mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-29 03:13:30 +01:00
52 lines
1.6 KiB
Bash
52 lines
1.6 KiB
Bash
#!/bin/bash
|
|
NOROOT=1
|
|
. /usr/sbin/so-common
|
|
|
|
{%- set proxy = salt['pillar.get']('manager:proxy') %}
|
|
{%- set noproxy = salt['pillar.get']('manager:no_proxy', '') %}
|
|
|
|
# Download the rules from the internet
|
|
{%- if proxy %}
|
|
export http_proxy={{ proxy }}
|
|
export https_proxy={{ proxy }}
|
|
export no_proxy="{{ noproxy }}"
|
|
{%- endif %}
|
|
|
|
repos="/opt/so/conf/strelka/repos.txt"
|
|
output_dir=/nsm/rules/yara
|
|
gh_status=$(curl -s -o /dev/null -w "%{http_code}" https://github.com)
|
|
clone_dir="/tmp"
|
|
if [ "$gh_status" == "200" ] || [ "$gh_status" == "301" ]; then
|
|
|
|
while IFS= read -r repo; do
|
|
if ! $(echo "$repo" | grep -qE '^#'); then
|
|
# Remove old repo if existing bc of previous error condition or unexpected disruption
|
|
repo_name=`echo $repo | awk -F '/' '{print $NF}'`
|
|
[ -d $output_dir/$repo_name ] && rm -rf $output_dir/$repo_name
|
|
|
|
# Clone repo and make appropriate directories for rules
|
|
git clone $repo $clone_dir/$repo_name
|
|
echo "Analyzing rules from $clone_dir/$repo_name..."
|
|
mkdir -p $output_dir/$repo_name
|
|
# Ensure a copy of the license is available for the rules
|
|
[ -f $clone_dir/$repo_name/LICENSE ] && cp $clone_dir/$repo_name/LICENSE $output_dir/$repo_name
|
|
|
|
# Copy over rules
|
|
for i in $(find $clone_dir/$repo_name -name "*.yar*"); do
|
|
rule_name=$(echo $i | awk -F '/' '{print $NF}')
|
|
cp $i $output_dir/$repo_name
|
|
done
|
|
rm -rf $clone_dir/$repo_name
|
|
fi
|
|
done < $repos
|
|
|
|
echo "Done!"
|
|
|
|
/usr/sbin/so-yara-update
|
|
|
|
else
|
|
echo "Server returned $gh_status status code."
|
|
echo "No connectivity to Github...exiting..."
|
|
exit 1
|
|
fi
|