2 *****************************************************************************
6 * Purpose: psadwatchd checks on an interval of every five seconds to make
7 * sure that both kmsgsd and psad are running on the box. If
8 * either daemon has died, psadwatchd will restart it and notify
9 * each email address in @email_addresses that the daemon has been
12 * Author: Michael Rash (mbr@cipherdyne.org)
14 * Credits: (see the CREDITS file)
16 * Copyright (C) 1999-2007 Michael Rash (mbr@cipherdyne.org)
18 * License (GNU Public License):
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
30 *****************************************************************************
37 #define CONFIG_FILE "/etc/psad/psad.conf" /* only used for DATA_INPUT_METHOD */
39 /* Maximum number of overwrite files allowed on the command line */
40 #define MAX_OVW_FILES 3
43 short int psad_syscalls_ctr = 0;
44 short int kmsgsd_syscalls_ctr = 0;
45 unsigned short int no_email = 0;
46 unsigned short int check_kmsgsd;
47 const char mail_redr[] = " < /dev/null > /dev/null 2>&1";
48 char hostname[MAX_GEN_LEN];
49 char mail_addrs[MAX_EMAIL_LEN];
50 char shCmd[MAX_GEN_LEN];
51 char mailCmd[MAX_GEN_LEN];
52 char alerting_methods[MAX_GEN_LEN];
53 char psadCmd[MAX_PATH_LEN];
54 char install_root[MAX_PATH_LEN];
55 char psad_pid_file[MAX_PATH_LEN];
56 char psad_cmdline_file[MAX_PATH_LEN];
57 char psad_run_dir[MAX_PATH_LEN];
58 char kmsgsdCmd[MAX_PATH_LEN];
59 char kmsgsd_pid_file[MAX_PATH_LEN];
60 char psadwatchd_pid_file[MAX_PATH_LEN];
61 char data_input_mode[MAX_GEN_LEN];
62 char enable_syslog_file[MAX_GEN_LEN];
63 char char_psadwatchd_check_interval[MAX_NUM_LEN];
64 char char_psadwatchd_max_retries[MAX_NUM_LEN];
65 unsigned int psadwatchd_check_interval;
66 unsigned int psadwatchd_max_retries;
67 static volatile sig_atomic_t received_sighup = 0;
68 unsigned char dump_cfg;
71 static void usage(void);
72 static void clean_settings(void);
73 static void parse_config(char *file);
74 static void check_config(void);
75 static void dump_config(void);
76 static unsigned short int is_kmsgsd_required(void);
78 static void expand_config_vars(void);
79 static void find_sub_var_value(
85 static void check_process(
88 const char *cmdline_file,
89 const char *binary_path,
90 unsigned int max_retries
92 static void incr_syscall_ctr(const char *pid_name, unsigned int max_retries);
93 static void reset_syscall_ctr(const char *pid_name);
94 static void give_up(const char *pid_name);
95 static void exec_binary(const char *binary_path, const char *cmdline_file);
96 static void sighup_handler(int sig);
99 int main(int argc, char *argv[]) {
103 char *overwrite_files[MAX_OVW_FILES+1];
104 char overwrite_cmd[MAX_PATH_LEN];
105 char config_file[MAX_PATH_LEN];
108 fprintf(stderr, "[+] Entering DEBUG mode\n");
112 overwrite_files[0] = NULL;
113 strlcpy(config_file, CONFIG_FILE, MAX_PATH_LEN);
116 while((cmdlopt = getopt(argc, argv, "c:O:Dh")) != -1) {
119 strlcpy(config_file, optarg, MAX_PATH_LEN);
122 strlcpy(overwrite_cmd, optarg, MAX_PATH_LEN);
123 list_to_array(overwrite_cmd, ',', overwrite_files, MAX_OVW_FILES);
133 /* clean our settings */
136 /* Parse both the overwrite and configuration file */
137 for (ovw_file_ptr=overwrite_files; *ovw_file_ptr!=NULL; ovw_file_ptr++)
138 parse_config(*ovw_file_ptr);
139 parse_config(config_file);
141 /* Check our settings */
147 /* see if we are suppose to disable all email alerts */
148 if (strncmp("noemail", alerting_methods, MAX_GEN_LEN) == 0)
151 /* first make sure there isn't another psadwatchd already running */
152 check_unique_pid(psadwatchd_pid_file, "psadwatchd");
155 /* become a daemon */
156 daemonize_process(psadwatchd_pid_file);
159 /* install signal handler for HUP signals */
160 signal(SIGHUP, sighup_handler);
162 /* start doing the real work now that the daemon is running and
163 * the config file has been processed */
167 /* restart processes as necessary */
168 check_process("psad", psad_pid_file, psad_cmdline_file,
169 psadCmd, psadwatchd_max_retries);
172 check_process("kmsgsd", kmsgsd_pid_file, NULL,
173 kmsgsdCmd, psadwatchd_max_retries);
175 /* sleep and then check to see if we received any signals */
176 sleep(psadwatchd_check_interval);
178 /* check for sighup */
179 if (received_sighup) {
181 slogr("psad(psadwatchd)", "received HUP signal");
184 /* clean our settings */
187 /* reparse the config file since we received a HUP signal */
188 for (ovw_file_ptr=overwrite_files; *ovw_file_ptr!=NULL; ovw_file_ptr++)
189 parse_config(*ovw_file_ptr);
190 parse_config(config_file);
196 /* this statement doesn't get executed, but for completeness... */
199 /******************** end main ********************/
201 static void check_process(
202 const char *pid_name,
203 const char *pid_file,
204 const char *cmdline_file,
205 const char *binary_path,
206 unsigned int max_retries)
210 unsigned short int restart = 0;
211 char mail_str[MAX_MSG_LEN] = "";
212 char syslog_str[MAX_MSG_LEN] = "";
213 char pid_line[MAX_PID_SIZE];
215 if ((pidfile_ptr = fopen(pid_file, "r")) == NULL) {
217 fprintf(stderr, "[-] Could not open pid file: %s\n", pid_file);
219 /* the pid file must not exist (or we can't read it), so
220 * setup to start the appropriate process */
224 /* read the first line of the pid_file, which will contain the
225 * process id of any running pid_name process. */
227 if (fgets(pid_line, MAX_PID_SIZE, pidfile_ptr) == NULL) {
229 fprintf(stderr, "[-] Could not read the pid file: %s\n",
232 /* see if we need to give up */
233 incr_syscall_ctr(pid_name, max_retries);
238 /* convert the pid_line into an integer */
239 pid = atoi(pid_line);
241 /* close the pid_file now that we have read it */
244 if (kill(pid, 0) != 0) {
245 /* the process is not running so start it */
252 fprintf(stderr, "[+] executing exec_binary(%s)\n", binary_path);
254 //strlcat(mail_str, mailCmd, MAX_MSG_LEN);
255 strlcat(mail_str, " -s \"[*] psadwatchd: Restarting ", MAX_MSG_LEN);
256 strlcat(mail_str, pid_name, MAX_MSG_LEN);
257 strlcat(mail_str, " on ", MAX_MSG_LEN);
258 strlcat(mail_str, hostname, MAX_MSG_LEN);
259 strlcat(mail_str, "\" ", MAX_MSG_LEN);
260 strlcat(mail_str, mail_addrs, MAX_MSG_LEN);
261 strlcat(mail_str, mail_redr, MAX_MSG_LEN);
264 fprintf(stderr, "sending mail: %s\n", mail_str);
267 snprintf(syslog_str, MAX_MSG_LEN,
268 "restarting %s on %s", pid_name, hostname);
269 slogr("psad(psadwatchd)", syslog_str);
273 send_alert_email(shCmd, mailCmd, mail_str);
276 /* execute the binary_path psad daemon */
277 exec_binary(binary_path, cmdline_file);
279 /* increment the number of times we have tried to restart the binary */
280 incr_syscall_ctr(pid_name, max_retries);
283 fprintf(stderr, "[+] %s is running.\n", pid_name);
285 /* reset the syscall counter since the process is successfully
287 reset_syscall_ctr(pid_name);
292 static void incr_syscall_ctr(const char *pid_name, unsigned int max_retries)
294 if (strncmp("psad", pid_name, MAX_PATH_LEN) == 0) {
298 "[-] %s not running. Trying to restart (%d tries so far).\n",
299 pid_name, psad_syscalls_ctr);
301 if (psad_syscalls_ctr >= max_retries)
303 } else if (strncmp("kmsgsd", pid_name, MAX_PATH_LEN) == 0) {
304 kmsgsd_syscalls_ctr++;
307 "[-] %s not running. Trying to restart (%d tries so far).\n",
308 pid_name, kmsgsd_syscalls_ctr);
310 if (kmsgsd_syscalls_ctr >= max_retries)
316 static void reset_syscall_ctr(const char *pid_name)
318 if (strncmp("psad", pid_name, MAX_PATH_LEN) == 0) {
319 psad_syscalls_ctr = 0;
320 } else if (strncmp("kmsgsd", pid_name, MAX_PATH_LEN) == 0) {
321 kmsgsd_syscalls_ctr = 0;
326 static void give_up(const char *pid_name)
328 char mail_str[MAX_MSG_LEN] = "";
330 fprintf(stderr, "[*] Could not restart %s process. Exiting.\n", pid_name);
332 strlcat(mail_str, " -s \"[*] psadwatchd: Could not restart ", MAX_MSG_LEN);
333 strlcat(mail_str, pid_name, MAX_MSG_LEN);
334 strlcat(mail_str, " on ", MAX_MSG_LEN);
335 strlcat(mail_str, hostname, MAX_MSG_LEN);
336 strlcat(mail_str, ". Exiting.\" ", MAX_MSG_LEN);
337 strlcat(mail_str, mail_addrs, MAX_MSG_LEN);
338 strlcat(mail_str, mail_redr, MAX_MSG_LEN);
342 send_alert_email(shCmd, mailCmd, mail_str);
347 static void exec_binary(const char *binary, const char *cmdlinefile)
350 char *prog_argv[MAX_ARG_LEN];
351 char cmdline_buf[MAX_LINE_BUF];
354 int arg_num=0, non_ws, i;
356 prog_argv[arg_num] = (char *) safe_malloc(strlen(binary)+1);
358 strlcpy(prog_argv[arg_num], binary, strlen(binary)+1);
361 if (cmdlinefile != NULL) {
362 /* restart binary with its command line arguments intact */
363 if ((cmdline_ptr = fopen(cmdlinefile, "r")) == NULL) {
366 if ((fgets(cmdline_buf, MAX_LINE_BUF, cmdline_ptr)) == NULL) {
371 /* initialize index to the beginning of the line */
374 /* advance the index pointer through any whitespace
375 * at the beginning of the line */
376 while (*index == ' ' || *index == '\t') index++;
378 while (*index != '\n' && *index != '\0') {
380 while (*index != ' ' && *index != '\t'
381 && index != '\0' && *index != '\n') {
386 if (arg_num >= MAX_ARG_LEN)
389 prog_argv[arg_num] = (char *) safe_malloc(non_ws+1);
391 for (i=0; i<non_ws; i++)
392 prog_argv[arg_num][i] = *(index - (non_ws - i));
393 prog_argv[arg_num][i] = '\0';
397 /* get past any whitespace */
398 while (*index == ' ' || *index == '\t') index++;
402 if (arg_num >= MAX_ARG_LEN)
404 prog_argv[arg_num] = NULL;
406 if ((child_pid = fork()) < 0)
409 else if (child_pid > 0) {
411 for (i=0; i<=arg_num; i++) {
416 fprintf(stderr, "[+] restarting %s\n", binary);
418 execve(binary, prog_argv, NULL); /* don't use environment */
423 static void parse_config(char * file)
425 FILE *config_ptr; /* FILE pointer to the config file */
427 char config_buf[MAX_LINE_BUF];
432 fprintf(stderr, "[+] Parsing file %s\n", file);
435 if ((config_ptr = fopen(file, "r")) == NULL) {
436 perror("[*] Could not open config file");
440 /* increment through each line of the config file */
441 while ((fgets(config_buf, MAX_LINE_BUF, config_ptr)) != NULL) {
443 index = config_buf; /* set the index pointer to the
444 beginning of the line */
446 /* advance the index pointer through any whitespace
447 * at the beginning of the line */
448 while (*index == ' ' || *index == '\t') index++;
450 /* skip comments and blank lines, etc. */
451 if ((*index != '#') && (*index != '\n') &&
452 (*index != ';') && (index != NULL)) {
454 find_char_var("HOSTNAME", hostname, index);
455 find_char_var("INSTALL_ROOT", install_root, index);
456 find_char_var("PSAD_RUN_DIR", psad_run_dir, index);
457 find_char_var("PSAD_PID_FILE", psad_pid_file, index);
458 find_char_var("PSAD_CMDLINE_FILE", psad_cmdline_file, index);
459 find_char_var("ALERTING_METHODS", alerting_methods, index);
460 find_char_var("KMSGSD_PID_FILE", kmsgsd_pid_file, index);
461 find_char_var("PSADWATCHD_PID_FILE", psadwatchd_pid_file, index);
462 find_char_var("PSADWATCHD_CHECK_INTERVAL",
463 char_psadwatchd_check_interval, index);
464 find_char_var("PSADWATCHD_MAX_RETRIES",
465 char_psadwatchd_max_retries, index);
466 find_char_var("SYSLOG_DAEMON", data_input_mode, index);
467 find_char_var("ENABLE_SYSLOG_FILE", enable_syslog_file, index);
468 find_char_var("EMAIL_ADDRESSES", mail_addrs, index);
471 find_char_var("kmsgsdCmd", kmsgsdCmd, index);
472 find_char_var("mailCmd", mailCmd, index);
473 find_char_var("shCmd", shCmd, index);
474 find_char_var("psadCmd", psadCmd, index);
479 tmp = atoi(char_psadwatchd_check_interval);
481 psadwatchd_check_interval = tmp;
483 tmp = atoi(char_psadwatchd_max_retries);
485 psadwatchd_max_retries = tmp;
490 static void expand_config_vars(void)
492 char sub_var[MAX_GEN_LEN] = "";
493 char pre_str[MAX_GEN_LEN] = "";
494 char post_str[MAX_GEN_LEN] = "";
495 int found_sub_var = 1, resolve_ctr = 0;
497 while (found_sub_var) {
499 if (resolve_ctr >= 20) {
500 fprintf(stderr, "[*] Exceeded maximum variable resolution attempts.\n");
504 if (has_sub_var("EMAIL_ADDRESSES", mail_addrs, sub_var,
505 pre_str, post_str)) {
506 find_sub_var_value(mail_addrs, sub_var, pre_str, post_str);
510 if (has_sub_var("HOSTNAME", hostname, sub_var,
511 pre_str, post_str)) {
512 find_sub_var_value(hostname, sub_var, pre_str, post_str);
516 if (has_sub_var("PSAD_RUN_DIR", psad_run_dir, sub_var,
517 pre_str, post_str)) {
518 find_sub_var_value(psad_run_dir, sub_var, pre_str, post_str);
522 if (has_sub_var("INSTALL_ROOT", install_root, sub_var,
523 pre_str, post_str)) {
524 find_sub_var_value(install_root, sub_var, pre_str, post_str);
528 if (has_sub_var("PSAD_PID_FILE", psad_pid_file, sub_var,
529 pre_str, post_str)) {
530 find_sub_var_value(psad_pid_file, sub_var, pre_str, post_str);
534 if (has_sub_var("PSAD_CMDLINE_FILE", psad_cmdline_file, sub_var,
535 pre_str, post_str)) {
536 find_sub_var_value(psad_cmdline_file, sub_var, pre_str, post_str);
540 if (has_sub_var("KMSGSD_PID_FILE", kmsgsd_pid_file, sub_var,
541 pre_str, post_str)) {
542 find_sub_var_value(kmsgsd_pid_file, sub_var, pre_str, post_str);
546 if (has_sub_var("PSADWATCHD_PID_FILE", psadwatchd_pid_file, sub_var,
547 pre_str, post_str)) {
548 find_sub_var_value(psadwatchd_pid_file, sub_var, pre_str, post_str);
552 if (has_sub_var("PSADWATCHD_CHECK_INTERVAL",
553 char_psadwatchd_check_interval, sub_var,
554 pre_str, post_str)) {
555 find_sub_var_value(char_psadwatchd_check_interval,
556 sub_var, pre_str, post_str);
560 if (has_sub_var("PSADWATCHD_MAX_RETRIES", char_psadwatchd_max_retries,
561 sub_var, pre_str, post_str)) {
562 find_sub_var_value(char_psadwatchd_max_retries,
563 sub_var, pre_str, post_str);
567 if (has_sub_var("mailCmd", mailCmd, sub_var,
568 pre_str, post_str)) {
569 find_sub_var_value(mailCmd, sub_var, pre_str, post_str);
573 if (has_sub_var("shCmd", shCmd, sub_var,
574 pre_str, post_str)) {
575 find_sub_var_value(shCmd, sub_var, pre_str, post_str);
579 if (has_sub_var("kmsgsdCmd", kmsgsdCmd, sub_var,
580 pre_str, post_str)) {
581 find_sub_var_value(kmsgsdCmd, sub_var, pre_str, post_str);
585 if (has_sub_var("psadCmd", psadCmd, sub_var,
586 pre_str, post_str)) {
587 find_sub_var_value(psadCmd, sub_var, pre_str, post_str);
595 static void find_sub_var_value(char *value, char *sub_var, char *pre_str,
599 if (strncmp(sub_var, "EMAIL_ADDRESSES", MAX_GEN_LEN) == 0) {
600 strlcpy(sub_var, mail_addrs, MAX_GEN_LEN);
602 } else if (strncmp(sub_var, "HOSTNAME", MAX_GEN_LEN) == 0) {
603 strlcpy(sub_var, hostname, MAX_GEN_LEN);
605 } else if (strncmp(sub_var, "INSTALL_ROOT", MAX_GEN_LEN) == 0) {
606 strlcpy(sub_var, install_root, MAX_GEN_LEN);
608 } else if (strncmp(sub_var, "PSAD_RUN_DIR", MAX_GEN_LEN) == 0) {
609 strlcpy(sub_var, psad_run_dir, MAX_GEN_LEN);
611 } else if (strncmp(sub_var, "PSAD_PID_FILE", MAX_GEN_LEN) == 0) {
612 strlcpy(sub_var, psad_pid_file, MAX_GEN_LEN);
614 } else if (strncmp(sub_var, "PSAD_CMDLINE_FILE", MAX_GEN_LEN) == 0) {
615 strlcpy(sub_var, psad_cmdline_file, MAX_GEN_LEN);
617 } else if (strncmp(sub_var, "KMSGSD_PID_FILE", MAX_GEN_LEN) == 0) {
618 strlcpy(sub_var, kmsgsd_pid_file, MAX_GEN_LEN);
620 } else if (strncmp(sub_var, "PSADWATCHD_PID_FILE", MAX_GEN_LEN) == 0) {
621 strlcpy(sub_var, psadwatchd_pid_file, MAX_GEN_LEN);
623 } else if (strncmp(sub_var, "PSADWATCHD_CHECK_INTERVAL", MAX_GEN_LEN) == 0) {
624 strlcpy(sub_var, char_psadwatchd_check_interval, MAX_GEN_LEN);
626 } else if (strncmp(sub_var, "PSADWATCHD_MAX_RETRIES", MAX_GEN_LEN) == 0) {
627 strlcpy(sub_var, char_psadwatchd_max_retries, MAX_GEN_LEN);
629 } else if (strncmp(sub_var, "mailCmd", MAX_GEN_LEN) == 0) {
630 strlcpy(sub_var, mailCmd, MAX_GEN_LEN);
632 } else if (strncmp(sub_var, "shCmd", MAX_GEN_LEN) == 0) {
633 strlcpy(sub_var, shCmd, MAX_GEN_LEN);
635 } else if (strncmp(sub_var, "kmsgsdCmd", MAX_GEN_LEN) == 0) {
636 strlcpy(sub_var, kmsgsdCmd, MAX_GEN_LEN);
638 } else if (strncmp(sub_var, "psadCmd", MAX_GEN_LEN) == 0) {
639 strlcpy(sub_var, psadCmd, MAX_GEN_LEN);
645 /* substitute the variable value */
646 expand_sub_var_value(value, sub_var, pre_str, post_str);
649 fprintf(stderr, "[*] Could not resolve sub-var: %s to a value.\n",
656 static void check_config(void)
661 fprintf(stderr, "[+] Checking configuration...\n");
665 if (psadwatchd_check_interval <= 0)
666 fprintf(stderr, "[*] PSADWATCHD_CHECK_INTERVAL must be > 0\n");
668 else if (psadwatchd_max_retries <= 0)
669 fprintf(stderr, "[*] PSADWATCHD_MAX_RETRIES must be > 0\n");
671 else if (mail_addrs[0] == '\0')
672 fprintf(stderr, "[*] Could not find EMAIL_ADDRESSES\n");
674 else if (hostname[0] == '\0')
675 fprintf(stderr, "[*] Could not find HOSTNAME\n");
677 else if (psad_run_dir[0] == '\0')
678 fprintf(stderr, "[*] Could not find PSAD_RUN_DIR\n");
680 else if (install_root[0] == '\0')
681 fprintf(stderr, "[*] Could not find INSTALL_ROOT\n");
683 else if (psad_pid_file[0] == '\0')
684 fprintf(stderr, "[*] Could not find PSAD_PID_FILE\n");
686 else if (psad_cmdline_file[0] == '\0')
687 fprintf(stderr, "[*] Could not find PSAD_CMDLINE_FILE\n");
689 else if (kmsgsd_pid_file[0] == '\0')
690 fprintf(stderr, "[*] Could not find KMSGD_PID_FILE\n");
692 else if (psadwatchd_pid_file[0] == '\0')
693 fprintf(stderr, "[*] Could not find PSADWATCHD_PID_FILE\n");
695 else if (mailCmd[0] == '\0')
696 fprintf(stderr, "[*] Could not find mailCmd\n");
698 else if (shCmd[0] == '\0')
699 fprintf(stderr, "[*] Could not find shCmd\n");
701 else if (kmsgsdCmd[0] == '\0')
702 fprintf(stderr, "[*] Could not find kmsgsdCmd\n");
704 else if (psadCmd[0] == '\0')
705 fprintf(stderr, "[*] Could not find psadCmd\n");
707 else if (alerting_methods[0] == '\0')
708 fprintf(stderr, "[*] Could not find ALERTING_METHODS\n");
712 /* Resolve any embedded variables */
713 expand_config_vars();
715 /* Refresh the need to check kmsgsd */
716 check_kmsgsd = is_kmsgsd_required();
725 static void clean_settings (void)
729 fprintf(stderr, "[+] Cleaning settings\n");
732 /* Set the default values used by psadwatchd when trying to
733 * restart the psad and kmsgsd daemons (5s /10 times) */
734 psadwatchd_check_interval = 5;
735 psadwatchd_max_retries = 10;
739 *install_root = '\0';
740 *psad_run_dir = '\0';
741 *psad_pid_file = '\0';
742 *psad_cmdline_file = '\0';
743 *kmsgsd_pid_file = '\0';
744 *psadwatchd_pid_file = '\0';
749 *alerting_methods = '\0';
750 *data_input_mode = '\0';
751 *enable_syslog_file = '\0';
754 static void dump_config(void)
756 fprintf(stderr, "[+] dump_config()\n");
757 fprintf(stderr, " EMAIL_ADDRESSES: %s\n", mail_addrs);
758 fprintf(stderr, " HOSTNAME: %s\n", hostname);
759 fprintf(stderr, " INSTALL_ROOT: %s\n", install_root);
760 fprintf(stderr, " PSAD_RUN_DIR: %s\n", psad_run_dir);
761 fprintf(stderr, " PSAD_PID_FILE: %s\n", psad_pid_file);
762 fprintf(stderr, " PSAD_CMDLINE_FILE: %s\n", psad_cmdline_file);
763 fprintf(stderr, " KMSGSD_PID_FILE: %s\n", kmsgsd_pid_file);
764 fprintf(stderr, " ALERTING_METHODS: %s\n", alerting_methods);
765 fprintf(stderr, " PSADWATCHD_PID_FILE: %s\n", psadwatchd_pid_file);
766 fprintf(stderr, " PSADWATCHD_CHECK_INTERVAL: %u\n",
767 psadwatchd_check_interval);
768 fprintf(stderr, " PSADWATCHD_MAX_RETRIES: %u\n",
769 psadwatchd_max_retries);
770 fprintf(stderr, " kmsgsdCmd: %s\n", kmsgsdCmd);
771 fprintf(stderr, " mailCmd: %s\n", mailCmd);
772 fprintf(stderr, " shCmd: %s\n", shCmd);
773 fprintf(stderr, " psadCmd: %s\n", psadCmd);
778 static void sighup_handler(int sig)
784 * Check to see if kmsgsd should not be running:
786 * - first check if we are using the ulog mode
787 * - then, if ENABLE_SYSLOG_FILE is enabled so psad is just parsing
788 * a file written to by syslog directly
790 * \return 0 if not required
793 static unsigned short int is_kmsgsd_required(void)
795 unsigned short int required;
797 if (strncmp(data_input_mode, "ulogd", MAX_GEN_LEN) == 0)
800 else if (strncmp(enable_syslog_file, "Y", 1) == 0)
810 * Usage message to be displayed when -h option is supplied or a bad option
811 * is passed to the daemon. This function ends the execution of the program.
813 static void usage (void)
815 fprintf(stderr, "psadwatchd - Psad watch daemon\n\n");
817 fprintf(stderr, "[+] Version: %s\n", PSAD_VERSION);
819 " By Michael Rash (mbr@cipherdyne.org)\n"
820 " URL: http://www.cipherdyne.org/psad/\n\n");
822 fprintf(stderr, "Usage: psadwatchd [options]\n\n");
826 " -c <file> - Specify path to config file instead of using the\n"
827 " default $config_file.\n"
828 " -D - Dump the configuration values that psad\n"
829 " derives from the /etc/psad/psad.conf (or other\n"
830 " override files) on STDERR\n"
831 " -h - Display this usage message and exit\n"
832 " -O <file> - Override config variable values that are normally\n"
833 " read from the /etc/psad/psad.conf file with\n"
834 " values from the specified file\n");
projects / psad.git / blob