[ossec-dev] ossec-hids: doc.html (NEW) service-start.c (NEW) iis-logs.bat (HEAD) make.bat (HEAD) ossec-installer.nsi (HEAD) setup-win.c (HEAD) win-files.txt (HEAD) win_agent.c (HEAD) [dcid]

[OSSEC CVS <cvs-commit@xxxxxxxxx>]

Module name:	ossec-hids
Changes by:	dcid	06/09/09 17:06:55

Modified files:
	iis-logs.bat make.bat ossec-installer.nsi setup-win.c win-files.txt
	win_agent.c
Added files:
	doc.html service-start.c

Log message:
Description: Adding debug options to multiple daemons and more fixes for the win32 agent.
Reviewed by: dcid
Bug:

--- NEW FILE: doc.html ---
<html>
  <head>
  <META HTTP-EQUIV="Refresh" CONTENT="1; URL=http://www.ossec.net/en/manual.html#windows";>
  </head>

  <body>
  Redirecting to the online documentation... <br />
  </body>
</html>

--- NEW FILE: service-start.c ---
/* @(#) $Id: service-start.c,v 1.1 2006/09/09 20:06:54 dcid Exp $ */

/* Copyright (C) 2006 Daniel B. Cid <dcid@xxxxxxxxx>
 * All rights reserved.
 *
 * This program is a free software; you can redistribute it
 * and/or modify it under the terms of the GNU General Public
 * License (version 2) as published by the FSF - Free Software
 * Foundation
 */
       

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>


/* Setup windows after install */
int main(int argc, char **argv)
{
    printf("%s: Attempting to start ossec.", argv[0]);

    system("sc start OssecSvc");
    
    system("pause");
    return(0);
}

Index: iis-logs.bat
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/win32/iis-logs.bat,v
diff -u -r1.6 -r1.7
--- iis-logs.bat	3 Aug 2006 21:51:20 -0000	1.6
+++ iis-logs.bat	9 Sep 2006 20:06:54 -0000	1.7
@@ -22,7 +22,7 @@
     echo   ^</localfile^> >> ossec.conf
     echo ^</ossec_config^> >> ossec.conf
     pause
-    exit )
+    )
 
 IF EXIST %WinDir%\System32\LogFiles\W3SVC1\ex??????.log (
     echo    * IIS W3C extended log found. Changing config to read it.
@@ -34,7 +34,7 @@
     echo   ^</localfile^> >> ossec.conf
     echo ^</ossec_config^> >> ossec.conf
     pause
-    exit )
+    )
 
 IF EXIST %WinDir%\System32\LogFiles\W3SVC3\ex??????.log (
     echo    * IIS W3C extended log found. Changing config to read it.
@@ -46,7 +46,7 @@
     echo   ^</localfile^> >> ossec.conf
     echo ^</ossec_config^> >> ossec.conf
     pause
-    exit )
+    )
 
 IF EXIST %WinDir%\System32\LogFiles\W3SVC1 (
     echo    * IIS Log found. Look at the link above if you want to monitor it.

Index: make.bat
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/win32/make.bat,v
diff -u -r1.9 -r1.10
--- make.bat	17 Jul 2006 01:02:42 -0000	1.9
+++ make.bat	9 Sep 2006 20:06:54 -0000	1.10
@@ -3,3 +3,4 @@
 "C:\MinGW\bin\gcc.exe" -o "ossec-agent" -Wall  -DARGV0=\"ossec-agent\" -DCLIENT -DWIN32 -DOSSECHIDS os_regex/*.c os_net/*.c os_xml/*.c zlib-1.2.3/*.c config/*.c shared/*.c os_crypto/blowfish/*.c os_crypto/md5/*.c os_crypto/sha1/*.c os_crypto/shared/*.c *.c -Iheaders/ -I./ -lwsock32
 "C:\MinGW\bin\gcc.exe" -o "manage_agents" -Wall  -DARGV0=\"ossec-agent\" -DCLIENT -DWIN32 -DMA os_regex/*.c zlib-1.2.3/*.c os_zlib.c shared/*.c os_crypto/blowfish/*.c os_crypto/md5/*.c os_crypto/shared/*.c addagent/*.c -Iheaders/ -I./ -lwsock32
 "C:\MinGW\bin\gcc.exe" -o setup-windows -Wall os_regex/*.c setup/setup-win.c -I./
+"C:\MinGW\bin\gcc.exe" -o service-start -Wall os_regex/*.c setup/service-start.c -I./

Index: ossec-installer.nsi
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/win32/ossec-installer.nsi,v
diff -u -r1.12 -r1.13
--- ossec-installer.nsi	7 Sep 2006 23:19:05 -0000	1.12
+++ ossec-installer.nsi	9 Sep 2006 20:06:54 -0000	1.13
@@ -1,4 +1,4 @@
-!define VERSION "0.9.2BETA"
+!define VERSION "0.9.2BETA1"
 !define NAME "Ossec HIDS"
 !define /date CDATE "%H:%M:%S %d %b, %Y"
 
@@ -20,10 +20,13 @@
 Function .onInit
     SetOutPath $INSTDIR
     IfFileExists $INSTDIR\ossec.conf 0 +3
-    MessageBox MB_OKCANCEL "${NAME} is already installed. Stop it before continuing." IDOK NoAbort
+    MessageBox MB_OKCANCEL "${NAME} is already installed. Stopping it before continuing." IDOK NoAbort
     Abort
     NoAbort:
-      
+    
+    ;; Stopping ossec service.
+    ExecWait '"sc" "stop" "OssecSvc"'  
+    
     ;;MessageBox MB_YESNO "This will install. Continue?" IDYES NoAbort
     ;;Abort ; causes installer to quit.
     ;;NoAbort:
@@ -51,7 +54,7 @@
 ;;
 ;;done:  
 
-File ossec-agent.exe default-ossec.conf manage_agents.exe iis-logs.bat internal_options.conf setup-windows.exe
+File ossec-agent.exe default-ossec.conf manage_agents.exe iis-logs.bat internal_options.conf setup-windows.exe service-start.exe doc.html
 WriteRegStr HKLM SOFTWARE\ossec "Install_Dir" "$INSTDIR"
 
 WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec" "DisplayName" "OSSEC Hids Agent"
@@ -75,7 +78,9 @@
 CreateDirectory "$SMPROGRAMS\ossec"
 CreateShortCut "$SMPROGRAMS\ossec\Uninstall.lnk" "$INSTDIR\uninstall.exe" "" "$INSTDIR\uninstall.exe" 0
 CreateShortCut "$SMPROGRAMS\ossec\Edit.lnk" "$INSTDIR\ossec.conf" "" "$INSTDIR\ossec.conf" 0
-CreateShortCut "$SMPROGRAMS\ossec\Documentation.lnk" "http://www.ossec.net/en/manual.html#windows"; "" "http://www.ossec.net/en/manual.html"; 0
+CreateShortCut "$SMPROGRAMS\ossec\Documentation.lnk" "$INSTDIR\doc.html" "" "$INSTDIR\doc.html" 0
+CreateShortCut "$SMPROGRAMS\ossec\Start.lnk" "$INSTDIR\service-start.exe" "" "$INSTDIR\service-start.exe" 0
+
 
 ; Install in the services 
 ExecWait '"$INSTDIR\setup-windows.exe" "$INSTDIR"' 

Index: setup-win.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/win32/setup-win.c,v
diff -u -r1.7 -r1.8
--- setup-win.c	21 Jul 2006 18:47:30 -0000	1.7
+++ setup-win.c	9 Sep 2006 20:06:54 -0000	1.8
@@ -155,5 +155,7 @@
         }
     }
 
+    /* Configure ossec for automatic startup */
+    system("sc config OssecSvc start= auto");
     return(0);
 }

Index: win-files.txt
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/win32/win-files.txt,v
diff -u -r1.12 -r1.13
--- win-files.txt	7 Sep 2006 23:19:05 -0000	1.12
+++ win-files.txt	9 Sep 2006 20:06:54 -0000	1.13
@@ -39,3 +39,6 @@
 win32/iis-logs.bat iis-logs.bat
 win32/ossec-win.conf default-ossec.conf
 win32/internal_options-win.conf internal_options.conf
+win32/doc.html doc.html
+win32/ossec-installer.nsi ossec-installer.nsi
+win32/service-start.c setup/service-start.c

Index: win_agent.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/win32/win_agent.c,v
diff -u -r1.18 -r1.19
--- win_agent.c	7 Sep 2006 23:19:05 -0000	1.18
+++ win_agent.c	9 Sep 2006 20:06:54 -0000	1.19
@@ -137,6 +137,7 @@
 /* Locally starts (after service/win init) */
 int local_start()
 {
+    int debug_level;
     int binds;
     char *cfg = DEFAULTCPATH;
     WSADATA wsaData;
@@ -153,22 +154,35 @@
     logr->port = DEFAULT_SECURE;
 
 
+    /* Getting debug level */
+    debug_level = getDefine_Int("windows","debug", 0, 2);
+    while(debug_level != 0)
+    {
+        nowDebug();
+        debug_level--;
+    }
+    
+    
+    
     /* Configuration file not present */
     if(File_DateofChange(cfg) < 0)
         ErrorExit("%s: Configuration file '%s' not found",ARGV0,cfg);
 
 
     /* Read agent config */
+    debug1("%s: DEBUG: Reading agent configuration.", ARGV0);
     if((binds = ClientConf(cfg)) == 0)
         ErrorExit(CLIENT_ERROR,ARGV0);
 
 
     /* Reading logcollector config file */
+    debug1("%s: DEBUG: Reading logcollector configuration.", ARGV0);
     if(LogCollectorConfig(cfg) < 0)
         ErrorExit(CONFIG_ERROR, ARGV0);
     
 
     /* Reading the private keys  */
+    debug1("%s: DEBUG: Reading private keys.", ARGV0);
     ReadKeys(&keys, 0);
 
 
@@ -183,11 +197,13 @@
         ErrorExit("%s: WSAStartup() failed", ARGV0);
     }
 
+
     /* Socket connection */
     StartMQ(NULL, 0);
 
 
     /* Starting mutex */
+    debug1("%s: DEBUG: Creating thread mutex.", ARGV0);
     hMutex = CreateMutex(NULL, FALSE, NULL);
     if(hMutex == NULL)
     {
@@ -253,6 +269,7 @@
     tmpstr[OS_MAXSTR +1] = '\0';
     crypt_msg[OS_MAXSTR +1] = '\0';
 
+    debug2("%s: DEBUG: Attempting to send message to server.", ARGV0);
     
     /* Using a mutex to synchronize the writes */
     dwWaitResult = WaitForSingleObject(hMutex, 5000L);
@@ -309,6 +326,9 @@
         pl = locmsg;
     }
 
+    
+    debug2("%s: DEBUG: Sending message to server: '%s'", ARGV0, message);
+    
     snprintf(tmpstr,OS_MAXSTR,"%c:%s:%s", loc, pl, message);
 
     _ssize = CreateSecMSG(&keys, tmpstr, crypt_msg, 0);
@@ -343,6 +363,10 @@
 /* StartMQ for windows */
 int StartMQ(char * path, short int type)
 {
+    verbose("%s: Connecting to server (%s:%d).", ARGV0,
+                                                 logr->rip,
+                                                 logr->port);
+    
     /* Connecting UDP */
     logr->sock = OS_ConnectUDP(logr->port, logr->rip);
     if(logr->sock < 0)
@@ -364,6 +388,7 @@
     time_t curr_time;
 
     curr_time = time(0);
+    debug2("%s: DEBUG: Checking if time elapsed to send keep alive.", ARGV0);
 
     if((curr_time - __win32_curr_time) > NOTIFY_TIME)
     {
@@ -374,6 +399,10 @@
         tmp_msg[OS_MAXSTR +1] = '\0';
         crypt_msg[OS_MAXSTR +1] = '\0';
 
+
+        debug1("%s: DEBUG: Sending keep alive message.", ARGV0);
+
+        
         /* fixing time */
         __win32_curr_time = curr_time;