diff --git a/src/Makefile b/src/Makefile index 59f5033764c..a131a854fb3 100644 --- a/src/Makefile +++ b/src/Makefile @@ -97,7 +97,6 @@ SELINUX_MODULE=selinux/wazuh.mod SELINUX_ENFORCEMENT=selinux/wazuh.te SELINUX_POLICY=selinux/wazuh.pp SHARED_MODULES=shared_modules/ -WAZUH_MODULES=wazuh_modules/ DBSYNC=${SHARED_MODULES}dbsync/ RSYNC=${SHARED_MODULES}rsync/ SYSCOLLECTOR=wazuh_modules/syscollector/ @@ -105,7 +104,6 @@ ROUTER=shared_modules/router/ CONTENT_MANAGER=shared_modules/content_manager/ VULNERABILITY_SCANNER=wazuh_modules/vulnerability_scanner/ SYSINFO=data_provider/ -SYSCHECK=syscheckd/ USE_PRELUDE?=no USE_ZEROMQ?=no USE_GEOIP?=no @@ -136,7 +134,6 @@ SYSINFO_OS=-DCMAKE_SYSTEM_NAME=Darwin endif ifneq (,$(filter ${TEST},YES yes y Y 1)) -SYSCHECK_TEST=-DUNIT_TEST=ON #--coverage DBSYNC_TEST=-DUNIT_TEST=ON #--coverage RSYNC_TEST=-DUNIT_TEST=ON #--coverage SYSCOLLECTOR_TEST=-DUNIT_TEST=ON #--coverage @@ -148,7 +145,6 @@ SHARED_MODULES_RELEASE_TYPE=-DCMAKE_BUILD_TYPE=Debug GTEST_RELEASE_TYPE=-DCMAKE_BUILD_TYPE=Debug SYSCOLLECTOR_RELEASE_TYPE=-DCMAKE_BUILD_TYPE=Debug SYSINFO_RELEASE_TYPE=-DCMAKE_BUILD_TYPE=Debug -SYSCHECK_RELEASE_TYPE=-DCMAKE_BUILD_TYPE=Debug WAZUH_RELEASE_TYPE=-DCMAKE_BUILD_TYPE=Debug endif @@ -406,7 +402,7 @@ endif OSSEC_CFLAGS+=${DEFINES} OSSEC_CFLAGS+=-pipe -Wall -Wextra -std=gnu99 -OSSEC_CFLAGS+=-I./ -I./headers/ -I${EXTERNAL_OPENSSL}include -I$(EXTERNAL_JSON) -I${EXTERNAL_LIBYAML}include -I${EXTERNAL_CURL}include -I${EXTERNAL_MSGPACK}include -I${EXTERNAL_BZIP2} -I${SHARED_MODULES}common -I${DBSYNC}include -I${RSYNC}include -I${SYSCOLLECTOR}include -I${SYSINFO}include -I${EXTERNAL_LIBPCRE2}include -I${EXTERNAL_RPM}/builddir/output/include -I${SYSCHECK}include -I${ROUTER}include -I${CONTENT_MANAGER}include -I${VULNERABILITY_SCANNER}include -I./shared_modules/ +OSSEC_CFLAGS+=-I./ -I./headers/ -I${EXTERNAL_OPENSSL}include -I$(EXTERNAL_JSON) -I${EXTERNAL_LIBYAML}include -I${EXTERNAL_CURL}include -I${EXTERNAL_MSGPACK}include -I${EXTERNAL_BZIP2} -I${SHARED_MODULES}common -I${DBSYNC}include -I${RSYNC}include -I${SYSCOLLECTOR}include -I${SYSINFO}include -I${EXTERNAL_LIBPCRE2}include -I${EXTERNAL_RPM}/builddir/output/include -I${ROUTER}include -I${CONTENT_MANAGER}include -I${VULNERABILITY_SCANNER}include -I./shared_modules/ OSSEC_CFLAGS += ${CFLAGS} OSSEC_LDFLAGS += ${LDFLAGS} @@ -535,12 +531,9 @@ SYSINFO_LIB+=-lsysinfo ifeq (${TARGET}, winagent) OSSEC_LDFLAGS+=-L${SYSCOLLECTOR}build/bin OSSEC_LDFLAGS+=-L${SYSINFO}build/bin - OSSEC_LDFLAGS+=-L${SYSCHECK}build/lib - OSSEC_LDFLAGS+=-L${SYSCHECK}build/bin else OSSEC_LDFLAGS+=-L${SYSCOLLECTOR}build/lib OSSEC_LDFLAGS+=-L${SYSINFO}build/lib - OSSEC_LDFLAGS+=-L${SYSCHECK}build/lib endif ifeq (,$(filter ${DISABLE_SYSC}, YES yes y Y 1)) @@ -751,10 +744,11 @@ settings: @echo " MAKE ${MAKE}" BUILD_SERVER+=manage_agents -BUILD_SERVER+=utils BUILD_SERVER+=active-responses +BUILD_SERVER+=wazuh-logtest-legacy BUILD_SERVER+=wazuh-keystore +BUILD_AGENT+=agent-auth BUILD_AGENT+=manage_agents BUILD_AGENT+=active-responses @@ -765,7 +759,7 @@ BUILD_CMAKE_PROJECTS+=build_wazuh_cmake endif ifeq (,$(filter ${DISABLE_SYSC},YES yes y Y 1)) ifneq (${uname_S},HP-UX) -#BUILD_CMAKE_PROJECTS+=build_syscollector +BUILD_CMAKE_PROJECTS+=build_syscollector endif endif @@ -824,8 +818,8 @@ $(SELINUX_POLICY): $(SELINUX_MODULE) $(SELINUX_MODULE): $(SELINUX_ENFORCEMENT) checkmodule -M -m -o $@ $? -WINDOWS_LIBS:= -WINDOWS_BINS:=win32/wazuh-agent.exe win32/wazuh-agent-eventchannel.exe win32/setup-windows.exe win32/setup-iis.exe win32/os_win32ui.exe +WINDOWS_LIBS:=win32/syscollector +WINDOWS_BINS:=win32/wazuh-agent.exe win32/wazuh-agent-eventchannel.exe win32/manage_agents.exe win32/setup-windows.exe win32/setup-iis.exe win32/os_win32ui.exe win32/agent-auth.exe WINDOWS_ACTIVE_RESPONSES:=win32/restart-wazuh.exe win32/route-null.exe win32/netsh.exe ifeq (${MAKECMDGOALS},winagent) @@ -855,6 +849,10 @@ win32/shared_modules: $(WAZUHEXT_LIB) win32/sysinfo: $(WAZUHEXT_LIB) win32/version-dll.o cd ${SYSINFO} && mkdir -p build && cd build && cmake ${CMAKE_OPTS} ${SYSINFO_OS} ${SYSINFO_TEST} ${SYSINFO_RELEASE_TYPE} ${WIN_RESOURCE_OBJ} .. && ${MAKE} +#### Syscollector ## +win32/syscollector: win32/shared_modules win32/sysinfo win32/version-dll.o + cd ${SYSCOLLECTOR} && mkdir -p build && cd build && cmake ${CMAKE_OPTS} ${SYSCOLLECTOR_TEST} ${SYSCOLLECTOR_RELEASE_TYPE} ${WIN_RESOURCE_OBJ} .. && ${MAKE} + win32/libwinpthread-1.dll: ${WIN_PTHREAD_LIB} cp $< $@ @@ -1522,14 +1520,6 @@ os_xml_o := $(os_xml_c:.c=.o) os_xml/%.o: os_xml/%.c ${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -c $^ -o $@ -#### os_regex ###### - -os_regex_c := $(wildcard os_regex/*.c) -os_regex_o := $(os_regex_c:.c=.o) - -os_regex/%.o: os_regex/%.c - ${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -c $^ -o $@ - #### Shared ########## # Unit tests wrappers @@ -1587,48 +1577,10 @@ wrappers_wazuh_o := $(wrappers_wazuh_c:.c=.o) wrappers_wazuh_os_crypto_c := $(wildcard unit_tests/wrappers/wazuh/os_crypto/*.c) wrappers_wazuh_os_crypto_o := $(wrappers_wazuh_os_crypto_c:.c=.o) -wrappers_wazuh_os_execd_c := $(wildcard unit_tests/wrappers/wazuh/os_execd/*.c) -wrappers_wazuh_os_execd_o := $(wrappers_wazuh_os_execd_c:.c=.o) - -wrappers_wazuh_os_regex_c := $(wildcard unit_tests/wrappers/wazuh/os_regex/*.c) -wrappers_wazuh_os_regex_o := $(wrappers_wazuh_os_regex_c:.c=.o) - -wrappers_wazuh_os_xml_c := $(wildcard unit_tests/wrappers/wazuh/os_xml/*.c) -wrappers_wazuh_os_xml_o := $(wrappers_wazuh_os_xml_c:.c=.o) - -wrappers_wazuh_shared_c := $(wildcard unit_tests/wrappers/wazuh/shared/*.c) -wrappers_wazuh_shared_o := $(wrappers_wazuh_shared_c:.c=.o) - -wrappers_wazuh_syscheckd_c := $(wildcard unit_tests/wrappers/wazuh/syscheckd/*.c) -wrappers_wazuh_syscheckd_o := $(wrappers_wazuh_syscheckd_c:.c=.o) - -wrappers_wazuh_wazuh_db_c := $(wildcard unit_tests/wrappers/wazuh/wazuh_db/*.c) -wrappers_wazuh_wazuh_db_o := $(wrappers_wazuh_wazuh_db_c:.c=.o) - -wrappers_wazuh_wazuh_modules_c := $(wildcard unit_tests/wrappers/wazuh/wazuh_modules/*.c) -wrappers_wazuh_wazuh_modules_o := $(wrappers_wazuh_wazuh_modules_c:.c=.o) - -wrappers_wazuh_monitord_c := $(wildcard unit_tests/wrappers/wazuh/monitord/*.c) -wrappers_wazuh_monitord_o := $(wrappers_wazuh_monitord_c:.c=.o) - -wrappers_wazuh_os_auth_c := $(wildcard unit_tests/wrappers/wazuh/os_auth/*.c) -wrappers_wazuh_os_auth_o := $(wrappers_wazuh_os_auth_c:.c=.o) - -wrappers_wazuh_addagent_c := $(wildcard unit_tests/wrappers/wazuh/addagent/*.c) -wrappers_wazuh_addagent_o := $(wrappers_wazuh_addagent_c:.c=.o) - -wrappers_client_agent_c := $(wildcard unit_tests/wrappers/wazuh/client-agent/*.c) -wrappers_client_agent_o := $(wrappers_client_agent_c:.c=.o) - -wrappers_wazuh_config_c := $(wildcard unit_tests/wrappers/wazuh/config/*.c) -wrappers_wazuh_config_o := $(wrappers_wazuh_config_c:.c=.o) wrappers_data_provider_c := $(wildcard unit_tests/wrappers/wazuh/data_provider/*.c) wrappers_data_provider_o := $(wrappers_data_provider_c:.c=.o) -wrappers_logcollector_c := $(wildcard unit_tests/wrappers/wazuh/logcollector/*.c) -wrappers_logcollector_o := $(wrappers_logcollector_c:.c=.o) - wrappers_windows_c := $(wildcard unit_tests/wrappers/windows/*.c) wrappers_windows_o := $(wrappers_windows_c:.c=.o) @@ -1638,12 +1590,6 @@ wrappers_windows_lib_o := $(wrappers_windows_lib_c:.c=.o) wrappers_windows_posix_c := $(wildcard unit_tests/wrappers/windows/posix/*.c) wrappers_windows_posix_o := $(wrappers_windows_posix_c:.c=.o) -wrappers_wazuh_remoted_c := $(wildcard unit_tests/wrappers/wazuh/remoted/*.c) -wrappers_wazuh_remoted_o := $(wrappers_wazuh_remoted_c:.c=.o) - -wrappers_wazuh_analysisd_c := $(wildcard unit_tests/wrappers/wazuh/analysisd/*.c) -wrappers_wazuh_analysisd_o := $(wrappers_wazuh_analysisd_c:.c=.o) - wrappers_wazuh_shared_modules_c := $(wildcard unit_tests/wrappers/wazuh/shared_modules/*.c) wrappers_wazuh_shared_modules_o := $(wrappers_wazuh_shared_modules_c:.c=.o) @@ -1666,6 +1612,7 @@ ifneq (,$(filter ${TEST},YES yes y Y 1)) UNIT_TEST_WRAPPERS+=${wrappers_wazuh_o} UNIT_TEST_WRAPPERS+=${wrappers_wazuh_os_crypto_o} UNIT_TEST_WRAPPERS+=${wrappers_wazuh_os_execd_o} + UNIT_TEST_WRAPPERS+=${wrappers_wazuh_os_net_o} UNIT_TEST_WRAPPERS+=${wrappers_wazuh_os_regex_o} UNIT_TEST_WRAPPERS+=${wrappers_wazuh_os_xml_o} UNIT_TEST_WRAPPERS+=${wrappers_wazuh_shared_o} @@ -1701,19 +1648,8 @@ ifneq (,$(filter ${TEST},YES yes y Y 1)) endif endif #TEST -shared_c := $(wildcard shared/*.c) -shared_o := $(shared_c:.c=.o) - -shared/%.o: shared/%.c - ${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -DARGV0=\"wazuh-remoted\" -c $^ -o $@ - -shared/debug_op_proc.o: shared/debug_op.c - ${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -DMA -DARGV0=\"wazuh-remoted\" -c $^ -o $@ - -shared/file_op_proc.o: shared/file_op.c - ${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -DCLIENT -DARGV0=\"wazuh-remoted\" -c $^ -o $@ - #### Config ########## + build_shared_modules: $(WAZUHEXT_LIB) cd ${DBSYNC} && mkdir -p build && cd build && cmake ${CMAKE_OPTS} ${DBSYNC_TEST} ${SHARED_MODULES_RELEASE_TYPE} .. && ${MAKE} cd ${RSYNC} && mkdir -p build && cd build && cmake ${CMAKE_OPTS} ${RSYNC_TEST} ${SOLARIS_CMAKE_OPTS} ${SHARED_MODULES_RELEASE_TYPE} .. && ${MAKE} @@ -1729,7 +1665,7 @@ build_syscollector: build_shared_modules build_sysinfo endif #### Wazuh cmake ### -build_wazuh_cmake: $(WAZUHEXT_LIB) $(EXTERNAL_LIBS_NO_WHOLE) +build_wazuh_cmake: $(WAZUHEXT_LIB) $(EXTERNAL_LIBS_NO_WHOLE) build_syscollector mkdir -p build && cd build && cmake .. -DTARGET=${TARGET} ${CMAKE_OPTS} ${WAZUH_RELEASE_TYPE} ${WAZUH_TEST} && ${MAKE} #### crypto ########## @@ -1746,12 +1682,6 @@ crypto_md5_o := $(crypto_md5_c:.c=.o) os_crypto/md5/%.o: os_crypto/md5/%.c ${OSSEC_CC} ${OSSEC_CFLAGS} -c $^ -o $@ -crypto_sha1_c := os_crypto/sha1/sha1_op.c -crypto_sha1_o := $(crypto_sha1_c:.c=.o) - -os_crypto/sha1/%.o: os_crypto/sha1/%.c - ${OSSEC_CC} ${OSSEC_CFLAGS} -c $^ -o $@ - crypto_sha256_c := os_crypto/sha256/sha256_op.c crypto_sha256_o := $(crypto_sha256_c:.c=.o) @@ -1770,44 +1700,15 @@ crypto_aes_o := $(crypto_aes_c:.c=.o) os_crypto/aes/%.o: os_crypto/aes/%.c ${OSSEC_CC} ${OSSEC_CFLAGS} -c $^ -o $@ -crypto_md5_sha1_c := os_crypto/md5_sha1/md5_sha1_op.c -crypto_md5_sha1_o := $(crypto_md5_sha1_c:.c=.o) - -os_crypto/md5_sha1/%.o: os_crypto/md5_sha1/%.c - ${OSSEC_CC} ${OSSEC_CFLAGS} -c $^ -o $@ - -crypto_md5_sha1_sha256_c := os_crypto/md5_sha1_sha256/md5_sha1_sha256_op.c -crypto_md5_sha1_sha256_o := $(crypto_md5_sha1_sha256_c:.c=.o) - -os_crypto/md5_sha1_sha256/%.o: os_crypto/md5_sha1_sha256/%.c - ${OSSEC_CC} ${OSSEC_CFLAGS} -c $^ -o $@ - -crypto_hmac_c := os_crypto/hmac/hmac.c -crypto_hmac_o := $(crypto_hmac_c:.c=.o) - -os_crypto/hmac/%.o: os_crypto/hmac/%.c - ${OSSEC_CC} ${OSSEC_CFLAGS} -c $^ -o $@ - -crypto_signature_c := $(wildcard os_crypto/signature/*.c) -crypto_signature_o := $(crypto_signature_c:.c=.o) - -os_crypto/signature/%.o: os_crypto/signature/%.c - ${OSSEC_CC} ${OSSEC_CFLAGS} -c $< -o $@ - crypto_o := ${crypto_blowfish_o} \ ${crypto_md5_o} \ - ${crypto_sha1_o} \ - ${crypto_md5_sha1_o} \ - ${crypto_md5_sha1_sha256_o} \ ${crypto_sha256_o} \ ${crypto_sha512_o} \ ${crypto_aes_o} \ - ${crypto_hmac_o} \ - ${crypto_signature_o} #### libwazuh ######### -libwazuh.a: ${config_o} ${wmodules_dep} ${crypto_o} ${shared_o} ${os_net_o} ${os_regex_o} ${os_xml_o} ${os_zlib_o} ${UNIT_TEST_WRAPPERS} os_auth/ssl.o os_auth/check_cert.o addagent/validate.o ${manage_agents} analysisd/logmsg.o +libwazuh.a: ${crypto_o} ${shared_o} ${os_zlib_o} ${UNIT_TEST_WRAPPERS} ${manage_agents} ${OSSEC_LINK} $@ $^ ${OSSEC_RANLIB} $@ @@ -1870,72 +1771,6 @@ endif endif endif -#### Active Response #### - -active_response_programs = default-firewall-drop pf npf ipfw firewalld-drop disable-account host-deny ip-customblock restart-wazuh route-null kaspersky wazuh-slack - -$(active_response_programs): ${WAZUH_LIB} ${WAZUHEXT_LIB} - -# Minimal dependencies for building active responses programs -AR_PROGRAMS_DEPS = os_regex/os_regex.o os_regex/os_regex_compile.o os_regex/os_match_free_pattern.o os_regex/os_regex_maps.o os_regex/os_regex_execute.o os_regex/os_regex_free_pattern.o os_regex/os_match_execute.o os_regex/os_match_compile.o shared/expression.o shared/randombytes.o shared/validate_op.o shared/regex_op.o shared/string_op.o shared/exec_op.o shared/file_op_proc.o shared/debug_op_proc.o shared/time_op.o shared/privsep_op.o shared/version_op.o shared/binaries_op.o os_xml/os_xml.o os_xml/os_xml_access.o os_regex/os_regex_strbreak.o - -ifneq (,$(filter ${TEST},YES yes y Y 1)) -AR_PROGRAMS_DEPS += unit_tests/wrappers/externals/pcre2/pcre2_wrappers.o -endif - -ifeq (${TARGET}, winagent) -ifneq (,$(filter ${TEST},YES yes y Y 1)) -AR_PROGRAMS_DEPS += unit_tests/wrappers/common.o unit_tests/wrappers/windows/handleapi_wrappers.o unit_tests/wrappers/windows/fileapi_wrappers.o unit_tests/wrappers/windows/libc/stdio_wrappers.o unit_tests/wrappers/windows/system_calls_wrappers.o -endif -endif - -.PHONY: active-responses -active-responses: ${active_response_programs} - -active_response_c := $(wildcard active-response/*.c) -active_response_c += $(wildcard active-response/firewalls/*.c) -active_response_o := $(active_response_c:.c=.o) - -active-response/%.o: active-response/%.c - ${OSSEC_CC} ${OSSEC_CFLAGS} -I./active-response -DARGV0=\"active-responses\" -c $^ -o $@ - -default-firewall-drop: active-response/firewalls/default-firewall-drop.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - -pf: active-response/firewalls/pf.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - -npf: active-response/firewalls/npf.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - -ipfw: active-response/firewalls/ipfw.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - -firewalld-drop: active-response/firewalld-drop.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - -disable-account: active-response/disable-account.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - -host-deny: active-response/host-deny.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - -ip-customblock: active-response/ip-customblock.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - -restart-wazuh: active-response/restart-wazuh.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - -route-null: active-response/route-null.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - -kaspersky: active-response/kaspersky.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - -wazuh-slack: active-response/wazuh-slack.o active-response/active_responses.o - ${OSSEC_CCBIN} ${AR_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ - - ### libwazuhshared.so ######### ifeq (${uname_S},Darwin) @@ -1978,21 +1813,6 @@ endif endif endif -#### rootcheck ##### - -rootcheck_c := $(wildcard rootcheck/*.c) -rootcheck_o := $(rootcheck_c:.c=.o) -rootcheck_o_lib := $(filter-out rootcheck/rootcheck-config.o, ${rootcheck_o}) -rootcheck_o_cmd := $(filter-out rootcheck/config.o, ${rootcheck_o}) - - -rootcheck/%.o: rootcheck/%.c - ${OSSEC_CC} ${OSSEC_CFLAGS} -DARGV0=\"rootcheck\" -c $^ -o $@ - -librootcheck.a: ${rootcheck_o_lib} - ${OSSEC_LINK} $@ $^ - ${OSSEC_RANLIB} $@ - ### wazuh-gtest-gmock ### @@ -2117,10 +1937,13 @@ unit_tests/wrappers/wazuh/%.o: unit_tests/wrappers/wazuh/%.c unit_tests/wrappers/wazuh/os_crypto/%.o: unit_tests/wrappers/wazuh/os_crypto/%.c ${OSSEC_CC} ${OSSEC_CFLAGS} ${DEFINES_EVENTCHANNEL} -c $^ -o $@ -unit_tests/wrappers/wazuh/shared/%.o: unit_tests/wrappers/wazuh/shared/%.c +unit_tests/wrappers/wazuh/os_regex/%.o: unit_tests/wrappers/wazuh/os_regex/%.c ${OSSEC_CC} ${OSSEC_CFLAGS} ${DEFINES_EVENTCHANNEL} -c $^ -o $@ -unit_tests/wrappers/wazuh/config/%.o: unit_tests/wrappers/wazuh/config/%.c +unit_tests/wrappers/wazuh/monitord/%.o: unit_tests/wrappers/wazuh/monitord/%.c + ${OSSEC_CC} ${OSSEC_CFLAGS} ${DEFINES_EVENTCHANNEL} -c $^ -o $@ + +unit_tests/wrappers/windows/%.o: unit_tests/wrappers/windows/%.c ${OSSEC_CC} ${OSSEC_CFLAGS} ${DEFINES_EVENTCHANNEL} -c $^ -o $@ unit_tests/wrappers/windows/libc/%.o: unit_tests/wrappers/windows/libc/%.c @@ -2190,11 +2013,8 @@ win32_ui_o := $(win32_ui_c:.c=.o) win32/ui/%.o: win32/ui/%.c ${OSSEC_CC} ${OSSEC_CFLAGS} -UOSSECHIDS -DARGV0=\"wazuh-win32ui\" -c $^ -o $@ -win32/wazuh-agent.exe: win32/wazuh_agent_resource.o win32/version-app.o win32/icon.o win32/win_agent.o win32/win_service.o win32/win_utils.o os_crypto/md5_sha1_sha256/md5_sha1_sha256_op.o ${rootcheck_o} $(filter-out wazuh_modules/main.o, ${wmodulesd_o}) $(filter-out client-agent/main.o, $(filter-out client-agent/agentd.o, $(filter-out client-agent/event-forward.o, ${client_agent_o}))) $(filter-out logcollector/main.o, ${os_logcollector_o}) $(filter-out os_execd/main.o, ${os_execd_o}) active-response/active_responses.o monitord/rotate_log.o monitord/compress_log.o - ${OSSEC_CCBIN} -DARGV0=\"wazuh-agent\" -DOSSECHIDS ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} ${DBSYNC_LIB} ${RSYNC_LIB} -lwazuh-syscheckd -l:libfimdb.lib libwazuh.a -o $@ - -win32/wazuh-agent-eventchannel.exe: win32/wazuh_agent_eventchannel_resource.o win32/version-app.o win32/icon.o win32/win_agent.o win32/win_service.o win32/win_utils.o os_crypto/md5_sha1_sha256/md5_sha1_sha256_op.o ${rootcheck_o} $(filter-out wazuh_modules/main.o, ${wmodulesd_o}) $(filter-out client-agent/main.o, $(filter-out client-agent/agentd.o, $(filter-out client-agent/event-forward.o, ${client_agent_o}))) $(filter-out logcollector/main-event.o, ${os_logcollector_eventchannel_o}) $(filter-out os_execd/main.o, ${os_execd_o}) active-response/active_responses.o monitord/rotate_log.o monitord/compress_log.o - ${OSSEC_CCBIN} -DARGV0=\"wazuh-agent\" -DOSSECHIDS -DEVENTCHANNEL_SUPPORT ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} ${DBSYNC_LIB} ${RSYNC_LIB} -lwazuh-syscheckd-event -l:libfimdb.lib libwazuh.a -lwevtapi -o $@ +win32/manage_agents.exe: win32/manage_agents_resource.o win32/version-app.o win32/win_service_rk.o + ${OSSEC_CCBIN} -DARGV0=\"manage-agents\" -DMA ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ win32/setup-windows.exe: win32/win_service_rk.o win32/setup-win.o win32/setup-shared.o ${OSSEC_CCBIN} -DARGV0=\"setup-windows\" ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@ @@ -2209,15 +2029,18 @@ win32/auth_resource.o: win32/agent-auth.rc ${OSSEC_WINDRES} -i $< -o $@ win32/os_win32ui.exe: win32/ui_resource.o win32/version-app.o win32/win_service_rk.o ${win32_ui_o} - ${OSSEC_CCBIN} -DARGV0=\"wazuh-win32ui\" ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -I./syscheckd/include -mwindows -o $@ + ${OSSEC_CCBIN} -DARGV0=\"wazuh-win32ui\" ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -mwindows -o $@ + +win32/agent-auth.exe: win32/auth_resource.o win32/version-app.o win32/win_service_rk.o + ${OSSEC_CCBIN} -DARGV0=\"agent-auth\" -DOSSECHIDS ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -lshlwapi -lwsock32 -lsecur32 -lws2_32 -flto -o $@ -win32/restart-wazuh.exe: win32/restart_wazuh_resource.o win32/version-app.o active-response/active_responses.o active-response/restart-wazuh.o shared/cryptography.o shared/dll_load_notify.o shared/debug_op_proc.o shared/time_op.o shared/file_op_proc.o ${WAZUH_LIB} ${WAZUHEXT_LIB} +win32/restart-wazuh.exe: win32/restart_wazuh_resource.o win32/version-app.o active-response/active_responses.o active-response/restart-wazuh.o ${WAZUH_LIB} ${WAZUHEXT_LIB} ${OSSEC_CCBIN} -DARGV0=\"restart-wazuh\" ${AR_LDFLAGS} $^ -lwintrust -lpsapi -lcrypt32 -lshlwapi -o $@ -win32/route-null.exe: win32/route_null_resource.o win32/version-app.o active-response/active_responses.o active-response/route-null.o shared/cryptography.o shared/dll_load_notify.o shared/debug_op_proc.o shared/time_op.o shared/file_op_proc.o ${WAZUH_LIB} ${WAZUHEXT_LIB} +win32/route-null.exe: win32/route_null_resource.o win32/version-app.o active-response/active_responses.o active-response/route-null.o ${WAZUH_LIB} ${WAZUHEXT_LIB} ${OSSEC_CCBIN} -DARGV0=\"route-null\" ${AR_LDFLAGS} $^ -lwintrust -lpsapi -lcrypt32 -lshlwapi -o $@ -win32/netsh.exe: win32/netsh_resource.o win32/version-app.o active-response/active_responses.o active-response/netsh.o shared/cryptography.o shared/dll_load_notify.o shared/debug_op_proc.o shared/time_op.o shared/file_op_proc.o ${WAZUH_LIB} ${WAZUHEXT_LIB} +win32/netsh.exe: win32/netsh_resource.o win32/version-app.o active-response/active_responses.o active-response/netsh.o ${WAZUH_LIB} ${WAZUHEXT_LIB} ${OSSEC_CCBIN} -DARGV0=\"netsh\" ${AR_LDFLAGS} $^ -lwintrust -lpsapi -lcrypt32 -lshlwapi -o $@ @@ -2292,14 +2115,29 @@ clean-internals: clean-unit-tests rm -f ${os_zlib_o} rm -f ${os_xml_o} rm -f ${os_regex_o} + rm -f ${os_net_o} rm -f ${shared_o} shared/debug_op_proc.o shared/file_op_proc.o rm -f ${config_o} + rm -f ${os_maild_o} rm -f ${crypto_o} + rm -f ${os_csyslogd_o} + rm -f ${os_dbd_o} + rm -f ${os_agentlessd_o} + rm -f ${os_execd_o} + rm -f ${os_logcollector_o} ${os_logcollector_eventchannel_o} + rm -f ${remoted_o} rm -f ${report_o} + rm -f ${client_agent_o} rm -f ${addagent_o} rm -f ${active_response_o} ${active_response_programs} firewall-drop rm -f ${util_o} ${util_programs} rm -f ${rootcheck_o} librootcheck.a + rm -f ${monitor_o} + rm -f ${os_auth_o} + rm -f ${all_analysisd_o} ${all_analysisd_libs} analysisd/compiled_rules/compiled_rules.h analysisd/logmsg.o + rm -f ${integrator_o} + rm -f ${wmodulesd_o} ${wmodules_o} $(wildcard wazuh_modules/agent_upgrade/agent/*.o) + rm -f ${wdb_o} rm -f wazuh_db/*.o rm -f wazuh_db/helpers/*.o rm -f ${SELINUX_MODULE} @@ -2322,6 +2160,7 @@ clean-internals: clean-unit-tests clean-unit-tests: + rm -f ${wrappers_syscheck_o} rm -f ${wrappers_shared_o} rm -f ${wrappers_common_o} rm -f ${wrappers_externals_o} @@ -2342,6 +2181,7 @@ clean-unit-tests: rm -f ${wrappers_wazuh_o} rm -f ${wrappers_wazuh_os_crypto_o} rm -f ${wrappers_wazuh_os_execd_o} + rm -f ${wrappers_wazuh_os_net_o} rm -f ${wrappers_wazuh_os_regex_o} rm -f ${wrappers_wazuh_os_xml_o} rm -f ${wrappers_wazuh_shared_o} diff --git a/src/active-response/active_responses.c b/src/active-response/active_responses.c deleted file mode 100644 index 177307b9978..00000000000 --- a/src/active-response/active_responses.c +++ /dev/null @@ -1,651 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "active_responses.h" - -/** - * Build JSON message with keys to be sent to execd - * @param ar_name Name of active response - * @param keys Array of keys - * @return char * with the JSON message in string format - */ -static char* build_json_keys_message(const char *ar_name, char **keys); - -/** - * Get srcip from win eventdata - * @param data Input - * @return cJSON * with the ipAddress or NULL on fail - * */ -static cJSON* get_srcip_from_win_eventdata(const cJSON *data); - - -void write_debug_file(const char *ar_name, const char *msg) { - char *timestamp = w_get_timestamp(time(NULL)); - - FILE *ar_log_file = wfopen(LOG_FILE, "a"); - - if (ar_log_file) { - fprintf(ar_log_file, "%s %s: %s\n", timestamp, ar_name, msg); - fclose(ar_log_file); - } - - os_free(timestamp); -} - -int setup_and_check_message(char **argv, cJSON **message) { - int ret = OS_INVALID; - char input[OS_MAXSTR]; - cJSON *input_json = NULL; - -#ifndef WIN32 - char *home_path = w_homedir(argv[0]); - - /* Trim absolute path to get Wazuh's installation directory */ - home_path = w_strtok_r_str_delim("/active-response", &home_path); - - /* Change working directory */ - if (chdir(home_path) == -1) { - merror_exit(CHDIR_ERROR, home_path, errno, strerror(errno)); - } - os_free(home_path); -#endif - - write_debug_file(argv[0], "Starting"); - - memset(input, '\0', OS_MAXSTR); - if (fgets(input, OS_MAXSTR, stdin) == NULL) { - write_debug_file(argv[0], "Cannot read input from stdin"); - return OS_INVALID; - } - - write_debug_file(argv[0], input); - - input_json = get_json_from_input(input); - if (!input_json) { - write_debug_file(argv[0], "Invalid input format"); - return OS_INVALID; - } - - const char *action = get_command_from_json(input_json); - if (!action) { - write_debug_file(argv[0], "Cannot read 'command' from json"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (!strcmp("add", action)) { - ret = ADD_COMMAND; - } else if (!strcmp("delete", action)) { - ret = DELETE_COMMAND; - } else { - write_debug_file(argv[0], "Invalid value of 'command'"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (message) { - *message = input_json; - } - - return ret; -} - -int send_keys_and_check_message(char **argv, char **keys) { - int ret = OS_INVALID; - char *keys_msg; - char input[OS_MAXSTR]; - cJSON *input_json = NULL; - - // Build and send message with keys - keys_msg = build_json_keys_message(basename_ex(argv[0]), keys); - - write_debug_file(argv[0], keys_msg); - - fprintf(stdout, "%s\n", keys_msg); - fflush(stdout); - - os_free(keys_msg); - - // Read the response of previous message - memset(input, '\0', OS_MAXSTR); - if (fgets(input, OS_MAXSTR, stdin) == NULL) { - write_debug_file(argv[0], "Cannot read input from stdin"); - return OS_INVALID; - } - - write_debug_file(argv[0], input); - - input_json = get_json_from_input(input); - if (!input_json) { - write_debug_file(argv[0], "Invalid input format"); - return OS_INVALID; - } - - const char *action = get_command_from_json(input_json); - if (!action) { - write_debug_file(argv[0], "Cannot read 'command' from json"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (!strcmp("continue", action)) { - ret = CONTINUE_COMMAND; - } else if (!strcmp("abort", action)) { - ret = ABORT_COMMAND; - } else { - ret = OS_INVALID; - write_debug_file(argv[0], "Invalid value of 'command'"); - } - - cJSON_Delete(input_json); - - return ret; -} - -cJSON* get_json_from_input(const char *input) { - cJSON *input_json = NULL; - cJSON *version_json = NULL; - cJSON *origin_json = NULL; - cJSON *command_json = NULL; - cJSON *parameters_json = NULL; - const char *json_err; - - // Parsing input - if (input_json = cJSON_ParseWithOpts(input, &json_err, 0), !input_json) { - return NULL; - } - - // Detect version - version_json = cJSON_GetObjectItem(input_json, "version"); - if (!cJSON_IsNumber(version_json)) { - cJSON_Delete(input_json); - return NULL; - } - - // Detect origin - origin_json = cJSON_GetObjectItem(input_json, "origin"); - if (!cJSON_IsObject(origin_json)) { - cJSON_Delete(input_json); - return NULL; - } - - // Detect command - command_json = cJSON_GetObjectItem(input_json, "command"); - if (!cJSON_IsString(command_json)) { - cJSON_Delete(input_json); - return NULL; - } - - // Detect parameters - parameters_json = cJSON_GetObjectItem(input_json, "parameters"); - if (!cJSON_IsObject(parameters_json)) { - cJSON_Delete(input_json); - return NULL; - } - - return input_json; -} - -const char* get_command_from_json(const cJSON *input) { - cJSON *command_json = NULL; - - // Detect command - command_json = cJSON_GetObjectItem(input, "command"); - if (cJSON_IsString(command_json)) { - return command_json->valuestring; - } - - return NULL; -} - -const cJSON* get_alert_from_json(const cJSON *input) { - cJSON *parameters_json = NULL; - cJSON *alert_json = NULL; - - // Detect parameters - parameters_json = cJSON_GetObjectItem(input, "parameters"); - if (!cJSON_IsObject(parameters_json)) { - return NULL; - } - - // Detect alert - alert_json = cJSON_GetObjectItem(parameters_json, "alert"); - if (!cJSON_IsObject(alert_json)) { - return NULL; - } - - return alert_json; -} - -const char* get_srcip_from_json(const cJSON *input) { - cJSON *parameters_json = NULL; - cJSON *alert_json = NULL; - cJSON *data_json = NULL; - cJSON *srcip_json = NULL; - - // Detect parameters - parameters_json = cJSON_GetObjectItem(input, "parameters"); - if (!cJSON_IsObject(parameters_json)) { - return NULL; - } - - // Detect alert - alert_json = cJSON_GetObjectItem(parameters_json, "alert"); - if (!cJSON_IsObject(alert_json)) { - return NULL; - } - - // Detect data - data_json = cJSON_GetObjectItem(alert_json, "data"); - if (!cJSON_IsObject(data_json)) { - return NULL; - } - - // Detect srcip from win.eventdata - srcip_json = get_srcip_from_win_eventdata(data_json); - if (cJSON_IsString(srcip_json)) { - return srcip_json->valuestring; - } - // Detect srcip from data - srcip_json = cJSON_GetObjectItem(data_json, "srcip"); - if (cJSON_IsString(srcip_json)) { - return srcip_json->valuestring; - } - - return NULL; -} - -static cJSON* get_srcip_from_win_eventdata(const cJSON *data) { - cJSON *win_json = NULL; - cJSON *eventdata_json = NULL; - cJSON *ipAddress_json = NULL; - - // Detect win - win_json = cJSON_GetObjectItem(data, "win"); - if (!cJSON_IsObject(win_json)) { - return NULL; - } - - // Detect eventdata - eventdata_json = cJSON_GetObjectItem(win_json, "eventdata"); - if (!cJSON_IsObject(eventdata_json)) { - return NULL; - } - - // Detect ipAddress - ipAddress_json = cJSON_GetObjectItem(eventdata_json, "ipAddress"); - if (cJSON_IsString(ipAddress_json)) { - return ipAddress_json; - } - - // Detect destinationIp - ipAddress_json = cJSON_GetObjectItem(eventdata_json, "destinationIp"); - if (cJSON_IsString(ipAddress_json)) { - return ipAddress_json; - } - - return NULL; -} - -const char* get_username_from_json(const cJSON *input) { - cJSON *parameters_json = NULL; - cJSON *alert_json = NULL; - cJSON *data_json = NULL; - cJSON *username_json = NULL; - - // Detect parameters - parameters_json = cJSON_GetObjectItem(input, "parameters"); - if (!cJSON_IsObject(parameters_json)) { - return NULL; - } - - // Detect alert - alert_json = cJSON_GetObjectItem(parameters_json, "alert"); - if (!cJSON_IsObject(alert_json)) { - return NULL; - } - - // Detect data - data_json = cJSON_GetObjectItem(alert_json, "data"); - if (!cJSON_IsObject(data_json)) { - return NULL; - } - - // Detect username - username_json = cJSON_GetObjectItem(data_json, "dstuser"); - if (cJSON_IsString(username_json)) { - return username_json->valuestring; - } - - return NULL; -} - -char* get_extra_args_from_json(const cJSON *input) { - cJSON *parameters_json = NULL; - cJSON *extra_args_json = NULL; - char args[COMMANDSIZE_4096]; - char *extra_args = NULL; - - // Detect parameters - parameters_json = cJSON_GetObjectItem(input, "parameters"); - if (!cJSON_IsObject(parameters_json)) { - return NULL; - } - - // Detect extra_args - extra_args_json = cJSON_GetObjectItem(parameters_json, "extra_args"); - if (!cJSON_IsArray(extra_args_json)) { - return NULL; - } - - memset(args, '\0', COMMANDSIZE_4096); - for (int i = 0; i < cJSON_GetArraySize(extra_args_json); i++) { - cJSON *subitem = cJSON_GetArrayItem(extra_args_json, i); - if (cJSON_IsString(subitem)) { - if (strlen(args) + strlen(subitem->valuestring) + 2 > COMMANDSIZE_4096) { - break; - } - if (args[0] != '\0') { - strcat(args, " "); - } - strcat(args, subitem->valuestring); - } - } - - if (args[0] != '\0') { - os_strdup(args, extra_args); - } - - return extra_args; -} - -char* get_keys_from_json(const cJSON *input) { - cJSON *parameters_json = NULL; - cJSON *keys_json = NULL; - char args[COMMANDSIZE_4096]; - char *keys = NULL; - - // Detect parameters - parameters_json = cJSON_GetObjectItem(input, "parameters"); - if (!cJSON_IsObject(parameters_json)) { - return NULL; - } - - // Detect keys - keys_json = cJSON_GetObjectItem(parameters_json, "keys"); - if (!cJSON_IsArray(keys_json)) { - return NULL; - } - - memset(args, '\0', COMMANDSIZE_4096); - for (int i = 0; i < cJSON_GetArraySize(keys_json); i++) { - cJSON *subitem = cJSON_GetArrayItem(keys_json, i); - if (cJSON_IsString(subitem)) { - if (strlen(args) + strlen(subitem->valuestring) + 2 > COMMANDSIZE_4096) { - break; - } - strcat(args, "-"); - strcat(args, subitem->valuestring); - } - } - - if (args[0] != '\0') { - os_strdup(args, keys); - } - - return keys; -} - -static char* build_json_keys_message(const char *ar_name, char **keys) { - cJSON *_object = NULL; - cJSON *_array = NULL; - char *msg = NULL; - int keys_size; - - cJSON *message = cJSON_CreateObject(); - - cJSON_AddNumberToObject(message, "version", VERSION); - - _object = cJSON_CreateObject(); - cJSON_AddItemToObject(message, "origin", _object); - - cJSON_AddStringToObject(_object, "name", ar_name ? ar_name : ""); - cJSON_AddStringToObject(_object, "module", AR_MODULE_NAME); - - cJSON_AddStringToObject(message, "command", CHECK_KEYS_ENTRY); - - _object = cJSON_CreateObject(); - cJSON_AddItemToObject(message, "parameters", _object); - - _array = cJSON_CreateArray(); - cJSON_AddItemToObject(_object, "keys", _array); - - for (keys_size = 0; (keys != NULL) && (keys[keys_size] != NULL); keys_size++) { - cJSON_AddItemToArray(_array, cJSON_CreateString(keys[keys_size])); - } - - msg = cJSON_PrintUnformatted(message); - - cJSON_Delete(message); - - return msg; -} - -void splitStrFromCharDelimiter(const char * output_buf, const char delimiter, char * strBefore, char * strAfter){ - const char *pos = NULL; - - if (output_buf != NULL) { - pos = strchr(output_buf, delimiter); - - if (pos != NULL) { - if (strBefore != NULL) { - strncpy(strBefore, output_buf, pos - output_buf); - } - if (strAfter != NULL) { - strncpy(strAfter, pos + 1, strlen(pos)); - } - } - } -} - -int isEnabledFromPattern(const char * output_buf, const char * str_pattern_1, const char * str_pattern_2) { - int retVal = 0; - const char *pos = NULL; - - if (str_pattern_1 != NULL) { - pos = strstr(output_buf, str_pattern_1); - } - - if (pos != NULL) { - char state[OS_MAXSTR]; - char buffer[OS_MAXSTR]; - - if (str_pattern_2 != NULL) { - snprintf(buffer, OS_MAXSTR -1, "%%*s %%%lds", strlen(str_pattern_2)); - if (sscanf(pos, buffer /*"%*s %7s"*/, state) == 1) { - if (strcmp(state, str_pattern_2) == 0) { - retVal = 1; - } else { - retVal = 0; - } - } - } else { - retVal = 1; - } - } - - return retVal; -} - -#ifndef WIN32 - -int lock(const char *lock_path, const char *lock_pid_path, const char *log_path, const char *proc_name) { - char log_msg[OS_MAXSTR]; - int i=0; - int max_iteration = 50; - int saved_pid = -1; - int read; - - // Providing a lock. - while (true) { - FILE *pid_file; - int current_pid = -1; - - if (mkdir(lock_path, S_IRWXG) == 0) { - // Lock acquired (setting the pid) - pid_t pid = getpid(); - if (pid_file = wfopen(lock_pid_path, "w"), !pid_file) { - write_debug_file(log_path, "Cannot write pid file"); - return OS_INVALID; - } else { - fprintf(pid_file, "%d", (int)pid); - fclose(pid_file); - return OS_SUCCESS; - } - } - - // Getting currently/saved PID locking the file - if (pid_file = wfopen(lock_pid_path, "r"), !pid_file) { - write_debug_file(log_path, "Cannot read pid file"); - } else { - read = fscanf(pid_file, "%d", ¤t_pid); - fclose(pid_file); - - if (read == 1) { - if (saved_pid == -1) { - saved_pid = current_pid; - } - - if (current_pid == saved_pid) { - i++; - } - - } else { - write_debug_file(log_path, "Cannot read pid file"); - } - } - - sleep(i); - - i++; - - // So i increments 2 by 2 if the pid does not change. - // If the pid keeps changing, we will increments one - // by one and fail after MAX_ITERACTION - if (i >= max_iteration) { - bool kill = false; - char *pgrep_path = NULL; - - if (get_binary_path("pgrep", &pgrep_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Binary '%s' not found in default paths, the full path will not be used.", pgrep_path); - write_debug_file(log_path, log_msg); - } - char *command_ex_1[4] = { pgrep_path, "-f", (char *)proc_name, NULL }; - - wfd_t *wfd = wpopenv(*command_ex_1, command_ex_1, W_BIND_STDOUT); - if (!wfd) { - write_debug_file(log_path, "Unable to run pgrep"); - } else { - char output_buf[OS_MAXSTR]; - while (fgets(output_buf, OS_MAXSTR, wfd->file_out)) { - int pid = atoi(output_buf); - if (pid == current_pid) { - char pid_str[10]; - char *kill_path = NULL; - memset(pid_str, '\0', 10); - snprintf(pid_str, 9, "%d", pid); - - if (get_binary_path("kill", &kill_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Binary '%s' not found in default paths, the full path will not be used.", kill_path); - write_debug_file(log_path, log_msg); - } - char *command_ex_2[4] = { kill_path, "-9", pid_str, NULL }; - - wfd_t *wfd2 = wpopenv(*command_ex_2, command_ex_2, W_BIND_STDOUT); - if (!wfd2) { - write_debug_file(log_path, "Unable to run kill"); - } else { - wpclose(wfd2); - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Killed process %d holding lock.", pid); - write_debug_file(log_path, log_msg); - kill = true; - unlock(lock_path, log_path); - i = 0; - saved_pid = -1; - } - os_free(kill_path); - break; - } - } - wpclose(wfd); - } - - os_free(pgrep_path); - - if (!kill) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to kill process %d holding lock.", current_pid); - write_debug_file(log_path, log_msg); - - // Unlocking - unlock(lock_path, log_path); - - // Try take lock again - if (mkdir(lock_path, S_IRWXG) == 0) { - // Lock acquired (setting the pid) - pid_t pid = getpid(); - pid_file = wfopen(lock_pid_path, "w"); - fprintf(pid_file, "%d", (int)pid); - fclose(pid_file); - - return OS_SUCCESS; - } - - return OS_INVALID; - } - } - } - -} - -void unlock(const char *lock_path, const char *log_path) { - if (rmdir_ex(lock_path) < 0) { - write_debug_file(log_path, "Unable to remove lock folder"); - } -} - -int get_ip_version(const char *ip) { - struct addrinfo hint, *res = NULL; - int ret; - - memset(&hint, '\0', sizeof hint); - - hint.ai_family = AF_UNSPEC; - hint.ai_flags = AI_NUMERICHOST; - - ret = getaddrinfo(ip, NULL, &hint, &res); - if (ret) { - freeaddrinfo(res); - return OS_INVALID; - } - if (res->ai_family == AF_INET) { - freeaddrinfo(res); - return 4; - } else if (res->ai_family == AF_INET6) { - freeaddrinfo(res); - return 6; - } - - freeaddrinfo(res); - return OS_INVALID; -} -#endif diff --git a/src/active-response/active_responses.h b/src/active-response/active_responses.h deleted file mode 100644 index c6a7166c576..00000000000 --- a/src/active-response/active_responses.h +++ /dev/null @@ -1,158 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "shared.h" - -#ifndef WIN32 -#define LOG_FILE "logs/active-responses.log" -#else -#define LOG_FILE "active-response\\active-responses.log" -#endif - -#define COMMANDSIZE_4096 4096 - -#define VERSION 1 -#define AR_MODULE_NAME "active-response" -#define CHECK_KEYS_ENTRY "check_keys" - -/** - * Enumeration of the available commands - * */ -typedef enum _ar_command_list { - ADD_COMMAND = 0, - DELETE_COMMAND, - CONTINUE_COMMAND, - ABORT_COMMAND -} ar_command_list; - -/** - * Write the incomming message in active-responses log file. - * @param ar_name Name of active response - * @param msg Incomming message to write - * */ -void write_debug_file(const char *ar_name, const char *msg); - -/** - * @brief Set wazuh home directory and check message from stdin - * @param argv Arguments of the script - * @param message JSON message from stdin - * @return Command from message - */ -int setup_and_check_message(char **argv, cJSON **message); - -/** - * @brief Send message with keys and check message from stdin - * @param argv Arguments of the script - * @param keys Keys to be sent - * @return Command from message - */ -int send_keys_and_check_message(char **argv, char **keys); - -/** - * Get the json structure from input - * Caller must call cJSON_Delete() to release the object - * @param input Input to validate - * @return JSON input or NULL on Invalid - * */ -cJSON* get_json_from_input(const char *input); - -/** - * Get command from input - * @param input Input - * @return char * with the command or NULL on fail - * */ -const char* get_command_from_json(const cJSON *input); - -/** - * Get alert from input - * @param input Input - * @return JSON alert or NULL on Invalid. - * */ -const cJSON* get_alert_from_json(const cJSON *input); - -/** - * Get srcip from input - * @param input Input - * @return char * with the srcip or NULL on fail - * */ -const char* get_srcip_from_json(const cJSON *input); - -/** - * Get username from input - * @param input Input - * @return char * with the username or NULL on fail - * */ -const char* get_username_from_json(const cJSON *input); - -/** - * Get extra_args from input - * @param input Input - * @return char * with the extra_args or NULL on fail - * */ -char* get_extra_args_from_json(const cJSON *input); - -/** - * Get keys from input - * @param input Input - * @return char * with the keys or NULL on fail - * */ -char* get_keys_from_json(const cJSON *input); - -/** - * @brief This function splits a string using a delimiter - * @param output_buf buffer output - * @param delimiter delimiter used to split the string - * @param strBefore buffer to store split string before delimiter - * @param strAfter buffer to store split string after delimiter -*/ -void splitStrFromCharDelimiter(const char * output_buf, const char delimiter, char * strBefore, char * strAfter); - -/** - * @brief It looks for a string that matches pattern 1, if it finds it, it looks again for pattern 2, there should be spaces in the middle between the patterns. - * @param output_buf buffer where search - * @param str_pattern_1 pattern to match - * @param str_pattern_2 pattern to match - * @return 1 or 0 - * @example output_buf -> "... Status: Disabled ..." - * isEnabledFromPattern(output_buf, "Status: ", "Enabled") - * if it matches pattern 1 look for pattern 2 and if found, it returns 1 - * isEnabledFromPattern(output_buf, "Status: ", NULL) - * find only by "Status" -*/ -int isEnabledFromPattern(const char * output_buf, const char * str_pattern_1, const char * str_pattern_2); - -#ifndef WIN32 - -/** - * Write process pid to lock simultaneous executions of the script - * @param lock_path Path of the folder to lock - * @param lock_pid_path Path of the file to lock - * @param log_path Messages log file - * @param proc_name Name of the proces to lock/unlock - * @return OS_SUCCESS or OS_INVALID - * */ -int lock(const char *lock_path, const char *lock_pid_path, const char *log_path, const char *proc_name); - -/** - * Remove lock - * @param lock_path Path of the folder to lock - * @param log_path Messages log file - * */ -void unlock(const char *lock_path, const char *log_path); - -/** - * Check ip version from a string - * @param ip Ip to check version - * @retval 4 If ip is ipv4 - * @retval 6 If ip is ipv6 - * @retval OS_INVALID on Invalid IP or error - * */ -int get_ip_version(const char *ip); - -#endif diff --git a/src/active-response/disable-account.c b/src/active-response/disable-account.c deleted file mode 100644 index 1e0148f59f2..00000000000 --- a/src/active-response/disable-account.c +++ /dev/null @@ -1,134 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "active_responses.h" - -int main (int argc, char **argv) { - (void)argc; - char args[COMMANDSIZE_4096]; - char *cmd_path = NULL; - char log_msg[OS_MAXSTR]; - int action = OS_INVALID; - cJSON *input_json = NULL; - struct utsname uname_buffer; - - action = setup_and_check_message(argv, &input_json); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - - // Detect username - const char *user = get_username_from_json(input_json); - if (!user) { - write_debug_file(argv[0], "Cannot read 'dstuser' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (action == ADD_COMMAND) { - char **keys = NULL; - int action2 = OS_INVALID; - - os_calloc(2, sizeof(char *), keys); - os_strdup(user, keys[0]); - keys[1] = NULL; - - action2 = send_keys_and_check_message(argv, keys); - - os_free(keys); - - // If necessary, abort execution - if (action2 != CONTINUE_COMMAND) { - cJSON_Delete(input_json); - - if (action2 == ABORT_COMMAND) { - write_debug_file(argv[0], "Aborted"); - return OS_SUCCESS; - } else { - return OS_INVALID; - } - } - } - - if (!strcmp("root", user)) { - write_debug_file(argv[0], "Invalid username"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (uname(&uname_buffer) < 0) { - write_debug_file(argv[0], "Cannot get system name"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (!strcmp("Linux", uname_buffer.sysname) || !strcmp("SunOS", uname_buffer.sysname)) { - // Checking if passwd is present - if (get_binary_path("passwd", &cmd_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "The passwd file '%s' is not accessible: %s (%d)", cmd_path, strerror(errno), errno); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(cmd_path); - return OS_SUCCESS; - } - - memset(args, '\0', COMMANDSIZE_4096); - if (action == ADD_COMMAND) { - snprintf(args, COMMANDSIZE_4096 -1, "-l"); - } else { - snprintf(args, COMMANDSIZE_4096 -1, "-u"); - } - - } else if (!strcmp("AIX", uname_buffer.sysname)) { - // Checking if chuser is present - if (get_binary_path("chuser", &cmd_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "The chuser file '%s' is not accessible: %s (%d)", cmd_path, strerror(errno), errno); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(cmd_path); - return OS_SUCCESS; - } - - // Disabling an account - memset(args, '\0', COMMANDSIZE_4096); - if (action == ADD_COMMAND) { - snprintf(args, COMMANDSIZE_4096 -1, "account_locked=true"); - } else { - snprintf(args, COMMANDSIZE_4096 -1, "account_locked=false"); - } - - } else { - write_debug_file(argv[0], "Invalid system"); - cJSON_Delete(input_json); - return OS_SUCCESS; - } - - // Execute the command - char *exec_cmd1[4] = { cmd_path, args, (char *)user, NULL }; - - wfd_t *wfd = wpopenv(cmd_path, exec_cmd1, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Error executing '%s': %s", cmd_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(cmd_path); - return OS_INVALID; - } - wpclose(wfd); - - write_debug_file(argv[0], "Ended"); - - cJSON_Delete(input_json); - os_free(cmd_path); - - return OS_SUCCESS; -} diff --git a/src/active-response/firewalld-drop.c b/src/active-response/firewalld-drop.c deleted file mode 100644 index 4d2b2893b2f..00000000000 --- a/src/active-response/firewalld-drop.c +++ /dev/null @@ -1,156 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "active_responses.h" - -#define LOCK_PATH "active-response/bin/fw-drop" -#define LOCK_FILE "active-response/bin/fw-drop/pid" - -int main (int argc, char **argv) { - (void)argc; - char rule[COMMANDSIZE_4096]; - char log_msg[OS_MAXSTR]; - char lock_path[COMMANDSIZE_4096]; - char lock_pid_path[COMMANDSIZE_4096]; - int action = OS_INVALID; - cJSON *input_json = NULL; - struct utsname uname_buffer; - - action = setup_and_check_message(argv, &input_json); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - - // Get srcip - const char *srcip = get_srcip_from_json(input_json); - if (!srcip) { - write_debug_file(argv[0], "Cannot read 'srcip' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (action == ADD_COMMAND) { - char **keys = NULL; - int action2 = OS_INVALID; - - os_calloc(2, sizeof(char *), keys); - os_strdup(srcip, keys[0]); - keys[1] = NULL; - - action2 = send_keys_and_check_message(argv, keys); - - os_free(keys); - - // If necessary, abort execution - if (action2 != CONTINUE_COMMAND) { - cJSON_Delete(input_json); - - if (action2 == ABORT_COMMAND) { - write_debug_file(argv[0], "Aborted"); - return OS_SUCCESS; - } else { - return OS_INVALID; - } - } - } - - int ip_version = get_ip_version(srcip); - memset(rule, '\0', COMMANDSIZE_4096); - if (ip_version == 4) { - snprintf(rule, COMMANDSIZE_4096 -1, "rule family=ipv4 source address=%s drop", srcip); - } else if (ip_version == 6) { - snprintf(rule, COMMANDSIZE_4096 -1, "rule family=ipv6 source address=%s drop", srcip); - } else { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run active response (invalid IP: '%s').", srcip); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (uname(&uname_buffer) != 0) { - write_debug_file(argv[0], "Cannot get system name"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (!strcmp("Linux", uname_buffer.sysname)) { - char arg1[COMMANDSIZE_4096] = {0}; - char *fw_cmd_path = NULL; - - if (action == ADD_COMMAND) { - strcpy(arg1, "--add-rich-rule"); - } else { - strcpy(arg1, "--remove-rich-rule"); - } - - // Checking if firewall-cmd is present - if (get_binary_path("firewall-cmd", &fw_cmd_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "The firewall-cmd file '%s' is not accessible: %s (%d)", fw_cmd_path, strerror(errno), errno); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(fw_cmd_path); - return OS_INVALID; - } - - memset(lock_path, '\0', COMMANDSIZE_4096); - memset(lock_pid_path, '\0', COMMANDSIZE_4096); - snprintf(lock_path, COMMANDSIZE_4096 - 1, "%s", LOCK_PATH); - snprintf(lock_pid_path, COMMANDSIZE_4096 - 1, "%s", LOCK_FILE); - - // Taking lock - if (lock(lock_path, lock_pid_path, argv[0], basename(argv[0])) == OS_INVALID) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to take lock. End."); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(fw_cmd_path); - return OS_INVALID; - } - - int count = 0; - bool flag = true; - while (flag) { - char *exec_cmd1[4] = { fw_cmd_path, arg1, rule, NULL }; - - wfd_t *wfd = wpopenv(fw_cmd_path, exec_cmd1, W_BIND_STDERR); - if (wfd) { - int wp_closefd = wpclose(wfd); - if ( WIFEXITED(wp_closefd) ) { - int wstatus = WEXITSTATUS(wp_closefd); - if (wstatus == 0) { - flag = false; - } - } - } - if (flag) { - count++; - if (count > 4) { - flag = false; - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run firewall-cmd, action: '%s', rule: '%s'", arg1, rule); - write_debug_file(argv[0], log_msg); - } else { - sleep(count); - } - } - } - unlock(lock_path, argv[0]); - os_free(fw_cmd_path); - } else { - write_debug_file(argv[0], "Invalid system"); - } - - write_debug_file(argv[0], "Ended"); - - cJSON_Delete(input_json); - - return OS_SUCCESS; -} diff --git a/src/active-response/firewalls/default-firewall-drop.c b/src/active-response/firewalls/default-firewall-drop.c deleted file mode 100644 index 80f2dab2f88..00000000000 --- a/src/active-response/firewalls/default-firewall-drop.c +++ /dev/null @@ -1,333 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "../active_responses.h" - -#define LOCK_PATH "active-response/bin/fw-drop" -#define LOCK_FILE "active-response/bin/fw-drop/pid" -#define IP4TABLES "iptables" -#define IP6TABLES "ip6tables" - -int main (int argc, char **argv) { - (void)argc; - char iptables_tmp[COMMANDSIZE_4096 - 5] = ""; - char log_msg[OS_MAXSTR]; - int action = OS_INVALID; - cJSON *input_json = NULL; - struct utsname uname_buffer; - - action = setup_and_check_message(argv, &input_json); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - - // Get srcip - const char *srcip = get_srcip_from_json(input_json); - if (!srcip) { - write_debug_file(argv[0], "Cannot read 'srcip' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (action == ADD_COMMAND) { - char **keys = NULL; - int action2 = OS_INVALID; - - os_calloc(2, sizeof(char *), keys); - os_strdup(srcip, keys[0]); - keys[1] = NULL; - - action2 = send_keys_and_check_message(argv, keys); - - os_free(keys); - - // If necessary, abort execution - if (action2 != CONTINUE_COMMAND) { - cJSON_Delete(input_json); - - if (action2 == ABORT_COMMAND) { - write_debug_file(argv[0], "Aborted"); - return OS_SUCCESS; - } else { - return OS_INVALID; - } - } - } - - int ip_version = get_ip_version(srcip); - if (ip_version == 4) { - strcpy(iptables_tmp, IP4TABLES); - } else if (ip_version == 6) { - strcpy(iptables_tmp, IP6TABLES); - } else { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run active response (invalid IP: '%s').", srcip); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (uname(&uname_buffer) < 0) { - write_debug_file(argv[0], "Cannot get system name"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (!strcmp("Linux", uname_buffer.sysname)) { - char lock_path[COMMANDSIZE_4096]; - char lock_pid_path[COMMANDSIZE_4096]; - char *iptables = NULL; - wfd_t *wfd = NULL; - - // Checking if iptables is present - if (get_binary_path(iptables_tmp, &iptables) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "The iptables file '%s' is not accessible: %s (%d)", iptables, strerror(errno), errno); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(iptables); - return OS_SUCCESS; - } - - char arg[3] = {0}; - if (action == ADD_COMMAND) { - strcpy(arg, "-I"); - } else { - strcpy(arg, "-D"); - } - - memset(lock_path, '\0', COMMANDSIZE_4096); - memset(lock_pid_path, '\0', COMMANDSIZE_4096); - snprintf(lock_path, COMMANDSIZE_4096 - 1, "%s", LOCK_PATH); - snprintf(lock_pid_path, COMMANDSIZE_4096 - 1, "%s", LOCK_FILE); - - // Taking lock - if (lock(lock_path, lock_pid_path, argv[0], basename(argv[0])) == OS_INVALID) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to take lock. End."); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(iptables); - return OS_INVALID; - } - - int count = 0; - bool flag = true; - while (flag) { - char *exec_cmd1[8] = { iptables, arg, "INPUT", "-s", (char *)srcip, "-j", "DROP", NULL }; - - wfd = wpopenv(iptables, exec_cmd1, W_BIND_STDERR); - if (!wfd) { - count++; - if (count > 4) { - flag = false; - write_debug_file(argv[0], "Unable to run iptables"); - } else { - sleep(count); - } - } else { - flag = false; - wpclose(wfd); - } - } - - count = 0; - flag = true; - while (flag) { - char *exec_cmd2[8] = { iptables, arg, "FORWARD", "-s", (char *)srcip, "-j", "DROP", NULL }; - - wfd = wpopenv(iptables, exec_cmd2, W_BIND_STDERR); - if (!wfd) { - count++; - if (count > 4) { - flag = false; - write_debug_file(argv[0], "Unable to run iptables"); - } else { - sleep(count); - } - } else { - flag = false; - wpclose(wfd); - } - } - unlock(lock_path, argv[0]); - os_free(iptables); - - } else if (!strcmp("FreeBSD", uname_buffer.sysname) || !strcmp("SunOS", uname_buffer.sysname) || !strcmp("NetBSD", uname_buffer.sysname)) { - char arg1[COMMANDSIZE_4096]; - char arg2[COMMANDSIZE_4096]; - char ipfarg[COMMANDSIZE_4096]; - char *ipfilter_path = NULL; - wfd_t *wfd = NULL; - - // Checking if ipfilter is present - if (get_binary_path("ipf", &ipfilter_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "The ipfilter file '%s' is not accessible: %s (%d)", ipfilter_path, strerror(errno), errno); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(ipfilter_path); - return OS_SUCCESS; - } - - memset(arg1, '\0', COMMANDSIZE_4096); - memset(arg2, '\0', COMMANDSIZE_4096); - memset(ipfarg, '\0', COMMANDSIZE_4096); - - snprintf(arg1, COMMANDSIZE_4096 -1, "block out quick from any to %s", srcip); - snprintf(arg2, COMMANDSIZE_4096 -1, "block in quick from %s to any", srcip); - if (action == ADD_COMMAND) { - snprintf(ipfarg, COMMANDSIZE_4096 -1,"-f"); - } else { - snprintf(ipfarg, COMMANDSIZE_4096 -1,"-rf"); - } - - char *exec_cmd1[4] = { ipfilter_path, ipfarg, "-", NULL }; - - wfd = wpopenv(ipfilter_path, exec_cmd1, W_BIND_STDIN); - if (!wfd) { - write_debug_file(argv[0], "Unable to run ipf"); - } else { - fprintf(wfd->file_in, "%s\n", arg1); - fflush(wfd->file_in); - wpclose(wfd); - } - - wfd = wpopenv(ipfilter_path, exec_cmd1, W_BIND_STDIN); - if (!wfd) { - write_debug_file(argv[0], "Unable to run ipf"); - } else { - fprintf(wfd->file_in, "%s\n", arg2); - fflush(wfd->file_in); - wpclose(wfd); - } - os_free(ipfilter_path); - - } else if (!strcmp("AIX", uname_buffer.sysname)) { - char *genfilt_path = NULL; - char *lsfilt_path = NULL; - char *mkfilt_path = NULL; - char *rmfilt_path = NULL; - wfd_t *wfd = NULL; - - // Checking if genfilt is present - if (get_binary_path("genfilt", &genfilt_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "The genfilt file '%s' is not accessible: %s (%d)", genfilt_path, strerror(errno), errno); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(genfilt_path); - return OS_SUCCESS; - } - - // Checking if lsfilt is present - if (get_binary_path("lsfilt", &lsfilt_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "The lsfilt file '%s' is not accessible: %s (%d)", lsfilt_path, strerror(errno), errno); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(genfilt_path); - os_free(lsfilt_path); - return OS_SUCCESS; - } - - // Checking if mkfilt is present - if (get_binary_path("mkfilt", &mkfilt_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "The mkfilt file '%s' is not accessible: %s (%d)", mkfilt_path, strerror(errno), errno); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(genfilt_path); - os_free(lsfilt_path); - os_free(mkfilt_path); - return OS_SUCCESS; - } - - // Checking if rmfilt is present - if (get_binary_path("rmfilt", &rmfilt_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "The rmfilt file '%s' is not accessible: %s (%d)", rmfilt_path, strerror(errno), errno); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(genfilt_path); - os_free(lsfilt_path); - os_free(mkfilt_path); - os_free(rmfilt_path); - return OS_SUCCESS; - } - - if (action == ADD_COMMAND) { - char *exec_cmd1[18] = { genfilt_path, "-v", "4", "-a", "D", "-s", (char *)srcip, "-m", "255.255.255.255", "-d", "0.0.0.0", "-M", "0.0.0.0", "-w", "B", "-D", "\"Access Denied by WAZUH\"", NULL }; - - wfd = wpopenv(genfilt_path, exec_cmd1, W_BIND_STDERR); - if (!wfd) { - write_debug_file(argv[0], "Unable to run genfilt"); - } else { - wpclose(wfd); - } - } else { - char *exec_cmd1[5] = { lsfilt_path, "-v", "4", "-O", NULL }; - - wfd = wpopenv(lsfilt_path, exec_cmd1, W_BIND_STDOUT); - if (!wfd) { - write_debug_file(argv[0], "Unable to run lsfilt"); - } else { - char output_buf[OS_MAXSTR]; - while (fgets(output_buf, OS_MAXSTR, wfd->file_out)) { - if (strstr(output_buf, srcip) != NULL) { - // Removing a specific rule - char *rule_str = strtok(output_buf, "|"); - char *exec_cmd2[6] = { rmfilt_path, "-v", "4", "-n", rule_str, NULL }; - - wfd_t *wfd2 = wpopenv(rmfilt_path, exec_cmd2, W_BIND_STDERR); - if (!wfd2) { - write_debug_file(argv[0], "Unable to run rmfilt"); - } else { - wpclose(wfd2); - } - } - } - wpclose(wfd); - } - } - - // Deactivate and activate the filter rules - char *exec_cmd3[5] = { mkfilt_path, "-v", "4", "-d", NULL }; - - wfd = wpopenv(mkfilt_path, exec_cmd3, W_BIND_STDERR); - if (!wfd) { - write_debug_file(argv[0], "Unable to run mkfilt"); - } else { - wpclose(wfd); - } - - char *exec_cmd4[5] = { mkfilt_path, "-v", "4", "-u", NULL }; - - wfd = wpopenv(mkfilt_path, exec_cmd4, W_BIND_STDERR); - if (!wfd) { - write_debug_file(argv[0], "Unable to run mkfilt"); - } else { - wpclose(wfd); - } - - os_free(genfilt_path); - os_free(lsfilt_path); - os_free(mkfilt_path); - os_free(rmfilt_path); - - } else { - write_debug_file(argv[0], "Invalid system"); - } - - write_debug_file(argv[0], "Ended"); - - cJSON_Delete(input_json); - - return OS_SUCCESS; -} diff --git a/src/active-response/firewalls/ipfw.c b/src/active-response/firewalls/ipfw.c deleted file mode 100644 index 6c2eb628d0a..00000000000 --- a/src/active-response/firewalls/ipfw.c +++ /dev/null @@ -1,157 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "../active_responses.h" - -#define TABLE_ID "00001" -#define SET_ID "2" - -int main (int argc, char **argv) { - (void)argc; - char log_msg[OS_MAXSTR]; - int action = OS_INVALID; - cJSON *input_json = NULL; - struct utsname uname_buffer; - - action = setup_and_check_message(argv, &input_json); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - - // Get srcip - const char *srcip = get_srcip_from_json(input_json); - if (!srcip) { - write_debug_file(argv[0], "Cannot read 'srcip' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (action == ADD_COMMAND) { - char **keys = NULL; - int action2 = OS_INVALID; - - os_calloc(2, sizeof(char *), keys); - os_strdup(srcip, keys[0]); - keys[1] = NULL; - - action2 = send_keys_and_check_message(argv, keys); - - os_free(keys); - - // If necessary, abort execution - if (action2 != CONTINUE_COMMAND) { - cJSON_Delete(input_json); - - if (action2 == ABORT_COMMAND) { - write_debug_file(argv[0], "Aborted"); - return OS_SUCCESS; - } else { - return OS_INVALID; - } - } - } - - if (uname(&uname_buffer) < 0) { - write_debug_file(argv[0], "Cannot get system name"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (!strcmp("FreeBSD", uname_buffer.sysname)) { - bool add_table = true; - wfd_t *wfd = NULL; - char *ipfw_path = NULL; - - // Checking if ipfw is present - if (get_binary_path("ipfw", &ipfw_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "The ipfw file '%s' is not accessible: %s (%d)", ipfw_path, strerror(errno), errno); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(ipfw_path); - return OS_SUCCESS; - } - - char table_name[COMMANDSIZE_4096]; - memset(table_name, '\0', COMMANDSIZE_4096); - snprintf(table_name, COMMANDSIZE_4096 - 1, "table(%s)", TABLE_ID); - - char *exec_cmd1[3] = { ipfw_path, "show", NULL }; - - wfd = wpopenv(ipfw_path, exec_cmd1, W_BIND_STDOUT); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Error executing '%s': %s", ipfw_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(ipfw_path); - return OS_INVALID; - } - - char output_buf[OS_MAXSTR]; - while (fgets(output_buf, OS_MAXSTR, wfd->file_out)) { - if ((strncmp(output_buf, TABLE_ID, 5) == 0) && (strstr(output_buf, table_name) != NULL)) { - add_table = false; - break; - } - } - wpclose(wfd); - - if (add_table) { - char *exec_cmd2[11] = { ipfw_path, "-q", TABLE_ID, "add", "deny", "ip", "from", table_name, "to", "any", NULL }; - char *exec_cmd3[11] = { ipfw_path, "-q", TABLE_ID, "add", "deny", "ip", "from", "any", "to", table_name, NULL }; - - wfd = wpopenv(ipfw_path, exec_cmd2, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Error executing '%s': %s", ipfw_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(ipfw_path); - return OS_INVALID; - } - wpclose(wfd); - - wfd = wpopenv(ipfw_path, exec_cmd3, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Error executing '%s': %s", ipfw_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(ipfw_path); - return OS_INVALID; - } - wpclose(wfd); - } - - char *exec_cmd4[7] = { ipfw_path, "-q", "table", TABLE_ID, (action == ADD_COMMAND) ? "add" : "delete", (char *)srcip, NULL }; - - // Executing it - wfd = wpopenv(ipfw_path, exec_cmd4, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Error executing '%s': %s", ipfw_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(ipfw_path); - return OS_INVALID; - } - wpclose(wfd); - os_free(ipfw_path); - - } else { - write_debug_file(argv[0], "Invalid system"); - } - - write_debug_file(argv[0], "Ended"); - - cJSON_Delete(input_json); - - return OS_SUCCESS; -} diff --git a/src/active-response/firewalls/npf.c b/src/active-response/firewalls/npf.c deleted file mode 100644 index 14013a62990..00000000000 --- a/src/active-response/firewalls/npf.c +++ /dev/null @@ -1,177 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "../active_responses.h" - -int main (int argc, char **argv) { - (void)argc; - char output_buf[OS_MAXSTR]; - char log_msg[OS_MAXSTR]; - int action = OS_INVALID; - char *npfctl_path = NULL; - cJSON *input_json = NULL; - - action = setup_and_check_message(argv, &input_json); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - - // Get srcip - const char *srcip = get_srcip_from_json(input_json); - if (!srcip) { - write_debug_file(argv[0], "Cannot read 'srcip' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (action == ADD_COMMAND) { - char **keys = NULL; - int action2 = OS_INVALID; - - os_calloc(2, sizeof(char *), keys); - os_strdup(srcip, keys[0]); - keys[1] = NULL; - - action2 = send_keys_and_check_message(argv, keys); - - os_free(keys); - - // If necessary, abort execution - if (action2 != CONTINUE_COMMAND) { - cJSON_Delete(input_json); - - if (action2 == ABORT_COMMAND) { - write_debug_file(argv[0], "Aborted"); - return OS_SUCCESS; - } else { - return OS_INVALID; - } - } - } - - // Checking if npfctl is present - if (get_binary_path("npfctl", &npfctl_path) < 0) { - write_debug_file(argv[0], "The NPFCTL is not accessible"); - cJSON_Delete(input_json); - os_free(npfctl_path); - return OS_INVALID; - } - - char *exec_cmd1[3] = { npfctl_path, "show", NULL }; - - wfd_t *wfd = wpopenv(npfctl_path, exec_cmd1, W_BIND_STDOUT); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Error executing '%s' : %s", npfctl_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(npfctl_path); - return OS_INVALID; - } - - int flag = false; - while (fgets(output_buf, OS_MAXSTR, wfd->file_out)) { - const char *pos = strstr(output_buf, "filtering:"); - - if (pos != NULL) { - char state[15]; - - if (pos && sscanf(pos, "%*s %9s", state) == 1) { - if (strcmp(state, "active") != 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "The filter property is inactive"); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - wpclose(wfd); - os_free(npfctl_path); - return OS_INVALID; - } - flag = true; - break; - } else { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Key word not found"); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - wpclose(wfd); - os_free(npfctl_path); - return OS_INVALID; - } - } - } - wpclose(wfd); - - if (flag == false) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to find 'filtering'"); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(npfctl_path); - return OS_INVALID; - } - - wfd = wpopenv(npfctl_path, exec_cmd1, W_BIND_STDOUT); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Error executing '%s' : %s", npfctl_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(npfctl_path); - return OS_INVALID; - } - - flag = false; - while (fgets(output_buf, OS_MAXSTR, wfd->file_out)) { - const char *pos = strstr(output_buf, "table "); - - if (pos != NULL) { - flag = true; - break; - } - } - wpclose(wfd); - - if (flag == false) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to find 'table '"); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(npfctl_path); - return OS_INVALID; - } - - char *exec_cmd2[6] = { NULL, NULL, NULL, NULL, NULL, NULL }; - - if (action == ADD_COMMAND) { - const char *arg3[6] = { npfctl_path, "table", "wazuh_blacklist", "add", srcip, NULL }; - memcpy(exec_cmd2, arg3, sizeof(exec_cmd2)); - } else { - const char *arg3[6] = { npfctl_path, "table", "wazuh_blacklist", "del", srcip, NULL }; - memcpy(exec_cmd2, arg3, sizeof(exec_cmd2)); - } - - // Executing it - wfd = wpopenv(npfctl_path, exec_cmd2, W_BIND_STDOUT); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Error executing '%s' : %s", npfctl_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(npfctl_path); - return OS_INVALID; - } - wpclose(wfd); - - write_debug_file(argv[0], "Ended"); - - cJSON_Delete(input_json); - os_free(npfctl_path); - - return OS_SUCCESS; -} diff --git a/src/active-response/firewalls/pf.c b/src/active-response/firewalls/pf.c deleted file mode 100644 index cfcade39a45..00000000000 --- a/src/active-response/firewalls/pf.c +++ /dev/null @@ -1,281 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "../active_responses.h" - -#define DEVPF ("/dev/pf") -#define PFCTL_RULES ("/etc/pf.conf") -#define PFCTL_TABLE ("wazuh_fwtable") - -/** - * @brief check if firewall is configured - * @param log_prog_name name of the program to be written to the logs - * @param path path to firewall configuration file - * @param table name of firewall table - * @return 0 if configured, -1 otherwise -*/ -static int checking_if_its_configured(const char *log_prog_name, const char *path, const char *table); - -/** - * @brief write to file path - * @param path path to file - * @param cmd command or text to write inside file - * @return 1 if successful, 0 otherwise -*/ -static int write_cmd_to_file(const char *path, const char *cmd); - -int main (int argc, char **argv) { - (void)argc; - char log_msg[OS_MAXSTR]; - char output_buf[OS_MAXSTR]; - int isEnabledFirewall = 0; - int action = OS_INVALID; - cJSON *input_json = NULL; - struct utsname uname_buffer; - - action = setup_and_check_message(argv, &input_json); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - - // Get srcip - const char *srcip = get_srcip_from_json(input_json); - if (!srcip) { - write_debug_file(argv[0], "Cannot read 'srcip' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (action == ADD_COMMAND) { - char **keys = NULL; - int action2 = OS_INVALID; - - os_calloc(2, sizeof(char *), keys); - os_strdup(srcip, keys[0]); - keys[1] = NULL; - - action2 = send_keys_and_check_message(argv, keys); - - os_free(keys); - - // If necessary, abort execution - if (action2 != CONTINUE_COMMAND) { - cJSON_Delete(input_json); - - if (action2 == ABORT_COMMAND) { - write_debug_file(argv[0], "Aborted"); - return OS_SUCCESS; - } else { - return OS_INVALID; - } - } - } - - if (uname(&uname_buffer) < 0) { - write_debug_file(argv[0], "Cannot get system name"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (!strcmp("OpenBSD", uname_buffer.sysname) || !strcmp("FreeBSD", uname_buffer.sysname) || !strcmp("Darwin", uname_buffer.sysname)) { - wfd_t *wfd = NULL; - char *pfctl_path = NULL; - - // Checking if pfctl is present - if (get_binary_path("pfctl", &pfctl_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "The pfctl file '%s' is not accessible", pfctl_path); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(pfctl_path); - return OS_SUCCESS; - } - - char *exec_cmd1[7] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL }; - char *exec_cmd2[4] = { NULL, NULL, NULL, NULL }; - char *exec_cmd3[4] = { pfctl_path, "-s", "info", NULL }; - char *exec_cmd4[4] = { pfctl_path, "-f", PFCTL_RULES, NULL }; - - // Checking if we have pf config file - if (access(PFCTL_RULES, F_OK) == 0) { - if (action == ADD_COMMAND) { - const char *arg1[7] = { pfctl_path, "-t", PFCTL_TABLE, "-T", "add", srcip, NULL }; - memcpy(exec_cmd1, arg1, sizeof(exec_cmd1)); - - const char *arg2[4] = { pfctl_path, "-k", srcip, NULL }; - memcpy(exec_cmd2, arg2, sizeof(exec_cmd2)); - } else { - const char *arg1[7] = { pfctl_path, "-t", PFCTL_TABLE, "-T", "delete", srcip, NULL }; - memcpy(exec_cmd1, arg1, sizeof(exec_cmd1)); - } - - // Checking if pf is running - if (access(DEVPF, F_OK) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "The file '%s' is not accessible", DEVPF); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(pfctl_path); - return OS_SUCCESS; - } else { - // Checking if wazuh table is configured in pf.conf - if (checking_if_its_configured(argv[0], PFCTL_RULES, PFCTL_TABLE) != 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Table '%s' does not exist", PFCTL_TABLE); - write_debug_file(argv[0], log_msg); - - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "table <%s> persist #%s\nblock in quick from <%s> to any\nblock out quick from any to <%s>", PFCTL_TABLE, PFCTL_TABLE, PFCTL_TABLE, PFCTL_TABLE); - - if (0 == write_cmd_to_file(PFCTL_RULES, log_msg)) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Error opening file '%s' : %s", PFCTL_RULES, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(pfctl_path); - return OS_INVALID; - } - - if (exec_cmd4[0] != NULL) { - wfd = wpopenv(pfctl_path, exec_cmd4, W_BIND_STDOUT); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Error executing '%s' : %s", pfctl_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(pfctl_path); - return OS_INVALID; - } - wpclose(wfd); - } - } - } - } else { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "The pf rules file '%s' does not exist", PFCTL_RULES); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(pfctl_path); - return OS_SUCCESS; - } - - // Executing it - - if (exec_cmd3[0] != NULL && action == ADD_COMMAND) { - wfd = wpopenv(pfctl_path, exec_cmd3, W_BIND_STDOUT); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Error executing '%s' : %s", pfctl_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(pfctl_path); - return OS_INVALID; - } - else { - while (fgets(output_buf, OS_MAXSTR -1, wfd->file_out) && 0 == isEnabledFirewall) { - isEnabledFirewall = isEnabledFromPattern(output_buf, "Status: ", "Enabled"); - } - - if (0 == isEnabledFirewall) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "{\"message\":\"Active response may not have an effect\",\"profile\":\"default\",\"status\":\"inactive\",\"script\":\"pf\"}"); - write_debug_file(argv[0], log_msg); - } - } - wpclose(wfd); - } - - if (exec_cmd1[0] != NULL) { - wfd = wpopenv(pfctl_path, exec_cmd1, W_BIND_STDOUT); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Error executing '%s' : %s", pfctl_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(pfctl_path); - return OS_INVALID; - } - wpclose(wfd); - } - - if (exec_cmd2[0] != NULL) { - wfd = wpopenv(pfctl_path, exec_cmd2, W_BIND_STDOUT); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Error executing '%s' : %s", pfctl_path, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - os_free(pfctl_path); - return OS_INVALID; - } - wpclose(wfd); - } - os_free(pfctl_path); - - } else { - write_debug_file(argv[0], "Invalid system"); - } - - write_debug_file(argv[0], "Ended"); - - cJSON_Delete(input_json); - - return OS_SUCCESS; -} - -static int checking_if_its_configured(const char *log_prog_name, const char *path, const char *table) { - char command[COMMANDSIZE_4096]; - char output_buf[OS_MAXSTR]; - char *cat_path = NULL; - char *grep_path = NULL; - char log_msg[OS_MAXSTR]; - - if (get_binary_path("cat", &cat_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Binary '%s' not found in default paths, the full path will not be used.", cat_path); - write_debug_file(log_prog_name, log_msg); - } - if (get_binary_path("grep", &grep_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Binary '%s' not found in default paths, the full path will not be used.", grep_path); - write_debug_file(log_prog_name, log_msg); - } - - snprintf(command, COMMANDSIZE_4096 -1, "%s %s | %s %s", cat_path, path, grep_path, table); - FILE *fp = popen(command, "r"); - - if (fp) { - while (fgets(output_buf, OS_MAXSTR, fp) != NULL) { - pclose(fp); - os_free(cat_path); - os_free(grep_path); - return OS_SUCCESS; - } - pclose(fp); - os_free(cat_path); - os_free(grep_path); - return OS_INVALID; - } - os_free(cat_path); - os_free(grep_path); - return OS_INVALID; -} - -static int write_cmd_to_file(const char *path, const char *cmd) { - int retVal = 0; - if (path != NULL && cmd != NULL) { - FILE *fp = wfopen(path, "a+"); - if (fp != NULL) { - fprintf(fp, "%s\n", cmd); - retVal = 1; - fclose(fp); - } - } - return retVal; -} diff --git a/src/active-response/host-deny.c b/src/active-response/host-deny.c deleted file mode 100644 index d492791b7e0..00000000000 --- a/src/active-response/host-deny.c +++ /dev/null @@ -1,224 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "active_responses.h" - -#define LOCK_PATH "active-response/bin/host-deny-lock" -#define LOCK_FILE "active-response/bin/host-deny-lock/pid" -#define DEFAULT_HOSTS_DENY_PATH "/etc/hosts.deny" -#define FREEBSD_HOSTS_DENY_PATH "/etc/hosts.allow" - -int main (int argc, char **argv) { - (void)argc; - char hosts_deny_rule[COMMANDSIZE_4096]; - char hosts_deny_path[COMMANDSIZE_4096]; - char log_msg[OS_MAXSTR]; - char lock_path[COMMANDSIZE_4096]; - char lock_pid_path[COMMANDSIZE_4096]; - char output_buf[OS_MAXSTR - 25]; - int action = OS_INVALID; - cJSON *input_json = NULL; - struct utsname uname_buffer; - FILE *host_deny_fp = NULL; - - action = setup_and_check_message(argv, &input_json); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - - // Get srcip - const char *srcip = get_srcip_from_json(input_json); - if (!srcip) { - write_debug_file(argv[0], "Cannot read 'srcip' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (action == ADD_COMMAND) { - char **keys = NULL; - int action2 = OS_INVALID; - - os_calloc(2, sizeof(char *), keys); - os_strdup(srcip, keys[0]); - keys[1] = NULL; - - action2 = send_keys_and_check_message(argv, keys); - - os_free(keys); - - // If necessary, abort execution - if (action2 != CONTINUE_COMMAND) { - cJSON_Delete(input_json); - - if (action2 == ABORT_COMMAND) { - write_debug_file(argv[0], "Aborted"); - return OS_SUCCESS; - } else { - return OS_INVALID; - } - } - } - - if (get_ip_version(srcip) == OS_INVALID) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run active response (invalid IP: '%s')", srcip); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (uname(&uname_buffer) != 0) { - write_debug_file(argv[0], "Cannot get system name"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - memset(hosts_deny_rule, '\0', COMMANDSIZE_4096); - memset(hosts_deny_path, '\0', COMMANDSIZE_4096); - if (!strcmp("FreeBSD", uname_buffer.sysname)) { - snprintf(hosts_deny_rule, COMMANDSIZE_4096 -1, "ALL : %s : deny", srcip); - strcpy(hosts_deny_path, FREEBSD_HOSTS_DENY_PATH); - } else { - snprintf(hosts_deny_rule, COMMANDSIZE_4096 -1, "ALL:%s", srcip); - strcpy(hosts_deny_path, DEFAULT_HOSTS_DENY_PATH); - } - - memset(lock_path, '\0', COMMANDSIZE_4096); - memset(lock_pid_path, '\0', COMMANDSIZE_4096); - snprintf(lock_path, COMMANDSIZE_4096 - 1, "%s", LOCK_PATH); - snprintf(lock_pid_path, COMMANDSIZE_4096 - 1, "%s", LOCK_FILE); - - if (action == ADD_COMMAND) { - // Taking lock - if (lock(lock_path, lock_pid_path, argv[0], basename(argv[0])) == OS_INVALID) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to take lock. End."); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - return OS_INVALID; - } - - host_deny_fp = wfopen(hosts_deny_path, "r"); - if (!host_deny_fp) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Could not open file '%s'", hosts_deny_path); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - unlock(lock_path, argv[0]); - return OS_INVALID; - } - - // Looking for duplication - memset(output_buf, '\0', OS_MAXSTR - 25); - while (fgets(output_buf, OS_MAXSTR - 25, host_deny_fp)) { - if (strstr(output_buf, srcip) != NULL) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "IP %s already exists on '%s'", srcip, hosts_deny_path); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - fclose(host_deny_fp); - unlock(lock_path, argv[0]); - return OS_INVALID; - } - } - fclose(host_deny_fp); - - // Open again to append rule - host_deny_fp = wfopen(hosts_deny_path, "a"); - if (!host_deny_fp) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Could not open file '%s'", hosts_deny_path); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - unlock(lock_path, argv[0]); - return OS_INVALID; - } - - if (fprintf(host_deny_fp, "%s\n", hosts_deny_rule) <= 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to write rule '%s' on '%s'", hosts_deny_rule, hosts_deny_path); - write_debug_file(argv[0], log_msg); - } - fclose(host_deny_fp); - - unlock(lock_path, argv[0]); - - } else { - FILE *temp_host_deny_fp = NULL; - char temp_hosts_deny_path[COMMANDSIZE_4096]; - - memset(temp_hosts_deny_path, '\0', COMMANDSIZE_4096); - snprintf(temp_hosts_deny_path, COMMANDSIZE_4096 - 1, "%s", "active-response/bin/temp-hosts-deny"); - - // Taking lock - if (lock(lock_path, lock_pid_path, argv[0], basename(argv[0])) == OS_INVALID) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to take lock. End."); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - return OS_INVALID; - } - - bool write_fail = false; - - host_deny_fp = wfopen(hosts_deny_path, "r"); - if (!host_deny_fp) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Could not open file '%s'", hosts_deny_path); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - unlock(lock_path, argv[0]); - return OS_INVALID; - } - - // Create the temporary file - temp_host_deny_fp = wfopen(temp_hosts_deny_path, "w"); - if (!temp_host_deny_fp) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Could not open file '%s'", temp_hosts_deny_path); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - fclose(host_deny_fp); - unlock(lock_path, argv[0]); - return OS_INVALID; - } - - memset(output_buf, '\0', OS_MAXSTR - 25); - while (fgets(output_buf, OS_MAXSTR - 25, host_deny_fp)) { - if (strstr(output_buf, srcip) == NULL) { - if (fwrite(output_buf, 1, strlen(output_buf), temp_host_deny_fp) != strlen(output_buf)) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to write line '%s'", output_buf); - write_debug_file(argv[0], log_msg); - write_fail = true; - break; - } - } - memset(output_buf, '\0', OS_MAXSTR - 25); - } - - fclose(host_deny_fp); - fclose(temp_host_deny_fp); - - if (write_fail || rename(temp_hosts_deny_path, hosts_deny_path) != 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to write file '%s'", hosts_deny_path); - write_debug_file(argv[0], log_msg); - } - - unlink(temp_hosts_deny_path); - unlock(lock_path, argv[0]); - } - - write_debug_file(argv[0], "Ended"); - - cJSON_Delete(input_json); - - return OS_SUCCESS; -} diff --git a/src/active-response/ip-customblock.c b/src/active-response/ip-customblock.c deleted file mode 100644 index 5b3478d36f2..00000000000 --- a/src/active-response/ip-customblock.c +++ /dev/null @@ -1,97 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "active_responses.h" - -#define IPBLOCK "/ipblock/" - -int main (int argc, char **argv) { - (void)argc; - char log_msg[OS_MAXSTR]; - int action = OS_INVALID; - cJSON *input_json = NULL; - - action = setup_and_check_message(argv, &input_json); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - - // Get srcip - const char *srcip = get_srcip_from_json(input_json); - if (!srcip) { - write_debug_file(argv[0], "Cannot read 'srcip' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (action == ADD_COMMAND) { - char **keys = NULL; - int action2 = OS_INVALID; - - os_calloc(2, sizeof(char *), keys); - os_strdup(srcip, keys[0]); - keys[1] = NULL; - - action2 = send_keys_and_check_message(argv, keys); - - os_free(keys); - - // If necessary, abort execution - if (action2 != CONTINUE_COMMAND) { - cJSON_Delete(input_json); - - if (action2 == ABORT_COMMAND) { - write_debug_file(argv[0], "Aborted"); - return OS_SUCCESS; - } else { - return OS_INVALID; - } - } - } - - char srcip_path[COMMANDSIZE_4096]; - strcpy(srcip_path, IPBLOCK); - strncat(srcip_path, srcip, (COMMANDSIZE_4096 - strlen(IPBLOCK)) - 1); - - if (action == ADD_COMMAND) { - // Create directory - if (mkdir_ex(IPBLOCK)) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Error executing '%s' : %s", IPBLOCK, strerror(errno)); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - return OS_INVALID; - } - - FILE *fp = wfopen(srcip_path, "a"); - if(fp == NULL) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Error creating %s file", srcip_path); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - return OS_INVALID; - } - fclose(fp); - - } else { - if(remove(srcip_path) != 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR - 1, "Error deleting %s file", srcip_path); - write_debug_file(argv[0], log_msg); - cJSON_Delete(input_json); - return OS_INVALID; - } - } - - write_debug_file(argv[0], "Ended"); - - cJSON_Delete(input_json); - - return OS_SUCCESS; -} diff --git a/src/active-response/netsh.c b/src/active-response/netsh.c deleted file mode 100644 index 4c0d4fa9958..00000000000 --- a/src/active-response/netsh.c +++ /dev/null @@ -1,326 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifdef WIN32 - -#include "active_responses.h" -#include "dll_load_notify.h" - -#define RULE_NAME "WAZUH ACTIVE RESPONSE BLOCKED IP" - -#define PATH_FIREWALL_PROFILES_REG_DEFAULT "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\" -#define FIREWALL_DATA_INITIALIZE { false, false, FIREWALL_DOMAIN } -#define FIREWALL_PROFILES_MAX (3) /*!< Maximum number of profiles*/ - -/** - * @brief enumeration of the available profiles - */ -typedef enum { - FIREWALL_DOMAIN = 0, - FIREWALL_PRIVATE, - FIREWALL_PUBLIC, - FIREWALL_DEFAULT -} firewallProfile_t; - -/** - * @brief firewall data struct - */ -typedef struct { - bool isThereProfile; - bool isEnabled; - firewallProfile_t profile; -} firewallData_t; - -/** - * @brief Get all firewall profiles status - * @param argv Name of logging file - * @return int - */ -static int getAllProfilesStatus(const char *argv); - -/** - * @brief Get name of the profile if it exists - * @param output_buf buffer output - * @param firewallData pointer to firewall data -*/ -static void getFirewallProfile(const char * output_buf, firewallData_t *firewallData); - -/** - * @brief Get status of the profile - * @param output_buf buffer output - * @param firewallData pointer to firewall data -*/ -static void getStatusFirewallProfile(const char * output_buf, firewallData_t *firewallData); - -int main (int argc, char **argv) { - // This must be always the first instruction - enable_dll_verification(); - - (void)argc; - char log_msg[OS_MAXSTR]; - int action = OS_INVALID; - cJSON *input_json = NULL; - - action = setup_and_check_message(argv, &input_json); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - - // Get srcip - const char *srcip = get_srcip_from_json(input_json); - if (!srcip) { - write_debug_file(argv[0], "Cannot read 'srcip' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (action == ADD_COMMAND) { - char **keys = NULL; - int action2 = OS_INVALID; - - os_calloc(2, sizeof(char *), keys); - os_strdup(srcip, keys[0]); - keys[1] = NULL; - - action2 = send_keys_and_check_message(argv, keys); - - os_free(keys); - - // If necessary, abort execution - if (action2 != CONTINUE_COMMAND) { - cJSON_Delete(input_json); - - if (action2 == ABORT_COMMAND) { - write_debug_file(argv[0], "Aborted"); - return OS_SUCCESS; - } else { - return OS_INVALID; - } - } - } - - char name[OS_MAXSTR -1]; - char description[OS_MAXSTR -1]; - char remoteip[OS_MAXSTR -1]; - wfd_t *wfd = NULL; - char *netsh_path = NULL; - - snprintf(name, OS_MAXSTR -1, "name=\"%s\"", RULE_NAME); - snprintf(remoteip, OS_MAXSTR -1, "remoteip=%s/32", srcip); - - // Checking if netsh.exe is present - if (get_binary_path("netsh.exe", &netsh_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Binary '%s' not found in default paths, the full path will not be used.", netsh_path); - write_debug_file(argv[0], log_msg); - } - - char *exec_args_add[11] = { netsh_path, "advfirewall", "firewall", "add", "rule", name, "interface=any", "dir=in", "action=block", remoteip, NULL }; - char *exec_args_delete[8] = { netsh_path, "advfirewall", "firewall", "delete", "rule", name, remoteip, NULL }; - - if ((action == ADD_COMMAND)) { - if (getAllProfilesStatus(argv[0]) == OS_INVALID) { - cJSON_Delete(input_json); - os_free(netsh_path); - return OS_INVALID; - } - } - - if (1 == checkVista()) { - wfd = wpopenv(netsh_path, (action == ADD_COMMAND) ? exec_args_add : exec_args_delete, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run netsh, action: '%s', rule: '%s'", (action == ADD_COMMAND) ? "ADD" : "DELETE", RULE_NAME); - write_debug_file(argv[0], log_msg); - } else { - wpclose(wfd); - } - } else { - snprintf(description, OS_MAXSTR -1, "description=\"%s\"", RULE_NAME); - snprintf(remoteip, OS_MAXSTR -1, "srcaddr=\"%s\"", srcip); - - char *exec_args_delete[12] = { netsh_path, "ipsec", "static", "delete", "filter", "filterlist=\"wazuh_filter\"", "srcmask=\"255.255.255.255\"", remoteip, "dstaddr=Me", "protocol=\"any\"", "mirrored=yes", NULL }; - char *exec_args_filter[12] = { netsh_path, "ipsec", "static", "add", "filter", "filterlist=\"wazuh_filter\"", "srcmask=\"255.255.255.255\"", remoteip, "dstaddr=Me", "protocol=\"any\"", "mirrored=yes", NULL }; - char *exec_args_faction[8] = { netsh_path, "ipsec", "static", "add", "filteraction", "name=\"wazuh_action\"", "action=block", NULL }; - char *exec_args_policy[9] = { netsh_path, "ipsec", "static", "add", "policy", "name=\"wazuh_policy\"", "assign=yes", description, NULL }; - char *exec_args_rule[10] = { netsh_path, "ipsec", "static", "add", "rule", "name=wazuh_rule", "policy=wazuh_policy", "filterlist=wazuh_filter", "filteraction=wazuh_action", NULL }; - - if (action == ADD_COMMAND) { - wfd = wpopenv(netsh_path, exec_args_filter, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run netsh, action: 'ADD', 'wazuh_filter'"); - write_debug_file(argv[0], log_msg); - } else { - wpclose(wfd); - } - - wfd = wpopenv(netsh_path, exec_args_faction, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run netsh, action: 'ADD', 'wazuh_action'"); - write_debug_file(argv[0], log_msg); - } else { - wpclose(wfd); - } - - wfd = wpopenv(netsh_path, exec_args_policy, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run netsh, action: 'ADD', 'wazuh_policy'"); - write_debug_file(argv[0], log_msg); - } else { - wpclose(wfd); - } - - wfd = wpopenv(netsh_path, exec_args_rule, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run netsh, action: 'ADD', 'wazuh_rule'"); - write_debug_file(argv[0], log_msg); - } else { - wpclose(wfd); - } - } else { - wfd = wpopenv(netsh_path, exec_args_delete, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run netsh, action: 'DELETE', rule: 'wazuh_rule'"); - write_debug_file(argv[0], log_msg); - } else { - wpclose(wfd); - } - } - } - - write_debug_file(argv[0], "Ended"); - - cJSON_Delete(input_json); - os_free(netsh_path); - - return OS_SUCCESS; -} - -static int getAllProfilesStatus(const char *argv) { - char pathFirewallProfilesReg[256] = {0}; - char *firewallProfilesReg[FIREWALL_PROFILES_MAX] = { "DomainProfile", "StandardProfile", "PublicProfile" }; - bool globalfirewallStatus = true; - char aux_buf[OS_MAXSTR] = {0}, aux_buf2[OS_MAXSTR] = {0}, msgLengths[FIREWALL_PROFILES_MAX] = {0,0,0}; - int countActiveProfile = 0, nextPositionComma = 0, numCommas = 0; - char output_buf[OS_MAXSTR]; - char log_msg[OS_MAXSTR]; - const char *firewallProfileStr[FIREWALL_PROFILES_MAX + 1] = { "FIREWALL_DOMAIN", "FIREWALL_PRIVATE", "FIREWALL_PUBLIC", "FIREWALL_DEFAULT" }; - firewallData_t firewallData = FIREWALL_DATA_INITIALIZE; - wfd_t *wfd = NULL; - char *reg_path = NULL; - - - // Checking if reg.exe is present - if (get_binary_path("reg.exe", ®_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Binary '%s' not found in default paths, the full path will not be used.", reg_path); - write_debug_file(argv, log_msg); - } - - char *exec_args_show_profile[6] = { reg_path, "query", pathFirewallProfilesReg, "/v", "EnableFirewall", NULL }; - memset(aux_buf2, '\0', OS_MAXSTR); - memset(log_msg, '\0', OS_MAXSTR); - strcpy(log_msg, "{\"message\":\"Active response may not have an effect\",\"firewall\":{"); - - for (int i = 0; i < FIREWALL_PROFILES_MAX; i++) { - memset(pathFirewallProfilesReg, 0, sizeof(pathFirewallProfilesReg)); - strcpy(pathFirewallProfilesReg, PATH_FIREWALL_PROFILES_REG_DEFAULT); - strcat(pathFirewallProfilesReg, firewallProfilesReg[i]); - - wfd = wpopenv(reg_path, exec_args_show_profile, W_BIND_STDOUT); - - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Error executing '%s' : %s", reg_path, strerror(errno)); - write_debug_file(argv, log_msg); - os_free(reg_path); - return OS_INVALID; - } else { - while (fgets(output_buf, OS_MAXSTR -1, wfd->file_out)) { - if (firewallData.isThereProfile == false) { - getFirewallProfile(output_buf, &firewallData); - } else { - countActiveProfile++; - getStatusFirewallProfile(output_buf, &firewallData); - char msg_buf[OS_MAXSTR] = {0}; - strncpy(msg_buf, "\"profile%d\":\"%s\",\"status%d\":\"%s\" ", OS_MAXSTR -1); - globalfirewallStatus &= firewallData.isEnabled; - memset(aux_buf, '\0', OS_MAXSTR); - snprintf(aux_buf, OS_MAXSTR -1, msg_buf, i + 1, - firewallProfileStr[firewallData.profile], i + 1, - firewallData.isEnabled == true ? "active" : "inactive" - ); - msgLengths[i] = strlen(aux_buf); - strcat(aux_buf2, aux_buf); - firewallData.isThereProfile = false; - } - } - wpclose(wfd); - } - } - - for (int i = 0; i < FIREWALL_PROFILES_MAX - 1; i++) { - nextPositionComma += msgLengths[i]; - if(nextPositionComma > 0 && (numCommas < countActiveProfile - 1)){ - aux_buf2[nextPositionComma -1] = ','; - numCommas++; - } - } - - if (false == globalfirewallStatus) { - strcat(log_msg, aux_buf2); - memset(aux_buf, '\0', OS_MAXSTR); - snprintf(aux_buf, OS_MAXSTR -1, "},\"status\":\"inactive\",\"script\":\"netsh\"}"); - strcat(log_msg, aux_buf); - write_debug_file(argv, log_msg); - } - os_free(reg_path); - return OS_SUCCESS; -} - -static void getFirewallProfile(const char * output_buf, firewallData_t *firewallData) { - if (output_buf != NULL) { - const char* ptr = NULL; - - if ((ptr = strstr(output_buf, "FirewallPolicy")) != NULL) { - char after[OS_MAXSTR]; - splitStrFromCharDelimiter(ptr, '\\', NULL, after); - - if (after != NULL) { - if (strstr(after, "DomainProfile") != NULL) { - firewallData->profile = FIREWALL_DOMAIN; - firewallData->isThereProfile = true; - } else if (strstr(after, "PublicProfile") != NULL) { - firewallData->profile = FIREWALL_PUBLIC; - firewallData->isThereProfile = true; - } else if (strstr(after, "StandardProfile") != NULL) { - firewallData->profile = FIREWALL_PRIVATE; - firewallData->isThereProfile = true; - } else { - firewallData->isThereProfile = false; - } - } - } - } -} - -static void getStatusFirewallProfile(const char * output_buf, firewallData_t *firewallData) { - if (firewallData->isThereProfile == true && isEnabledFromPattern(output_buf, "REG_DWORD", "0x1")) { - firewallData->isEnabled = true; - } else { - firewallData->isEnabled = false; - } -} - -#endif diff --git a/src/active-response/restart-wazuh.c b/src/active-response/restart-wazuh.c deleted file mode 100644 index fe1be297ddf..00000000000 --- a/src/active-response/restart-wazuh.c +++ /dev/null @@ -1,55 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "active_responses.h" -#include "dll_load_notify.h" - -int main (int argc, char **argv) { -#ifdef WIN32 - // This must be always the first instruction - enable_dll_verification(); -#endif - - (void)argc; - int action = OS_INVALID; - - action = setup_and_check_message(argv, NULL); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - -#ifndef WIN32 - char log_msg[OS_MAXSTR]; - char *exec_cmd[3] = { "bin/wazuh-control", "restart", NULL }; - - wfd_t *wfd = wpopenv(*exec_cmd, exec_cmd, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Error executing '%s': %s", *exec_cmd, strerror(errno)); - write_debug_file(argv[0], log_msg); - return OS_INVALID; - } - - while (waitpid(-1, NULL, 0) > 0); - - wpclose(wfd); -#else - char cmd[OS_MAXSTR + 1]; - - snprintf(cmd, OS_MAXSTR, "%%WINDIR%%\\system32\\net.exe stop Wazuh"); - system(cmd); - - snprintf(cmd, OS_MAXSTR, "%%WINDIR%%\\system32\\net.exe start Wazuh"); - system(cmd); -#endif - - write_debug_file(argv[0], "Ended"); - - return OS_SUCCESS; -} diff --git a/src/active-response/route-null.c b/src/active-response/route-null.c deleted file mode 100644 index 17c1cc884f5..00000000000 --- a/src/active-response/route-null.c +++ /dev/null @@ -1,195 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "active_responses.h" -#include "dll_load_notify.h" - -int main (int argc, char **argv) { -#ifdef WIN32 - // This must be always the first instruction - enable_dll_verification(); -#endif - - (void)argc; - int action = OS_INVALID; - cJSON *input_json = NULL; - - action = setup_and_check_message(argv, &input_json); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - - // Get srcip - const char *srcip = get_srcip_from_json(input_json); - if (!srcip) { - write_debug_file(argv[0], "Cannot read 'srcip' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - if (action == ADD_COMMAND) { - char **keys = NULL; - int action2 = OS_INVALID; - - os_calloc(2, sizeof(char *), keys); - os_strdup(srcip, keys[0]); - keys[1] = NULL; - - action2 = send_keys_and_check_message(argv, keys); - - os_free(keys); - - // If necessary, abort execution - if (action2 != CONTINUE_COMMAND) { - cJSON_Delete(input_json); - - if (action2 == ABORT_COMMAND) { - write_debug_file(argv[0], "Aborted"); - return OS_SUCCESS; - } else { - return OS_INVALID; - } - } - } - -#ifndef WIN32 - struct utsname uname_buffer; - wfd_t *wfd = NULL; - char *route_path = NULL; - char log_msg[OS_MAXSTR]; - - if (get_binary_path("route", &route_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Binary '%s' not found in default paths, the full path will not be used.", route_path); - write_debug_file(argv[0], log_msg); - } - - if (uname(&uname_buffer) < 0) { - write_debug_file(argv[0], "Cannot get system name"); - cJSON_Delete(input_json); - os_free(route_path); - return OS_INVALID; - } - - if (!strcmp("Linux", uname_buffer.sysname)) { - if (action == ADD_COMMAND) { - char *exec_cmd1[5] = { route_path, "add", (char *)srcip, "reject", NULL }; - - wfd = wpopenv(route_path, exec_cmd1, W_BIND_STDERR); - if (!wfd) { - write_debug_file(argv[0], "Unable to run route"); - } else { - wpclose(wfd); - } - } else { - char *exec_cmd1[5] = { route_path, "del", (char *)srcip, "reject", NULL }; - - wfd = wpopenv(route_path, exec_cmd1, W_BIND_STDERR); - if (!wfd) { - write_debug_file(argv[0], "Unable to run route"); - } else { - wpclose(wfd); - } - } - } else if (!strcmp("FreeBSD", uname_buffer.sysname)) { - if (action == ADD_COMMAND) { - char *exec_cmd1[7] = { route_path, "-q", "add", (char *)srcip, "127.0.0.1", "-blackhole", NULL }; - - wfd = wpopenv(route_path, exec_cmd1, W_BIND_STDERR); - if (!wfd) { - write_debug_file(argv[0], "Unable to run route"); - } else { - wpclose(wfd); - } - } else { - char *exec_cmd1[7] = { route_path, "-q", "delete", (char *)srcip, "127.0.0.1", "-blackhole", NULL }; - - wfd = wpopenv(route_path, exec_cmd1, W_BIND_STDERR); - if (!wfd) { - write_debug_file(argv[0], "Unable to run route"); - } else { - wpclose(wfd); - } - } - } else { - write_debug_file(argv[0], "Invalid system"); - } - os_free(route_path); -#else - char log_msg[OS_MAXSTR]; - char *route_path = NULL; - - if (get_binary_path("route.exe", &route_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Binary '%s' not found in default paths, the full path will not be used.", route_path); - write_debug_file(argv[0], log_msg); - } - - if (action == ADD_COMMAND) { - const char *regex = ".*Default Gateway.*[0-9][0-9]*\\.[0-9][0-9]*\\.[0-9][0-9]*\\.[0-9][0-9]*"; - const char *tmp_file = "default-gateway.txt"; - char gateway[IPSIZE + 1] = {0}; - - char cmd[OS_MAXSTR + 1]; - snprintf(cmd, OS_MAXSTR, "%%WINDIR%%\\system32\\ipconfig.exe | %%WINDIR%%\\system32\\findstr.exe /R /C:\"%s\" > %s", regex, tmp_file); - system(cmd); - - FILE *fp = wfopen(tmp_file, "r"); - if(fp != NULL) { - char output_buf[OS_MAXSTR]; - while (fgets(output_buf, OS_MAXSTR, fp)) { - char *ptr = strchr(output_buf, ':'); - if (ptr != NULL) { - snprintf(gateway, sizeof(gateway), "%s", ptr + 2); - } - } - fclose(fp); - } - remove(tmp_file); - - if (gateway[0]) { - char *exec_args_add[8] = { route_path, "-p", "ADD", (char *)srcip, "MASK", "255.255.255.255", gateway, NULL }; - - wfd_t *wfd = wpopenv(route_path, exec_args_add, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run %s, action: 'ADD'", route_path); - write_debug_file(argv[0], log_msg); - } - else { - wpclose(wfd); - } - } else { - write_debug_file(argv[0], "Couldn't get default gateway"); - cJSON_Delete(input_json); - os_free(route_path); - return OS_INVALID; - } - } else { - char *exec_args_delete[4] = { route_path, "DELETE", (char *)srcip, NULL }; - - wfd_t *wfd = wpopenv(route_path, exec_args_delete, W_BIND_STDERR); - if (!wfd) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Unable to run %s, action: 'DELETE'", route_path); - write_debug_file(argv[0], log_msg); - } - else { - wpclose(wfd); - } - } - os_free(route_path); -#endif - - write_debug_file(argv[0], "Ended"); - - cJSON_Delete(input_json); - - return OS_SUCCESS; -} diff --git a/src/active-response/wazuh-slack.c b/src/active-response/wazuh-slack.c deleted file mode 100644 index 4336d1778fa..00000000000 --- a/src/active-response/wazuh-slack.c +++ /dev/null @@ -1,272 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "active_responses.h" - - -/** - * Get json with the data to share on slack from an alert. Example: - * { - * "attachments": [{ - * "color": "warning", - * "pretext": "WAZUH Alert", - * "title": "N/A", - * "text": "Jan 28 02:13:23 ubuntu-bionic kernel: [39622.230464] VBoxClient[26081]: ... - * "fields": [{ - * "title": "Agentless Host", - * "value": "ubuntu-bionic" - * }, { - * "title": "Location", - * "value": "/var/log/syslog" - * }, { - * "title": "Rule ID", - * "value": "1010 (level 5)" - * }], - * "ts": "1611800004.741250" - * }] - * } - * - * @param alert Alert to extract info - * @return JSON object - * */ -static cJSON *format_output(const cJSON *alert); - -int main (int argc, char **argv) { - (void)argc; - char *site_url = NULL; - char *output_str = NULL; - char *cmd_path = NULL; - char log_msg[OS_MAXSTR]; - int action = OS_INVALID; - int return_value = OS_INVALID; - cJSON *input_json = NULL; - cJSON *output_json = NULL; - - action = setup_and_check_message(argv, &input_json); - if ((action != ADD_COMMAND) && (action != DELETE_COMMAND)) { - return OS_INVALID; - } - - // Get alert - const cJSON *alert_json = get_alert_from_json(input_json); - if (!alert_json) { - write_debug_file(argv[0], "Cannot read 'alert' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - // Get extra_args - site_url = get_extra_args_from_json(input_json); - if (!site_url) { - write_debug_file(argv[0], "Cannot read 'extra_args' from data"); - cJSON_Delete(input_json); - return OS_INVALID; - } - - output_json = format_output(alert_json); - output_str = cJSON_PrintUnformatted(output_json); - - // Execute the command - - // Try with curl - bool success_command = false; - if (get_binary_path("curl", &cmd_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Binary '%s' not found in default paths, the full path will not be used.", cmd_path); - write_debug_file(argv[0], log_msg); - } - char *exec_cmd1[9] = { cmd_path, "-H", "Accept: application/json", "-H", "Content-Type: application/json", "-d", output_str, site_url, NULL }; - - wfd_t *wfd = wpopenv(cmd_path, exec_cmd1, W_BIND_STDOUT | W_BIND_STDERR); - if (wfd) { - char buffer[4096]; - while (fgets(buffer, sizeof(buffer), wfd->file_out)); - int wp_closefd = wpclose(wfd); - if ( WIFEXITED(wp_closefd) ) { - int wstatus = WEXITSTATUS(wp_closefd); - if (wstatus == 0) { - success_command = true; - return_value = OS_SUCCESS; - } - } - } - - if (!success_command) { - write_debug_file(argv[0], "Unable to run curl, trying with wget..."); - - // Try with wget - os_free(cmd_path); - if (get_binary_path("wget", &cmd_path) < 0) { - memset(log_msg, '\0', OS_MAXSTR); - snprintf(log_msg, OS_MAXSTR -1, "Binary '%s' not found in default paths, the full path will not be used.", cmd_path); - write_debug_file(argv[0], log_msg); - } - char *exec_cmd2[6] = { cmd_path, "--keep-session-cookies", "--post-data", output_str, site_url, NULL }; - - wfd = wpopenv(cmd_path, exec_cmd2, W_BIND_STDOUT | W_BIND_STDERR); - if (wfd) { - char buffer[4096]; - while (fgets(buffer, sizeof(buffer), wfd->file_out)); - int wp_closefd = wpclose(wfd); - if ( WIFEXITED(wp_closefd) ) { - int wstatus = WEXITSTATUS(wp_closefd); - if (wstatus == 0) { - success_command = true; - return_value = OS_SUCCESS; - } - } - } - } - - if (!success_command) { - write_debug_file(argv[0], "Unable to run wget"); - return_value = OS_INVALID; - } - - write_debug_file(argv[0], "Ended"); - - cJSON_Delete(output_json); - cJSON_Delete(input_json); - os_free(output_str); - os_free(site_url); - os_free(cmd_path); - - return return_value; -} - -static cJSON *format_output(const cJSON *alert) { - cJSON *rule_json = NULL; - cJSON *agent_json = NULL; - cJSON *agentless_json = NULL; - cJSON *location_json = NULL; - cJSON *full_log_json = NULL; - cJSON *rule_description_json = NULL; - cJSON *alert_id_json = NULL; - cJSON *root_out = NULL; - cJSON *root_list = NULL; - cJSON *fields_list = NULL; - cJSON *item_objects = NULL; - cJSON *item_agent = NULL; - cJSON *item_agentless = NULL; - cJSON *item_location = NULL; - cJSON *item_rule = NULL; - char temp_line[OS_MAXSTR]; - int level = -1; - - root_out = cJSON_CreateObject(); - root_list = cJSON_CreateArray(); - fields_list = cJSON_CreateArray(); - item_objects = cJSON_CreateObject(); - - // Detect agent - agent_json = cJSON_GetObjectItem(alert, "agent"); - if (agent_json && (agent_json->type == cJSON_Object)) { - cJSON *agent_id_json = NULL; - cJSON *agent_name_json = NULL; - - item_agent = cJSON_CreateObject(); - - // Detect Agent ID - agent_id_json = cJSON_GetObjectItem(agent_json, "id"); - - // Detect Agent name - agent_name_json = cJSON_GetObjectItem(agent_json, "name"); - - memset(temp_line, '\0', OS_MAXSTR); - snprintf(temp_line, OS_MAXSTR -1, "(%s) - %s", - agent_id_json != NULL ? agent_id_json->valuestring : "N/A", - agent_name_json != NULL ? agent_name_json->valuestring : "N/A" - ); - - cJSON_AddStringToObject(item_agent, "title", "Agent"); - cJSON_AddStringToObject(item_agent, "value", temp_line); - cJSON_AddItemToArray(fields_list, item_agent); - } - - // Detect agentless - agentless_json = cJSON_GetObjectItem(alert, "agentless"); - if (agentless_json && (agentless_json->type == cJSON_Object)) { - cJSON *agentless_host_json = NULL; - item_agentless = cJSON_CreateObject(); - - // Detect Agentless host - agentless_host_json = cJSON_GetObjectItem(agentless_json, "host"); - - cJSON_AddStringToObject(item_agentless, "title", "Agentless Host"); - cJSON_AddStringToObject(item_agentless, "value", agentless_host_json != NULL ? agentless_host_json->valuestring : "N/A"); - cJSON_AddItemToArray(fields_list, item_agentless); - } - - // Detect location - location_json = cJSON_GetObjectItem(alert, "location"); - item_location = cJSON_CreateObject(); - cJSON_AddStringToObject(item_location, "title", "Location"); - cJSON_AddStringToObject(item_location, "value", location_json != NULL ? location_json->valuestring : "N/A"); - cJSON_AddItemToArray(fields_list, item_location); - - // Detect Rule - rule_json = cJSON_GetObjectItem(alert, "rule"); - if (rule_json && (rule_json->type == cJSON_Object)) { - cJSON *rule_id_json = NULL; - cJSON *rule_level_json = NULL; - char str_level[10]; - - // Detect Rule ID - rule_id_json = cJSON_GetObjectItem(rule_json, "id"); - - // Detect Rule Level - memset(str_level, '\0', 10); - rule_level_json = cJSON_GetObjectItem(rule_json, "level"); - if (rule_level_json && (rule_level_json->type == cJSON_Number)) { - snprintf(str_level, 9, "%d", rule_level_json->valueint); - level = rule_level_json->valueint; - } else { - snprintf(str_level, 9, "N/A"); - } - - // Detect Rule Description - rule_description_json = cJSON_GetObjectItem(rule_json, "description"); - - memset(temp_line, '\0', OS_MAXSTR); - snprintf(temp_line, OS_MAXSTR -1, "%s (level %s)", - rule_id_json != NULL ? rule_id_json->valuestring : "N/A", - str_level - ); - - item_rule = cJSON_CreateObject(); - cJSON_AddStringToObject(item_rule, "title", "Rule ID"); - cJSON_AddStringToObject(item_rule, "value", temp_line); - cJSON_AddItemToArray(fields_list, item_rule); - } - - if (level <= 4) { - cJSON_AddStringToObject(item_objects, "color", "good"); - } else if (level >= 5 && level <= 7) { - cJSON_AddStringToObject(item_objects, "color", "warning"); - } else { - cJSON_AddStringToObject(item_objects, "color", "danger"); - } - - cJSON_AddStringToObject(item_objects, "pretext", "WAZUH Alert"); - cJSON_AddStringToObject(item_objects, "title", rule_description_json != NULL ? rule_description_json->valuestring : "N/A"); - - // Detect full log - full_log_json = cJSON_GetObjectItem(alert, "full_log"); - cJSON_AddStringToObject(item_objects, "text", full_log_json != NULL ? full_log_json->valuestring : ""); - - cJSON_AddItemToObject(item_objects, "fields", fields_list); - - alert_id_json = cJSON_GetObjectItem(alert, "id"); - cJSON_AddStringToObject(item_objects, "ts", alert_id_json != NULL ? alert_id_json->valuestring : ""); - - cJSON_AddItemToArray(root_list, item_objects); - cJSON_AddItemToObject(root_out, "attachments", root_list); - - return root_out; -} diff --git a/src/addagent/main.c b/src/addagent/main.c deleted file mode 100644 index 2a78047c327..00000000000 --- a/src/addagent/main.c +++ /dev/null @@ -1,378 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "manage_agents.h" -#include -#include "dll_load_notify.h" - -#if defined(__MINGW32__) || defined(__hppa__) -static int setenv(const char *name, const char *val, __attribute__((unused)) int overwrite) -{ - assert(name); - assert(val); - - int len = strlen(name) + strlen(val) + 2; - char *str; - os_malloc(len, str); - - snprintf(str, len, "%s=%s", name, val); - putenv(str); - - os_free(str); - - return 0; -} -#endif - -__attribute__((noreturn)) static void helpmsg() -{ - print_header(); - print_out(" %s -[Vhlj] [-a -n ] [-F sec] [-e id] [-r id] [-i id] [-f file]", ARGV0); - print_out(" -V Version and license message."); - print_out(" -h This help message."); - print_out(" -j Use JSON output."); - print_out(" -l List available agents."); - print_out(" -L Disable agents limit."); - print_out(" -a Add new agent."); - print_out(" -n Name for new agent."); - print_out(" -e Extracts key for an agent (Manager only)."); - print_out(" -r Remove an agent (Manager only)."); - print_out(" -i Import authentication key (Agent only)."); - print_out(" -R Replace agents that were registered at least seconds."); - print_out(" -D Replace agents that were disconnected at least seconds."); - print_out(" -f Bulk generate client keys from file (Manager only)."); - print_out(" contains lines in IP,NAME format."); - exit(1); -} - -static void print_banner() -{ - printf("\n"); - printf(BANNER, __ossec_name, __ossec_version, (int)(21 - strlen(__ossec_name) - strlen(__ossec_version)), " "); - -#ifdef CLIENT - printf(BANNER_CLIENT); -#else - printf(BANNER_OPT); -#endif - - return; -} - -#ifndef WIN32 -/* Clean shutdown on kill */ -__attribute__((noreturn)) void manage_shutdown(__attribute__((unused)) int sig) -{ - printf("\n"); - printf(EXIT); - - exit(0); -} -#endif - -char shost[512]; - -int main(int argc, char **argv) -{ -#ifdef WIN32 - // This must be always the first instruction - enable_dll_verification(); -#endif - - int c = 0, cmdlist = 0, json_output = 0; - int disconnected_time; - int after_registration_time; - char *user_msg; - char *end; - const char *cmdexport = NULL; - const char *cmdimport = NULL; - const char *cmdbulk = NULL; -#ifndef WIN32 - const char *group = GROUPGLOBAL; - gid_t gid; -#else - FILE *fp; -#endif - - /* Set the name */ - OS_SetName(ARGV0); -#ifndef WIN32 - char * home_path = w_homedir(argv[0]); - mdebug1(WAZUH_HOMEDIR, home_path); - - /* Change working directory */ - if (chdir(home_path) == -1) { - merror_exit(CHDIR_ERROR, home_path, errno, strerror(errno)); - } -#endif - - while ((c = getopt(argc, argv, "Vhle:r:i:f:ja:n:R:D:L")) != -1) { - switch (c) { - case 'V': - print_version(); - break; - case 'h': - helpmsg(); - break; - case 'e': -#ifdef CLIENT - merror_exit("Key export only available on a master."); -#endif - if (!optarg) { - merror_exit("-e needs an argument."); - } - cmdexport = optarg; - break; - case 'r': -#ifdef CLIENT - merror_exit("Key removal only available on a master."); -#endif - if (!optarg) { - merror_exit("-r needs an argument."); - } - - /* Use environment variables already available to remove_agent() */ - setenv("OSSEC_ACTION", "r", 1); - setenv("OSSEC_AGENT_ID", optarg, 1); - setenv("OSSEC_ACTION_CONFIRMED", "y", 1); - break; - case 'i': -#ifndef CLIENT - merror_exit("Key import only available on an agent."); -#endif - if (!optarg) { - merror_exit("-i needs an argument."); - } - cmdimport = optarg; - break; - case 'f': -#ifdef CLIENT - merror_exit("Bulk generate keys only available on a master."); -#endif - if (!optarg) { - merror_exit("-f needs an argument."); - } - cmdbulk = optarg; - printf("Bulk load file: %s\n", cmdbulk); - break; - case 'l': - cmdlist = 1; - break; - case 'j': - json_output = 1; - break; - case 'a': -#ifdef CLIENT - merror_exit("Agent adding only available on a master."); -#endif - if (!optarg) - merror_exit("-a needs an argument."); - setenv("OSSEC_ACTION", "a", 1); - setenv("OSSEC_ACTION_CONFIRMED", "y", 1); - setenv("OSSEC_AGENT_IP", optarg, 1); - setenv("OSSEC_AGENT_ID", "0", 1); - break; - case 'n': - if (!optarg) - merror_exit("-n needs an argument."); - setenv("OSSEC_AGENT_NAME", optarg, 1); - break; - case 'D': - if (!optarg) - merror_exit("-D needs an argument."); - - disconnected_time = strtol(optarg, &end, 10); - - if (optarg == end || disconnected_time < 0) - merror_exit("Invalid number for -D"); - - setenv("DISCONNECTED_TIME", optarg, 1); - break; - case 'R': - if (!optarg) - merror_exit("-R needs an argument."); - - after_registration_time = strtol(optarg, &end, 10); - - if (optarg == end || after_registration_time < 0) - merror_exit("Invalid number for -R"); - - setenv("AFTER_REGISTRATION_TIME", optarg, 1); - break; - case 'L': -#ifndef CLIENT - mwarn("This option no longer applies. The agent limit has been removed."); -#endif - break; - default: - helpmsg(); - break; - } - } - - /* Get current time */ - time1 = time(0); - - /* Before chroot */ - srandom_init(); - getuname(); - -#ifndef CLIENT - int is_worker = w_is_worker(); - char *master; - - switch (is_worker) { - case -1: - merror("Invalid option at cluster configuration"); - return 0; - case 1: - master = get_master_node(); - merror("Wazuh is running in cluster mode: %s is not available in worker nodes. Please, try again in the master node: %s.", ARGV0, master); - free(master); - return 0; - } -#endif - -#ifndef WIN32 - if (gethostname(shost, sizeof(shost) - 1) < 0) { - strncpy(shost, "localhost", sizeof(shost) - 1); - shost[sizeof(shost) - 1] = '\0'; - } - - /* Get the group name */ - gid = Privsep_GetGroup(group); - if (gid == (gid_t) - 1) { - merror_exit(USER_ERROR, "", group, strerror(errno), errno); - } - - /* Set the group */ - if (Privsep_SetGroup(gid) < 0) { - merror_exit(SETGID_ERROR, group, errno, strerror(errno)); - } - - /* Chroot to the default directory */ - if (Privsep_Chroot(home_path) < 0) { - merror_exit(CHROOT_ERROR, home_path, errno, strerror(errno)); - } - - os_free(home_path); - - /* Inside chroot now */ - nowChroot(); - - /* Start signal handler */ - StartSIG2(ARGV0, manage_shutdown); -#else - - w_ch_exec_dir(); - - /* Check permissions */ - fp = wfopen(OSSECCONF, "r"); - if (fp) { - fclose(fp); - } else { - merror_exit(CONF_ERROR, OSSECCONF); - } -#endif - - if (cmdlist == 1) { - list_agents(cmdlist); - exit(0); - } else if (cmdimport) { - k_import(cmdimport); - exit(0); - } else if (cmdexport) { - k_extract(cmdexport, json_output); - exit(0); - } else if (cmdbulk) { - k_bulkload(cmdbulk); - exit(0); - } - - /* Little shell */ - while (1) { - int leave_s = 0; - - if (!json_output) - print_banner(); - - /* Get ACTION from the environment. If ACTION is specified, - * we must set leave_s = 1 to ensure that the loop will end */ - user_msg = getenv("OSSEC_ACTION"); - if (user_msg == NULL) { - user_msg = read_from_user(); - } else { - leave_s = 1; - } - - /* All the allowed actions */ - switch (user_msg[0]) { - case 'A': - case 'a': -#ifdef CLIENT - printf("\n ** Agent adding only available on a master ** \n\n"); -#else - add_agent(json_output); -#endif - break; - case 'e': - case 'E': -#ifdef CLIENT - printf("\n ** Key export only available on a master ** \n\n"); - break; -#endif - k_extract(NULL, json_output); - break; - case 'i': - case 'I': -#ifdef CLIENT - k_import(NULL); -#else - printf("\n ** Key import only available on an agent ** \n\n"); -#endif - break; - case 'l': - case 'L': - list_agents(0); - break; - case 'r': - case 'R': -#ifdef CLIENT - printf("\n ** Key removal only available on a master ** \n\n"); - break; -#endif - remove_agent(json_output); - break; - case 'q': - case 'Q': - leave_s = 1; - break; - case 'V': - print_version(); - break; - default: - printf("\n ** Invalid Action ** \n\n"); - break; - } - - if (leave_s) { - break; - } - - continue; - } - - if (!json_output) { - printf("\n"); - printf(EXIT); - } - - return (0); -} diff --git a/src/addagent/manage_agents.c b/src/addagent/manage_agents.c deleted file mode 100644 index f01778f1130..00000000000 --- a/src/addagent/manage_agents.c +++ /dev/null @@ -1,629 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -/* Manage agents tool - * Add/extract and remove agents from a server - */ - -#include "manage_agents.h" -#include "debug_op.h" -#include "defs.h" -#include "os_crypto/md5/md5_op.h" -#include "external/cJSON/cJSON.h" -#include "os_err.h" -#include -#include -#include "config/authd-config.h" -#include "wazuh_db/helpers/wdb_global_helpers.h" -#include "wazuh_db/wdb.h" - -#if defined(__hppa__) -static int setenv(const char *name, const char *val, __attribute__((unused)) int overwrite) -{ - int len = strlen(name) + strlen(val) + 2; - char *str = (char *)malloc(len); - snprintf(str, len, "%s=%s", name, val); - putenv(str); - return 0; -} -#endif - -/* Global variables */ -time_t time1; -time_t time2; -time_t time3; -long int rand1; -long int rand2; - -/* Remove spaces, newlines, etc from a string */ -char *chomp(char *str) -{ - char *tmp_str; - ssize_t size; - - /* Remove spaces from the beginning */ - while (*str == ' ' || *str == '\t') { - str++; - } - - /* Remove any trailing newlines or \r */ - do { - tmp_str = strchr(str, '\n'); - if (tmp_str) { - *tmp_str = '\0'; - continue; - } - - tmp_str = strchr(str, '\r'); - if (tmp_str) { - *tmp_str = '\0'; - } - } while (tmp_str != NULL); - - /* Remove spaces at the end of the string */ - tmp_str = str; - size = (ssize_t) strlen(str) - 1; - - while ((size >= 0) && (tmp_str[size] == ' ' || tmp_str[size] == '\t')) { - tmp_str[size] = '\0'; - size--; - } - - return (str); -} - -#ifndef CLIENT - -int add_agent(int json_output) -{ - int i = 1; - FILE *fp; - File file; - char str1[STR_SIZE + 1]; - char str2[STR_SIZE + 1]; - - os_md5 md1; - os_md5 md2; - char key[65]; - - char *user_input; - char *_name; - char *_id; - char *_ip; - - char name[FILE_SIZE + 1]; - char id[FILE_SIZE + 1] = { '\0' }; - char ip[FILE_SIZE + 1]; - - char *id_exist = NULL; - authd_force_options_t authd_force_options = {0}; - int sock; - int authd_running; - - // Creating the configuration structure according to the parameters used - const char *env_disconnected_time = getenv("DISCONNECTED_TIME"); - - if (env_disconnected_time) { - authd_force_options.disconnected_time = strtol(env_disconnected_time, NULL, 10); - authd_force_options.disconnected_time_enabled = true; - authd_force_options.enabled = true; - } - - const char *env_after_registration_time = getenv("AFTER_REGISTRATION_TIME"); - - if (env_after_registration_time) { - authd_force_options.after_registration_time = strtol(env_after_registration_time, NULL, 10); - authd_force_options.enabled = true; - } - - // Create socket - - if (sock = auth_connect(), sock < 0) { - authd_running = 0; - /* Check if we can open the auth_file */ - fp = wfopen(KEYS_FILE, "a"); - if (!fp) { - if (json_output) { - char buffer[1024]; - cJSON *json_root = cJSON_CreateObject(); - snprintf(buffer, 1023, "Could not open file '%s' due to [(%d)-(%s)]", KEYS_FILE, errno, strerror(errno)); - cJSON_AddNumberToObject(json_root, "error", 71); - cJSON_AddStringToObject(json_root, "message", buffer); - printf("%s", cJSON_PrintUnformatted(json_root)); - exit(1); - } else - merror_exit(FOPEN_ERROR, KEYS_FILE, errno, strerror(errno)); - } - fclose(fp); - - /* Set time 2 */ - time2 = time(0); - rand1 = os_random(); - } else { - authd_running = 1; - close(sock); - sock = -1; - } - - if (!json_output) - printf(ADD_NEW); - - do { - if (!json_output) { - printf(ADD_NAME); - fflush(stdout); - } - /* Read the agent's name from user environment. If it is invalid - * we should force user to provide a name from input device. - */ - _name = getenv("OSSEC_AGENT_NAME"); - if (_name == NULL || !strcmp(_name, shost) || NameExist(_name) || !OS_IsValidName(_name)) { - if (json_output) { - cJSON *json_root = cJSON_CreateObject(); - - if (_name && (!strcmp(_name, shost) || NameExist(_name))) { - cJSON_AddNumberToObject(json_root, "error", 75); - cJSON_AddStringToObject(json_root, "message", "Name already present"); - } else { - cJSON_AddNumberToObject(json_root, "error", 76); - cJSON_AddStringToObject(json_root, "message", "Invalid name for agent"); - } - - printf("%s", cJSON_PrintUnformatted(json_root)); - exit(1); - } else - _name = read_from_user(); - } - - if (strcmp(_name, QUIT) == 0) { - goto cleanup; - } - - strncpy(name, _name, FILE_SIZE - 1); - - /* Check the name */ - if (!OS_IsValidName(name)) { - printf(INVALID_NAME, name); - } - - /* Search for name -- no duplicates (only if Authd is not running) */ - if (!authd_running && (!strcmp(name, shost) || NameExist(name))) { - printf(ADD_ERROR_NAME, name); - } - } while ((!authd_running && (!strcmp(name, shost) || NameExist(name))) || !OS_IsValidName(name)); - - /* Get IP */ - memset(ip, '\0', FILE_SIZE + 1); - - do { - if (!json_output) { - printf(ADD_IP); - fflush(stdout); - } - - /* Read IP address from user's environment. If that IP is invalid, - * force user to provide IP from input device */ - _ip = getenv("OSSEC_AGENT_IP"); - - os_ip *aux_ip; - os_calloc(1, sizeof(os_ip), aux_ip); - - if (_ip == NULL || !OS_IsValidIP(_ip, aux_ip)) { - if (json_output) { - cJSON *json_root = cJSON_CreateObject(); - cJSON_AddNumberToObject(json_root, "error", 77); - cJSON_AddStringToObject(json_root, "message", "Invalid IP for agent"); - printf("%s", cJSON_PrintUnformatted(json_root)); - w_free_os_ip(aux_ip); - exit(1); - } else { - _ip = read_from_user(); - /* Quit */ - if (strcmp(_ip, QUIT) == 0) { - w_free_os_ip(aux_ip); - goto cleanup; - } - os_free(aux_ip->ip); - if (!OS_IsValidIP(_ip, aux_ip)) { - printf(IP_ERROR, _ip); - w_free_os_ip(aux_ip); - _ip = NULL; - continue; - } - } - } - - strncpy(ip, aux_ip->ip, FILE_SIZE - 1); - w_free_os_ip(aux_ip); - - if (!authd_running && (id_exist = IPExist(ip))) { - bool replace_agent = true; - char error_message[OS_SIZE_128]; - cJSON *j_agent_info = NULL; - cJSON *j_connection_status = NULL; - cJSON *j_disconnection_time = NULL; - cJSON *j_date_add = NULL; - - snprintf(error_message, OS_SIZE_128, "Agent '%s' won't be removed because the force option is disabled.", id_exist); - - j_agent_info = wdb_get_agent_info(atoi(id_exist), NULL); - if(j_agent_info){ - j_connection_status = cJSON_GetObjectItem(j_agent_info->child, "connection_status"); - j_disconnection_time = cJSON_GetObjectItem(j_agent_info->child, "disconnection_time"); - j_date_add = cJSON_GetObjectItem(j_agent_info->child, "date_add"); - } - - if (!j_agent_info || !j_connection_status || !j_disconnection_time || !j_date_add){ - cJSON_Delete(j_agent_info); - merror_exit("Failed to get agent-info for agent '%s'", id_exist); - } - - if(authd_force_options.enabled == false) { - replace_agent = false; - } else { - /* Check if the agent has been disconnected longer than the value required*/ - if (env_disconnected_time) { - time_t agent_time_since_desconnection = 0; - char *status = j_connection_status->valuestring; - - if(!strcmp(status, AGENT_CS_DISCONNECTED)) { - agent_time_since_desconnection = difftime(time(NULL), j_disconnection_time->valueint); - if(agent_time_since_desconnection <= authd_force_options.disconnected_time){ - replace_agent = false; - snprintf(error_message, OS_SIZE_128, "Agent '%s' has not been disconnected long enough to be replaced.", id_exist); - } - } else if(strcmp(status, AGENT_CS_NEVER_CONNECTED)){ - replace_agent = false; - snprintf(error_message, OS_SIZE_128, "Agent '%s' can't be replaced since it is not disconnected.", id_exist); - } - } - - /* Check if the agent is old enough to be removed */ - if(env_after_registration_time) { - if (authd_force_options.after_registration_time != 0){ - time_t agent_registration_time = difftime(time(NULL), j_date_add->valueint); - - if(agent_registration_time <= authd_force_options.after_registration_time){ - snprintf(error_message, OS_SIZE_128, "Agent '%s' has not been registered long enough to be removed.", id_exist); - replace_agent = false; - } - } - } - } - - cJSON_Delete(j_agent_info); - - if (replace_agent) { - OS_RemoveAgent(id_exist); - } else { - if (json_output) { - cJSON *json_root = cJSON_CreateObject(); - cJSON_AddNumberToObject(json_root, "error", 79); - cJSON_AddStringToObject(json_root, "message", "Duplicate IP for agent"); - printf("%s", cJSON_PrintUnformatted(json_root)); - exit(1); - } else { - printf("%s\n", error_message); - setenv("OSSEC_AGENT_IP", "", 1); - _ip = NULL; - } - } - - free(id_exist); - } - } while (!_ip); - - if (!authd_running && !*id) { - do { - /* Default ID */ - for (i = 1; snprintf(id, sizeof(id), "%03d", i), IDExist(id, 0); i++); - - /* Get ID */ - - if (!json_output) { - printf(ADD_ID, id); - fflush(stdout); - } - - /* Get Agent ID from environment. If 0, use default ID. If null, - * get from user input. If value from environment is invalid, - * we force user to specify an ID from the terminal. Otherwise, - * our program goes to infinite loop. - */ - _id = getenv("OSSEC_AGENT_ID"); - if (_id == NULL || IDExist(_id, 0) || !OS_IsValidID(_id)) { - _id = read_from_user(); - } - - /* Quit */ - if (strcmp(_id, QUIT) == 0) { - goto cleanup; - } - - if (_id[0] != '\0' && strcmp(_id, "0")) { - strncpy(id, _id, FILE_SIZE - 1); - } - - if (OS_IsValidID(id)) { - FormatID(id); - } else - printf(INVALID_ID, id); - - /* Search for ID KEY -- no duplicates */ - if (!authd_running && IDExist(id, 0)) { - printf(ADD_ERROR_ID, id); - } - } while (IDExist(id, 0) || !OS_IsValidID(id)); - } - - if (!authd_running && !json_output) { - printf(AGENT_INFO, id, name, ip); - fflush(stdout); - } - - do { - if (!json_output) - printf(ADD_CONFIRM); - - /* Confirmation by an environment variable. The valid value is y/Y. - * If the user provides anything other string, it is considered as - * n/N; please note that the old code only accepts y/Y/n/N. So if - * the variable OSSEC_ACTION_CONFIRMED is 'foobar', the program will - * go into an infinite loop. - */ - user_input = getenv("OSSEC_ACTION_CONFIRMED"); - - if (user_input == NULL) { - user_input = read_from_user(); - } - - /* If user accepts to add */ - if (user_input[0] == 'y' || user_input[0] == 'Y') { - if (!authd_running) { - time3 = time(0); - rand2 = os_random(); - - if (TempFile(&file, KEYS_FILE, 1) < 0 ) { - if (json_output) { - char buffer[1024]; - cJSON *json_root = cJSON_CreateObject(); - snprintf(buffer, 1023, "Could not open file '%s' due to [(%d)-(%s)]", KEYS_FILE, errno, strerror(errno)); - cJSON_AddNumberToObject(json_root, "error", 71); - cJSON_AddStringToObject(json_root, "message", buffer); - printf("%s", cJSON_PrintUnformatted(json_root)); - exit(1); - } else - merror_exit(FOPEN_ERROR, KEYS_FILE, errno, strerror(errno)); - } - - /* Random 1: Time took to write the agent information - * Random 2: Time took to choose the action - * Random 3: All of this + time + pid - * Random 4: Md5 all of this + the name, key and IP - * Random 5: Final key - */ - - os_snprintf(str1, STR_SIZE, "%d%s%d", (int)(time3 - time2), name, (int)rand1); - os_snprintf(str2, STR_SIZE, "%d%s%s%d", (int)(time2 - time1), ip, id, (int)rand2); - - OS_MD5_Str(str1, -1, md1); - OS_MD5_Str(str2, -1, md2); - - snprintf(str1, STR_SIZE, "%s%d%d%d", md1, (int)getpid(), os_random(), - (int)time3); - OS_MD5_Str(str1, -1, md1); - - snprintf(key, 65, "%s%s", md1, md2); - fprintf(file.fp, "%s %s %s %s\n", id, name, ip, key); - fclose(file.fp); - - if (OS_MoveFile(file.name, KEYS_FILE) < 0) { - if (json_output) { - char buffer[1024]; - cJSON *json_root = cJSON_CreateObject(); - snprintf(buffer, 1023, "Could not write file '%s'", KEYS_FILE); - cJSON_AddNumberToObject(json_root, "error", 71); - cJSON_AddStringToObject(json_root, "message", buffer); - printf("%s", cJSON_PrintUnformatted(json_root)); - exit(1); - } else - merror_exit("Could not write file '%s'", KEYS_FILE); - } - - free(file.name); - OS_AddAgentTimestamp(id, name, ip, time3); - } else { - if (sock = auth_connect(), sock < 0) { - if (json_output) { - cJSON *json_root = cJSON_CreateObject(); - cJSON_AddNumberToObject(json_root, "error", 80); - cJSON_AddStringToObject(json_root, "message", "Lost authd socket connection."); - printf("%s", cJSON_PrintUnformatted(json_root)); - exit(1); - } else - merror_exit("Lost authd socket connection."); - } - if (w_request_agent_add_local(sock, id, name, ip, NULL, NULL, &authd_force_options, json_output, NULL, 1) < 0) { - break; - } - } - - if (json_output) { - cJSON *json_root = cJSON_CreateObject(); - cJSON *json_data = cJSON_CreateObject(); - cJSON_AddStringToObject(json_data, "id", id); - cJSON_AddStringToObject(json_data, "message", "Agent added"); - cJSON_AddNumberToObject(json_root, "error", 0); - cJSON_AddItemToObject(json_root, "data", json_data); - printf("%s", cJSON_PrintUnformatted(json_root)); - } else - printf(AGENT_ADD, id); - - break; - } else { /* if(user_input[0] == 'n' || user_input[0] == 'N') */ - printf(ADD_NOT); - break; - } - } while (1); - -cleanup: - auth_close(sock); - return (0); -} - -int remove_agent(int json_output) -{ - char *user_input; - char u_id[FILE_SIZE + 1]; - int id_exist; - int sock; - int authd_running; - - u_id[FILE_SIZE] = '\0'; - - if (!(json_output || print_agents(0, 0, 0, 0, 0))) { - printf(NO_AGENT); - return (0); - } - - // Create socket - - if (sock = auth_connect(), sock < 0) { - authd_running = 0; - } else { - auth_close(sock); - authd_running = 1; - sock = -1; - } - - do { - if (!json_output) { - printf(REMOVE_ID); - fflush(stdout); - } - - user_input = getenv("OSSEC_AGENT_ID"); - if (user_input == NULL) { - user_input = read_from_user(); - } else if (!json_output) { - printf("%s\n", user_input); - } - - if (strcmp(user_input, QUIT) == 0) { - goto cleanup; - } - - FormatID(user_input); - strncpy(u_id, user_input, FILE_SIZE); - - if (!authd_running) { - if (id_exist = IDExist(user_input, 0), !id_exist) { - if (json_output) { - char buffer[1024]; - cJSON *json_root = cJSON_CreateObject(); - snprintf(buffer, 1023, "Invalid ID '%s' given. ID is not present", user_input); - cJSON_AddNumberToObject(json_root, "error", 78); - cJSON_AddStringToObject(json_root, "message", buffer); - printf("%s", cJSON_PrintUnformatted(json_root)); - exit(1); - } else - printf(NO_ID, user_input); - - /* Exit here if we are using environment variables - * and our ID does not exist - */ - if (getenv("OSSEC_AGENT_ID")) { - exit(1); - } - } - } - } while (!authd_running && !id_exist); - - do { - if (!json_output) { - printf(REMOVE_CONFIRM); - fflush(stdout); - } - - user_input = getenv("OSSEC_ACTION_CONFIRMED"); - if (user_input == NULL) { - user_input = read_from_user(); - } else if (!json_output) { - printf("%s\n", user_input); - } - - /* If user confirms */ - if (user_input[0] == 'y' || user_input[0] == 'Y') { - if (!authd_running) { - if (!OS_RemoveAgent(u_id)) { - if (json_output) { - char buffer[1024]; - cJSON *json_root = cJSON_CreateObject(); - snprintf(buffer, 1023, "Could not open object '%s' due to [(%d)-(%s)]", KEYS_FILE, errno, strerror(errno)); - cJSON_AddNumberToObject(json_root, "error", 71); - cJSON_AddStringToObject(json_root, "message", buffer); - printf("%s", cJSON_PrintUnformatted(json_root)); - exit(1); - } else - merror_exit(FOPEN_ERROR, KEYS_FILE, errno, strerror(errno)); - } - } else { - if (sock = auth_connect(), sock < 0) { - if (json_output) { - cJSON *json_root = cJSON_CreateObject(); - cJSON_AddNumberToObject(json_root, "error", 80); - cJSON_AddStringToObject(json_root, "message", "Lost authd socket connection."); - printf("%s", cJSON_PrintUnformatted(json_root)); - exit(1); - } else - merror_exit("Lost authd socket connection."); - } - if (auth_remove_agent(sock, u_id, json_output) < 0) { - break; - } - } - - if (json_output) { - cJSON *json_root = cJSON_CreateObject(); - cJSON_AddNumberToObject(json_root, "error", 0); - cJSON_AddStringToObject(json_root, "data", "Agent removed"); - printf("%s", cJSON_PrintUnformatted(json_root)); - } else { - printf(REMOVE_DONE, u_id); - } - - break; - } else { /* if(user_input[0] == 'n' || user_input[0] == 'N') */ - printf(REMOVE_NOT); - break; - } - } while (1); - -cleanup: - auth_close(sock); - return 0; -} - -#endif - -int list_agents(int cmdlist) -{ - if (!print_agents(0, 0, 0, 0, 0)) { - printf(NO_AGENT); - } - - printf("\n"); - if (!cmdlist) { - printf(PRESS_ENTER); - read_from_user(); - } - - return (0); -} diff --git a/src/addagent/manage_agents.h b/src/addagent/manage_agents.h deleted file mode 100644 index 1bb54967250..00000000000 --- a/src/addagent/manage_agents.h +++ /dev/null @@ -1,155 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifndef MANAGE_AGENTS_H -#define MANAGE_AGENTS_H - -#include "shared.h" -#include "sec.h" -#include - -#ifndef ARGV0 -#define ARGV0 "manage_agents" -#endif - -/** Prototypes **/ - -/* Read any input from the user (stdin) */ -char *read_from_user(void); - -/* Add or remove an agent */ -int add_agent(int json_output); -int remove_agent(int json_output); - -/* Extract or import a key */ -int k_extract(const char *cmdextract, int json_output); -int k_import(const char *cmdimport); -int k_bulkload(const char *cmdbulk); - -/** - * @brief Converts invalid hostnames to valid by eliminating - * invalid characters - * - * @param u_name name to be converted - * */ -void OS_ConvertToValidAgentName(char *u_name); - -/* Validation functions */ -int OS_IsValidName(const char *u_name); -int OS_IsValidID(const char *id); -int IDExist(const char *id, int discard_removed); -int NameExist(const char *u_name); -char *IPExist(const char *u_ip); -char *getNameById(const char *id); -int OS_AddNewAgent(keystore *keys, const char *id, const char *name, const char *ip, const char *key); -int OS_RemoveAgent(const char *id); -void OS_AddAgentTimestamp(const char *id, const char *name, const char *ip, time_t now); -void OS_RemoveAgentTimestamp(const char *id); -void FormatID(char *id); - -/* Print available agents */ -int print_agents(int print_status, int active_only, int inactive_only, int csv_output, cJSON *json_output); -int list_agents(int cmdlist); - -/* Clear a line */ -char *chomp(char *str); - -/* Shared variables */ -extern time_t time1; -extern time_t time2; -extern time_t time3; -extern long int rand1; -extern long int rand2; -extern fpos_t fp_pos; -extern char shost[]; - -/* Internal defines */ -#define USER_SIZE 514 -#define FILE_SIZE 257 -#define STR_SIZE 66 -#define VALID_AGENT_NAME_CHARS "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_.-" - -/* Internal strings */ -#define QUIT "\\q" -#define AGENT_FILE_DELIMS "," - -/* Print agents */ -#define PRINT_AVAILABLE "\nAvailable agents: \n" -#define PRINT_AGENT " ID: %s, Name: %s, IP: %s\n" -#define PRINT_AGENT_STATUS " ID: %s, Name: %s, IP: %s, %s\n" - -/* Add new agent */ -#define ADD_NEW "\n- Adding a new agent"\ - " (use '\\q' to return to the main menu).\n"\ - " Please provide the following:\n" -#define ADD_NAME " * A name for the new agent: " -#define ADD_IP " * The IP Address of the new agent: " -#define ADD_ID " * An ID for the new agent[%s]: " -#define AGENT_INFO "Agent information:\n ID:%s\n Name:%s\n " \ - "IP Address:%s\n\n" -#define ADD_CONFIRM "Confirm adding it?(y/n): " -#define AGENT_ADD "Agent added with ID %s.\n" -#define ADDED "Added.\n" -#define ADD_NOT "Not Adding.\n" -#define PRESS_ENTER "** Press ENTER to return to the main menu.\n" - -/* Add errors */ -#define ADD_ERROR_ID "\n** ID '%s' already present. They must be unique.\n\n" -#define ADD_ERROR_NAME "\n** Name '%s' already present. Please enter a new name.\n\n" -#define IP_ERROR "\n** Invalid IP '%s'. Please enter a valid IP Address.\n\n" -#define IP_DUP_ERROR "\n** Duplicate IP '%s'. Please enter an unique IP Address.\n\n" -#define NO_AGENT "\n** No agent available. You need to add one first.\n" -#define NO_ID "\n** Invalid ID '%s' given. ID is not present.\n" -#define NO_KEY "\n** Invalid authentication key. Starting over again.\n" -#define INVALID_ID "\n** Invalid ID '%s' given. ID must be numeric (max 8 digits).\n\n" -#define INVALID_NAME "\n** Invalid name '%s' given. Name must contain only alphanumeric characters (min=2, max=32).\n\n" -#define NO_DEFAULT "\n** Could not get default ID. Ran out of IDs to try with a max of '%d'. Either need to raise max agents or clean out client.keys.\n\n" -#define SYNTAX_ERROR "\n** Syntax error at file %s\n\n" - -/* Remove agent */ -#define REMOVE_ID "Provide the ID of the agent to be removed (or '\\q' to quit): " -#define REMOVE_CONFIRM "Confirm deleting it?(y/n): " -#define REMOVE_DONE "Agent '%s' removed.\n" -#define REMOVE_NOT "Not removing.\n" - -/* Import agent */ -#define IMPORT_KEY "\n* Provide the Key generated by the server.\n" \ - "* The best approach is to cut and paste it.\n" \ - "*** OBS: Do not include spaces or new lines.\n\n" \ - "Paste it here (or '\\q' to quit): " - -/* Extract key */ -#define EXTRACT_KEY "Provide the ID of the agent to extract " \ - "the key (or '\\q' to quit): " -#define EXTRACT_MSG "\nAgent key information for '%s' is: \n%s\n" - -/* Common errors */ -#define ERROR_KEYS "Unable to handle keys file. Exiting.\n" -#define EXTRACT_ERROR "Unable to extract agent key.\n" -#define INPUT_LARGE ARGV0 ": Input too large. Not adding it.\n" -#define EXIT ARGV0 ": Exiting.\n" - -#define BANNER "\n****************************************" \ - "\n* %s %s Agent manager.%.*s*" \ - "\n* The following options are available: *" \ - "\n****************************************\n" - -#define BANNER_OPT " (A)dd an agent (A).\n" \ - " (E)xtract key for an agent (E).\n" \ - " (L)ist already added agents (L).\n" \ - " (R)emove an agent (R).\n" \ - " (Q)uit.\n" \ - "Choose your action: A,E,L,R or Q: " - -#define BANNER_CLIENT " (I)mport key from the server (I).\n" \ - " (Q)uit.\n" \ - "Choose your action: I or Q: " - -#endif diff --git a/src/addagent/manage_keys.c b/src/addagent/manage_keys.c deleted file mode 100644 index 2c2603a8a0d..00000000000 --- a/src/addagent/manage_keys.c +++ /dev/null @@ -1,494 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "manage_agents.h" -#include "os_crypto/md5/md5_op.h" -#include "external/cJSON/cJSON.h" -#include -#include "config/authd-config.h" - -#ifdef WIN32 - #include -#endif - -#define DEFAULT_ID 132512 - -/* Prototypes */ -static char *trimwhitespace(char *str); - - -static char *trimwhitespace(char *str) -{ - char *end; - - /* Null pointer? */ - if (!str) - return NULL; - - /* Trim leading space */ - while (isspace(*str)) { - str++; - } - - if (*str == 0) { /* All spaces? */ - return str; - } - - /* Trim trailing space */ - end = str + strlen(str) - 1; - while (end > str && isspace(*end)) { - end--; - } - - /* Write new null terminator */ - *(end + 1) = 0; - - return str; -} - -/* Import a key */ -int k_import(const char *cmdimport) -{ - FILE *fp; - const char *user_input; - char auth_file[] = KEYS_FILE; - char *keys_file = basename_ex(auth_file); - char *b64_dec; - - char *name; - char *ip; - char *tmp_key; - - char line_read[FILE_SIZE + 1]; - char tmp_path[PATH_MAX]; - - snprintf(tmp_path, sizeof(tmp_path), "%s/%sXXXXXX", TMP_DIR, keys_file); - - /* Parse user argument */ - if (cmdimport) { - user_input = cmdimport; - } else { - printf(IMPORT_KEY); - - user_input = getenv("OSSEC_AGENT_KEY"); - if (user_input == NULL) { - user_input = read_from_user(); - } - } - - /* Quit */ - if (strcmp(user_input, QUIT) == 0) { - return (0); - } - - b64_dec = decode_base64(user_input); - if (b64_dec == NULL) { - printf(NO_KEY); - printf(PRESS_ENTER); - read_from_user(); - return (0); - } - - memset(line_read, '\0', FILE_SIZE + 1); - strncpy(line_read, b64_dec, FILE_SIZE); - - name = strchr(b64_dec, ' '); - if (name && strlen(line_read) < FILE_SIZE) { - *name = '\0'; - name++; - ip = strchr(name, ' '); - if (ip) { - *ip = '\0'; - ip++; - - tmp_key = strchr(ip, ' '); - if (!tmp_key) { - printf(NO_KEY); - free(b64_dec); - return (0); - } - *tmp_key = '\0'; - - printf("\n"); - printf(AGENT_INFO, b64_dec, name, ip); - - while (1) { - printf(ADD_CONFIRM); - fflush(stdout); - - user_input = getenv("OSSEC_ACTION_CONFIRMED"); - if (user_input == NULL) { - user_input = read_from_user(); - } - - if (user_input[0] == 'y' || user_input[0] == 'Y') { - if (mkstemp_ex(tmp_path)) { - merror_exit(MKSTEMP_ERROR, tmp_path, errno, strerror(errno)); - } - -#ifndef WIN32 - if (chmod(tmp_path, 0640) == -1) { - if (unlink(tmp_path)) { - minfo(DELETE_ERROR, tmp_path, errno, strerror(errno)); - } - - merror_exit(CHMOD_ERROR, tmp_path, errno, strerror(errno)); - } -#endif - - fp = wfopen(tmp_path, "w"); - if (!fp) { - if (unlink(tmp_path)) { - minfo(DELETE_ERROR, tmp_path, errno, strerror(errno)); - } - - merror_exit(FOPEN_ERROR, tmp_path, errno, strerror(errno)); - } - fprintf(fp, "%s\n", line_read); - fclose(fp); - - if (rename_ex(tmp_path, KEYS_FILE)) { - if (unlink(tmp_path)) { - minfo(DELETE_ERROR, tmp_path, errno, strerror(errno)); - } - - merror_exit(RENAME_ERROR, tmp_path, KEYS_FILE, errno, strerror(errno)); - } - - /* Remove sender counter */ - OS_RemoveCounter("sender"); - - printf(ADDED); - free(b64_dec); - return (1); - } else { /* if(user_input[0] == 'n' || user_input[0] == 'N') */ - printf("%s", ADD_NOT); - - free(b64_dec); - return (0); - } - } - } - } - - printf(NO_KEY); - printf(PRESS_ENTER); - read_from_user(); - - free(b64_dec); - return (0); -} - -/* Extract base64 for a specific agent */ -int k_extract(const char *cmdextract, int json_output) -{ - FILE *fp; - char *user_input; - char *b64_enc; - char line_read[FILE_SIZE + 1]; - char n_id[USER_SIZE + 1]; - cJSON *json_root = NULL; - - if (json_output) - json_root = cJSON_CreateObject(); - - if (cmdextract) { - os_strdup(cmdextract, user_input); - FormatID(user_input); - - if (!IDExist(user_input, 1)) { - if (json_output) { - char buffer[1024]; - snprintf(buffer, 1023, "Invalid ID '%s' given. ID is not present", user_input); - cJSON_AddNumberToObject(json_root, "error", 70); - cJSON_AddStringToObject(json_root, "message", buffer); - printf("%s", cJSON_PrintUnformatted(json_root)); - } else - printf(NO_ID, user_input); - - exit(1); - } - } else { - if (!print_agents(0, 0, 0, 0, 0)) { - printf(NO_AGENT); - printf(PRESS_ENTER); - read_from_user(); - return (0); - } - - while (1) { - printf(EXTRACT_KEY); - fflush(stdout); - user_input = read_from_user(); - - /* quit */ - if (strcmp(user_input, QUIT) == 0) { - return (0); - } - - FormatID(user_input); - - if (IDExist(user_input, 1)) { - break; - } else - printf(NO_ID, user_input); - } - } - - /* Try to open the auth file */ - fp = wfopen(KEYS_FILE, "r"); - if (!fp) { - if (json_output) { - char buffer[1024]; - snprintf(buffer, 1023, "Could not open file '%s' due to [(%d)-(%s)]", KEYS_FILE, errno, strerror(errno)); - cJSON_AddNumberToObject(json_root, "error", 71); - cJSON_AddStringToObject(json_root, "message", buffer); - printf("%s", cJSON_PrintUnformatted(json_root)); - exit(1); - } else - merror_exit(FOPEN_ERROR, KEYS_FILE, errno, strerror(errno)); - } - - if (fsetpos(fp, &fp_pos)) { - if (json_output) { - cJSON_AddNumberToObject(json_root, "error", 71); - cJSON_AddStringToObject(json_root, "message", "Can not set fileposition"); - printf("%s", cJSON_PrintUnformatted(json_root)); - } else - merror("Can not set fileposition."); - - exit(1); - } - - memset(n_id, '\0', USER_SIZE + 1); - strncpy(n_id, user_input, USER_SIZE - 1); - - if (fgets(line_read, FILE_SIZE, fp) == NULL) { - if (json_output) { - cJSON_AddNumberToObject(json_root, "error", 73); - cJSON_AddStringToObject(json_root, "message", "Unable to handle keys file"); - printf("%s", cJSON_PrintUnformatted(json_root)); - } else - printf(ERROR_KEYS); - - fclose(fp); - exit(1); - } - chomp(line_read); - - b64_enc = encode_base64(strlen(line_read), line_read); - if (b64_enc == NULL) { - if (json_output) { - cJSON_AddNumberToObject(json_root, "error", 74); - cJSON_AddStringToObject(json_root, "message", "Unable to extract agent key"); - printf("%s", cJSON_PrintUnformatted(json_root)); - } else - printf(EXTRACT_ERROR); - - fclose(fp); - exit(1); - } - - if (json_output) { - cJSON_AddNumberToObject(json_root, "error", 0); - cJSON_AddStringToObject(json_root, "data", b64_enc); - printf("%s", cJSON_PrintUnformatted(json_root)); - } else - printf(EXTRACT_MSG, n_id, b64_enc); - - if (!cmdextract) { - printf("\n" PRESS_ENTER); - read_from_user(); - } - - free(b64_enc); - fclose(fp); - - return (0); -} - -/* Bulk generate client keys from file */ -int k_bulkload(const char *cmdbulk) -{ - int i = 1; - int sock; - FILE *fp, *infp; - char str1[STR_SIZE + 1]; - char str2[STR_SIZE + 1]; - - os_md5 md1; - os_md5 md2; - char line[FILE_SIZE + 1]; - char name[FILE_SIZE + 1]; - char id[FILE_SIZE + 1]; - char ip[FILE_SIZE + 1]; - char delims[] = AGENT_FILE_DELIMS; - char *token = NULL; - char *save_ptr; - - sock = auth_connect(); - - /* Check if we can open the input file */ - printf("Opening: [%s]\n", cmdbulk); - infp = wfopen(cmdbulk, "r"); - if (!infp) { - perror("Failed."); - merror_exit(FOPEN_ERROR, cmdbulk, errno, strerror(errno)); - } - - /* Check if we can open the auth_file */ - fp = wfopen(KEYS_FILE, "a"); - if (!fp) { - merror_exit(FOPEN_ERROR, KEYS_FILE, errno, strerror(errno)); - } - fclose(fp); - - while (fgets(line, FILE_SIZE - 1, infp) != NULL) { - - if (1 >= strlen(trimwhitespace(line))) { - continue; - } - - memset(ip, '\0', FILE_SIZE + 1); - token = strtok_r(line, delims, &save_ptr); - strncpy(ip, trimwhitespace(token), FILE_SIZE - 1); - - memset(name, '\0', FILE_SIZE + 1); - token = strtok_r(NULL, delims, &save_ptr); - - if (!token) - merror_exit(SYNTAX_ERROR, cmdbulk); - - strncpy(name, trimwhitespace(token), FILE_SIZE - 1); - -#ifndef WIN32 - if (chmod(KEYS_FILE, 0640) == -1) { - merror_exit(CHMOD_ERROR, KEYS_FILE, errno, strerror(errno)); - } -#endif - - /* Set time 2 */ - time2 = time(0); - - rand1 = os_random(); - - /* Check the name */ - if (!OS_IsValidName(name)) { - printf(INVALID_NAME, name); - continue; - } - - /* Search for name -- no duplicates */ - if (sock < 0 && NameExist(name)) { - printf(ADD_ERROR_NAME, name); - continue; - } - - os_ip *aux_ip; - os_calloc(1, sizeof(os_ip), aux_ip); - if (!OS_IsValidIP(ip, aux_ip)) { - printf(IP_ERROR, ip); - w_free_os_ip(aux_ip); - continue; - } - - strncpy(ip, aux_ip->ip, FILE_SIZE - 1); - w_free_os_ip(aux_ip); - - char *ip_exist = NULL; - if (sock < 0 && (ip_exist = IPExist(ip))) { - os_free(ip_exist); - printf(IP_ERROR, ip); - continue; - } - - if(ip_exist) { - os_free(ip_exist); - } - - if (sock < 0) { - /* Default ID */ - i = DEFAULT_ID; - snprintf(id, 8, "%03d", i); - while (sock < 0 && !IDExist(id, 0)) { - i--; - snprintf(id, 8, "%03d", i); - - /* No key present, use id 0 */ - if (i <= 0) { - i = 0; - break; - } - } - snprintf(id, 8, "%03d", i + 1); - - if (!OS_IsValidID(id)) { - printf(INVALID_ID, id); - continue; - } - - /* Search for ID KEY -- no duplicates */ - if (sock < 0 && IDExist(id, 0)) { - printf(NO_DEFAULT, i + 1); - continue; - } - - printf(AGENT_INFO, id, name, ip); - fflush(stdout); - - time3 = time(0); - rand2 = os_random(); - - fp = wfopen(KEYS_FILE, "a"); - if (!fp) { - merror_exit(FOPEN_ERROR, KEYS_FILE, errno, strerror(errno)); - } -#ifndef WIN32 - if (chmod(KEYS_FILE, 0640) == -1) { - merror_exit(CHMOD_ERROR, KEYS_FILE, errno, strerror(errno)); - } -#endif - - /* Random 1: Time took to write the agent information - * Random 2: Time took to choose the action - * Random 3: All of this + time + pid - * Random 4: MD5 all of this + the name, key and IP - * Random 5: Final key - */ - - os_snprintf(str1, STR_SIZE, "%d%s%d", (int)(time3 - time2), name, (int)rand1); - os_snprintf(str2, STR_SIZE, "%d%s%s%d", (int)(time2 - time1), ip, id, (int)rand2); - - OS_MD5_Str(str1, -1, md1); - OS_MD5_Str(str2, -1, md2); - - snprintf(str1, STR_SIZE, "%s%d%d%d", md1, (int)getpid(), os_random(), (int)time3); - OS_MD5_Str(str1, -1, md1); - - fprintf(fp, "%s %s %s %s%s\n", id, name, ip, md1, md2); - fclose(fp); - } else { - authd_force_options_t force_options = {0}; - if (w_request_agent_add_local(sock, id, name, ip, NULL, NULL, &force_options, 0, NULL, 1) < 0) { - continue; - } - } - - printf(AGENT_ADD, id); - }; - - fclose(infp); - - if (sock >= 0) { - close(sock); - } - - return (0); -} diff --git a/src/addagent/read_from_user.c b/src/addagent/read_from_user.c deleted file mode 100644 index 87d1f4b02f0..00000000000 --- a/src/addagent/read_from_user.c +++ /dev/null @@ -1,32 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "manage_agents.h" - -/* Global variables */ -static char __user_buffer[USER_SIZE + 1]; -static char *__user_buffer_pt; - - -char *read_from_user() -{ - memset(__user_buffer, '\0', USER_SIZE + 1); - - if ((fgets(__user_buffer, USER_SIZE - 1, stdin) == NULL) || - (strlen(__user_buffer) >= (USER_SIZE - 2))) { - printf(INPUT_LARGE); - exit(1); - } - - __user_buffer_pt = chomp(__user_buffer); - - return (__user_buffer_pt); -} - diff --git a/src/addagent/validate.c b/src/addagent/validate.c deleted file mode 100644 index d5e8b330892..00000000000 --- a/src/addagent/validate.c +++ /dev/null @@ -1,678 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "cJSON.h" -#include "manage_agents.h" -#include "os_crypto/md5/md5_op.h" -#include "os_err.h" -#include "wazuh_db/wdb.h" -#include -#ifndef CLIENT -#include "wazuh_db/helpers/wdb_global_helpers.h" -#include "wazuhdb_op.h" -#endif - -#define str_startwith(x, y) strncmp(x, y, strlen(y)) -#define str_endwith(x, y) (strlen(x) < strlen(y) || strcmp(x + strlen(x) - strlen(y), y)) - -#ifdef WIN32 - #define fchmod(x,y) 0 - #define mkdir(x,y) 0 - #define link(x,y) 0 - #define difftime(x,y) 0 - #define mkstemp(x) 0 - #define chown(x,y,z) 0 - #define Privsep_GetUser(x) -1 - #define Privsep_GetGroup(x) -1 -#endif - -/* Global variables */ -fpos_t fp_pos; - -int OS_AddNewAgent(keystore *keys, const char *id, const char *name, const char *ip, const char *key) -{ - os_md5 md1; - os_md5 md2; - char str1[STR_SIZE + 1]; - char str2[STR_SIZE + 1]; - char _id[12] = { '\0' }; - char buffer[KEYSIZE] = { '\0' }; - - if (!id) { - snprintf(_id,sizeof(_id), "%03d", ++keys->id_counter); - id = _id; - } - else { - char *endptr; - int id_number = strtol(id, &endptr, 10); - - if ('\0' == *endptr && id_number > keys->id_counter) - keys->id_counter = id_number; - } - - if (!key) { - snprintf(str1, STR_SIZE, "%d%s%d%s", (int)time(0), name, os_random(), getuname()); - snprintf(str2, STR_SIZE, "%s%s%ld", ip, id, (long int)os_random()); - OS_MD5_Str(str1, -1, md1); - OS_MD5_Str(str2, -1, md2); - snprintf(buffer, KEYSIZE, "%s%s", md1, md2); - key = buffer; - } - - return OS_AddKey(keys, id, name, ip ? ip : "any", key, time(NULL)); -} - -#ifndef CLIENT - -int OS_RemoveAgent(const char *u_id) { - FILE *fp; - File file; - int id_exist; - char *name; - long fp_seek; - size_t fp_read; - char *buffer; - char buf_curline[OS_BUFFER_SIZE]; - struct stat fp_stat; - char wdbquery[OS_SIZE_128 + 1]; - char *wdboutput; - - id_exist = IDExist(u_id, 1); - - if (!id_exist) - return 0; - - fp = wfopen(KEYS_FILE, "r"); - - if (!fp) - return 0; - - if (fstat(fileno(fp), &fp_stat) < 0) { - fclose(fp); - return 0; - } - - buffer = malloc(fp_stat.st_size + 1); - if (!buffer) { - fclose(fp); - return 0; - } - - if (fsetpos(fp, &fp_pos) < 0) { - fclose(fp); - free(buffer); - return 0; - } - - if ((fp_seek = ftell(fp)) < 0) { - fclose(fp); - free(buffer); - return 0; - } - - fseek(fp, 0, SEEK_SET); - fp_read = fread(buffer, sizeof(char), (size_t)fp_seek, fp); - - if (!fgets(buf_curline, OS_BUFFER_SIZE - 2, fp)) { - free(buffer); - fclose(fp); - return 0; - } - - char *ptr_name = strchr(buf_curline, ' '); - - if (!ptr_name) { - free(buffer); - fclose(fp); - return 0; - } - - ptr_name++; - - memmove(ptr_name + 1, ptr_name, strlen(ptr_name) + 1); - *ptr_name = '!'; - size_t curline_len = strlen(buf_curline); - memcpy(buffer + fp_read, buf_curline, curline_len); - fp_read += curline_len; - - if (!feof(fp)) - fp_read += fread(buffer + fp_read, sizeof(char), fp_stat.st_size, fp); - - fclose(fp); - - if (TempFile(&file, KEYS_FILE, 0) < 0) { - free(buffer); - return 0; - } - - fwrite(buffer, sizeof(char), fp_read, file.fp); - fclose(file.fp); - name = getNameById(u_id); - - if (OS_MoveFile(file.name, KEYS_FILE) < 0) { - free(file.name); - free(buffer); - free(name); - return 0; - } - - free(file.name); - free(buffer); - - if (name) { - delete_diff(name); - free(name); - } - - // Remove DB from wazuh-db - int sock = -1; - int error; - snprintf(wdbquery, OS_SIZE_128, "wazuhdb remove %s", u_id); - os_calloc(OS_SIZE_6144, sizeof(char), wdboutput); - if (error = wdbc_query_ex(&sock, wdbquery, wdboutput, OS_SIZE_6144), !error) { - mdebug1("DB from agent %s was deleted '%s'", u_id, wdboutput); - } else { - merror("Could not remove the DB of the agent %s. Error: %d.", u_id, error); - } - - os_free(wdboutput); - - if (wdb_remove_agent(atoi(u_id), &sock) != OS_SUCCESS) { - mdebug1("Could not remove the information stored in Wazuh DB of the agent %s.", u_id); - } - - wdbc_close(&sock); - - /* Remove counter for ID */ - OS_RemoveCounter(u_id); - OS_RemoveAgentTimestamp(u_id); - return 1; -} - -#endif - -int OS_IsValidID(const char *id) -{ - size_t id_len, i; - - /* ID must not be null */ - if (!id) { - return (0); - } - - id_len = strlen(id); - - /* Check ID length, it should contain max. 8 characters */ - if (id_len > 8) { - return (0); - } - - /* Check ID if it contains only numeric characters [0-9] */ - for (i = 0; i < id_len; i++) { - if (!(isdigit((int)id[i]))) { - return (0); - } - } - - return (1); -} - -/* Get agent name of ID */ -char *getNameById(const char *id) -{ - FILE *fp; - char line_read[FILE_SIZE + 1]; - line_read[FILE_SIZE] = '\0'; - - /* ID must not be null */ - if (!id) { - return (NULL); - } - - fp = wfopen(KEYS_FILE, "r"); - if (!fp) { - return (NULL); - } - - while (fgets(line_read, FILE_SIZE - 1, fp) != NULL) { - char *name; - char *tmp_str; - - if (line_read[0] == '#') { - continue; - } - - name = strchr(line_read, ' '); - if (name) { - *name = '\0'; - /* Didn't match */ - if (strcmp(line_read, id) != 0) { - continue; - } - - name++; - - /* Removed entry */ - if (*name == '#' || *name == '!') { - continue; - } - - /* Clean up name */ - tmp_str = strchr(name, ' '); - if (tmp_str) { - char *final_str; - *tmp_str = '\0'; - - /* If we reached here, we found the name */ - os_calloc(1, FILE_SIZE, final_str); - snprintf(final_str, FILE_SIZE - 1, "%s", name); - - fclose(fp); - return (final_str); - } - } - } - - fclose(fp); - return (NULL); -} - -/* ID Search (is valid ID) */ -int IDExist(const char *id, int discard_removed) -{ - FILE *fp; - char line_read[FILE_SIZE + 1]; - line_read[FILE_SIZE] = '\0'; - - /* ID must not be null */ - if (!id) { - return (0); - } - - fp = wfopen(KEYS_FILE, "r"); - - if (!fp) { - return (0); - } - - fseek(fp, 0, SEEK_SET); - fgetpos(fp, &fp_pos); - - while (fgets(line_read, FILE_SIZE - 1, fp) != NULL) { - char *name; - - if (line_read[0] == '#') { - fgetpos(fp, &fp_pos); - continue; - } - - name = strchr(line_read, ' '); - if (name) { - *name = '\0'; - name++; - - if (strcmp(line_read, id) == 0) { - if (discard_removed && (*name == '!' || *name == '#')) { - fgetpos(fp, &fp_pos); - continue; - } - - fclose(fp); - return (1); /*(fp_pos);*/ - } - } - - fgetpos(fp, &fp_pos); - } - - fclose(fp); - return (0); -} - -/* Validate agent name */ -int OS_IsValidName(const char *u_name) -{ - size_t i, uname_length = strlen(u_name); - - /* We must have something in the name */ - if (uname_length < 2 || uname_length > 128) { - return (0); - } - - /* Check if it contains any non-alphanumeric characters */ - for (i = 0; i < uname_length; i++) { - if (!isalnum((int)u_name[i]) && (u_name[i] != '-') && - (u_name[i] != '_') && (u_name[i] != '.')) { - return (0); - } - } - - return (1); -} - -void OS_ConvertToValidAgentName(char *u_name) { - size_t i, uname_length = strlen(u_name); - while((i = strspn(u_name, VALID_AGENT_NAME_CHARS)), i < uname_length ) - { - // Invalid character detected, delete it - memmove(u_name + i, u_name + i + 1, uname_length - i); - uname_length--; - } -} - -int NameExist(const char *u_name) -{ - FILE *fp; - char line_read[FILE_SIZE + 1]; - line_read[FILE_SIZE] = '\0'; - - if ((!u_name) || - (*u_name == '\0') || - (*u_name == '\r') || - (*u_name == '\n')) { - return (0); - } - - fp = wfopen(KEYS_FILE, "r"); - - if (!fp) { - return (0); - } - - fseek(fp, 0, SEEK_SET); - fgetpos(fp, &fp_pos); - - while (fgets(line_read, FILE_SIZE - 1, fp) != NULL) { - char *name; - - if (line_read[0] == '#') { - continue; - } - - name = strchr(line_read, ' '); - if (name) { - char *ip; - name++; - - if (*name == '#' || *name == '!') { - continue; - } - - ip = strchr(name, ' '); - if (ip) { - *ip = '\0'; - if (strcmp(u_name, name) == 0) { - fclose(fp); - return (1); - } - } - } - fgetpos(fp, &fp_pos); - } - - fclose(fp); - return (0); -} - -/* Returns the ID of an agent, or NULL if not found */ -char *IPExist(const char *u_ip) -{ - FILE *fp; - char *name, *ip, *pass; - char line_read[FILE_SIZE + 1]; - line_read[FILE_SIZE] = '\0'; - - if (!(u_ip && strncmp(u_ip, "any", 3)) || strchr(u_ip, '/')) - return NULL; - - fp = wfopen(KEYS_FILE, "r"); - - if (!fp) - return NULL; - - fseek(fp, 0, SEEK_SET); - fgetpos(fp, &fp_pos); - - while (fgets(line_read, FILE_SIZE - 1, fp) != NULL) { - if (line_read[0] == '#') { - continue; - } - - name = strchr(line_read, ' '); - if (name) { - name++; - - if (*name == '#' || *name == '!') { - continue; - } - - ip = strchr(name, ' '); - if (ip) { - ip++; - - pass = strchr(ip, ' '); - if (pass) { - *pass = '\0'; - if (strcmp(u_ip, ip) == 0) { - fclose(fp); - name[-1] = '\0'; - return strdup(line_read); - } - } - } - } - - fgetpos(fp, &fp_pos); - } - - fclose(fp); - return NULL; -} - -/* Print available agents */ -int print_agents(int print_status, int active_only, int inactive_only, int csv_output, cJSON *json_output) -{ - int total = 0; - FILE *fp; - char line_read[FILE_SIZE + 1]; - line_read[FILE_SIZE] = '\0'; - - fp = wfopen(KEYS_FILE, "r"); - if (!fp) { - return (0); - } - - fseek(fp, 0, SEEK_SET); - - memset(line_read, '\0', FILE_SIZE); - - while (fgets(line_read, FILE_SIZE - 1, fp) != NULL) { - char *name; - - if (line_read[0] == '#') { - continue; - } - - name = strchr(line_read, ' '); - if (name) { - char *ip; - *name = '\0'; - name++; - - /* Removed agent */ - if (*name == '#' || *name == '!') { - continue; - } - - ip = strchr(name, ' '); - if (ip) { - char *key; - *ip = '\0'; - ip++; - key = strchr(ip, ' '); - if (key) { - *key = '\0'; - if (!total && !print_status) { - printf(PRINT_AVAILABLE); - } - total++; - - if (print_status) { - #ifndef CLIENT //print_status is only available on servers - // Within this context, line_read corresponds to the agent ID - agent_status_t agt_status = get_agent_status(atoi(line_read)); - if (active_only && (agt_status != GA_STATUS_ACTIVE)) { - continue; - } - - if (inactive_only && agt_status != GA_STATUS_NACTIVE) { - continue; - } - - if (csv_output) { - printf("%s,%s,%s,%s,\n", line_read, name, ip, print_agent_status(agt_status)); - } else if (json_output) { - cJSON *json_agent = cJSON_CreateObject(); - - if (!json_agent) { - fclose(fp); - return 0; - } - - cJSON_AddStringToObject(json_agent, "id", line_read); - cJSON_AddStringToObject(json_agent, "name", name); - cJSON_AddStringToObject(json_agent, "ip", ip); - cJSON_AddStringToObject(json_agent, "status", print_agent_status(agt_status)); - cJSON_AddItemToArray(json_output, json_agent); - } else { - printf(PRINT_AGENT_STATUS, line_read, name, ip, print_agent_status(agt_status)); - } - #else - (void) inactive_only; - printf(PRINT_AGENT, line_read, name, ip); - #endif - } else { - printf(PRINT_AGENT, line_read, name, ip); - } - } - } - } - } - - /* Only print agentless for non-active only searches */ - if (!active_only && print_status) { - const char *aip = NULL; - DIR *dirp; - struct dirent *dp = NULL; - - if (!csv_output && !json_output) { - printf("\nList of agentless devices:\n"); - } - - dirp = opendir(AGENTLESS_ENTRYDIR); - if (dirp) { - while ((dp = readdir(dirp)) != NULL) { - if (strncmp(dp->d_name, ".", 1) == 0) { - continue; - } - - aip = strchr(dp->d_name, '@'); - if (aip) { - aip++; - } else { - aip = ""; - } - - if (csv_output) { - printf("na,%s,%s,agentless,\n", dp->d_name, aip); - } else { - printf(" ID: na, Name: %s, IP: %s, agentless\n", - dp->d_name, aip); - } - } - closedir(dirp); - } - } - - fclose(fp); - if (total) { - return (1); - } - - return (0); -} - -void OS_AddAgentTimestamp(const char *id, const char *name, const char *ip, time_t now) -{ - File file; - char timestamp[40]; - struct tm tm_result = { .tm_sec = 0 }; - - if (TempFile(&file, TIMESTAMP_FILE, 1) < 0) { - merror("Couldn't open timestamp file."); - return; - } - - strftime(timestamp, 40, "%Y-%m-%d %H:%M:%S", localtime_r(&now, &tm_result)); - fprintf(file.fp, "%s %s %s %s\n", id, name, ip, timestamp); - fclose(file.fp); - OS_MoveFile(file.name, TIMESTAMP_FILE); - free(file.name); -} - -void OS_RemoveAgentTimestamp(const char *id) -{ - FILE *fp; - File file; - char line[OS_BUFFER_SIZE]; - char * sep; - - fp = wfopen(TIMESTAMP_FILE, "r"); - - if (!fp) { - return; - } - - if (TempFile(&file, TIMESTAMP_FILE, 0) < 0) { - merror("Couldn't open timestamp file."); - fclose(fp); - return; - } - - while (fgets(line, OS_BUFFER_SIZE, fp)) { - if (sep = strchr(line, ' '), sep) { - *sep = '\0'; - } else { - continue; - } - - if (strcmp(id, line) != 0) { - *sep = ' '; - fputs(line, file.fp); - } - } - - fclose(fp); - fclose(file.fp); - OS_MoveFile(file.name, TIMESTAMP_FILE); - free(file.name); -} - -void FormatID(char *id) { - int number; - char *end; - - if (id && *id) { - number = strtol(id, &end, 10); - - if (!*end) - sprintf(id, "%03d", number); - } -} diff --git a/src/config/README.md b/src/config/README.md deleted file mode 100644 index dfd3fcd4d21..00000000000 --- a/src/config/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# Wazuh configurations - -Wazuh manager and agent configuration are managed and disposed to each module or system component in different ways. - -Each module has a different configuration section, for specific information about each section please refer to online documentation. - -## Sections - -**Vulnerability Detection** - -This module uses configuration from XML file "ossec.conf" section "vulnerability-detection". -The management of the configuration is implemented in the file "src/config/wmodules-vulnerability-detection.c". -The function "Read_Vulnerability_Detection" parses the XML section and converts it to a cJSON object that is used by the vulnerability_scanner module. A pod structure "wm_vulnerability_scanner_t" is used as the converted configuration output. -This pod structure is stored in the "data" field of the vulnerability-detection wmodule. - -**Indexer** - -This module uses configuration from XML file "ossec.conf" section "indexer". -The management of the configuration is implemented in the file "src/config/indexer-config.c". -The function "Read_Indexer" parses the XML section and converts it to a cJSON object that is used by the vulnerability_scanner module. A cJSON global variable is used as the converted configuration output. -This configuration data has 2 special array fields "hosts" and "certificate_authorities", These fields are stored as an array ignoring the name of the inside elements. - -## Documentation - -* [Configuration documentation](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/index.html) \ No newline at end of file diff --git a/src/config/active-response.c b/src/config/active-response.c deleted file mode 100644 index d1c581e98f1..00000000000 --- a/src/config/active-response.c +++ /dev/null @@ -1,380 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#ifndef WIN32 -#include -#include -#endif - -#include "shared.h" -#include "os_xml/os_xml.h" -#include "os_regex/os_regex.h" -#include "active-response.h" -#include "config.h" - -/* Global variables */ -int ar_flag = 0; - - -/* Generate a list with all active responses */ -int ReadActiveResponses(XML_NODE node, void *d1, void *d2) -{ - OSList *l1 = (OSList *) d1; - OSList *l2 = (OSList *) d2; - active_response *tmp_ar = NULL; - FILE *fp; - int i = 0; - int r_ar = 0; - int l_ar = 0; - int rpt = 0; - int ret_value = OS_INVALID; - - /* Xml options */ - const char *xml_ar_command = "command"; - const char *xml_ar_location = "location"; - const char *xml_ar_agent_id = "agent_id"; - const char *xml_ar_rules_id = "rules_id"; - const char *xml_ar_rules_group = "rules_group"; - const char *xml_ar_level = "level"; - const char *xml_ar_timeout = "timeout"; - const char *xml_ar_disabled = "disabled"; - const char *xml_ar_repeated = "repeated_offenders"; - const char *xml_ca_store = "ca_store"; - char *tmp_location = NULL; - - /* Open shared ar file */ - fp = wfopen(DEFAULTAR, "a"); - if (!fp) { - merror(FOPEN_ERROR, DEFAULTAR, errno, strerror(errno)); - return (-1); - } - -#ifndef WIN32 - gid_t gid = Privsep_GetGroup(USER); - - if (gid == (gid_t)-1) { - merror("Could not get group name."); - fclose(fp); - return OS_INVALID; - } - - if ((chown(DEFAULTAR, (uid_t) - 1, gid)) == -1) { - merror("Could not change the group to '%s': %d.", GROUPGLOBAL, errno); - fclose(fp); - return OS_INVALID; - } - -#endif - - if ((chmod(DEFAULTAR, 0640)) == -1) { - merror("Could not chmod to 0640: '%d'", errno); - fclose(fp); - return (-1); - } - - /* Allocate for the active-response */ - os_calloc(1, sizeof(active_response), tmp_ar); - - /* Search for the commands */ - while (node[i]) { - if (!node[i]->element) { - merror(XML_ELEMNULL); - goto end; - } else if (!node[i]->content) { - merror(XML_VALUENULL, node[i]->element); - goto end; - } - - /* Command */ - if (strcmp(node[i]->element, xml_ar_command) == 0) { - tmp_ar->command = strdup(node[i]->content); - } - /* Target */ - else if (strcmp(node[i]->element, xml_ar_location) == 0) { - os_free(tmp_location); - os_strdup(node[i]->content, tmp_location); - } else if (strcmp(node[i]->element, xml_ar_agent_id) == 0) { - os_strdup(node[i]->content, tmp_ar->agent_id); - } else if (strcmp(node[i]->element, xml_ar_rules_id) == 0) { - os_strdup(node[i]->content, tmp_ar->rules_id); - } else if (strcmp(node[i]->element, xml_ar_rules_group) == 0) { - os_strdup(node[i]->content, tmp_ar->rules_group); - } else if (strcmp(node[i]->element, xml_ar_level) == 0) { - /* Level must be numeric */ - if (!OS_StrIsNum(node[i]->content)) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - goto end; - } - - tmp_ar->level = atoi(node[i]->content); - - /* Make sure the level is valid */ - if ((tmp_ar->level < 0) || (tmp_ar->level > 20)) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - goto end; - } - } else if (strcmp(node[i]->element, xml_ar_timeout) == 0) { - tmp_ar->timeout = atoi(node[i]->content); - } else if (strcmp(node[i]->element, xml_ar_disabled) == 0) { - if (strcmp(node[i]->content, "yes") == 0) { - ar_flag = -1; - } else if (strcmp(node[i]->content, "no") == 0) { - /* Don't do anything if disabled is set to "no" */ - } else { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - goto end; - } - } else if (strcmp(node[i]->element, xml_ar_repeated) == 0) { - /* Nothing - we deal with it on execd */ - rpt = 1; - } else if (strcmp(node[i]->element, xml_ca_store) == 0) { - // Nothing to do - } else { - merror(XML_INVELEM, node[i]->element); - goto end; - } - i++; - } - - /* Check if ar is disabled */ - if (ar_flag == -1) { - /* reset ar_flag, the next ar command may not be disabled */ - ar_flag = 0; - if (tmp_ar->command) { - mdebug1("active response command '%s' is disabled", tmp_ar->command); - } - ret_value = 0; - goto end; - } - - /* Command and location must be there */ - if (!tmp_ar->command || !tmp_location || *(tmp_ar->command) == '\0' || *(tmp_location) == '\0') { - mdebug1("Command or location missing"); - - if (rpt == 1) { - ret_value = 0; - goto end; - } - merror(AR_MISS); - goto end; - } - - /* analysisd */ - if (OS_Regex("AS|analysisd|analysis-server|server", tmp_location)) { - tmp_ar->location |= AS_ONLY; - } - - if (OS_Regex("local", tmp_location)) { - tmp_ar->location |= REMOTE_AGENT; - } - - if (OS_Regex("defined-agent", tmp_location)) { - if (!tmp_ar->agent_id) { - mdebug1("'defined-agent' agent_id not defined"); - merror(AR_DEF_AGENT); - goto end; - } - - if (atoi(tmp_ar->agent_id) == 0) { - mdebug1("'defined-agent' is 0"); - mwarn(AR_SERVER_AGENT); - ret_value = 0; - goto end; - } - - tmp_ar->location |= SPECIFIC_AGENT; - - } - if (OS_Regex("all|any", tmp_location)) { - tmp_ar->location |= ALL_AGENTS; - } - - /* If we didn't set any value for the location */ - if (tmp_ar->location == 0) { - mdebug1("No location defined"); - merror(AR_INV_LOC, tmp_location); - goto end; - } - - - /* Check if command name is valid */ - { - OSListNode *my_commands_node; - - my_commands_node = OSList_GetFirstNode(l1); - while (my_commands_node) { - ar_command *my_command; - my_command = (ar_command *)my_commands_node->data; - - if (strcmp(my_command->name, tmp_ar->command) == 0) { - tmp_ar->ar_cmd = my_command; - break; - } - - my_commands_node = OSList_GetNextNode(l1); - } - - /* Didn't find a valid command */ - if (tmp_ar->ar_cmd == NULL) { - mdebug1("Invalid command"); - merror(AR_INV_CMD, tmp_ar->command); - goto end; - } - } - - /* Check if timeout is allowed */ - if (tmp_ar->timeout && !tmp_ar->ar_cmd->timeout_allowed) { - mdebug1("Timeout is not allowed"); - minfo(AR_NO_TIMEOUT, tmp_ar->ar_cmd->name); - tmp_ar->timeout = 0; - } - - /* d1 is the active response list */ - if (!OSList_AddData(l2, (void *)tmp_ar)) { - merror(LIST_ADD_ERROR); - goto end; - } - - /* Set a unique active response name */ - tmp_ar->name = (char *) calloc(OS_FLSIZE + 1, sizeof(char)); - if (!tmp_ar->name) { - merror_exit(MEM_ERROR, errno, strerror(errno)); - } - snprintf(tmp_ar->name, OS_FLSIZE, "%s%d", - tmp_ar->ar_cmd->name, - tmp_ar->timeout); - - /* Add to shared file */ - mdebug1("Writing command '%s' to '%s'", tmp_ar->command, DEFAULTAR); - fprintf(fp, "%s - %s - %d\n", - tmp_ar->name, - tmp_ar->ar_cmd->executable, - tmp_ar->timeout); - - /* Set the configs to start the right queues */ - if (tmp_ar->location & AS_ONLY) { - l_ar = 1; - } - if (tmp_ar->location & ALL_AGENTS) { - r_ar = 1; - } - if (tmp_ar->location & REMOTE_AGENT) { - r_ar = 1; - l_ar = 1; - } - if (tmp_ar->location & SPECIFIC_AGENT) { - r_ar = 1; - } - - /* Set the configuration for the active response */ - if (r_ar && (!(ar_flag & REMOTE_AR))) { - ar_flag |= REMOTE_AR; - } - if (l_ar && (!(ar_flag & LOCAL_AR))) { - ar_flag |= LOCAL_AR; - } - - /* Done over here */ - fclose(fp); - os_free(tmp_location); - - return (0); - -end: - fclose(fp); - os_free(tmp_ar->agent_id); - os_free(tmp_ar->rules_id); - os_free(tmp_ar->rules_group); - os_free(tmp_ar->command); - - os_free(tmp_ar); - os_free(tmp_location); - - return ret_value; -} - -int ReadActiveCommands(XML_NODE node, void *d1, __attribute__((unused)) void *d2) -{ - OSList *l1 = (OSList *) d1; - int i = 0; - - /* Xml values */ - const char *command_name = "name"; - const char *command_expect = "expect"; - const char *command_executable = "executable"; - const char *timeout_allowed = "timeout_allowed"; - const char *extra_args = "extra_args"; - - ar_command *tmp_command; - - /* Allocate the active-response command */ - os_calloc(1, sizeof(ar_command), tmp_command); - - /* Search for the commands */ - while (node[i]) { - if (!node[i]->element) { - merror(XML_ELEMNULL); - goto end; - } else if (!node[i]->content) { - merror(XML_VALUENULL, node[i]->element); - goto end; - } - if (strcmp(node[i]->element, command_name) == 0) { - // The command name must not start with '!' - - if (node[i]->content[0] == '!') { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - goto end; - } - - tmp_command->name = strdup(node[i]->content); - } else if (strcmp(node[i]->element, command_expect) == 0) { - mdebug1("The <%s> tag is deprecated since version 4.2.0.", command_expect); - } else if (strcmp(node[i]->element, command_executable) == 0) { - tmp_command->executable = strdup(node[i]->content); - } else if (strcmp(node[i]->element, timeout_allowed) == 0) { - if (strcmp(node[i]->content, "yes") == 0) { - tmp_command->timeout_allowed = 1; - } else if (strcmp(node[i]->content, "no") == 0) { - tmp_command->timeout_allowed = 0; - } else { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - goto end; - } - } else if (strcmp(node[i]->element, extra_args) == 0) { - tmp_command->extra_args = strdup(node[i]->content); - } else { - merror(XML_INVELEM, node[i]->element); - goto end; - } - i++; - } - - if (!tmp_command->name || !tmp_command->executable) { - merror(AR_CMD_MISS); - goto end; - } - - /* Add command to the list */ - if (!OSList_AddData(l1, (void *)tmp_command)) { - merror(LIST_ADD_ERROR); - goto end; - } - - return (0); - -end: - os_free(tmp_command->name); - os_free(tmp_command->executable); - os_free(tmp_command->extra_args); - os_free(tmp_command); - - return (OS_INVALID); -} diff --git a/src/config/active-response.h b/src/config/active-response.h deleted file mode 100644 index 28fcd7b315e..00000000000 --- a/src/config/active-response.h +++ /dev/null @@ -1,41 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#ifndef CAR_H -#define CAR_H - -/* Active response commands */ -typedef struct _ar_command { - int timeout_allowed; - - char *name; - char *executable; - char *extra_args; - -} ar_command; - -/* Active response data */ -typedef struct _ar { - int timeout; - int location; - int level; - char *name; - char *command; - char *agent_id; - char *rules_id; - char *rules_group; - - ar_command *ar_cmd; -} active_response; - -/* Active response flag */ -extern int ar_flag; - -#endif /* CAR_H */ diff --git a/src/config/agentlessd-config.c b/src/config/agentlessd-config.c deleted file mode 100644 index bb91c6e6773..00000000000 --- a/src/config/agentlessd-config.c +++ /dev/null @@ -1,160 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "agentlessd-config.h" -#include "config.h" - - -int Read_CAgentless(XML_NODE node, void *config, __attribute__((unused)) void *config2) -{ - unsigned int i = 0, j = 0, s = 0; - - /* XML definitions */ - const char *xml_lessd_server = "host"; - const char *xml_lessd_port = "port"; - const char *xml_lessd_type = "type"; - const char *xml_lessd_frequency = "frequency"; - const char *xml_lessd_state = "state"; - const char *xml_lessd_command = "run_command"; - const char *xml_lessd_options = "arguments"; - - agentlessd_config *lessd_config = (agentlessd_config *)config; - - /* Get any configured entry */ - if (lessd_config->entries) { - while (lessd_config->entries[s]) { - s++; - } - } - - /* Allocate the memory for the config */ - os_realloc(lessd_config->entries, (s + 2) * sizeof(agentlessd_entries *), - lessd_config->entries); - os_calloc(1, sizeof(agentlessd_entries), lessd_config->entries[s]); - lessd_config->entries[s + 1] = NULL; - - /* Zero the elements */ - lessd_config->entries[s]->server = NULL; - lessd_config->entries[s]->command = NULL; - lessd_config->entries[s]->options = ""; - lessd_config->entries[s]->type = NULL; - lessd_config->entries[s]->frequency = 86400; - lessd_config->entries[s]->state = 0; - lessd_config->entries[s]->current_state = 0; - lessd_config->entries[s]->port = 0; - lessd_config->entries[s]->error_flag = 0; - - /* Read the XML */ - while (node[i]) { - if (!node[i]->element) { - merror(XML_ELEMNULL); - return (OS_INVALID); - } else if (!node[i]->content) { - merror(XML_VALUENULL, node[i]->element); - return (OS_INVALID); - } else if (strcmp(node[i]->element, xml_lessd_frequency) == 0) { - if (!OS_StrIsNum(node[i]->content)) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return (OS_INVALID); - } - - lessd_config->entries[s]->frequency = atoi(node[i]->content); - } else if (strcmp(node[i]->element, xml_lessd_port) == 0) { - if (!OS_StrIsNum(node[i]->content)) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return (OS_INVALID); - } - - lessd_config->entries[s]->port = atoi(node[i]->content); - } else if (strcmp(node[i]->element, xml_lessd_server) == 0) { - char s_content[1024 + 1]; - s_content[1024] = '\0'; - - /* Get any configured entry */ - j = 0; - if (lessd_config->entries[s]->server) { - while (lessd_config->entries[s]->server[j]) { - j++; - } - } - - os_realloc(lessd_config->entries[s]->server, (j + 2) * - sizeof(char *), - lessd_config->entries[s]->server); - if (strncmp(node[i]->content, "use_su ", 7) == 0) { - snprintf(s_content, 1024, "s%s", node[i]->content + 7); - } else if (strncmp(node[i]->content, "use_sudo ", 9) == 0) { - snprintf(s_content, 1024, "o%s", node[i]->content + 9); - } else { - snprintf(s_content, 1024, " %s", node[i]->content); - } - - os_strdup(s_content, - lessd_config->entries[s]->server[j]); - lessd_config->entries[s]->server[j + 1] = NULL; - } else if (strcmp(node[i]->element, xml_lessd_type) == 0) { - char script_path[1024 + 1]; - - script_path[1024] = '\0'; - snprintf(script_path, 1024, "%s/%s", AGENTLESSDIR, - node[i]->content); - - if (w_ref_parent_folder(script_path)) { - merror("Invalid Agentless type '%s': it contains references to parent folder.", node[i]->content); - return OS_INVALID; - } - - if (File_DateofChange(script_path) <= 0) { - merror("Unable to find '%s' at '%s'.", - node[i]->content, AGENTLESSDIR); - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return (OS_INVALID); - } - os_strdup(node[i]->content, lessd_config->entries[s]->type); - } else if (strcmp(node[i]->element, xml_lessd_command) == 0) { - os_strdup(node[i]->content, lessd_config->entries[s]->command); - } else if (strcmp(node[i]->element, xml_lessd_options) == 0) { - os_strdup(node[i]->content, lessd_config->entries[s]->options); - } else if (strcmp(node[i]->element, xml_lessd_state) == 0) { - if (strcmp(node[i]->content, "periodic") == 0) { - lessd_config->entries[s]->state |= LESSD_STATE_PERIODIC; - } else if (strcmp(node[i]->content, "stay_connected") == 0) { - lessd_config->entries[s]->state |= LESSD_STATE_CONNECTED; - } else if (strcmp(node[i]->content, "periodic_diff") == 0) { - lessd_config->entries[s]->state |= LESSD_STATE_PERIODIC; - lessd_config->entries[s]->state |= LESSD_STATE_DIFF; - } else { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return (OS_INVALID); - } - } else { - merror(XML_INVELEM, node[i]->element); - return (OS_INVALID); - } - i++; - } - - /* We must have at least one entry set */ - if (!lessd_config->entries[s]->server || - !lessd_config->entries[s]->state || - !lessd_config->entries[s]->type) { - merror(XML_INV_MISSOPTS); - return (OS_INVALID); - } - - if ((lessd_config->entries[s]->state == LESSD_STATE_PERIODIC) && - !lessd_config->entries[s]->frequency) { - merror(XML_INV_MISSFREQ); - return (OS_INVALID); - } - - return (0); -} diff --git a/src/config/agentlessd-config.h b/src/config/agentlessd-config.h deleted file mode 100644 index 61ca96bbe34..00000000000 --- a/src/config/agentlessd-config.h +++ /dev/null @@ -1,44 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#ifndef AGENTLESSDCONFIG_H -#define AGENTLESSDCONFIG_H - -/* Entry states */ -#define LESSD_STATE_CONNECTED 0x001 -#define LESSD_STATE_PERIODIC 0x002 -#define LESSD_STATE_DIFF 0x004 -#define LESSD_USE_SU 0x010 -#define LESSD_USE_SUDO 0x020 - -/* Structure for each entry */ -typedef struct _agentlessd_entries { - short int state; - - int frequency; - time_t current_state; - int port; - int error_flag; - - char *type; - char **server; - const char *options; - char *command; - -} agentlessd_entries; - -/* Configuration structure */ -typedef struct _agentlessd_config { - int queue; - agentlessd_entries **entries; - -} agentlessd_config; - -#endif /* AGENTLESSDCONFIG_H */ diff --git a/src/config/alerts-config.c b/src/config/alerts-config.c deleted file mode 100644 index 419144e7996..00000000000 --- a/src/config/alerts-config.c +++ /dev/null @@ -1,86 +0,0 @@ -/* Copyright (C) 2015, Wazuh Inc. - * Copyright (C) 2009 Trend Micro Inc. - * All right reserved. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation - */ - -#include "shared.h" -#include "global-config.h" -#include "config.h" -#include "../analysisd/logmsg.h" - - -int Read_Alerts(XML_NODE node, void *configp, void * list) -{ - int i = 0; - - /* XML definitions */ - const char *xml_email_level = "email_alert_level"; - const char *xml_log_level = "log_alert_level"; - -#ifdef LIBGEOIP_ENABLED - /* GeoIP */ - const char *xml_log_geoip = "use_geoip"; -#endif - - _Config *Config; - Config = (_Config *)configp; - OSList * list_msg = (OSList *) list; - - if (!Config) { - smerror(list_msg, "Configuration handle is NULL."); - return (OS_INVALID); - } - - while (node[i]) { - if (!node[i]->element) { - smerror(list_msg, XML_ELEMNULL); - return (OS_INVALID); - } else if (!node[i]->content) { - smerror(list_msg, XML_VALUENULL, node[i]->element); - return (OS_INVALID); - } - /* Mail notification */ - else if (strcmp(node[i]->element, xml_email_level) == 0) { - if (!OS_StrIsNum(node[i]->content)) { - smerror(list_msg, XML_VALUEERR, node[i]->element, node[i]->content); - return (OS_INVALID); - } - - Config->mailbylevel = (u_int8_t) atoi(node[i]->content); - } - /* Log alerts */ - else if (strcmp(node[i]->element, xml_log_level) == 0) { - if (!OS_StrIsNum(node[i]->content)) { - smerror(list_msg, XML_VALUEERR, node[i]->element, node[i]->content); - return (OS_INVALID); - } - Config->logbylevel = (u_int8_t) atoi(node[i]->content); - } -#ifdef LIBGEOIP_ENABLED - /* Enable GeoIP */ - else if (strcmp(node[i]->element, xml_log_geoip) == 0) { - if (strcmp(node[i]->content, "yes") == 0) { - Config->loggeoip = 1; - } else if (strcmp(node[i]->content, "no") == 0) { - Config->loggeoip = 0; - } else { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return (OS_INVALID); - } - - } -#endif - else { - smerror(list_msg, XML_INVELEM, node[i]->element); - return (OS_INVALID); - } - i++; - } - return (0); -} - diff --git a/src/config/authd-config.c b/src/config/authd-config.c deleted file mode 100644 index 2dd57d3a444..00000000000 --- a/src/config/authd-config.c +++ /dev/null @@ -1,423 +0,0 @@ -/* - * Authd settings manager - * Copyright (C) 2015, Wazuh Inc. - * May 29, 2017. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#include "os_err.h" -#include "os_xml/os_xml.h" -#include "shared.h" -#include "authd-config.h" -#include "config.h" -#include - -#ifndef WIN32 - -#ifdef WAZUH_UNIT_TESTING -// Remove STATIC qualifier from tests -#define STATIC -#else -#define STATIC static -#endif - -static short eval_bool(const char *str); -int w_read_force_config(XML_NODE node, authd_config_t *config); - -/** - * @brief gets the auth agents configuration - * - * @param node XML node - * @param config auth configuration structure - */ -STATIC void w_authd_parse_agents(XML_NODE node, authd_config_t * config); - -int Read_Authd(const OS_XML *xml, XML_NODE node, void *d1, __attribute__((unused)) void *d2) { - /* XML Definitions */ - static const char *xml_disabled = "disabled"; - static const char *xml_port = "port"; - static const char *xml_ipv6 = "ipv6"; - static const char *xml_use_source_ip = "use_source_ip"; - static const char *xml_force_insert = "force_insert"; // Deprecated since 4.3.0 - static const char *xml_force_time = "force_time"; // Deprecated since 4.3.0 - static const char *xml_force = "force"; - static const char *xml_purge = "purge"; - static const char *xml_use_password = "use_password"; - static const char *xml_limit_maxagents = "limit_maxagents"; - static const char *xml_ciphers = "ciphers"; - static const char *xml_ssl_agent_ca = "ssl_agent_ca"; - static const char *xml_ssl_verify_host = "ssl_verify_host"; - static const char *xml_ssl_manager_cert = "ssl_manager_cert"; - static const char *xml_ssl_manager_key = "ssl_manager_key"; - static const char *xml_ssl_auto_negotiate = "ssl_auto_negotiate"; - static const char *xml_remote_enrollment = "remote_enrollment"; - static const char *xml_agents = "agents"; -#ifndef CLIENT - static const char *xml_key_request = "key_request"; -#endif - - authd_config_t *config = (authd_config_t *)d1; - int i; - - char manager_cert[OS_SIZE_1024]; - char manager_key[OS_SIZE_1024]; - - snprintf(manager_cert, OS_SIZE_1024 - 1, "etc/sslmanager.cert"); - snprintf(manager_key, OS_SIZE_1024 - 1, "etc/sslmanager.key"); - - // config->flags.disabled = AD_CONF_UNPARSED; - /* If authd is defined, enable it by default */ - if (config->flags.disabled == AD_CONF_UNPARSED) { - config->flags.disabled = AD_CONF_UNDEFINED; - } - config->port = 1515; - config->flags.use_source_ip = 0; - config->flags.clear_removed = 0; - config->flags.use_password = 0; - config->ciphers = strdup("HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH"); - config->flags.verify_host = 0; - config->manager_cert = strdup(manager_cert); - config->manager_key = strdup(manager_key); - config->flags.auto_negotiate = 0; - config->flags.remote_enrollment = 1; - config->force_options.enabled = true; - config->force_options.key_mismatch = true; - config->force_options.disconnected_time_enabled = true; - config->force_options.disconnected_time = 3600; - config->force_options.after_registration_time = 3600; - - short legacy_force_insert = -1; - int legacy_force_time = -1; - bool new_force_read = false; - - if (!node) - return 0; - - for (i = 0; node[i]; i++) { - if (!node[i]->element) { - merror(XML_ELEMNULL); - return OS_INVALID; - } else if (!node[i]->content) { - merror(XML_VALUENULL, node[i]->element); - return OS_INVALID; - } else if (!strcmp(node[i]->element, xml_disabled)) { - short b = eval_bool(node[i]->content); - - if (b < 0) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - - config->flags.disabled = b; - } else if (!strcmp(node[i]->element, xml_port)) { - config->port = (unsigned short)atoi(node[i]->content); - - if (!config->port) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - } else if (!strcmp(node[i]->element, xml_ipv6)) { - if (strcasecmp(node[i]->content, "yes") == 0) { - config->ipv6 = true; - } else if (strcasecmp(node[i]->content, "no") == 0) { - config->ipv6 = false; - } else { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - } else if (!strcmp(node[i]->element, xml_use_source_ip)) { - short b = eval_bool(node[i]->content); - - if (b < 0) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - - config->flags.use_source_ip = b; - } else if (!strcmp(node[i]->element, xml_force_insert)) { - mwarn("The <%s> tag is deprecated. Use <%s> instead.", xml_force_insert, xml_force); - short b = eval_bool(node[i]->content); - if (b < 0) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - legacy_force_insert = b; - } else if (!strcmp(node[i]->element, xml_force_time)) { - mwarn("The <%s> tag is deprecated. Use <%s> instead.", xml_force_time, xml_force); - char *end; - int b = strtol(node[i]->content, &end, 10); - if (b < 0) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - legacy_force_time = b; - } else if (!strcmp(node[i]->element, xml_force)) { - new_force_read = true; - - xml_node **chld_node = NULL; - - if (chld_node = OS_GetElementsbyNode(xml, node[i]), !chld_node) { - merror(XML_INVELEM, node[i]->element); - return OS_INVALID; - } - - if (w_read_force_config(chld_node, config)) { - OS_ClearNode(chld_node); - return OS_INVALID; - } - OS_ClearNode(chld_node); - } else if (!strcmp(node[i]->element, xml_purge)) { - short b = eval_bool(node[i]->content); - - if (b < 0) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - - config->flags.clear_removed = b; - } else if (!strcmp(node[i]->element, xml_use_password)) { - short b = eval_bool(node[i]->content); - - if (b < 0) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - - config->flags.use_password = b; - } else if (!strcmp(node[i]->element, xml_remote_enrollment)) { - short b = eval_bool(node[i]->content); - - if (b < 0) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - - config->flags.remote_enrollment = b; -#ifndef CLIENT - } else if (!strcmp(node[i]->element, xml_key_request)) { - XML_NODE children = OS_GetElementsbyNode(xml, node[i]); - - if (children == NULL) { - continue; - } - - authd_read_key_request(children, config); - config->key_request.compatibility_flag = 1; - OS_ClearNode(children); -#endif - } else if (!strcmp(node[i]->element, xml_limit_maxagents)) { - mdebug1("The <%s> tag is deprecated since version 4.1.0.", xml_limit_maxagents); - } else if (!strcmp(node[i]->element, xml_ciphers)) { - free(config->ciphers); - config->ciphers = strdup(node[i]->content); - } else if (!strcmp(node[i]->element, xml_ssl_agent_ca)) { - free(config->agent_ca); - config->agent_ca = strdup(node[i]->content); - } else if (!strcmp(node[i]->element, xml_ssl_verify_host)) { - short b = eval_bool(node[i]->content); - - if (b < 0) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - - config->flags.verify_host = b; - } else if (!strcmp(node[i]->element, xml_ssl_manager_cert)) { - free(config->manager_cert); - config->manager_cert = strdup(node[i]->content); - } else if (!strcmp(node[i]->element, xml_ssl_manager_key)) { - free(config->manager_key); - config->manager_key = strdup(node[i]->content); - } else if (!strcmp(node[i]->element, xml_ssl_auto_negotiate)) { - short b = eval_bool(node[i]->content); - - if (b < 0) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - - config->flags.auto_negotiate = b; - } else if (strcasecmp(node[i]->element, xml_agents) == 0) { - xml_node **children = OS_GetElementsbyNode(xml, node[i]); - if (children == NULL) { - continue; - } - - w_authd_parse_agents(children, config); - - OS_ClearNode(children); - - } else { - merror(XML_INVELEM, node[i]->element); - return OS_INVALID; - } - } - - if (!new_force_read) { - if (legacy_force_insert != -1) { - config->force_options.enabled = legacy_force_insert; - - mdebug1("Setting tag to %s to comply with the legacy <%s> option found.", - legacy_force_insert ? "'yes'" : "'no'", xml_force_insert); - } - if (legacy_force_time != -1) { - if (legacy_force_time == 0) { - config->force_options.disconnected_time_enabled = false; - } - config->force_options.disconnected_time = legacy_force_time; - - mdebug1("Setting tag to '%d' to comply with the legacy <%s> option found.", - legacy_force_time, xml_force_time); - } - mdebug1("The tag is not defined. Applied default value: '%ld'", - config->force_options.after_registration_time); - mdebug1("The tag is not defined. Applied default value: '%s'", - config->force_options.key_mismatch ? "true" : "false"); - } - - return 0; -} - -short eval_bool(const char *str) { - if (!str) { - return OS_INVALID; - } else if (!strcmp(str, "yes")) { - return 1; - } else if (!strcmp(str, "no")) { - return 0; - } else { - return OS_INVALID; - } -} - -int get_time_interval(char *source, time_t *interval) { - char *endptr; - *interval = strtoul(source, &endptr, 0); - - if ((!*interval && endptr == source) || *interval < 0) { - return OS_INVALID; - } - - switch (*endptr) { - case 'd': - *interval *= 86400; - break; - case 'h': - *interval *= 3600; - break; - case 'm': - *interval *= 60; - break; - case 's': - case '\0': - break; - default: - return OS_INVALID; - } - - return 0; -} - -int w_read_force_config(XML_NODE node, authd_config_t *config) { - /* XML Definitions */ - static const char *xml_enabled = "enabled"; - static const char *xml_key_mismatch = "key_mismatch"; - static const char *xml_disconnected_time = "disconnected_time"; - static const char *xml_after_registration_time = "after_registration_time"; - - for (int i = 0; node[i]; i++) { - // enabled - if (!strcmp(node[i]->element, xml_enabled)) { - short b = eval_bool(node[i]->content); - - if (b < 0) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - - config->force_options.enabled = b; - } - // key_mismatch - else if (!strcmp(node[i]->element, xml_key_mismatch)) { - short b = eval_bool(node[i]->content); - - if (b < 0) { - merror(XML_VALUEERR, node[i]->element, node[i]->content); - return OS_INVALID; - } - - config->force_options.key_mismatch = b; - } - // disconnected_time - else if (!strcmp(node[i]->element, xml_disconnected_time)) { - if (node[i]->attributes && node[i]->attributes[0]) { - if (!strcmp(node[i]->attributes[0], xml_enabled)) { - if (node[i]->values && node[i]->values[0]) { - - short b = eval_bool(node[i]->values[0]); - - if (b < 0) { - merror(INV_VAL, node[i]->attributes[0]); - return OS_INVALID; - } else if (b > 0) { - config->force_options.disconnected_time_enabled = true; - if (get_time_interval(node[i]->content, &config->force_options.disconnected_time)) { - merror("Invalid interval for '%s' option", node[i]->element); - return OS_INVALID; - } - } else { - config->force_options.disconnected_time_enabled = false; - } - } else { - merror(INV_VAL, node[i]->attributes[0]); - return OS_INVALID; - } - } else { - merror(XML_INVATTR, node[i]->attributes[0], node[i]->element); - return OS_INVALID; - } - } else { - merror("Empty attribute for %s", node[i]->element); - return OS_INVALID; - } - // after_registration_time - } else if (!strcmp(node[i]->element, xml_after_registration_time)) { - if (get_time_interval(node[i]->content, &config->force_options.after_registration_time)) { - merror("Invalid interval for '%s' option", node[i]->element); - return OS_INVALID; - } - } else { - merror(XML_INVELEM, node[i]->element); - return OS_INVALID; - } - } - return OS_SUCCESS; -} - -STATIC void w_authd_parse_agents(XML_NODE node, authd_config_t * config) { - const char * ALLOW_HIGHER_VERSIONS = "allow_higher_versions"; - - int i = 0; - while (node[i]) { - if (strcasecmp(node[i]->element, ALLOW_HIGHER_VERSIONS) == 0) { - if (strcmp(node[i]->content, "no") == 0) { - config->allow_higher_versions = false; - } - else if (strcmp(node[i]->content, "yes") == 0) { - config->allow_higher_versions = true; - } else { - mwarn(REMOTED_INV_VALUE_IGNORE, node[i]->content, ALLOW_HIGHER_VERSIONS); - } - } - else { - mwarn(XML_INVELEM, node[i]->element); - } - i++; - } -} - -#endif diff --git a/src/config/authd-config.h b/src/config/authd-config.h deleted file mode 100644 index f97dae1fe57..00000000000 --- a/src/config/authd-config.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Authd settings manager - * Copyright (C) 2015, Wazuh Inc. - * May 29, 2017. - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General Public - * License (version 2) as published by the FSF - Free Software - * Foundation. - */ - -#ifndef AUTH_CONFIG_H -#define AUTH_CONFIG_H - -#define AD_CONF_UNPARSED 3 -#define AD_CONF_UNDEFINED 2 - -#define AUTHD_ALLOW_AGENTS_HIGHER_VERSIONS_DEFAULT false ///< Default allow_higher_versions value (false) - -#include - -/** - * @brief Structure that defines the force options for agent replacement. - **/ -typedef struct authd_force_options_t { - bool enabled; ///< Sets to enabled or disabled the force options for agent replacement - bool key_mismatch; ///< Sets to enabled or disabled the key_mismatch auth setting - bool disconnected_time_enabled; ///< Sets to enabled or disabled the disconnected_time auth setting - time_t disconnected_time; ///< Sets the time to be used by the disconnected_time auth setting if enabled - time_t after_registration_time; ///< Sets the time to be used by the after_registration_time auth setting -} authd_force_options_t; - -typedef struct authd_flags_t { - unsigned short disabled:3; - unsigned short use_source_ip:1; - unsigned short clear_removed:1; - unsigned short use_password:1; - unsigned short verify_host:1; - unsigned short auto_negotiate:1; - unsigned short remote_enrollment:1; -} authd_flags_t; - -typedef struct authd_key_request_t { - int enabled; - char *exec_path; - char *socket; - unsigned int timeout; - unsigned int threads; - unsigned int queue_size; - unsigned short compatibility_flag; // Flag to avoid overwriting configuration settings -} authd_key_request_t; - -typedef struct authd_config_t { - unsigned short port; - authd_flags_t flags; - authd_force_options_t force_options; - authd_key_request_t key_request; - char *ciphers; - char *agent_ca; - char *manager_cert; - char *manager_key; - long timeout_sec; - long timeout_usec; - bool worker_node; - bool ipv6; - bool allow_higher_versions; -} authd_config_t; - -/** - * @brief It converts a time string with the format