From ce14299729e524b3927a48f98cec0bb5735ee98a Mon Sep 17 00:00:00 2001 From: Victor Hora Date: Sun, 10 Mar 2019 21:21:47 -0400 Subject: [PATCH] First commit to Yara experimental branch --- build/yara.m4 | 147 ++++++++++++++++++ configure.ac | 19 +++ examples/multiprocess_c/Makefile.am | 3 +- examples/reading_logs_with_offset/Makefile.am | 6 +- examples/simple_example_using_c/Makefile.am | 6 +- examples/using_bodies_in_chunks/Makefile.am | 6 +- src/Makefile.am | 10 +- src/operators/operator.cc | 2 + src/operators/yara.cc | 135 ++++++++++++++++ src/operators/yara.h | 59 +++++++ src/parser/seclang-parser.yy | 6 + src/parser/seclang-scanner.ll | 2 + test/Makefile.am | 27 ++-- test/benchmark/Makefile.am | 4 +- test/fuzzer/Makefile.am | 1 + tools/rules-check/Makefile.am | 9 +- 16 files changed, 419 insertions(+), 23 deletions(-) create mode 100644 build/yara.m4 create mode 100644 src/operators/yara.cc create mode 100644 src/operators/yara.h diff --git a/build/yara.m4 b/build/yara.m4 new file mode 100644 index 00000000..4fb53ab7 --- /dev/null +++ b/build/yara.m4 @@ -0,0 +1,147 @@ +dnl Check for YARA Libraries +dnl CHECK_YARA(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]) + + +AC_DEFUN([CHECK_YARA], +[dnl + +# Possible names for the yara library/package (pkg-config) +YARA_POSSIBLE_LIB_NAMES="yara" + +# Possible extensions for the library +YARA_POSSIBLE_EXTENSIONS="so so0 la sl dll dylib so.0.0.0" + +# Possible paths (if pkg-config was not found, proceed with the file lookup) +YARA_POSSIBLE_PATHS="/usr/lib /usr/local/lib /usr/local/yara /usr/local/libyara /usr/local /opt /usr /usr/lib64 /opt/local" + +# Variables to be set by this very own script. +YARA_CFLAGS="" +YARA_LDFLAGS="" +YARA_LDADD="" +YARA_DISPLAY="" + +AC_ARG_WITH( + yara, + AC_HELP_STRING( + [--with-yara=PATH], + [Path to yara prefix] + ) +) + + +if test "x${with_yara}" == "xno"; then + AC_DEFINE(HAVE_YARA, 0, [Support for YARA was disabled by the utilization of --without-yara or --with-yara=no]) + AC_MSG_NOTICE([Support for YARA was disabled by the utilization of --without-yara or --with-yara=no]) + YARA_DISABLED=yes +else + if test "x${with_yara}" == "xyes"; then + YARA_MANDATORY=yes + AC_MSG_NOTICE([YARA support was marked as mandatory by the utilization of --with-yara=yes]) + else + YARA_MANDATORY=no + fi + for x in ${YARA_POSSIBLE_PATHS}; do + CHECK_FOR_YARA_AT(${x}) + if test -n "${YARA_CFLAGS}"; then + break + fi + done +fi + + +if test -z "${YARA_CFLAGS}"; then + if test -z "${YARA_MANDATORY}" || test "x${YARA_MANDATORY}" == "xno"; then + if test -z "${YARA_DISABLED}"; then + AC_MSG_NOTICE([YARA library was not found]) + YARA_FOUND=0 + else + YARA_FOUND=2 + fi + else + AC_MSG_ERROR([YARA was explicitly referenced but it was not found]) + YARA_FOUND=-1 + fi +else + YARA_FOUND=1 + AC_MSG_NOTICE([using YARA v${YARA_VERSION}]) + YARA_CFLAGS="-DWITH_YARA ${YARA_CFLAGS}" + YARA_DISPLAY="${YARA_LDADD} ${YARA_LDFLAGS}, ${YARA_CFLAGS}" + AC_SUBST(YARA_LDFLAGS) + AC_SUBST(YARA_LDADD) + AC_SUBST(YARA_CFLAGS) + AC_SUBST(YARA_DISPLAY) +fi + + +AC_SUBST(YARA_FOUND) + +]) # AC_DEFUN [CHECK_YARA] + + +AC_DEFUN([CHECK_FOR_YARA_AT], [ + path=$1 + echo "*** LOOKING AT PATH: " ${path} + for y in ${YARA_POSSIBLE_EXTENSIONS}; do + for z in ${YARA_POSSIBLE_LIB_NAMES}; do + if test -e "${path}/${z}.${y}"; then + yara_lib_path="${path}/" + yara_lib_name="${z}" + yara_lib_file="${yara_lib_path}/${z}.${y}" + break + fi + if test -e "${path}/lib${z}.${y}"; then + yara_lib_path="${path}/" + yara_lib_name="${z}" + yara_lib_file="${yara_lib_path}/lib${z}.${y}" + break + fi + if test -e "${path}/lib/lib${z}.${y}"; then + yara_lib_path="${path}/lib/" + yara_lib_name="${z}" + yara_lib_file="${yara_lib_path}/lib${z}.${y}" + break + fi + if test -e "${path}/lib/x86_64-linux-gnu/lib${z}.${y}"; then + yara_lib_path="${path}/lib/x86_64-linux-gnu/" + yara_lib_name="${z}" + yara_lib_file="${yara_lib_path}/lib${z}.${y}" + break + fi + if test -e "${path}/lib/i386-linux-gnu/lib${z}.${y}"; then + yara_lib_path="${path}/lib/i386-linux-gnu/" + yara_lib_name="${z}" + yara_lib_file="${yara_lib_path}/lib${z}.${y}" + break + fi + done + if test -n "$yara_lib_path"; then + break + fi + done + if test -e "${path}/include/yara.h"; then + yara_inc_path="${path}/include" + elif test -e "${path}/yara.h"; then + yara_inc_path="${path}" + elif test -e "${path}/include/yara/yara.h"; then + yara_inc_path="${path}/include" + fi + + if test -n "${yara_lib_path}"; then + AC_MSG_NOTICE([YARA library found at: ${yara_lib_file}]) + fi + + if test -n "${yara_inc_path}"; then + AC_MSG_NOTICE([YARA headers found at: ${yara_inc_path}]) + fi + + if test -n "${yara_lib_path}" -a -n "${yara_inc_path}"; then + # TODO: Compile a piece of code to check the version. + YARA_CFLAGS="-I${yara_inc_path}" + YARA_LDADD="-l${yara_lib_name}" + YARA_LDFLAGS="-L${yara_lib_path}" + YARA_DISPLAY="${yara_lib_file}, ${yara_inc_path}" + fi +]) # AC_DEFUN [CHECK_FOR_YARA_AT] + + + diff --git a/configure.ac b/configure.ac index 4fa3a658..4060e22f 100644 --- a/configure.ac +++ b/configure.ac @@ -105,6 +105,9 @@ AM_CONDITIONAL([SSDEEP_CFLAGS], [test "SSDEEP_CFLAGS" != ""]) CHECK_LUA AM_CONDITIONAL([LUA_CFLAGS], [test "LUA_CFLAGS" != ""]) +# Check for YARA +CHECK_YARA +AM_CONDITIONAL([YARA_CFLAGS], [test "YARA_CFLAGS" != ""]) # # Check for curl @@ -548,6 +551,22 @@ if test "x$LUA_FOUND" = "x2"; then echo " + LUA ....disabled" fi +## YARA +if test "x$YARA_FOUND" = "x0"; then + echo " + YARA ....not found" +fi +if test "x$YARA_FOUND" = "x1"; then + echo -n " + YARA ....found " + if ! test "x$YARA_VERSION" = "x"; then + echo "v${YARA_VERSION}" + else + echo "" + fi + echo " ${YARA_DISPLAY}" +fi +if test "x$YARA_FOUND" = "x2"; then + echo " + YARA ....disabled" +fi echo " " echo " Other Options" diff --git a/examples/multiprocess_c/Makefile.am b/examples/multiprocess_c/Makefile.am index 85c26487..227358ca 100644 --- a/examples/multiprocess_c/Makefile.am +++ b/examples/multiprocess_c/Makefile.am @@ -21,7 +21,8 @@ multi_LDFLAGS = \ $(LUA_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ $(MAXMIND_LDFLAGS) \ - $(YAJL_LDFLAGS) + $(YAJL_LDFLAGS) \ + $(YARA_LDFLAGS) multi_CFLAGS = \ -I$(top_builddir)/headers \ diff --git a/examples/reading_logs_with_offset/Makefile.am b/examples/reading_logs_with_offset/Makefile.am index d3ff1345..2389c79f 100644 --- a/examples/reading_logs_with_offset/Makefile.am +++ b/examples/reading_logs_with_offset/Makefile.am @@ -16,7 +16,8 @@ read_LDADD = \ $(LUA_LDADD) \ $(PCRE_LDADD) \ $(SSDEEP_LDADD) \ - $(YAJL_LDADD) + $(YAJL_LDADD) \ + $(YARA_LDADD) read_LDFLAGS = \ $(GEOIP_LDFLAGS) \ @@ -24,7 +25,8 @@ read_LDFLAGS = \ $(LUA_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ $(MAXMIND_LDFLAGS) \ - $(YAJL_LDFLAGS) + $(YAJL_LDFLAGS) \ + $(YARA_LDFLAGS) read_CPPFLAGS = \ $(GLOBAL_CFLAGS) \ diff --git a/examples/simple_example_using_c/Makefile.am b/examples/simple_example_using_c/Makefile.am index b03ab96d..48fa0768 100644 --- a/examples/simple_example_using_c/Makefile.am +++ b/examples/simple_example_using_c/Makefile.am @@ -8,7 +8,8 @@ test_SOURCES = \ test_LDADD = \ $(GLOBAL_LDADD) \ $(LUA_LDADD) \ - $(SSDEEP_LDADD) + $(SSDEEP_LDADD) \ + $(YARA_LDADD) test_LDFLAGS = \ -L$(top_builddir)/src/.libs/ \ @@ -18,7 +19,8 @@ test_LDFLAGS = \ -lstdc++ \ $(LUA_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ - $(YAJL_LDFLAGS) + $(YAJL_LDFLAGS) \ + $(YARA_LDFLAGS) test_CFLAGS = \ -I$(top_builddir)/headers \ diff --git a/examples/using_bodies_in_chunks/Makefile.am b/examples/using_bodies_in_chunks/Makefile.am index 160e7ae9..4ca843ad 100644 --- a/examples/using_bodies_in_chunks/Makefile.am +++ b/examples/using_bodies_in_chunks/Makefile.am @@ -16,7 +16,8 @@ simple_request_LDADD = \ $(LUA_LDADD) \ $(PCRE_LDADD) \ $(SSDEEP_LDADD) \ - $(YAJL_LDADD) + $(YAJL_LDADD) \ + $(YARA_LDADD) simple_request_LDFLAGS = \ $(GEOIP_LDFLAGS) \ @@ -25,7 +26,8 @@ simple_request_LDFLAGS = \ -lpthread \ $(LUA_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ - $(YAJL_LDFLAGS) + $(YAJL_LDFLAGS) \ + $(YARA_LDFLAGS) simple_request_CPPFLAGS = \ $(GLOBAL_CFLAGS) \ diff --git a/src/Makefile.am b/src/Makefile.am index b6d23b01..e2eb0388 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -226,7 +226,8 @@ OPERATORS = \ operators/verify_cpf.cc \ operators/verify_ssn.cc \ operators/within.cc \ - operators/unconditional_match.cc + operators/unconditional_match.cc \ + operators/yara.cc UTILS = \ @@ -311,7 +312,8 @@ libmodsecurity_la_CPPFLAGS = \ $(SSDEEP_CFLAGS) \ $(MAXMIND_CFLAGS) \ $(LUA_CFLAGS) \ - $(LIBXML2_CFLAGS) + $(LIBXML2_CFLAGS) \ + $(YARA_CFLAGS) libmodsecurity_la_LDFLAGS = \ @@ -326,6 +328,7 @@ libmodsecurity_la_LDFLAGS = \ $(SSDEEP_LDFLAGS) \ $(MAXMIND_LDFLAGS) \ $(YAJL_LDFLAGS) \ + $(YARA_LDFLAGS) \ -version-info @MSC_VERSION_INFO@ @@ -341,5 +344,6 @@ libmodsecurity_la_LIBADD = \ $(PCRE_LDADD) \ $(MAXMIND_LDADD) \ $(SSDEEP_LDADD) \ - $(YAJL_LDADD) + $(YAJL_LDADD) \ + $(YARA_LDADD) diff --git a/src/operators/operator.cc b/src/operators/operator.cc index adeb6289..57077a3b 100644 --- a/src/operators/operator.cc +++ b/src/operators/operator.cc @@ -60,6 +60,7 @@ #include "src/operators/verify_ssn.h" #include "src/operators/within.h" #include "src/operators/unconditional_match.h" +#include "src/operators/yara.h" #define IF_MATCH(a) \ if (op_ == #a) @@ -190,6 +191,7 @@ Operator *Operator::instantiate(std::string op, std::string param_str) { IF_MATCH(unconditionalmatch) { return new UnconditionalMatch(); } + IF_MATCH(yara) { return new Yara(std::move(param)); } std::invalid_argument("Operator not found."); } diff --git a/src/operators/yara.cc b/src/operators/yara.cc new file mode 100644 index 00000000..53a881aa --- /dev/null +++ b/src/operators/yara.cc @@ -0,0 +1,135 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2018 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#include "src/operators/yara.h" + +#include + +#include "src/operators/operator.h" +#include "src/utils/system.h" + +namespace modsecurity { +namespace operators { + +bool Yara::init(const std::string ¶m2, std::string *error) { +#ifdef WITH_YARA + + std::string digit; + std::string file; + std::istream *iss; + struct yara_chunk *chunk, *t; + std::string err; + + auto pos = m_param.find_last_of(' '); + if (pos == std::string::npos) { + error->assign("Please use @yara with filename and value"); + return false; + } + digit.append(std::string(m_param, pos+1)); + file.append(std::string(m_param, 0, pos)); + try { + m_threshold = std::stoi(digit); + } catch (...) { + error->assign("Expecting a digit, got: " + digit); + return false; + } + + std::string resource = utils::find_resource(file, param2, &err); + iss = new std::ifstream(resource, std::ios::in); + + if (((std::ifstream *)iss)->is_open() == false) { + error->assign("Failed to open file: " + m_param + ". " + err); + delete iss; + return false; + } + +// YARA + int result = yr_initialize(); + if (result != ERROR_SUCCESS) { + error->assign("yr_initialize() FAILED!"); + return false; + } + + for (std::string line; std::getline(*iss, line); ) { + chunk = (struct yara_chunk *)calloc(1, + sizeof(struct yara_chunk)); + + chunk->data = strdup(line.c_str()); + chunk->next = NULL; + + if (m_head == NULL) { + m_head = chunk; + } else { + t = m_head; + + while (t->next) { + t = t->next; + } + + t->next = chunk; + } + } + + delete iss; + return true; +#else + error->assign("@yara: YARA support was not enabled " \ + "during the compilation."); + return false; +#endif +} + +Yara::~Yara() { + struct yara_chunk *c = m_head; + while (c) { + struct yara_chunk *t = c; + free(c->data); + c->data = NULL; + c = c->next; + free(t); + } + m_head = NULL; +} + + +bool Yara::evaluate(Transaction *t, const std::string &str) { +#ifdef WITH_YARA + struct yara_chunk *chunk = m_head; +/* + while (chunk != NULL) { + int i = 0; + if (i >= m_threshold) { + return true; + } + chunk = chunk->next; + } + YARA + yr_finalize(); + return true; +*/ + +/** +* @todo Finalize Implementing the operator Yara. +* Reference: https://yara.readthedocs.io/en/v3.9.0/capi.html +*/ + return true; + +#endif + /* No match. */ + return true; +} + +} // namespace operators +} // namespace modsecurity diff --git a/src/operators/yara.h b/src/operators/yara.h new file mode 100644 index 00000000..b6e967c1 --- /dev/null +++ b/src/operators/yara.h @@ -0,0 +1,59 @@ +/* + * ModSecurity, http://www.modsecurity.org/ + * Copyright (c) 2018 Trustwave Holdings, Inc. (http://www.trustwave.com/) + * + * You may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * If any of the files related to licensing are missing or if you have any + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address security@modsecurity.org. + * + */ + +#ifndef SRC_OPERATORS_YARA_H_ +#define SRC_OPERATORS_YARA_H_ + +#include +#include +#include + +#ifdef WITH_YARA +#include +#endif + +#include "src/operators/operator.h" + +namespace modsecurity { +namespace operators { + + +struct yara_chunk { + char *data; + struct yara_chunk *next; +}; + +class Yara : public Operator { + public: + /** @ingroup ModSecurity_Operator */ + explicit Yara(std::unique_ptr param) + : Operator("Yara", std::move(param)), + m_head(NULL), + m_threshold(0) { } + ~Yara(); + + bool evaluate(Transaction *transaction, const std::string &std) override; + + bool init(const std::string ¶m, std::string *error) override; + private: + int m_threshold; + struct yara_chunk *m_head; +}; + +} // namespace operators +} // namespace modsecurity + + +#endif // SRC_OPERATORS_YARA_H_ diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index 55487591..ea286882 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -144,6 +144,7 @@ class Driver; #include "src/operators/verify_cpf.h" #include "src/operators/verify_ssn.h" #include "src/operators/within.h" +#include "src/operators/yara.h" #include "modsecurity/audit_log.h" @@ -506,6 +507,7 @@ using modsecurity::operators::Operator; OPERATOR_VERIFY_CPF "OPERATOR_VERIFY_CPF" OPERATOR_VERIFY_SSN "OPERATOR_VERIFY_SSN" OPERATOR_WITHIN "OPERATOR_WITHIN" + OPERATOR_YARA "OPERATOR_YARA" CONFIG_DIR_AUDIT_LOG_FMT JSON @@ -1092,6 +1094,10 @@ op_before_init: YYERROR; #endif // WITH_GEOIP } + | OPERATOR_YARA run_time_string + { + OPERATOR_CONTAINER($$, new operators::Yara(std::move($2))); + } ; expression: diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll index d438def2..cc9aa8af 100755 --- a/src/parser/seclang-scanner.ll +++ b/src/parser/seclang-scanner.ll @@ -315,6 +315,7 @@ OPERATOR_VERIFY_CC (?i:@verifyCC) OPERATOR_VERIFY_CPF (?i:@verifyCPF) OPERATOR_VERIFY_SSN (?i:@verifySSN) OPERATOR_WITHIN (?i:@within) +OPERATOR_YARA (?i:@yara) AUDIT_PARTS [ABCDEFGHJKIZ]+ @@ -1112,6 +1113,7 @@ EQUALS_MINUS (?i:=\-) {OPERATOR_VERIFY_SSN} { BEGIN_PARAMETER(); return p::make_OPERATOR_VERIFY_SSN(*driver.loc.back()); } {OPERATOR_GSB_LOOKUP} { BEGIN_PARAMETER(); return p::make_OPERATOR_GSB_LOOKUP(*driver.loc.back()); } {OPERATOR_RSUB} { BEGIN_PARAMETER(); return p::make_OPERATOR_RSUB(*driver.loc.back()); } +{OPERATOR_YARA} { BEGIN_PARAMETER(); return p::make_OPERATOR_YARA(*driver.loc.back()); } {NOT} { return p::make_NOT(*driver.loc.back()); } . { BEGIN_NO_OP_INFORMED(); yyless(0); } diff --git a/test/Makefile.am b/test/Makefile.am index 97364554..2b9097f3 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -52,7 +52,8 @@ unit_tests_LDADD = \ $(LUA_LDADD) \ $(PCRE_LDADD) \ $(SSDEEP_LDADD) \ - $(YAJL_LDADD) + $(YAJL_LDADD) \ + $(YARA_LDADD) unit_tests_LDFLAGS = \ @@ -61,7 +62,8 @@ unit_tests_LDFLAGS = \ $(LMDB_LDFLAGS) \ $(LUA_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ - $(YAJL_LDFLAGS) + $(YAJL_LDFLAGS) \ + $(YARA_LDFLAGS) unit_tests_CPPFLAGS = \ @@ -80,7 +82,8 @@ unit_tests_CPPFLAGS = \ $(YAJL_CFLAGS) \ $(LUA_CFLAGS) \ $(SSDEEP_CFLAGS) \ - $(LIBXML2_CFLAGS) + $(LIBXML2_CFLAGS) \ + $(YARA_CFLAGS) # regression @@ -102,7 +105,8 @@ regression_tests_LDADD = \ $(LUA_LDADD) \ $(PCRE_LDADD) \ $(SSDEEP_LDADD) \ - $(YAJL_LDADD) + $(YAJL_LDADD) \ + $(YARA_LDADD) regression_tests_LDFLAGS = \ @@ -111,7 +115,8 @@ regression_tests_LDFLAGS = \ $(YAJL_LDFLAGS) \ $(LMDB_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ - $(LUA_LDFLAGS) + $(LUA_LDFLAGS) \ + $(YARA_LDFLAGS) regression_tests_CPPFLAGS = \ @@ -130,7 +135,8 @@ regression_tests_CPPFLAGS = \ $(SSDEEP_CFLAGS) \ $(PCRE_CFLAGS) \ $(YAJL_CFLAGS) \ - $(LIBXML2_CFLAGS) + $(LIBXML2_CFLAGS) \ + $(YARA_CFLAGS) # optimization @@ -151,7 +157,8 @@ rules_optimization_LDADD = \ $(LUA_LDADD) \ $(PCRE_LDADD) \ $(SSDEEP_LDADD) \ - $(YAJL_LDADD) + $(YAJL_LDADD) \ + $(YARA_LDADD) rules_optimization_LDFLAGS = \ $(GEOIP_LDFLAGS) \ @@ -159,7 +166,8 @@ rules_optimization_LDFLAGS = \ $(LMDB_LDFLAGS) \ $(LUA_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ - $(YAJL_LDFLAGS) + $(YAJL_LDFLAGS) \ + $(YARA_LDFLAGS) rules_optimization_CPPFLAGS = \ -std=c++11 \ @@ -177,5 +185,6 @@ rules_optimization_CPPFLAGS = \ $(SSDEEP_CFLAGS) \ $(PCRE_CFLAGS) \ $(YAJL_CFLAGS) \ - $(LIBXML2_CFLAGS) + $(LIBXML2_CFLAGS) \ + $(YARA_CFLAGS) diff --git a/test/benchmark/Makefile.am b/test/benchmark/Makefile.am index e14f50e5..3c6f94f3 100644 --- a/test/benchmark/Makefile.am +++ b/test/benchmark/Makefile.am @@ -16,6 +16,7 @@ benchmark_LDADD = \ $(SSDEEP_LDADD) \ $(LUA_LDADD) \ $(LIBXML2_LDADD) \ + $(YARA_LDADD) \ $(GLOBAL_LDADD) benchmark_LDFLAGS = \ @@ -25,7 +26,8 @@ benchmark_LDFLAGS = \ $(YAJL_LDFLAGS) \ $(LMDB_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ - $(LUA_LDFLAGS) + $(LUA_LDFLAGS) \ + $(YARA_LDFLAGS) benchmark_CPPFLAGS = \ -std=c++11 \ diff --git a/test/fuzzer/Makefile.am b/test/fuzzer/Makefile.am index 2e4475c0..5e0a3700 100644 --- a/test/fuzzer/Makefile.am +++ b/test/fuzzer/Makefile.am @@ -24,6 +24,7 @@ afl_fuzzer_LDADD = \ $(SSDEEP_LDFLAGS) $(SSDEEP_LDADD) \ $(LUA_LDFLAGS) $(LUA_LDADD) \ $(LIBXML2_LDADD) \ + $(YARA_LDFLAGS) $(YARA_LDADD) \ $(top_builddir)/src/.libs/libmodsecurity.a \ $(top_builddir)/others/libinjection.la \ $(top_builddir)/others/libmbedtls.la diff --git a/tools/rules-check/Makefile.am b/tools/rules-check/Makefile.am index 615d9598..9cb7f4aa 100644 --- a/tools/rules-check/Makefile.am +++ b/tools/rules-check/Makefile.am @@ -16,7 +16,8 @@ modsec_rules_check_LDADD = \ $(LUA_LDADD) \ $(PCRE_LDADD) \ $(SSDEEP_LDADD) \ - $(YAJL_LDADD) + $(YAJL_LDADD) \ + $(YARA_LDADD) modsec_rules_check_LDFLAGS = \ $(GEOIP_LDFLAGS) \ @@ -25,7 +26,8 @@ modsec_rules_check_LDFLAGS = \ $(LMDB_LDFLAGS) \ $(LUA_LDFLAGS) \ $(SSDEEP_LDFLAGS) \ - $(YAJL_LDFLAGS) + $(YAJL_LDFLAGS) \ + $(YARA_LDFLAGS) modsec_rules_check_CPPFLAGS = \ -std=c++11 \ @@ -34,7 +36,8 @@ modsec_rules_check_CPPFLAGS = \ $(PCRE_CFLAGS) \ $(LMDB_CFLAGS) \ $(MAXMIND_CFLAGS) \ - $(LIBXML2_CFLAGS) + $(LIBXML2_CFLAGS) \ + $(YARA_CFLAGS) MAINTAINERCLEANFILES = \ Makefile.in