chore: better script & ci

.github/workflows/build.yml

@@ -1,61 +1,24 @@
-name: Build YARA
+name: YARA Installation and Testing
 
-on:
- push:
- branches:
- - main
- pull_request:
- branches:
- - main
+on: [push, pull_request]
 
 jobs:
- build:
+ test_yara:
  runs-on: ${{ matrix.os }}
+ name: Test YARA on ${{ matrix.os }} ${{ matrix.arch }}
  strategy:
  matrix:
- os: [ubuntu-latest, windows-latest, macos-latest]
- arch:
- - x86_64
- - arm64
- version:
- - 4.5.1
-
+ os: [ubuntu-latest, macos-latest]
+ arch: [x64, arm64]
  steps:
  - name: Checkout code
- uses: actions/checkout@v2
-
- - name: Install dependencies (Linux)
- if: matrix.os == 'ubuntu-latest'
- run: sudo apt-get install -y automake libtool make gcc pkg-config
-
- - name: Install dependencies (Windows)
- if: matrix.os == 'windows-latest'
- run: choco install mingw
-
- - name: Install dependencies (macOS)
- if: matrix.os == 'macos-latest'
- run: brew install automake libtool pkg-config
+ uses: actions/checkout@v4
 
- - name: Download YARA
+ - name: Run installation script
  run: |
- wget https://github.com/VirusTotal/yara/archive/refs/tags/v${{ matrix.version }}.tar.gz
- tar -xzf v${{ matrix.version }}.tar.gz
+ sudo bash ./scripts/install.sh
 
- - name: Build YARA
- working-directory: yara-${{ matrix.version }}
+ - name: Verify YARA installation
  run: |
- ./bootstrap.sh
- ./configure --host=${{ matrix.arch }}
- make
-
- - name: Package YARA
- working-directory: yara-${{ matrix.version }}
- run: |
- mkdir -p artifacts/${{ matrix.os }}-${{ matrix.arch }}/yara-${{ matrix.version }}
- cp yara artifacts/${{ matrix.os }}-${{ matrix.arch }}/yara-${{ matrix.version }}/
-
- - name: Upload Artifact
- uses: actions/upload-artifact@v4
- with:
- name: yara-${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.version }}
- path: artifacts/${{ matrix.os }}-${{ matrix.arch }}/yara-${{ matrix.version }}
+ yara -v
+ yarac -v

README.md

@@ -1 +1,3 @@
 # Wazuh Yara
+
+[![Build YARA](https://github.com/ADORSYS-GIS/wazuh-yara/actions/workflows/build.yml/badge.svg)](https://github.com/ADORSYS-GIS/wazuh-yara/actions/workflows/build.yml)

scripts/install.sh

@@ -0,0 +1,143 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# Define log levels
+LOG_LEVEL=${LOG_LEVEL:-INFO} # Default to INFO if not set
+YARA_VERSION="4.2.3"
+TEMP_DIR=$(mktemp -d)
+YARA_RULES_URL="https://valhalla.nextron-systems.com/api/v1/get"
+YARA_RULES_APIKEY="1111111111111111111111111111111111111111111111111111111111111111"
+YARA_RULES_DIR="/var/ossec/ruleset/yara/rules"
+YARA_RULES_FILE="$YARA_RULES_DIR/yara_rules.yar"
+MAX_RETRIES=3
+USER="root"
+GROUP="wazuh"
+
+# Function to handle logging
+log() {
+ local LEVEL=$1
+ shift
+ local MESSAGE=$*
+ local TIMESTAMP=$(date +"%Y-%m-%d %H:%M:%S")
+
+ if [[ $LEVEL == "ERROR" ]] || [[ $LEVEL == "WARNING" && $LOG_LEVEL != "ERROR" ]] || [[ $LEVEL == "INFO" && $LOG_LEVEL == "INFO" ]]; then
+ echo "$TIMESTAMP [$LEVEL] $MESSAGE"
+ fi
+}
+
+cleanup() {
+ rm -rf "$TEMP_DIR"
+ log INFO "Cleaned up temporary directory."
+}
+trap cleanup EXIT
+
+install_dependencies_ubuntu() {
+ log INFO "Installing necessary packages and building YARA from source on Ubuntu..."
+ apt update && apt install -y make gcc autoconf libtool libssl-dev pkg-config jq curl pv
+}
+
+install_dependencies_macos() {
+ log INFO "Installing necessary packages and building YARA from source on macOS..."
+ brew install autoconf automake libtool openssl pkg-config jq curl pv
+}
+
+download_file() {
+ local URL=$1
+ local OUTPUT_PATH=$2
+ local HEADERS=${3:-""}
+ local RETRY=0
+
+ log INFO "Downloading file from $URL to $OUTPUT_PATH..."
+
+ while [[ $RETRY -lt $MAX_RETRIES ]]; do
+ log INFO "Attempting to download file from $URL (Attempt $((RETRY+1))/$MAX_RETRIES)..."
+
+ if [[ -n "$HEADERS" ]]; then
+ curl --progress-bar -SL "$URL" "$HEADERS" -o "$OUTPUT_PATH" | cat
+ else
+ curl --progress-bar -SL "$URL" -o "$OUTPUT_PATH" | cat
+ fi
+
+ # Check if the download was successful by validating the file size
+ if [[ -s "$OUTPUT_PATH" ]]; then
+ log INFO "File downloaded successfully to $OUTPUT_PATH."
+ return 0
+ else
+ log WARNING "Download failed or file is empty. Retrying..."
+ ((RETRY++))
+ fi
+ done
+
+ log ERROR "Failed to download the file from $URL after $MAX_RETRIES attempts."
+ exit 1
+}
+
+download_yara() {
+ log INFO "Downloading YARA v${YARA_VERSION}..."
+ download_file "https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz" "$TEMP_DIR/yara-${YARA_VERSION}.tar.gz"
+}
+
+extract_yara() {
+ log INFO "Extracting YARA..."
+ if ! pv "$TEMP_DIR/yara-${YARA_VERSION}.tar.gz" | tar xz -C "$TEMP_DIR"; then
+ log ERROR "Failed to extract YARA tarball. The file might be corrupted."
+ exit 1
+ fi
+}
+
+build_and_install_yara() {
+ log INFO "Building and installing YARA..."
+ cd "$TEMP_DIR/yara-${YARA_VERSION}" || { log ERROR "Failed to change directory to YARA source. Exiting..."; exit 1; }
+ ./bootstrap.sh && ./configure && make && make install
+
+ # Set ownership and group
+ chown -R "$USER":"$GROUP" /usr/local/bin/yara*
+ log INFO "YARA installed with ownership set to user $USER and group $GROUP."
+}
+
+run_yara_tests() {
+ log INFO "Running YARA tests..."
+ make check
+}
+
+download_yara_rules() {
+ log INFO "Downloading YARA rules..."
+ mkdir -p "$YARA_RULES_DIR"
+ download_file "$YARA_RULES_URL" "$YARA_RULES_FILE" \
+ "-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
+ -H 'Accept-Language: en-US,en;q=0.5' \
+ --compressed \
+ -H 'Referer: https://valhalla.nextron-systems.com/' \
+ -H 'Content-Type: application/x-www-form-urlencoded' \
+ -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' \
+ --data 'demo=demo&apikey=$YARA_RULES_APIKEY&format=text'"
+
+ # Set ownership and group for YARA rules
+ chown -R "$USER":"$GROUP" "$YARA_RULES_DIR"
+ log INFO "YARA rules downloaded successfully to $YARA_RULES_FILE with ownership set to user $USER and group $GROUP."
+}
+
+# Main script logic
+log INFO "Starting YARA installation script."
+
+if [[ $(uname) == "Linux" && -x "$(command -v apt)" ]]; then
+ install_dependencies_ubuntu
+elif [[ $(uname) == "Darwin" && -x "$(command -v brew)" ]]; then
+ install_dependencies_macos
+else
+ log ERROR "Unsupported operating system or package manager. Exiting..."
+ exit 1
+fi
+
+# Install YARA
+download_yara
+extract_yara
+build_and_install_yara
+run_yara_tests
+
+# Download YARA rules
+download_yara_rules
+
+
+log INFO "YARA installation and configuration completed successfully."