start_daemon();
+
+
+ exit(0);
}
-/* main v0.3
- *
+/* Syscheck unix main.
*/
#ifndef WIN32
int main(int argc, char **argv)
{
- int init = 0, c;
+ int c;
int test_config = 0;
char *cfg = DEFAULTCPATH;
+
/* Zeroing the structure */
syscheck.workdir = NULL;
- syscheck.daemon = 1;
- syscheck.notify = QUEUE;
/* Setting the name */
OS_SetName(ARGV0);
- while((c = getopt(argc, argv, "VtSsdhD:c:")) != -1)
+ while((c = getopt(argc, argv, "VtdhD:c:")) != -1)
{
switch(c)
{
case 'V':
print_version();
break;
- case 's':
- init = 1;
- break;
case 'h':
help();
break;
@@ -137,8 +134,6 @@
ErrorExit("%s: -c needs an argument",ARGV0);
cfg = optarg;
break;
- case 'S':
- syscheck.notify = SYSLOG;
case 't':
test_config = 1;
break;
@@ -148,29 +143,29 @@
}
}
+
/* Checking if the configuration is present */
if(File_DateofChange(cfg) < 0)
ErrorExit(NO_CONFIG, ARGV0, cfg);
/* Read syscheck config */
- if(Read_Syscheck_Config(cfg, &syscheck) < 0)
+ if(Read_Syscheck_Config(cfg) < 0)
{
ErrorExit(CONFIG_ERROR, ARGV0);
}
- /* Read rootcheck config */
- if(syscheck.notify == QUEUE)
- {
- /* Starting rootcheck */
- #ifdef OSSECHIDS
- if(rootcheck_init(test_config) == 0)
- syscheck.rootcheck = 1;
- #endif
- }
-
+ /* Reading internal options */
+ read_internal();
+
+
+ /* Rootcheck config */
+ if(rootcheck_init(test_config) == 0)
+ syscheck.rootcheck = 1;
+
+
/* Exit if testing config */
if(test_config)
exit(0);
@@ -182,136 +177,76 @@
/* Creating a temporary fp */
- if((init == 0)&&(syscheck.notify == QUEUE))
- {
- time_t tmp_time;
- pid_t tmp_pid;
-
- tmp_time = time(NULL);
- tmp_pid = getpid();
-
- syscheck.db = (char *)calloc(1024,sizeof(char));
- if(syscheck.db == NULL)
- ErrorExit(MEM_ERROR,ARGV0);
+ syscheck.db = (char *)calloc(1024,sizeof(char));
+ if(syscheck.db == NULL)
+ ErrorExit(MEM_ERROR,ARGV0);
- snprintf(syscheck.db,1023,"%s%s-%d%d.tmp",
- syscheck.workdir,
- SYSCHECK_DB,
- (int)tmp_time,
- (int)tmp_pid);
- }
+ snprintf(syscheck.db,1023,"%s%s-%d%d.tmp",
+ syscheck.workdir,
+ SYSCHECK_DB,
+ (int)time(NULL),
+ (int)getpid());
- else
- {
- /* setting db directory */
- syscheck.db = (char *)calloc(1024, sizeof(char));
- if(syscheck.db == NULL)
- {
- ErrorExit(MEM_ERROR,ARGV0);
- }
- snprintf(syscheck.db, 1024, "%s%s",syscheck.workdir,SYSCHECK_DB);
- }
+ /* Setting daemon flag */
+ nowDaemon();
-
- /* Going on daemon mode */
- if(syscheck.daemon)
- {
- /* Setting daemon flag */
- nowDaemon();
- /* Entering in daemon mode now */
- goDaemon();
+ /* Entering in daemon mode now */
+ goDaemon();
- }
+
+ /* Initial time to settle */
+ sleep(syscheck.tsleep);
- /* Connect to the queue if configured to do so */
- if(syscheck.notify == QUEUE)
- {
- sleep(3);
+ /* Connect to the queue */
+ if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
+ {
+ merror(QUEUE_ERROR,ARGV0,DEFAULTQPATH);
- /* Starting the queue. */
+ sleep(5);
if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
- {
+ {
+ /* more 10 seconds of wait.. */
merror(QUEUE_ERROR,ARGV0,DEFAULTQPATH);
-
- /* 5 seconds to see if the agent starts */
- sleep(5);
+ sleep(10);
if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
- {
- /* more 10 seconds of wait.. */
- merror(QUEUE_ERROR,ARGV0,DEFAULTQPATH);
- sleep(10);
- if((syscheck.queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
- ErrorExit(QUEUE_FATAL,ARGV0,DEFAULTQPATH);
- }
+ ErrorExit(QUEUE_FATAL,ARGV0,DEFAULTQPATH);
}
}
+
/* Start the signal handling */
StartSIG(ARGV0);
- /* Lets create the database */
- if(init == 1)
- {
- verbose(SK_CREATE_DB, ARGV0);
- create_db();
- exit(0);
- }
+ /* Creating pid */
+ if(CreatePID(ARGV0, getpid()) < 0)
+ merror(PID_ERROR,ARGV0);
-
- /* If syslog is set, just read the database */
- if(syscheck.notify == SYSLOG)
- {
- syscheck.fp = fopen(syscheck.db,"r");
- if(!syscheck.fp)
- {
- ErrorExit(SK_NO_DB, ARGV0, syscheck.db);
- }
- }
-
-
- /* Going on daemon mode */
- if(syscheck.daemon)
- {
- /* Creating pid */
- if(CreatePID(ARGV0, getpid()) < 0)
- merror(PID_ERROR,ARGV0);
-
- /* Start up message */
- verbose(STARTUP_MSG, ARGV0, getpid());
-
+ /* Start up message */
+ verbose(STARTUP_MSG, ARGV0, getpid());
- /* When on QUEUE, we need to create the database every time */
- if(syscheck.notify == QUEUE)
- {
- /* Will create the temp db */
- create_db();
+
+ /* Create local database */
+ create_db();
+
- fflush(syscheck.fp);
+ fflush(syscheck.fp);
- /* Some sync time */
- sleep(2);
- }
+ /* Some sync time */
+ sleep(syscheck.tsleep);
- /* Start the daemon checking against the syscheck.db */
- start_daemon();
- }
-
- /* Will only check the integrity once and exit */
- else
- {
- run_check();
- }
-
+ /* Start the daemon */
+ start_daemon();
return(0);
}
#endif /* ifndef WIN32 */
+
/* EOF */
Index: syscheck.h
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/syscheckd/syscheck.h,v
diff -u -r1.6 -r1.7
--- syscheck.h 8 Apr 2006 02:58:36 -0000 1.6
+++ syscheck.h 5 Sep 2006 19:17:45 -0000 1.7
@@ -1,6 +1,6 @@
-/* $OSSEC, syscheck.h, v0.1, 2005/07/29, Daniel B. Cid$ */
+/* @(#) $Id$ */
-/* Copyright (C) 2003,2004,2005 Daniel B. Cid <dcid@xxxxxxxxx>
+/* Copyright (C) 2003-2006 Daniel B. Cid <dcid@xxxxxxxxx>
* All right reserved.
*
* This program is a free software; you can redistribute it
@@ -15,19 +15,38 @@
#define __SYSCHECK_H
#include "config/syscheck-config.h"
+#define MAX_LINE PATH_MAX+256
+/* Global config */
config syscheck;
-/** Prototypes **/
+
+/** Function Prototypes **/
/* run_check: checks the integrity of the files against the
* saved database
*/
void run_check();
+
/* start_daemon: Runs run_check periodically.
*/
void start_daemon();
+
+
+/* Read the XML config */
+int Read_Syscheck_Config(char * cfgfile);
+
+
+/* create the database */
+int create_db();
+
+
+/* int check_db()
+ * Checks database for new files.
+ */
+int check_db();
+
#endif
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.