X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec_rules_list.py;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec_rules_list.py;h=45b0d3ae27ee7b01262dc01054a2a1eeb36b4ccf;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec_rules_list.py b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec_rules_list.py
new file mode 100644
index 0000000..45b0d3a
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec_rules_list.py
@@ -0,0 +1,55 @@
+#!/usr/bin/python
+# OSSEC Rules list
+# Simple script to get a short brief of every rule in OSSEC rules folder
+# Written Feb 25, 2016 and released under the GNU/GPLv2 license  ##
+# By pedro@wazuh.com @ Wazuh, Inc.
+
+import sys
+import re
+import os
+
+rules_directory = "/var/ossec/rules/"
+
+def GetRulesList(fulldir, filename):
+    rule_detected = 0
+    rule_description = 0
+    level = ""
+    sidid = ""
+    description = ""
+    pattern_idlevel = re.compile(r'<rule id="(.+?)".+level="(.+?)"')
+    pattern_description = re.compile(r'<description>(.+?)</description>')
+    pattern_endrule = re.compile(r'</rule>')
+    try:
+        with open(fulldir) as f:
+            lines = f.readlines()
+            for line in lines:
+                if rule_detected == 0:
+                    match = re.findall(pattern_idlevel, line)
+                    if match:
+                        rule_detected = 1
+                        sidid = match[0][0]
+                        level = match[0][1]
+                else:
+                    if rule_description == 0:
+                        match = re.findall(pattern_description, line)
+                        if match:
+                            rule_description = 1
+                            description = match[0]
+                    if rule_description == 1:
+                        match = re.findall(pattern_endrule, line)
+                        if match:
+                            print "%s - Rule %s - Level %s -> %s" % (filename,sidid,level,description)
+                            rule_detected = 0
+                            rule_description = 0
+                            level = ""
+                            sidid = ""
+                            description = ""
+    except EnvironmentError: 
+           print ("Error: OSSEC rules directory does not appear to exist")
+           
+if __name__ == "__main__":
+    print ("Reading rules from directory %s") % (rules_directory)
+    for root, directories, filenames in os.walk(rules_directory):
+        for filename in filenames:
+            if filename[-4:] == ".xml":
+                GetRulesList(os.path.join(root,filename), filename)