3 # Contrib by Meir Michanie
7 my $ossec_path='/var/ossec';
8 my $rules_config="$ossec_path/etc/rules_config.xml";
9 my $usersignatures_path="$ossec_path/user_signatures";
10 my $signatures_path="$ossec_path/signatures";
13 if (m/^-u$|^--user-signatures$/) {
14 $usersignatures_path= shift @ARGV;
15 &help() unless -d $usersignatures_path;
16 }elsif (m/^-s$|^--signatures$/){
17 $signatures_path= shift @ARGV;
18 &help() unless -d $signatures_path;
19 }elsif (m/^-c$|^--rules_config$/){
20 $rules_config= shift @ARGV;
21 &help() unless -f $rules_config;
22 }elsif (m/^-h$|^--help$/){
26 print STDERR "Adding $rules_config\n";
27 my @rules_files=($rules_config);
28 opendir (USERDEFINED , "$usersignatures_path") || die ("Could not open dir $usersignatures_path\n");
30 while ($_ = readdir(USERDEFINED)){
32 next unless -f "$usersignatures_path/$_";
33 print STDERR "Adding $usersignatures_path/$_\n";
34 push @temparray, "$usersignatures_path/$_";
37 push @rules_files , sort (@temparray);
40 opendir(RULES,"$signatures_path") || die ("Could not open dir $signatures_path\n");
41 while ($_ = readdir(RULES)){
43 next unless -f "$signatures_path/$_";
44 print STDERR "Adding $signatures_path/$_\n";
45 push @temparray, "$signatures_path/$_";
48 push @rules_files , sort (@temparray);
49 map { print STDERR "processing: $_\n";} @rules_files;
50 foreach (@rules_files){
51 open (RFILE, "$_") ||die ("Could not open file $_");
54 print join ('',@content);
58 print STDERR "$0\nRules compilation tool for OSSEC \n";
59 print "This tool facilitates the building of monolitic rules file to be included in ossec.xml.\n"
60 . "You only need one rules include entry in ossec.xml\n"
62 . "\t<include>ossec_rules.xml</include>"
65 . "$0 will print to STDOUT the result of the mixing.\n"
66 . "If no parameter are passed then the application will use the default locations.\n"
68 . "--user-signatures -> $usersignatures_path\n"
69 . "--signatures -> $signatures_path\n"
70 . "--rules-config -> $rules_config\n"
71 . "Compiling rules allows us to generate multiple configurations and even facilitate the upgrade of them.\n"
72 . "By instance, you can make a directory with symbolic links to rules you want to use without altering the standard repository.\n"
73 . "There are more examples of situation where you can use a subset of the rules repository\n"
74 . "I invite someone to reword this explanation.\n";
76 print STDERR "\n\nUsage:\n";
77 print STDERR "$0 [-u|--user-signatures] <user-signatures-dir> [-s|--signatures] <signatures-dir>\n"
79 . "I just wanted to deliver version one.\n"
80 . "I will change the script to read the directory sorted, so you can link signatures with names that would emulate the behavior of the sysV system.\n";