--- /dev/null
+#!/usr/bin/perl -w
+use strict;
+# Contrib by Meir Michanie
+# meirm at riunx.com
+# Licensed under GPL
+my $VERSION='0.1';
+my $ossec_path='/var/ossec';
+my $rules_config="$ossec_path/etc/rules_config.xml";
+my $usersignatures_path="$ossec_path/user_signatures";
+my $signatures_path="$ossec_path/signatures";
+while ( @ARGV) {
+ $_=shift @ARGV;
+ if (m/^-u$|^--user-signatures$/) {
+ $usersignatures_path= shift @ARGV;
+ &help() unless -d $usersignatures_path;
+ }elsif (m/^-s$|^--signatures$/){
+ $signatures_path= shift @ARGV;
+ &help() unless -d $signatures_path;
+ }elsif (m/^-c$|^--rules_config$/){
+ $rules_config= shift @ARGV;
+ &help() unless -f $rules_config;
+ }elsif (m/^-h$|^--help$/){
+ &help;
+ }
+}
+print STDERR "Adding $rules_config\n";
+my @rules_files=($rules_config);
+opendir (USERDEFINED , "$usersignatures_path") || die ("Could not open dir $usersignatures_path\n");
+my @temparray=();
+while ($_ = readdir(USERDEFINED)){
+ chomp;
+ next unless -f "$usersignatures_path/$_";
+ print STDERR "Adding $usersignatures_path/$_\n";
+ push @temparray, "$usersignatures_path/$_";
+}
+close (USERDEFINED);
+push @rules_files , sort (@temparray);
+
+@temparray=();
+opendir(RULES,"$signatures_path") || die ("Could not open dir $signatures_path\n");
+while ($_ = readdir(RULES)){
+ chomp;
+ next unless -f "$signatures_path/$_";
+ print STDERR "Adding $signatures_path/$_\n";
+ push @temparray, "$signatures_path/$_";
+}
+close (RULES);
+push @rules_files , sort (@temparray);
+map { print STDERR "processing: $_\n";} @rules_files;
+foreach (@rules_files){
+ open (RFILE, "$_") ||die ("Could not open file $_");
+ my @content=<RFILE>;
+ close (RFILE);
+ print join ('',@content);
+}
+
+sub help(){
+ print STDERR "$0\nRules compilation tool for OSSEC \n";
+ print "This tool facilitates the building of monolitic rules file to be included in ossec.xml.\n"
+ . "You only need one rules include entry in ossec.xml\n"
+ . "<rules>\n"
+ . "\t<include>ossec_rules.xml</include>"
+ ."</rules>"
+
+ . "$0 will print to STDOUT the result of the mixing.\n"
+ . "If no parameter are passed then the application will use the default locations.\n"
+ . "Default values:\n"
+ . "--user-signatures -> $usersignatures_path\n"
+ . "--signatures -> $signatures_path\n"
+ . "--rules-config -> $rules_config\n"
+ . "Compiling rules allows us to generate multiple configurations and even facilitate the upgrade of them.\n"
+ . "By instance, you can make a directory with symbolic links to rules you want to use without altering the standard repository.\n"
+ . "There are more examples of situation where you can use a subset of the rules repository\n"
+ . "I invite someone to reword this explanation.\n";
+
+ print STDERR "\n\nUsage:\n";
+ print STDERR "$0 [-u|--user-signatures] <user-signatures-dir> [-s|--signatures] <signatures-dir>\n"
+ ."\n\nBUGS:\n"
+ . "I just wanted to deliver version one.\n"
+ . "I will change the script to read the directory sorted, so you can link signatures with names that would emulate the behavior of the sysV system.\n";
+
+ exit;
+}
projects / ossec-hids.git / blobdiff