yara: add package
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns. Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
This commit is contained in:
Marko Ratkaj
parent
9e265cfa1b
commit
81edf42d94
|
|
@ -0,0 +1,16 @@
|
|||
if PACKAGE_yara
|
||||
comment "Optional modules"
|
||||
|
||||
config YARA_module_magic
|
||||
bool "Magic module"
|
||||
default y
|
||||
help
|
||||
Identify the type of the file based on the output of file command
|
||||
|
||||
config YARA_module_cuckoo
|
||||
bool "Cuckoo module"
|
||||
default n
|
||||
help
|
||||
Create rules based on behavioral info generated by a Cuckoo sandbox
|
||||
endif
|
||||
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
#
|
||||
# Copyright (C) 2017 OpenWrt.org
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
#
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=yara
|
||||
PKG_VERSION:=3.6.3
|
||||
PKG_RELEASE:=1
|
||||
PKG_LICENSE:=BSD-3-Clause
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://github.com/VirusTotal/yara/archive/v$(PKG_VERSION)/
|
||||
PKG_HASH:=ad2c0e788b4d8b2f3e9078f448754313249a302b749b9a24e932bfc5e141a5e8
|
||||
|
||||
PKG_FIXUP:=autoreconf
|
||||
PKG_BUILD_PARALLEL:=1
|
||||
PKG_INSTALL:=1
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/yara
|
||||
SECTION:=utils
|
||||
CATEGORY:=Utilities
|
||||
TITLE:=Pattern matching swiss knife for malware researchers
|
||||
URL:=http://virustotal.github.io/yara/
|
||||
MAINTAINER:=Marko Ratkaj <marko.ratkaj@sartura.hr>
|
||||
DEPENDS:= +libopenssl
|
||||
DEPENDS+= +YARA_module_magic:libmagic
|
||||
DEPENDS+= +YARA_module_cuckoo:jansson
|
||||
MENU:=1
|
||||
endef
|
||||
|
||||
define Package/yara/description
|
||||
YARA is a tool aimed at (but not limited to) helping malware researchers
|
||||
to identify and classify malware samples. With YARA you can create
|
||||
descriptions of malware families based on textual or binary patterns.
|
||||
endef
|
||||
|
||||
CONFIGURE_ARGS += \
|
||||
--disable-dotnet \
|
||||
$(if $(YARA_module_magic),--enable,--disable)-magic \
|
||||
$(if $(YARA_module_cuckoo),--enable,--disable)-cuckoo
|
||||
|
||||
define Package/yara/config
|
||||
source "$(SOURCE)/Config.in"
|
||||
endef
|
||||
|
||||
define Build/InstallDev
|
||||
$(INSTALL_DIR) $(1)/usr/include
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/include/yara.h $(1)/usr/include
|
||||
$(INSTALL_DIR) $(1)/usr/include/yara
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/include/yara/* $(1)/usr/include/yara
|
||||
$(INSTALL_DIR) $(1)/usr/lib
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libyara.{a,la,so*} $(1)/usr/lib/
|
||||
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/yara.pc $(1)/usr/lib/pkgconfig
|
||||
endef
|
||||
|
||||
define Package/yara/install
|
||||
$(INSTALL_DIR) $(1)/usr/bin
|
||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/yara $(1)/usr/bin/
|
||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/yarac $(1)/usr/bin/
|
||||
$(INSTALL_DIR) $(1)/usr/lib/
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libyara.so* $(1)/usr/lib/
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,yara))
|
||||
Loading…
Reference in New Issue