71 lines
1.6 KiB
Perl
71 lines
1.6 KiB
Perl
|
#!/usr/bin/env perl
|
||
|
|
||
|
#ABSTRACT: script to update the rules within the mysql database
|
||
|
#PODNAME: ossec-update-rules-database.pl
|
||
|
use strict;
|
||
|
use warnings;
|
||
|
use File::Basename;
|
||
|
use OSSEC;
|
||
|
use XML::LibXML;
|
||
|
use Try::Tiny;
|
||
|
|
||
|
my $ossec = OSSEC->new();
|
||
|
my $mysql = $ossec->mysql();
|
||
|
|
||
|
# clear rules from database
|
||
|
$mysql->deleteAllRules();
|
||
|
|
||
|
my @includes = $ossec->config()->getElementsByTagName("include");
|
||
|
|
||
|
for my $i (@includes)
|
||
|
{
|
||
|
if (! -e $ossec->ossecPath() . "/rules/" . $i->textContent)
|
||
|
{
|
||
|
warn($i . " not found\n");
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
|
||
|
readpipe("echo \"<root>\" > /tmp/".$i->textContent);
|
||
|
readpipe("cat " . $ossec->ossecPath() . "/rules/" . $i->textContent . ">> /tmp/".$i->textContent);
|
||
|
readpipe("echo \"</root>\" >> /tmp/".$i->textContent);
|
||
|
readpipe("sed -i '/pcre2/d' /tmp/".$i->textContent );
|
||
|
|
||
|
open(my $fh, '<', "/tmp/" . $i->textContent);
|
||
|
binmode $fh;
|
||
|
my $ruleFile;
|
||
|
|
||
|
my $parser = XML::LibXML->new;
|
||
|
$parser->set_option("pedantic_parser",0);
|
||
|
$parser->set_option("validation", 0);
|
||
|
$parser->set_option("recover",1);
|
||
|
|
||
|
try {
|
||
|
$ruleFile = $parser->load_xml(IO => $fh);
|
||
|
} catch {
|
||
|
warn("Error parsing " . $i->textContent . ": $_\n");
|
||
|
};
|
||
|
close $fh;
|
||
|
|
||
|
my @rules = $ruleFile->getElementsByTagName("rule");
|
||
|
|
||
|
for my $r (@rules)
|
||
|
{
|
||
|
my $rule = {};
|
||
|
my $description;
|
||
|
if ($r->getElementsByTagName("description"))
|
||
|
{
|
||
|
$description = $r->getElementsByTagName("description")->[0]->textContent;
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$description = "unknown";
|
||
|
}
|
||
|
|
||
|
$mysql->addRule($r->getAttribute("id"), $r->getAttribute("level"), $description);
|
||
|
}
|
||
|
|
||
|
}
|
||
|
|
||
|
}
|