socfortress / Wazuh-Rules

Advanced Wazuh Rules for more accurate threat detection. Feel free to implement within your own Wazuh environment, contribute, or fork!
https://www.socfortress.co
590 stars 169 forks source link

yara script throwing error "could not open file" #9

Open Zshader opened 1 year ago

Zshader commented 1 year ago
image image

tried running the file ./yara_full_scan.sh it gives the following error on the machines, tested it on a kali and a centos machine and observed the same output. Also, observing no such files as /usr/share/yara/yara_base_ruleset_compiled.yar .

Tried creating an empty file /usr/share/yara/yara_base_ruleset_compiled.yar too, and observed the same error.

PwndYA commented 1 year ago

have you installed yara? maybe you need to change the path in your script

root@toolbox:/opt/yara# which yara /usr/local/bin/yara

yara_output=$(/usr/local/bin/yara -C -w -r -f -m /opt/yara/rules/compiled_test.yar "$f1")