ossec-agentd does not fully respect -f flag

[sixela]

Trying to run ossec-agentd in the foreground I noticed a child process was spawned. I'm currently running 3.6 but I witnessed no major commit that changes this behavior up to 3.8 so I assume it applies as well.

# /var/ossec/bin/ossec-agentd -V

OSSEC HIDS v3.6.0 - OSSEC Foundation

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License (version 2) as
published by the Free Software Foundation. For more details, go to
http://www.ossec.net/main/license/

What I saw:

ossec     9032  0.0  0.0  11660  4484 ?        Ss   10:12   0:00 /var/ossec/bin/ossec-agentd -f
ossec     9034  0.0  0.0  11564  2132 ?        S    10:12   0:00  \_ /var/ossec/bin/ossec-agentd -f

And indeed if I try to start it manually it explicitly tells me it's in daemon mode:

# /var/ossec/bin/ossec-agentd -f
2025/02/21 10:13:38 ossec-agentd: INFO: Using notify time: 120 and max time to reconnect: 1800
2025/02/21 10:13:38 going daemon
2025/02/21 10:13:38 starting imsg stuff
2025/02/21 10:13:38 Creating socketpair()
2025/02/21 10:13:38 agentd imsg_init()
2025/02/21 10:13:38 os_dns imsg_init()
2025/02/21 10:13:38 ossec-agentd(1410): INFO: Reading authentication keys file.
[...]

I believe the run_foreground condition at https://github.com/ossec/ossec-hids/blob/main/src/client-agent/agentd.c#L31 isn't respected correctly.