From b63a8ca9030be31bc284a397d1b9a2285615d6a6 Mon Sep 17 00:00:00 2001 From: "Scott R. Shinn" Date: Thu, 1 Jun 2023 13:24:50 -0400 Subject: [PATCH] Update to v1.0.0 Signed-off-by: Scott R. Shinn --- CHANGELOG.md | 5 +++++ README.md | 10 +++++----- oum.sh | 34 +++++++++++++++++++++++++++++----- 3 files changed, 39 insertions(+), 10 deletions(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..fbffeff --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,5 @@ +#1.0.0 + + - rewrite encode_uri_component to not require a perl dependency + - Defaults to Yes on user input of Enter when prompted to download updates + - adds support to update shared malware signatures, and compliance framework \ No newline at end of file diff --git a/README.md b/README.md index 9a64c94..9b45948 100644 --- a/README.md +++ b/README.md @@ -2,12 +2,12 @@ # Description -OUM is an interactive rule and CDB updater for OSSEC. Loosely based on the yum package manager, it can be used to update OSSEC rules/decoders and threat intelligence CDB files. +OUM is an interactive rule and CDB updater for OSSEC. Loosely based on the yum package manager, it can be used to update OSSEC rules/decoders, malware signatures, compliance checks, and threat intelligence CDB files. # Usage ``` -OSSEC Updater Modified (OUM) 0.1 +OSSEC Updater Modified (OUM) 1.0.0 Usage: oum [options] COMMAND @@ -20,15 +20,15 @@ Usage: oum [options] COMMAND version Display version ``` -# Installing OSSEC Updater Modified (OUM) 0.1 +# Installing OSSEC Updater Modified (OUM) Run the OUM installer `wget -q -O - https://updates.atomicorp.com/installers/oum | bash` -# Configuring OSSEC Updater Modified (OUM) 0.1 +# Configuring OSSEC Updater Modified (OUM) After installation is complete, users can configure OUM by running `oum configure` -# Updating rules with OSSEC Updater Modified (OUM) 0.1 +# Updating rules with OSSEC Updater Modified (OUM) Rulsets can be be updated with `oum update` after OUM has been installed and configured. # Screenshots diff --git a/oum.sh b/oum.sh index cc47093..5e353b8 100755 --- a/oum.sh +++ b/oum.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash -# Copyright Atomicorp 2021 +# Copyright Atomicorp 2023 # AGPL 3.0 # Authors: -# - Charity Ponton +# - Charity Ponton # - Cody Woods # - Frank Iacovino # - Juliy V. Chirkov (@juliyvchirkov) @@ -10,7 +10,7 @@ # Globals -VERSION=0.5 +VERSION=1.0.0 OSSEC_HOME=/var/ossec SERVER=updates.atomicorp.com OSSEC_CRS_RULES_VERSION=0 @@ -62,9 +62,23 @@ which() { } encode_uri_component() { - [ $# -gt 0 ] && printf "${@}" | perl -pe 's/(.)/sprintf("%%%x", ord($1))/eg' + local input="$@" + local length=${#input} + local encoded="" + + for ((i = 0; i < length; i++)); do + local char="${input:i:1}" + if [[ $char =~ ^[a-zA-Z0-9\.\_\~\-]+$ ]]; then + encoded+="$char" + else + encoded+=$(printf "%%%02X" "'$char") + fi + done + + echo "$encoded" } + set_perm() { chown $(stat -c %U:%G ${OSSEC_HOME}) "${1}" @@ -249,6 +263,7 @@ update_rules() { [ -d ${OSSEC_HOME}/etc/rules.d ] && cp -a ${OSSEC_HOME}/etc/rules.d/* ${OSSEC_HOME}/var/backup/rules.d/ + printf '%s\n' "OK" printf '\t%s ' "Applying base rule policy:" @@ -261,6 +276,13 @@ update_rules() { rm -f ${OSSEC_HOME}/etc/rules.d/* cp -a ossec-rules/rules.d/* ${OSSEC_HOME}/etc/rules.d/ + if [ -d ossec-rules/shared ] + then + [ ! -d ${OSSEC_HOME}/etc/shared ] && mkdir ${OSSEC_HOME}/etc/shared && set_perm ${OSSEC_HOME}/etc/shared + rm -f ${OSSEC_HOME}/etc/shared/* + cp -a ossec-rules/shared/* ${OSSEC_HOME}/etc/shared/ + fi + printf '%s\n' "OK" if [ -n "${EXCLUDE_RULES}" ] @@ -392,9 +414,11 @@ update() { if [ -z "${YES}" ] then - read -rp "Is this ok [Y/N]: " -n1 + read -rp "Is this ok [Y/n]: " -n1 + [[ -z ${REPLY} ]] && REPLY="Y" # Set default value to "Y" if user just hits Enter [[ ! ${REPLY} =~ ^[Yy]$ ]] && print_error -l "Operation aborted." && exit 1 + fi for idx in ${!ARRAY1[@]}