Let Syscheckd and Remoted handle the disabled state in the same way.

If no component stanza defined, keep disabled.
If component stanza defined but no disabled tag defined, keep enabled.

Author: vikman90

src/config/rootcheck-config.c

@@ -61,7 +61,9 @@ int Read_Rootcheck(XML_NODE node, void *configp, __attribute__((unused)) void *m
     rootcheck = (rkconfig *)configp;
 
     /* If rootcheck is defined, enable it by default */
-    rootcheck->disabled = 0;
+    if (rootcheck->disabled == RK_CONF_UNPARSED) {
+        rootcheck->disabled = RK_CONF_UNDEFINED;
+    }
 
     if (!node)
         return 0;

src/config/rootcheck-config.h

@@ -12,6 +12,9 @@
 
 #include <stdio.h>
 
+#define RK_CONF_UNPARSED -2
+#define RK_CONF_UNDEFINED -1
+
 typedef struct _rkconfig {
     const char *workdir;
     char *basedir;

src/config/syscheck-config.c

@@ -21,7 +21,7 @@ int dump_syscheck_entry(syscheck_config *syscheck, const char *entry, int vals,
     } else {
         pl = overwrite;
     }
-    
+
     if (reg == 1) {
 #ifdef WIN32
         if (syscheck->registry == NULL) {
@@ -787,6 +787,10 @@ int Read_Syscheck(const OS_XML *xml, XML_NODE node, void *configp, __attribute__
     syscheck = (syscheck_config *)configp;
     unsigned int nodiff_size = 0;
 
+    if (syscheck->disabled == SK_CONF_UNPARSED) {
+        syscheck->disabled = SK_CONF_UNDEFINED;
+    }
+
     while (node && node[i]) {
         if (!node[i]->element) {
             merror(XML_ELEMNULL);

src/config/syscheck-config.h

@@ -50,6 +50,9 @@
 #define WD_IGNORE_REST      0x0000008
 #endif
 
+#define SK_CONF_UNPARSED -2
+#define SK_CONF_UNDEFINED -1
+
 //Max allowed value for recursion
 #define MAX_DEPTH_ALLOWED 320
 

src/rootcheck/config.c

@@ -30,6 +30,14 @@ int Read_Rootcheck_Config(const char *cfgfile)
     ReadConfig(modules, AGENTCONFIG, &rootcheck, NULL);
 #endif
 
+    switch (rootcheck.disabled) {
+    case RK_CONF_UNPARSED:
+        rootcheck.disabled = 1;
+        break;
+    case RK_CONF_UNDEFINED:
+        rootcheck.disabled = 0;
+    }
+
     return (0);
 }
 

src/rootcheck/rootcheck.c

@@ -78,7 +78,7 @@ int rootcheck_init(int test_config)
     rootcheck.notify = QUEUE;
     rootcheck.scanall = 0;
     rootcheck.readall = 0;
-    rootcheck.disabled = 1;
+    rootcheck.disabled = RK_CONF_UNPARSED;
     rootcheck.skip_nfs = 0;
     rootcheck.alert_msg = NULL;
     rootcheck.time = ROOTCHECK_WAIT;

src/syscheckd/config.c

@@ -24,7 +24,7 @@ int Read_Syscheck_Config(const char *cfgfile)
     modules |= CSYSCHECK;
 
     syscheck.rootcheck      = 0;
-    syscheck.disabled       = 1;
+    syscheck.disabled       = SK_CONF_UNPARSED;
     syscheck.skip_nfs       = 1;
     syscheck.scan_on_start  = 1;
     syscheck.time           = 43200;
@@ -66,6 +66,14 @@ int Read_Syscheck_Config(const char *cfgfile)
     ReadConfig(modules, AGENTCONFIG, &syscheck, NULL);
 #endif
 
+    switch (syscheck.disabled) {
+    case SK_CONF_UNPARSED:
+        syscheck.disabled = 1;
+        break;
+    case SK_CONF_UNDEFINED:
+        syscheck.disabled = 0;
+    }
+
 #ifndef WIN32
     /* We must have at least one directory to check */
     if (!syscheck.dir || syscheck.dir[0] == NULL) {