#!/bin/bash
NOROOT=1
. /usr/sbin/so-common

{%- set proxy = salt['pillar.get']('manager:proxy') %}
{%- set noproxy = salt['pillar.get']('manager:no_proxy', '') %}

# Download the rules from the internet
{%- if proxy %}
export http_proxy={{ proxy }} 
export https_proxy={{ proxy }} 
export no_proxy="{{ noproxy }}" 
{%- endif %}

repos="/opt/so/conf/strelka/repos.txt"
output_dir=/nsm/rules/yara
gh_status=$(curl -s -o /dev/null -w "%{http_code}" https://github.com)
clone_dir="/tmp"
if [ "$gh_status" == "200" ]  || [ "$gh_status" == "301" ]; then

  while IFS= read -r repo; do
    if ! $(echo "$repo" | grep -qE '^#'); then
      # Remove old repo if existing bc of previous error condition or unexpected disruption
      repo_name=`echo $repo | awk -F '/' '{print $NF}'`
      [ -d $output_dir/$repo_name ] && rm -rf $output_dir/$repo_name

      # Clone repo and make appropriate directories for rules
      git clone $repo $clone_dir/$repo_name
      echo "Analyzing rules from $clone_dir/$repo_name..."
      mkdir -p $output_dir/$repo_name
      # Ensure a copy of the license is available for the rules
      [ -f $clone_dir/$repo_name/LICENSE ] && cp $clone_dir/$repo_name/LICENSE $output_dir/$repo_name

      # Copy over rules
      for i in $(find $clone_dir/$repo_name -name "*.yar*"); do
        rule_name=$(echo $i | awk -F '/' '{print $NF}')
        cp $i $output_dir/$repo_name
     done
     rm -rf $clone_dir/$repo_name
    fi
    done < $repos

  echo "Done!"

/usr/sbin/so-yara-update 
  
else
  echo "Server returned $gh_status status code."
  echo "No connectivity to Github...exiting..."
  exit 1
fi