projects / ossec-hids.git / blob
? search:


45b0d3ae27ee7b01262dc01054a2a1eeb36b4ccf
[ossec-hids.git] / debian / ossec-hids / usr / share / doc / ossec-hids / contrib / ossec_rules_list.py
1 #!/usr/bin/python
2 # OSSEC Rules list
3 # Simple script to get a short brief of every rule in OSSEC rules folder
4 # Written Feb 25, 2016 and released under the GNU/GPLv2 license  ##
5 # By pedro@wazuh.com @ Wazuh, Inc.
6
7 import sys
8 import re
9 import os
10
11 rules_directory = "/var/ossec/rules/"
12
13 def GetRulesList(fulldir, filename):
14     rule_detected = 0
15     rule_description = 0
16     level = ""
17     sidid = ""
18     description = ""
19     pattern_idlevel = re.compile(r'<rule id="(.+?)".+level="(.+?)"')
20     pattern_description = re.compile(r'<description>(.+?)</description>')
21     pattern_endrule = re.compile(r'</rule>')
22     try:
23         with open(fulldir) as f:
24             lines = f.readlines()
25             for line in lines:
26                 if rule_detected == 0:
27                     match = re.findall(pattern_idlevel, line)
28                     if match:
29                         rule_detected = 1
30                         sidid = match[0][0]
31                         level = match[0][1]
32                 else:
33                     if rule_description == 0:
34                         match = re.findall(pattern_description, line)
35                         if match:
36                             rule_description = 1
37                             description = match[0]
38                     if rule_description == 1:
39                         match = re.findall(pattern_endrule, line)
40                         if match:
41                             print "%s - Rule %s - Level %s -> %s" % (filename,sidid,level,description)
42                             rule_detected = 0
43                             rule_description = 0
44                             level = ""
45                             sidid = ""
46                             description = ""
47     except EnvironmentError: 
48            print ("Error: OSSEC rules directory does not appear to exist")
49            
50 if __name__ == "__main__":
51     print ("Reading rules from directory %s") % (rules_directory)
52     for root, directories, filenames in os.walk(rules_directory):
53         for filename in filenames:
54             if filename[-4:] == ".xml":
55                 GetRulesList(os.path.join(root,filename), filename)
ossec-hids