Published on 01/26/2024 00:01 by Jacob Latonis

100 Days of Yara in 2024: Day 26

In Day 24, we focused on building YARA-X within a dev container. However, maybe you daily drive Linux and you don’t want to learn docker or anything and just want to clone, install prerequisites and build locally on your Linux machine. Let’s do that!

Cloning the repo

You can clone the repo wherever you’d like, I have a src directory I like to keep all my projects in. However, for this tutorial I’m going to assume you clone yara-x in ~, meaning it will be located at ~/yara-x on your Linux machine.

To clone the repo to your home directory:

cd ~
git clone https://github.com/VirusTotal/yara-x.git

Installing Prerequisites

If you don’t have Rust installed yet, that would be a good first step: https://www.rust-lang.org/tools/install.

We also need to install gcc or similar and OpenSSL:

sudo apt install build-essential libssl-dev

Building yara-x

To build yara-x, you can do the following:

cd ~/yara-x
cargo build

You will be presented with the following if it is successful:

Adding the build directory to your PATH

To be able to call our latest build from anywhere, let’s add the debug build path to our PATH environment (if you’re using bash).

echo "export PATH=$PATH:$HOME/yara-x/target/debug" >> ~/.bashrc
source ~/.bashrc

Running it!

Assuming you’ve successfully built yara-x and have it linked as shown above, you can now run yr:

All in All

Today was a good day for stepping back and allowing others to begin trying out YARA-X and seeing the advantages and how to use them right now. We have now checked off MacOS, devcontainers, and Linux! Windows next? ;)

Written by Jacob Latonis