byterazor/OSSEC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ADD: script to update signature table in ossec database

Browse Source
This commit is contained in:
Dominik Meyer 2019-12-20 12:43:22 +01:00
parent f36b0ffabb
commit 07bc45ec8d
No known key found for this signature in database
GPG Key ID: B4C312B600606B64
1 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
bin/ossec-update-rules-database.pl Normal file
View File

@ -0,0 +1,70 @@
#!/usr/bin/env perl
#ABSTRACT: script to update the rules within the mysql database
#PODNAME: ossec-update-rules-database.pl
use strict;
use warnings;
use File::Basename;
use OSSEC;
use XML::LibXML;
use Try::Tiny;
my $ossec = OSSEC->new();
my $mysql = $ossec->mysql();
# clear rules from database
$mysql->deleteAllRules();
my @includes = $ossec->config()->getElementsByTagName("include");
for my $i (@includes)
{
if (! -e $ossec->ossecPath() . "/rules/" . $i->textContent)
{
warn($i . " not found\n");
}
else
{
readpipe("echo \"<root>\" > /tmp/".$i->textContent);
readpipe("cat " . $ossec->ossecPath() . "/rules/" . $i->textContent . ">> /tmp/".$i->textContent);
readpipe("echo \"</root>\" >> /tmp/".$i->textContent);
readpipe("sed -i '/pcre2/d' /tmp/".$i->textContent );
open(my $fh, '<', "/tmp/" . $i->textContent);
binmode $fh;
my $ruleFile;
my $parser = XML::LibXML->new;
$parser->set_option("pedantic_parser",0);
$parser->set_option("validation", 0);
$parser->set_option("recover",1);
try {
$ruleFile = $parser->load_xml(IO => $fh);
} catch {
warn("Error parsing " . $i->textContent . ": $_\n");
};
close $fh;
my @rules = $ruleFile->getElementsByTagName("rule");
for my $r (@rules)
{
my $rule = {};
my $description;
if ($r->getElementsByTagName("description"))
{
$description = $r->getElementsByTagName("description")->[0]->textContent;
}
else
{
$description = "unknown";
}
$mysql->addRule($r->getAttribute("id"), $r->getAttribute("level"), $description);
}
}
}