-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
212c36e
commit 00d34f2
Showing
3 changed files
with
157 additions
and
49 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,61 +1,24 @@ | ||
name: Build YARA | ||
name: YARA Installation and Testing | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
branches: | ||
- main | ||
on: [push, pull_request] | ||
|
||
jobs: | ||
build: | ||
test_yara: | ||
runs-on: ${{ matrix.os }} | ||
name: Test YARA on ${{ matrix.os }} ${{ matrix.arch }} | ||
strategy: | ||
matrix: | ||
os: [ubuntu-latest, windows-latest, macos-latest] | ||
arch: | ||
- x86_64 | ||
- arm64 | ||
version: | ||
- 4.5.1 | ||
|
||
os: [ubuntu-latest, macos-latest] | ||
arch: [x64, arm64] | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v2 | ||
|
||
- name: Install dependencies (Linux) | ||
if: matrix.os == 'ubuntu-latest' | ||
run: sudo apt-get install -y automake libtool make gcc pkg-config | ||
|
||
- name: Install dependencies (Windows) | ||
if: matrix.os == 'windows-latest' | ||
run: choco install mingw | ||
|
||
- name: Install dependencies (macOS) | ||
if: matrix.os == 'macos-latest' | ||
run: brew install automake libtool pkg-config | ||
uses: actions/checkout@v4 | ||
|
||
- name: Download YARA | ||
- name: Run installation script | ||
run: | | ||
wget https://github.com/VirusTotal/yara/archive/refs/tags/v${{ matrix.version }}.tar.gz | ||
tar -xzf v${{ matrix.version }}.tar.gz | ||
sudo bash ./scripts/install.sh | ||
- name: Build YARA | ||
working-directory: yara-${{ matrix.version }} | ||
- name: Verify YARA installation | ||
run: | | ||
./bootstrap.sh | ||
./configure --host=${{ matrix.arch }} | ||
make | ||
- name: Package YARA | ||
working-directory: yara-${{ matrix.version }} | ||
run: | | ||
mkdir -p artifacts/${{ matrix.os }}-${{ matrix.arch }}/yara-${{ matrix.version }} | ||
cp yara artifacts/${{ matrix.os }}-${{ matrix.arch }}/yara-${{ matrix.version }}/ | ||
- name: Upload Artifact | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: yara-${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.version }} | ||
path: artifacts/${{ matrix.os }}-${{ matrix.arch }}/yara-${{ matrix.version }} | ||
yara -v | ||
yarac -v |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,3 @@ | ||
# Wazuh Yara | ||
|
||
[![Build YARA](https://github.com/ADORSYS-GIS/wazuh-yara/actions/workflows/build.yml/badge.svg)](https://github.com/ADORSYS-GIS/wazuh-yara/actions/workflows/build.yml) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,143 @@ | ||
#!/bin/bash | ||
|
||
set -euo pipefail | ||
|
||
# Define log levels | ||
LOG_LEVEL=${LOG_LEVEL:-INFO} # Default to INFO if not set | ||
YARA_VERSION="4.2.3" | ||
TEMP_DIR=$(mktemp -d) | ||
YARA_RULES_URL="https://valhalla.nextron-systems.com/api/v1/get" | ||
YARA_RULES_APIKEY="1111111111111111111111111111111111111111111111111111111111111111" | ||
YARA_RULES_DIR="/var/ossec/ruleset/yara/rules" | ||
YARA_RULES_FILE="$YARA_RULES_DIR/yara_rules.yar" | ||
MAX_RETRIES=3 | ||
USER="root" | ||
GROUP="wazuh" | ||
|
||
# Function to handle logging | ||
log() { | ||
local LEVEL=$1 | ||
shift | ||
local MESSAGE=$* | ||
local TIMESTAMP=$(date +"%Y-%m-%d %H:%M:%S") | ||
|
||
if [[ $LEVEL == "ERROR" ]] || [[ $LEVEL == "WARNING" && $LOG_LEVEL != "ERROR" ]] || [[ $LEVEL == "INFO" && $LOG_LEVEL == "INFO" ]]; then | ||
echo "$TIMESTAMP [$LEVEL] $MESSAGE" | ||
fi | ||
} | ||
|
||
cleanup() { | ||
rm -rf "$TEMP_DIR" | ||
log INFO "Cleaned up temporary directory." | ||
} | ||
trap cleanup EXIT | ||
|
||
install_dependencies_ubuntu() { | ||
log INFO "Installing necessary packages and building YARA from source on Ubuntu..." | ||
apt update && apt install -y make gcc autoconf libtool libssl-dev pkg-config jq curl pv | ||
} | ||
|
||
install_dependencies_macos() { | ||
log INFO "Installing necessary packages and building YARA from source on macOS..." | ||
brew install autoconf automake libtool openssl pkg-config jq curl pv | ||
} | ||
|
||
download_file() { | ||
local URL=$1 | ||
local OUTPUT_PATH=$2 | ||
local HEADERS=${3:-""} | ||
local RETRY=0 | ||
|
||
log INFO "Downloading file from $URL to $OUTPUT_PATH..." | ||
|
||
while [[ $RETRY -lt $MAX_RETRIES ]]; do | ||
log INFO "Attempting to download file from $URL (Attempt $((RETRY+1))/$MAX_RETRIES)..." | ||
|
||
if [[ -n "$HEADERS" ]]; then | ||
curl --progress-bar -SL "$URL" "$HEADERS" -o "$OUTPUT_PATH" | cat | ||
else | ||
curl --progress-bar -SL "$URL" -o "$OUTPUT_PATH" | cat | ||
fi | ||
|
||
# Check if the download was successful by validating the file size | ||
if [[ -s "$OUTPUT_PATH" ]]; then | ||
log INFO "File downloaded successfully to $OUTPUT_PATH." | ||
return 0 | ||
else | ||
log WARNING "Download failed or file is empty. Retrying..." | ||
((RETRY++)) | ||
fi | ||
done | ||
|
||
log ERROR "Failed to download the file from $URL after $MAX_RETRIES attempts." | ||
exit 1 | ||
} | ||
|
||
download_yara() { | ||
log INFO "Downloading YARA v${YARA_VERSION}..." | ||
download_file "https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz" "$TEMP_DIR/yara-${YARA_VERSION}.tar.gz" | ||
} | ||
|
||
extract_yara() { | ||
log INFO "Extracting YARA..." | ||
if ! pv "$TEMP_DIR/yara-${YARA_VERSION}.tar.gz" | tar xz -C "$TEMP_DIR"; then | ||
log ERROR "Failed to extract YARA tarball. The file might be corrupted." | ||
exit 1 | ||
fi | ||
} | ||
|
||
build_and_install_yara() { | ||
log INFO "Building and installing YARA..." | ||
cd "$TEMP_DIR/yara-${YARA_VERSION}" || { log ERROR "Failed to change directory to YARA source. Exiting..."; exit 1; } | ||
./bootstrap.sh && ./configure && make && make install | ||
|
||
# Set ownership and group | ||
chown -R "$USER":"$GROUP" /usr/local/bin/yara* | ||
log INFO "YARA installed with ownership set to user $USER and group $GROUP." | ||
} | ||
|
||
run_yara_tests() { | ||
log INFO "Running YARA tests..." | ||
make check | ||
} | ||
|
||
download_yara_rules() { | ||
log INFO "Downloading YARA rules..." | ||
mkdir -p "$YARA_RULES_DIR" | ||
download_file "$YARA_RULES_URL" "$YARA_RULES_FILE" \ | ||
"-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \ | ||
-H 'Accept-Language: en-US,en;q=0.5' \ | ||
--compressed \ | ||
-H 'Referer: https://valhalla.nextron-systems.com/' \ | ||
-H 'Content-Type: application/x-www-form-urlencoded' \ | ||
-H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' \ | ||
--data 'demo=demo&apikey=$YARA_RULES_APIKEY&format=text'" | ||
|
||
# Set ownership and group for YARA rules | ||
chown -R "$USER":"$GROUP" "$YARA_RULES_DIR" | ||
log INFO "YARA rules downloaded successfully to $YARA_RULES_FILE with ownership set to user $USER and group $GROUP." | ||
} | ||
|
||
# Main script logic | ||
log INFO "Starting YARA installation script." | ||
|
||
if [[ $(uname) == "Linux" && -x "$(command -v apt)" ]]; then | ||
install_dependencies_ubuntu | ||
elif [[ $(uname) == "Darwin" && -x "$(command -v brew)" ]]; then | ||
install_dependencies_macos | ||
else | ||
log ERROR "Unsupported operating system or package manager. Exiting..." | ||
exit 1 | ||
fi | ||
|
||
# Install YARA | ||
download_yara | ||
extract_yara | ||
build_and_install_yara | ||
run_yara_tests | ||
|
||
# Download YARA rules | ||
download_yara_rules | ||
|
||
|
||
log INFO "YARA installation and configuration completed successfully." |