Merge pull request #11 from atomicturtle/v1.0.0

Update to v1.0.0
ossec · Jun 1, 2023 · 36231ac · 36231ac
2 parents 8326eed + b63a8ca
commit 36231ac
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,5 @@
+#1.0.0
+
+    - rewrite encode_uri_component to not require a perl dependency
+    - Defaults to Yes on user input of Enter when prompted to download updates
+    - adds support to update shared malware signatures, and compliance framework
diff --git a/README.md b/README.md
@@ -2,12 +2,12 @@
 
 # Description
 
-OUM is an interactive rule and CDB updater for OSSEC. Loosely based on the yum package manager, it can be used to update OSSEC rules/decoders and threat intelligence CDB files.
+OUM is an interactive rule and CDB updater for OSSEC. Loosely based on the yum package manager, it can be used to update OSSEC rules/decoders, malware signatures, compliance checks,  and threat intelligence CDB files.
 
 # Usage
 
 ```
-OSSEC Updater Modified (OUM) 0.1
+OSSEC Updater Modified (OUM) 1.0.0
 
 Usage: oum [options] COMMAND
 
@@ -20,15 +20,15 @@ Usage: oum [options] COMMAND
   version		Display version
 ```
 
-# Installing OSSEC Updater Modified (OUM) 0.1
+# Installing OSSEC Updater Modified (OUM)
 Run the OUM installer
 `wget -q -O - https://updates.atomicorp.com/installers/oum | bash`
 
-# Configuring OSSEC Updater Modified (OUM) 0.1
+# Configuring OSSEC Updater Modified (OUM)
 After installation is complete, users can configure OUM by running
 `oum configure`
 
-# Updating rules with OSSEC Updater Modified (OUM) 0.1
+# Updating rules with OSSEC Updater Modified (OUM) 
 Rulsets can be be updated with `oum update` after OUM has been installed and configured.
 
 # Screenshots

diff --git a/oum.sh b/oum.sh
@@ -1,16 +1,16 @@
 #!/usr/bin/env bash
-# Copyright Atomicorp 2021
+# Copyright Atomicorp 2023
 # AGPL 3.0
 # Authors:
-#   - Charity Ponton
+#  - Charity Ponton
 #  - Cody Woods
 #  - Frank Iacovino
 #  - Juliy V. Chirkov (@juliyvchirkov)
 #  - Scott Shinn (@atomicturtle)
 
 
 # Globals
-VERSION=0.5
+VERSION=1.0.0
 OSSEC_HOME=/var/ossec
 SERVER=updates.atomicorp.com
 OSSEC_CRS_RULES_VERSION=0
@@ -62,9 +62,23 @@ which() {
 }
 
 encode_uri_component() {
-    [ $# -gt 0 ] && printf "${@}" | perl -pe 's/(.)/sprintf("%%%x", ord($1))/eg'
+  local input="$@"
+  local length=${#input}
+  local encoded=""
+
+  for ((i = 0; i < length; i++)); do
+    local char="${input:i:1}"
+    if [[ $char =~ ^[a-zA-Z0-9\.\_\~\-]+$ ]]; then
+      encoded+="$char"
+    else
+      encoded+=$(printf "%%%02X" "'$char")
+    fi
+  done
+
+  echo "$encoded"
 }
 
+
 set_perm() {
     chown $(stat -c %U:%G ${OSSEC_HOME}) "${1}"
 
@@ -249,6 +263,7 @@ update_rules() {
 
     [ -d ${OSSEC_HOME}/etc/rules.d ] && cp -a ${OSSEC_HOME}/etc/rules.d/* ${OSSEC_HOME}/var/backup/rules.d/
 
+
     printf '%s\n' "OK"
 
     printf '\t%s ' "Applying base rule policy:"
@@ -261,6 +276,13 @@ update_rules() {
     rm -f ${OSSEC_HOME}/etc/rules.d/*
     cp -a ossec-rules/rules.d/* ${OSSEC_HOME}/etc/rules.d/
 
+    if [ -d ossec-rules/shared ]
+    then
+        [ ! -d  ${OSSEC_HOME}/etc/shared ] && mkdir ${OSSEC_HOME}/etc/shared && set_perm ${OSSEC_HOME}/etc/shared
+        rm -f ${OSSEC_HOME}/etc/shared/*
+        cp -a ossec-rules/shared/* ${OSSEC_HOME}/etc/shared/
+    fi
+
     printf '%s\n' "OK"
 
     if [ -n "${EXCLUDE_RULES}" ]
@@ -392,9 +414,11 @@ update() {
 
         if [ -z "${YES}" ]
         then
-            read -rp "Is this ok [Y/N]: " -n1
+            read -rp "Is this ok [Y/n]: " -n1
 
+            [[ -z ${REPLY} ]] && REPLY="Y"  # Set default value to "Y" if user just hits Enter
             [[ ! ${REPLY} =~ ^[Yy]$ ]] && print_error -l "Operation aborted." && exit 1
+
         fi
 
         for idx in ${!ARRAY1[@]}