From 07bc45ec8d4ef0338efa4dd29b1d7e0b1c6c686f Mon Sep 17 00:00:00 2001
From: Dominik Meyer <dmeyer@federationhq.de>
Date: Fri, 20 Dec 2019 12:43:22 +0100
Subject: [PATCH] ADD: script to update signature table in ossec database

---
 bin/ossec-update-rules-database.pl | 70 ++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 bin/ossec-update-rules-database.pl

diff --git a/bin/ossec-update-rules-database.pl b/bin/ossec-update-rules-database.pl
new file mode 100644
index 0000000..35cbd2c
--- /dev/null
+++ b/bin/ossec-update-rules-database.pl
@@ -0,0 +1,70 @@
+#!/usr/bin/env perl
+
+#ABSTRACT: script to update the rules within the mysql database
+#PODNAME: ossec-update-rules-database.pl
+use strict;
+use warnings;
+use File::Basename;
+use OSSEC;
+use XML::LibXML;
+use Try::Tiny;
+
+my $ossec = OSSEC->new();
+my $mysql = $ossec->mysql();
+
+# clear rules from database
+$mysql->deleteAllRules();
+
+my @includes = $ossec->config()->getElementsByTagName("include");
+
+for my $i (@includes)
+{
+  if (! -e $ossec->ossecPath() . "/rules/" . $i->textContent)
+  {
+    warn($i . " not found\n");
+  }
+  else
+  {
+
+    readpipe("echo \"<root>\" > /tmp/".$i->textContent);
+    readpipe("cat " . $ossec->ossecPath() . "/rules/" . $i->textContent . ">> /tmp/".$i->textContent);
+    readpipe("echo \"</root>\" >> /tmp/".$i->textContent);
+    readpipe("sed -i '/pcre2/d' /tmp/".$i->textContent );
+
+    open(my $fh, '<', "/tmp/" . $i->textContent);
+    binmode $fh;
+    my $ruleFile;
+
+    my $parser = XML::LibXML->new;
+    $parser->set_option("pedantic_parser",0);
+    $parser->set_option("validation", 0);
+    $parser->set_option("recover",1);
+
+    try {
+      $ruleFile = $parser->load_xml(IO => $fh);
+    } catch {
+      warn("Error parsing " . $i->textContent . ": $_\n");
+    };
+    close $fh;
+
+    my @rules = $ruleFile->getElementsByTagName("rule");
+
+    for my $r (@rules)
+    {
+      my $rule = {};
+      my $description;
+      if ($r->getElementsByTagName("description"))
+      {
+        $description = $r->getElementsByTagName("description")->[0]->textContent;
+      }
+      else
+      {
+        $description  = "unknown";
+      }
+
+      $mysql->addRule($r->getAttribute("id"), $r->getAttribute("level"), $description);
+    }
+
+  }
+
+}