HEX
Server: Apache/2.4.52 (Ubuntu)
System: Linux mail.btech-izolacje.pl 5.15.0-140-generic #150-Ubuntu SMP Sat Apr 12 06:00:09 UTC 2025 x86_64
User: pewna6876 (1017)
PHP: 8.2.28
Disabled: NONE
$ pwd: /usr/share/ossec/contrib/
Upload Files
File: //usr/share/ossec/contrib/compile_alerts.pl
#!/usr/bin/perl -w
use strict;
# Contrib by Meir Michanie
# meirm at riunx.com
# Licensed under GPL
my $VERSION='0.1';
my $ossec_path='/var/ossec';
my $rules_config="$ossec_path/etc/rules_config.xml";
my $usersignatures_path="$ossec_path/user_signatures";
my $signatures_path="$ossec_path/signatures";
while ( @ARGV) {
	$_=shift @ARGV;
	if (m/^-u$|^--user-signatures$/) {
		$usersignatures_path= shift @ARGV;
		&help() unless -d $usersignatures_path;
	}elsif (m/^-s$|^--signatures$/){
		$signatures_path= shift @ARGV;
		&help() unless -d $signatures_path;
	}elsif (m/^-c$|^--rules_config$/){
                $rules_config= shift @ARGV;
                &help() unless -f $rules_config;
        }elsif (m/^-h$|^--help$/){
		&help;
	}
}
print STDERR "Adding $rules_config\n";
my @rules_files=($rules_config);
opendir (USERDEFINED , "$usersignatures_path") || die ("Could not open dir $usersignatures_path\n");
my @temparray=();
while ($_ = readdir(USERDEFINED)){
	chomp; 
	next unless  -f "$usersignatures_path/$_";
	print STDERR "Adding $usersignatures_path/$_\n";
	push @temparray, "$usersignatures_path/$_";
}
close (USERDEFINED);
push @rules_files , sort (@temparray);

@temparray=();
opendir(RULES,"$signatures_path") || die ("Could not open dir $signatures_path\n");
while ($_ = readdir(RULES)){
	chomp;
	next unless  -f "$signatures_path/$_";
	print STDERR "Adding $signatures_path/$_\n";
        push @temparray, "$signatures_path/$_";
}
close (RULES);
push @rules_files , sort (@temparray);
map { print STDERR "processing: $_\n";} @rules_files;
foreach (@rules_files){
	open (RFILE, "$_") ||die ("Could not open file $_");
	my @content=<RFILE>;
	close (RFILE);
	print  join ('',@content);
}

sub help(){
	print STDERR "$0\nRules compilation tool for OSSEC \n";
	print "This tool facilitates the building of monolitic rules file to be included in ossec.xml.\n"
	. "You only need one rules include entry in ossec.xml\n"
	. "<rules>\n"
	. "\t<include>ossec_rules.xml</include>"
 	."</rules>"

	. "$0 will print to STDOUT the result of the mixing.\n"
	. "If no parameter are passed then the application will use the default locations.\n"
	. "Default values:\n"
	. "--user-signatures -> $usersignatures_path\n"
	. "--signatures -> $signatures_path\n"
	. "--rules-config -> $rules_config\n"
	. "Compiling rules allows us to generate multiple configurations and even facilitate the upgrade of them.\n"
	. "By instance, you can make a directory with symbolic links to rules you want to use without altering the standard repository.\n"
	. "There are more examples of situation where you can use a subset of the rules repository\n"
	. "I invite someone to reword this explanation.\n";
	
	print STDERR "\n\nUsage:\n";
	print STDERR "$0  [-u|--user-signatures] <user-signatures-dir> [-s|--signatures] <signatures-dir>\n"
	."\n\nBUGS:\n"
	. "I just wanted to deliver version one.\n"
	. "I will change the script to read the directory sorted, so you can link signatures with names that would emulate the behavior of the sysV system.\n";
	
	exit;
}
@ Telegram