CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10739 from Security-Onion-Solutions/yararules

Browse Source 
include *.yara
This commit is contained in:
Josh Patterson
2023-07-11 10:21:35 -04:00
committed by GitHub
parent 7cdd1f89d7 304830d2ee
commit 60d66b973c
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/manager/tools/sbin_jinja/so-yara-update
View File

@@ -18,8 +18,10 @@ SORULEDIR=/nsm/rules/yara
OUTPUTDIR=/opt/so/saltstack/local/salt/strelka/rules OUTPUTDIR=/opt/so/saltstack/local/salt/strelka/rules
mkdir -p $OUTPUTDIR mkdir -p $OUTPUTDIR
# remove all rules prior to copy so we can clear out old rules
rm -f $OUTPUTDIR/*
for i in $(find $SORULEDIR -name "*.yar"); do for i in $(find $SORULEDIR -name "*.yar" -o -name "*.yara"); do
rule_name=$(echo $i | awk -F '/' '{print $NF}') rule_name=$(echo $i | awk -F '/' '{print $NF}')
if [[ ! "${excluded_rules}" =~ ${rule_name} ]]; then if [[ ! "${excluded_rules}" =~ ${rule_name} ]]; then
echo "Adding rule: $rule_name..." echo "Adding rule: $rule_name..."