Skip to content

Commit

Permalink
Merge pull request #12337 from Security-Onion-Solutions/salt3006.6v2
Browse files Browse the repository at this point in the history 
Salt3006.6v2
  • Loading branch information
@m0duspwnens
m0duspwnens authored Feb 9, 2024
2 parents 0c423c9 + 304ae49 commit 94b6e78
Show file tree
Hide file tree
Showing 7 changed files with 18 additions and 14 deletions.
2 changes: 1 addition & 1 deletion files/salt/master/master
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ file_roots:
base:
- /opt/so/saltstack/local/salt
- /opt/so/saltstack/default/salt
- /opt/so/rules
- /opt/so/rules/nids


# The master_roots setting configures a master-only copy of the file_roots dictionary,
Expand Down
2 changes: 1 addition & 1 deletion salt/idstools/enabled.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ so-idstools:
{% endif %}
- binds:
- /opt/so/conf/idstools/etc:/opt/so/idstools/etc:ro
- /opt/so/rules/nids:/opt/so/rules/nids:rw
- /opt/so/rules/nids/suri:/opt/so/rules/nids/suri:rw
- /nsm/rules/:/nsm/rules/:rw
{% if DOCKER.containers['so-idstools'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-idstools'].custom_bind_mounts %}
Expand Down
8 changes: 4 additions & 4 deletions salt/idstools/etc/rulecat.conf
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{%- from 'vars/globals.map.jinja' import GLOBALS -%}
{%- from 'idstools/map.jinja' import IDSTOOLSMERGED -%}
--merged=/opt/so/rules/nids/all.rules
--local=/opt/so/rules/nids/local.rules
--merged=/opt/so/rules/nids/suri/all.rules
--local=/opt/so/rules/nids/suri/local.rules
{%- if GLOBALS.md_engine == "SURICATA" %}
--local=/opt/so/rules/nids/extraction.rules
--local=/opt/so/rules/nids/filters.rules
--local=/opt/so/rules/nids/suri/extraction.rules
--local=/opt/so/rules/nids/suri/filters.rules
{%- endif %}
--url=http://{{ GLOBALS.manager }}:7788/suricata/emerging-all.rules
--disable=/opt/so/idstools/etc/disable.conf
Expand Down
4 changes: 2 additions & 2 deletions salt/idstools/sync_files.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,15 @@ idstoolsetcsync:

rulesdir:
file.directory:
- name: /opt/so/rules/nids
- name: /opt/so/rules/nids/suri
- user: 939
- group: 939
- makedirs: True

# Don't show changes because all.rules can be large
synclocalnidsrules:
file.recurse:
- name: /opt/so/rules/nids/
- name: /opt/so/rules/nids/suri/
- source: salt://idstools/rules/
- user: 939
- group: 939
Expand Down
6 changes: 5 additions & 1 deletion salt/manager/tools/sbin/soup
View file
Original file line number Diff line number Diff line change
Expand Up @@ -605,7 +605,11 @@ up_to_2.4.50() {
# post upgrade changes. POSTVERSION set to INSTALLEDVERSION at start of soup
cp -v /etc/salt/master "/etc/salt/master.so-$POSTVERSION.bak"
echo "Adding /opt/so/rules to file_roots in /etc/salt/master using so-yaml"
so-yaml.py append /etc/salt/master file_roots.base /opt/so/rules
so-yaml.py append /etc/salt/master file_roots.base /opt/so/rules/nids
echo "Moving Suricata rules"
mkdir /opt/so/rules/nids/suri
chown socore:socore /opt/so/rules/nids/suri
mv -v /opt/so/rules/nids/*.rules /opt/so/rules/nids/suri/.

INSTALLEDVERSION=2.4.50
}
Expand Down
6 changes: 3 additions & 3 deletions salt/suricata/config.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,12 +84,12 @@ suridatadir:
- mode: 770
- makedirs: True
# salt:// would resolve to /opt/so/rules because of the defined file_roots and
# nids not existing under /opt/so/saltstack/local/salt or /opt/so/saltstack/default/salt
# salt:// would resolve to /opt/so/rules/nids because of the defined file_roots and
# not existing under /opt/so/saltstack/local/salt or /opt/so/saltstack/default/salt
surirulesync:
file.recurse:
- name: /opt/so/conf/suricata/rules/
- source: salt://nids/
- source: salt://suri/
- user: 940
- group: 940
- show_changes: False
Expand Down
4 changes: 2 additions & 2 deletions salt/suricata/manager.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ ruleslink:
- name: /opt/so/saltstack/local/salt/suricata/rules
- user: socore
- group: socore
- target: /opt/so/rules/nids
- target: /opt/so/rules/nids/suri
refresh_salt_master_fileserver_suricata_ruleslink:
salt.runner:
Expand All @@ -27,4 +27,4 @@ refresh_salt_master_fileserver_suricata_ruleslink:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}
{% endif %}

0 comments on commit 94b6e78

Please sign in to comment.