#!/bin/bash
# Atomic Secured Linux 
# Copyright Atomicorp, 2007-2014
# License: Commercial, unauthorized redistribution or duplication is prohibited
# Summary: ASL Core functions
# Name: functions


# Turn on privileged mode, unset vars are an error 1
#set -p -u

# Set the default umask
umask 0022

# Source the ASL config file, which pulls in a number of configuration variables
# for the rest of the utility.
source "/etc/asl/config"

# Initialize versions
APPINV_VERSION=0
CLAMAV_VERSION=0
GRSEC_VERSION=0
GEOMAP_VERSION=0
MODSEC_VERSION=0
OSSEC_VERSION=0
# Now populate with the latest
if [ -f /etc/asl/VERSION ]; then
  source "/etc/asl/VERSION"
fi

# TERSE catchall
if [ ! $TERSE ]; then
  TERSE=0
fi

# Determine ASL version
#ASL_VERSION=`rpm -q --queryformat %{version} asl`


# Generic Variables
KVER=`uname -r`
WGET=/usr/bin/wget
HOSTNAME=`hostname`
CONFIG=/etc/asl/config
DATE=`date +%Y%m%d-%H%M%S`

# Logfile of services monitored by psmon.  Exported so that scripts that call
# this module can get at it.
SERVICES=/var/asl/data/monitored-services
export SERVICES

# Colors
# need to update this for unset condition
if [ "$COLOR" == "1" ]; then
  NORMAL="\\033[0;39m"
  RED="\\033[1;31m"
  GREEN="\\033[1;32m"
  YELLOW="\\033[1;33m"

  #warning="^[[33;55;1m"         # warning (red)
  #YELLOW="^[[1;33m"             # yellow
  #WHITE="^[[1;37m"              # white
  #OK="^[[1;32m"                 # green (OK)
  #BAD="^[[1;31m"                # red (BAD)
  #DARKGRAY="^[[1;30m"
  #RED="^[[1;31m"                # red
  #RED="\033[31m"
fi

function get_distro {

	if [ -f /etc/redhat-release ]; then
		RELEASE=/etc/redhat-release
	elif [ -f /etc/SuSE-release ]; then
		RELEASE=/etc/SuSE-release
	elif [ -f /etc/os-release ]; then
		RELEASE=/etc/os-release
	elif [ -f /etc/lsb-release ]; then
		RELEASE=/etc/lsb-release
	elif [ -f /etc/debian_version ]; then
        	RELEASE=/etc/debian_version
	else
		echo "Error: unable to identify operating system"
		exit 1
	fi

# EL3, EL4, and Fedora
if egrep -q "^Fedora|release 3|release 4" $RELEASE ; then
        cat /etc/redhat-release
        echo "This platform is no longer supported..." | tee -a $LOG
        echo "Exiting..."
        exit 1
# EL5
elif egrep -q "release 5|release 2011" $RELEASE ; then
  DIST="el5"
  DIR=centos/5
# EL6
elif egrep -q "release 6|release 2012" $RELEASE ; then
  DIST="el6"
  DIR=centos/6
elif egrep -q "release 7" $RELEASE ; then
  DIST="el7"
  DIR=centos/7
elif egrep -q "openSUSE 12" $RELEASE ; then
  DIST="suse12"
  DIR=opensuse/12
elif egrep -q "openSUSE 13" $RELEASE ; then
  DIST="suse13"
  DIR=opensuse/13
elif egrep -q "^6.0|squeeze" $RELEASE ; then
  DIST="squeeze"
  DIR=debian/6
elif egrep -q "wheezy" $RELEASE ; then
  DIST="wheezy"
  DIR=debian/7
elif egrep -q "jessie" $RELEASE ; then
  DIST="jessie"
  DIR=debian/8
elif egrep -q "precise" $RELEASE ; then
  DIST="precise"
  DIR=ubuntu/12
elif egrep -q "lucid" $RELEASE ; then
  DIST="lucid"
  DIR=ubuntu/10
elif egrep -q "Raring Ringtail" $RELEASE ; then
  DIST="raring"
  DIR=ubuntu/13
elif egrep -q "Trusty Tahr" $RELEASE ; then
  DIST="trusty"
  DIR=ubuntu/14
else
  echo "Error: Unable to determine distribution type. Please send the contents of $RELEASE to support@atomicorp.com" | tee -a $LOG
  exit 1
fi


}

function get_psa {
  rpm --quiet -q psa && return 0 || return 1
}

# If UPDATES=1 actually update ASL, otherwise just check for updates and record
# in the ASL logs.
function check_updates {
  U_LOG=$ASLHOME/data/updates-data
  echo "Checking for updates.."

  # Clear out the old update tempfile.
  rm -f $U_LOG
  if [ -f $ASLHOME/tmp/VERSION ]; then
    rm -f $ASLHOME/tmp/VERSION 
  fi

  # Download a file containing the latest revision of ASL (among other things).
  # Old dynamic way to grab the version file
  #wget -q -O $ASLHOME/tmp/VERSION http://$USERNAME:$PASSWORD@$UPDATEPATH/VERSION 
  # 
  wget -q -O $ASLHOME/tmp/VERSION http://www.atomicorp.com/channels/rules/VERSION 

  LATEST_ASL_VERSION=`cat $ASLHOME/tmp/VERSION | grep ASL_VERSION | awk -F= '{print $2}'` 
  LATEST_APPINV_VERSION=`cat $ASLHOME/tmp/VERSION |grep APPINV_VERSION | awk -F= '{print $2}'` 
  LATEST_GRSEC_VERSION=`cat $ASLHOME/tmp/VERSION | grep GRSEC_VERSION | awk -F= '{print $2}'` 
  LATEST_GEOMAP_VERSION=`cat $ASLHOME/tmp/VERSION | grep GEOMAP_VERSION | awk -F= '{print $2}'` 
  LATEST_MODSEC_VERSION=`cat $ASLHOME/tmp/VERSION |grep MODSEC_VERSION | awk -F= '{print $2}'` 
  LATEST_OSSEC_VERSION=`cat $ASLHOME/tmp/VERSION |grep OSSEC_VERSION | awk -F= '{print $2}'` 
  LATEST_CLAMAV_VERSION=`cat $ASLHOME/tmp/VERSION |grep CLAMAV_VERSION |awk -F= '{print $2}'`


  # If there is no revision code of ASL in what was just downloaded, interpret
  # it as an error.
  if [ "$LATEST_ASL_VERSION" == "" ]; then
    echo "Error:  update list could not be retrieved"
    exit 1
  fi

  # Based upon the revision code extracted from the tempfile, figure out what
  # to do.  First of all is the no-upgrade case - don't do anything.
  if [ $ASL_VERSION \> $LATEST_ASL_VERSION ]; then
    echo -n "  ASL version is current: "  
    show_msg custom "$ASL_VERSION"
    echo "ASL green" >> $U_LOG
  else
    # The latest revision code has changed so decide what to do with it.  If
    # the ASL script was invoked to upgrade, then start upgrading.
    if [ $UPDATE -eq 1 ]; then
      echo -n "  Updating ASL:"
      yum -y update asl >/dev/null 2>&1 && show_msg pass || show_msg fail

      # Verify that it really updated, and add it to db
      ASL_VERSION=`rpm -q --queryformat %{version} asl`

      if [ "$ASL_VERSION" == "$LATEST_ASL_VERSION" ]; then
        echo "ASL green" >> $U_LOG
      else
        echo "ASL red" >> $U_LOG
      fi
    else  
      # Make a note of the new version of ASL in the logfile but don't do
      # anything else with it.
      echo "ASL $LATEST_ASL_VERSION" >> $U_LOG
    fi 
  fi

  test_update APPINV $APPINV_VERSION $LATEST_APPINV_VERSION appinv

  test_update CLAMAV $CLAMAV_VERSION $LATEST_CLAMAV_VERSION clamav

  test_update GRSEC $GRSEC_VERSION $LATEST_GRSEC_VERSION grsec

  test_update GEOMAP $GEOMAP_VERSION $LATEST_GEOMAP_VERSION geomap

  test_update MODSEC $MODSEC_VERSION $LATEST_MODSEC_VERSION modsec

  test_update OSSEC $OSSEC_VERSION $LATEST_OSSEC_VERSION ossec


  # If any updates were installed, then switch out the master versions file.
  if [ $UPDATE -eq 1 ]; then
    mv $ASLHOME/tmp/VERSION /etc/asl/VERSION
  fi
}

# download_rules <version> <class>
# example: download_rules 20070301-01 grsec
function download_rules {
  rule_version=$1
  rule_class=$2
  
  cd $ASLHOME/updates

  $WGET -q http://$USERNAME:$PASSWORD@$UPDATEPATH/$rule_class-$rule_version.tar.gz

  # if this exits 0, good. If auth fails, we get exit 1
  if [ $? -ne 0 ]; then
    echo
    echo  "    Update failed for some reason, retrying with full debug information... "
    sleep 3
    echo
    $WGET http://$USERNAME:$PASSWORD@$UPDATEPATH/$rule_class-$rule_version.tar.gz ||

    if [ $? -ne 0 ]; then
      echo
      echo "exiting..."
      exit 1
    fi

  fi

 
  if [ -f $ASLHOME/updates/$rule_class-$rule_version.tar.gz ]; then
    cd $ASLHOME/rules/
    tar zxf $ASLHOME/updates/$rule_class-$rule_version.tar.gz >/dev/null 2>&1
    chown root.root -R *
    show_msg custom "$rule_version"
  else
    show_msg fail
    echo "  Error: $ASLHOME/updates/$rule_class-$rule_version.tar.gz  was not detected"
    # Dont exit out 
    #exit 1
  fi
}

# modsec_apply_rules
# Move the rules into the modsec rules dir
# Restart httpd
# TODO: eventually make modsec get rules from this dir, then we just have to
#	restart.
function modsec_apply_rules {
  MODSEC_RULES_DIR=/etc/httpd/modsecurity.d/
  MODSEC_CONFIG=$MODSEC_RULES_DIR/modsecurity_crs_10_config.conf

  # Old design, used in modsec < 2.5.0-7
  #cp -f $ASLHOME/rules/modsec/*  $MODSEC_RULES_DIR/

  # Fixes a condition if the rule group doesnt exist
  # happened on a 1st time run
  if [ ! -f $ASLHOME/data/modsec_groups ]; then
    touch $ASLHOME/data/modsec_groups
  fi

  for rulegroup in `cat $ASLHOME/data/modsec_groups`; do
    # remove old rule
    if [ -f $MODSEC_RULES_DIR/$rulegroup ]; then
      rm -f $MODSEC_RULES_DIR/$rulegroup
    fi
     
    # Safety Check
    if [ -f $ASLHOME/rules/modsec/$rulegroup ]; then
      cp -f $ASLHOME/rules/modsec/$rulegroup   $MODSEC_RULES_DIR/
    fi
  done

  # Bugfix, this is done by the mod_security_check module too. asl -u is missing it.
  if [ -f $ASLHOME/rules/modsec/domain-blacklist.txt ]; then
    cp -f $ASLHOME/rules/modsec/domain-blacklist.txt /etc/httpd/modsecurity.d/
  fi

  # Ditto. No known bug, but duplicated for the malware list
  if [ -f $ASLHOME/rules/modsec/malware-blacklist.txt ]; then
    cp -f $ASLHOME/rules/modsec/malware-blacklist.txt /etc/httpd/modsecurity.d/
  fi

  # Ditto.  No known bug, but duplicated for the sql list
  if [ -f $ASLHOME/rules/modsec/sql.txt ]; then
    cp -f $ASLHOME/rules/modsec/sql.txt /etc/httpd/modsecurity.d/
  fi

  # Ditto.  No known bug, but duplicated for the trusted domains list
  if [ -f $ASLHOME/rules/modsec/trusted_domains.conf ]; then
    cp -f $ASLHOME/rules/modsec/trusted_domains.conf /etc/httpd/modsecurity.d/
  fi

  # Ditto.  No known bug, but duplicated for the spam whitelist
  if [ -f $ASLHOME/rules/modsec/domain-spam-whitelist.conf ]; then
    cp -f $ASLHOME/rules/modsec/domain-spam-whitelist.conf /etc/httpd/modsecurity.d/
  fi

  # We're done, update the rule version number in the config
  # Possible bugfix #111
  if [ "$LATEST_MODSEC_VERSION" != "" ]; then
    replace_var "s/^SecComponentSignature.*/SecComponentSignature \"$LATEST_MODSEC_VERSION\"/" \
	$MODSEC_CONFIG
  fi


  /usr/sbin/apachectl -t >/dev/null 2>&1
  if [ $? -ge 1 ]; then
    echo "    Error: There is a problem with the apache config"
  else
    if [ "$RESTART_APACHE" == "yes" ]; then
      /etc/init.d/httpd stop >/dev/null 2>&1
      /etc/init.d/httpd start >/dev/null 2>&1
    elif [ "$RESTART_APACHE" == "graceful" ]; then
      /etc/init.d/httpd graceful
    else
      echo "Apache has been configured for manual restarting to load new rules."
    fi
  fi
}

# geomap_apply_rules
# Move the rules into the data dir (/var/asl/data/)
function geomap_apply_rules {
  if [ -f /var/asl/rules/geomap/country-map.gz ]; then
    if [ -f /var/asl/data/country-map.gz ]; then
      rm -f /var/asl/data/country-map.gz
    fi
    cp /var/asl/rules/geomap/country-map.gz /var/asl/data/country-map.gz
  fi
}

# ossec_apply_rules
# Move the rules into the OSSEC dirs (etc/ for decoder.xml, and rules/ for the
#	rest)
function ossec_apply_rules {
  OSSEC_DIR=/var/ossec/
  cp -r $ASLHOME/rules/ossec/* $OSSEC_DIR/
  /etc/init.d/ossec-hids reload >/dev/null 2>&1
}

# clamav_apply_rules
# Copy these to the /var/clamav dir, and make sure they are readable by the clamav user
function clamav_apply_rules {
  CLAMAV_DIR=/var/clamav
  cp -r $ASLHOME/rules/clamav/* $CLAMAV_DIR/
  /etc/init.d/clamd reload >/dev/null 2>&1
}

# We use this for displaying all report text in the interface
# - test name
# - results 
# - severity
# show_message <test string> <result string> <severity> 
function show_message {
  msg_test=$1
  msg_result=$2
  msg_severity=$3

  # Passed
  if   [ "$3" == "pass" ]; then
    msg_severity="${GREEN}OK${NORMAL}"
  # Fixed
  elif [ "$3" == "fixed" ]; then
    msg_severity="${GREEN}FIXED${NORMAL}"
  # Allowed
  elif [ "$3" == "allow" ]; then
    msg_severity="${YELLOW}ALLOWED${NORMAL}"
  # Info
  elif [ "$3" == "info" ]; then
    msg_severity="${YELLOW}INFO${NORMAL}"
  # Failed
  else 
    msg_severity="${RED}$3${NORMAL}"
  fi

  # final formatting
  if [ $TERSE -eq 1 ]; then
    echo -e "$msg_severity:$msg_test:$msg_result"
  else
    echo -e "$msg_test: $msg_result \\033[60G[$msg_severity]"
  fi
}

function show_msg {
  # if we're not in terse mode
  if [ $TERSE -lt 1 ]; then
    echo -en "\\033[60G"
  fi
  # Passed
  if [ "$1" == "pass" ]; then
    echo -e "[${GREEN}OK${NORMAL}]"
  # Failed
  elif [ "$1" == "fail" ]; then
    if [ "$2" ]; then
      echo -e "[${RED}$2${NORMAL}]"
    else
      echo -e "[${RED}FAILED${NORMAL}]"
    fi
  # Fixed
  elif [ "$1" == "fix" ]; then
    echo -e "[${GREEN}FIXED${NORMAL}]"
  # Allowed
  elif [ "$1" == "allow" ]; then
    echo -e "[${YELLOW}ALLOWED${NORMAL}]"
  # Disabled
  elif [ "$1" == "disabled" ]; then
    echo -e "[${YELLOW}ALLOWED${NORMAL}]"
  # Custom Message (no color)
  elif [ "$1" == "custom" ]; then
    echo -e "[$2]"
  else
    echo -e "ERROR: show_msg was passed an invalid variable: $1"
  fi
}

function get_kernel {
  KVER=`uname -r`
  
  if grep -qi $KVER  $ASLHOME/lib/KERNELS  ; then
    ASL2_KERNEL=1
    PAX=1
  else 
    ASL2_KERNEL=0
    PAX=0
  fi
}

# Input validation function 
# check_input <msg> <valid responses regex> <default>
# if <default> is passed on as null, then there is no default
# Example: check_input  "Some question (yes/no) " "yes|no"  "yes"
function check_input {
  message=$1
  validate=$2
  default=$3

  while [ $? -ne 1 ]; do
    echo -n "$message "
    read INPUTTEXT < /dev/tty
    if [ "$INPUTTEXT" == "" -a "$default" != "" ]; then
      INPUTTEXT=$default
      return 1
    fi
    echo $INPUTTEXT | egrep -q "$validate" && return 1
    echo "Invalid input"
  done
}

# Find and Replace function
# Will look for the find regex, if it exists, will show OK and exit
# If not found, it will replace with the replace string IF we are in fixmode
# otherwise it will show a failure
# TODO, regex routine needs work. make_regex is a hack, we can use _ as a
# delimiter instead of /

# verify_setting <pass regex> <fix regex> <targetfile> <msg> <test result>
#	<test severity>
# example: verify_setting "^Protocol.*" "Protocol 2" /etc/ssh/sshd_config
#
# NOTICE:
# <fix regex> really does have to be a regular expression for substitution:
#	<fix regex> == "Rogue\s*\[[Xx]-[Mm]en\]/Rogue \[Cruxshadows\]"
# The front and back / characters will be added automagically by the in-line
# Perl expression.
function verify_setting {
  findvar=$1
  replacevar=$2
  targetfile=$3
  msg_test=$4
  msg_result=$5
  msg_severity=$6

  if egrep -qi "$findvar" $targetfile; then
    show_message "$msg_test" "$msg_result" pass
  else 
    if [ "$FIXMODE" == "1" ]; then

      perl -pi -e "s/$replacevar/i" $targetfile

      # DEBUGGING
      #echo
      #echo " perl -pi -e \"s/$replacevar/i\" $targetfile "
      #echo

      show_message "$msg_test" "$msg_result" fixed

    else
      show_message "$msg_test" "$msg_result" "$msg_severity"
      return 1
    fi
  fi
}

# This isn't really different from the above, it just modded the regex part a
# little.  Probably can merge these together eventually
# verify_setting_multi <find string> <replace string> <file> <test> <result>
#	<severity>
function verify_setting_multi {
  findvar=$1
  replacevar=$2
  targetfile=$3
  msg_test=$4
  msg_result=$5
  msg_severity=$6

  if egrep -qi "$findvar" $targetfile; then
      show_message "$msg_test" "$msg_result" pass
  else
    if [ "$FIXMODE" == "1" ]; then
      perl -pi -e "$replacevar" $targetfile
      show_message "$msg_test" "$msg_result" fixed
    else
      show_message "$msg_test" "$msg_result" "$msg_severity"
      return 1
    fi
  fi
}

# this is to remove multi-line configs completely
function replace_var {
  replacevar=$1
  targetfile=$2
  #echo "DEBUG: perl -pi -e "$replacevar"  $targetfile"
  perl -pi -e "$replacevar"  $targetfile
}

function check_uid {
  if [ `id -u` != 0 ] ; then
    echo "This utility can only be run by root"
    exit 1
  fi
}

# generic failure check
function failure_msg {
  show_msg fail
  exit
}

function make_regex {
  in_regex=$1
  # sed is free form with delimiters, we're using _ to escape forward and back-
  # slashes.
  echo $in_regex | sed 's/\./\\./g' | sed 's/\@/\\@/g'  | sed 's_\/_\\/_g' 
}

function wait_display {
  if [ "$WAIT_DISPLAY" != "1" ]; then
    echo
    echo "Hit any key to continue"
    read wait_for < /dev/tty
  fi
}

# logdata <modulename> <testname> <result> <severity>
function logdata {
  modulename=$1
  testname=$2
  result=$3
  severity=`echo $4 | tr '[:upper:]' '[:lower:]'`
  echo "$severity	$modulename	$testname	$result" >> \
		$ASLHOME/data/test_$modulename.db
 }

# Send in package name, return 1 if its there, 0 if it isn't.
function package_check {
  PKG_NAME=$1

  /bin/rpm --quiet -q $PKG_NAME && PKG_INSTALLED=1
  if [ $PKG_INSTALLED ]; then
    return 1
  else
    return 0
  fi
}

# test_setting: Searches an arbitrary file for an arbitrary regular expression
#	and returns a appropriate boolean value.  Takes two arguments, the
#	regexp and the file, returns 1 for success, 0 for failure.
function test_setting {
	# Move the arguments into more reasonably named variables.
	EXPRESSION=$1
	FILE=$2

	# Sanity check the arguments to make sure they're being used properly.
	if [ -z "$EXPRESSION" ]; then
		echo "ERROR: Bad \$1 argument passed to test_setting()"
		return 0
		fi
	if [ -z "$FILE" ]; then
		echo "ERROR: Bad \$2 argument passed to test_setting()"
		return 0
		fi

	# If there is no file, return a 0.
	if [ ! -f "$FILE" ]; then
		return 0
		fi

	# The FSF owes me a couple of bottles of Motrin for this.
        if egrep -q "$EXPRESSION" $FILE ; then 
                FOO=0        
        else 
                FOO=1 
                return 1 
	fi
}

# test_update <NAME> <CURRENT VERSION> <LATEST_VERSION> <MINOR NAME>
# Example: test_update APPINV 12345 123456 appinv
function test_update {

  TU_NAME=$1
  TU_CURRENT_VERSION=$2
  TU_LATEST_VERSION=$3
  TU_MINOR_NAME=$4

  if [ "$TU_CURRENT_VERSION" == "$TU_LATEST_VERSION" ]; then
    # No updates have been released.
    echo -n "  $TU_NAME rules are current: "
    show_msg custom "$TU_CURRENT_VERSION"
    echo "$TU_NAME green" >> $U_LOG
  else
    # The revision code's changed so use the command line switches to figure out
    # what to do.
    if [ $UPDATE -eq 1 ]; then
      # Install the update.
      echo -n "  Updating $TU_NAME to $TU_LATEST_VERSION:"
      download_rules $TU_LATEST_VERSION $TU_MINOR_NAME
      if [ "$TU_MINOR_NAME" == "clamav" ] ; then
        clamav_apply_rules
      elif [ "$TU_MINOR_NAME" == "modsec" ]; then
        modsec_apply_rules
      elif [ "$TU_MINOR_NAME" == "ossec" ]; then
        ossec_apply_rules
      elif [ "$TU_MINOR_NAME" == "geomap" ]; then
        geomap_apply_rules
      fi
      echo "$TU_NAME green" >> $U_LOG
    else
      echo -n "  $TU_NAME rule updates are available:"
      show_msg custom "$TU_LATEST_VERSION"

      # Note the update but don't do anything with it.
      echo "$TU_NAME $TU_LATEST_VERSION" >> $U_LOG
    fi
  fi
}

# example: rpm_vulncheck  psa-turba 2.1.7 psa psa-turba-cve-2008-0807 moderate "$MOD_MSG"
#rpm_vulncheck $package_name $goodversion $classname $vulname $severity 
function rpm_vulcheck {
  rv_name=$1
  rv_version=`echo $2 | sed 's/\.//g'`		# this is the known GOOD version
  rv_classname=$3				# Class for the vulnerability report
  rv_vulname=$4					# Specific vulnerability for report
  rv_severity=$5

  # is the package installed
  rpm --quiet -q $rv_name || return
  

  # determine current RPM version
  RV_PACKAGE_VERSION=`rpm -q --queryformat %{version} $rv_name |egrep -v not |sed 's/\.//g'`

  # compare current version with known good version
  if [ $RV_PACKAGE_VERSION -lt $rv_version ]; then
    show_message "$MOD_MSG" "detected" $rv_severity
    logdata $rv_classname $rv_vulname 1 $rv_severity
  else
    show_message "$MOD_MSG" "not detected" pass
    logdata $rv_classname $rv_vulname 0 $rv_severity
  fi

}


function show_help {
  echo "Atomic Secured Linux"
  echo " asl [-cfhprtu]"
  echo
  echo "  --blacklist <ip>		Add <ip> to Blacklist"
  echo "  --config  | -c		Configure ASL settings "
  echo "  --check   | -ck		Show list of updates"
  echo "  --disable-rule <id> 	 	Disable modsec rule by signature ID"
  echo "  --domain-blacklist <domain> 	Add <domain> to spam blacklist"
  echo "  --enable-rule <id>		Re-enable modsec rule by signature ID"
  echo "  --fix     | -f		Fix and Repair mode"
  echo "  --list    | -l		List modules"
  echo "  --module  | -m <module>	Run a specific module"
  echo "  --help    | -h		Help message"
  echo "  --malware-blacklist <domain>	Add <domain> to malware blacklist"
  echo "  --nocolor | -nc	        Disable color "
  echo "  --permissions-check		Check/Fix permissions on ASL dirs/files"
  echo "  --remove-blacklist <ip> 	Remove <ip> from Blacklist"
  echo "  --remove-domain-blacklist <domain>
				Remove <domain> from spam Blacklist"
  echo "  --remove-malware-blacklist <domain>
				Remove <domain> from malware Blacklist"
  echo "  --remove-whitelist <ip> 	Remove <ip> from Whitelist"
  echo "  --report-false-positive <path>Report false positive on <path>" 
  echo "  --return  |-r                 Prompt to continue" 
  echo "  --scan | -s			Scan mode"
  echo "  --show-alert <path>           Read an alert using <path>"
  echo "  --update  | -u 		Check for rule updates"
  echo "  --unblock <ip>  | -ub <IP>	Unblock <ip> from active-response system"
  echo "  --version | -v | -V           Show version" 
  echo "  --whitelist <ip> | -wl <IP>	Add <ip> to Whitelist"
  echo
  exit 1
}



# End of file.
