From 172ca9aa8ded0391048e716de80a173ce7804b6f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Oct 2020 10:52:34 -0400 Subject: [PATCH] add option to enable or disable to steno docker container - https://github.com/Security-Onion-Solutions/securityonion/issues/1601 --- salt/pcap/init.sls | 6 +++--- salt/pcap/map.jinja | 17 +++++++++++++---- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index a82e0fb8d..ade70d718 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -23,7 +23,7 @@ {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %} {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %} {% set BPF_COMPILED = "" %} -{% from "pcap/map.jinja" import START with context %} +{% from "pcap/map.jinja" import STENOOPTIONS with context %} # PCAP Section @@ -135,9 +135,9 @@ sensoronilog: - makedirs: True so-steno: - docker_container.running: + docker_container.{{ STENOOPTIONS.status }}: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }} - - start: {{ START }} + - start: {{ STENOOPTIONS.start }} - network_mode: host - privileged: True - port_bindings: diff --git a/salt/pcap/map.jinja b/salt/pcap/map.jinja index ad4d70e80..e37dfb126 100644 --- a/salt/pcap/map.jinja +++ b/salt/pcap/map.jinja @@ -1,6 +1,15 @@ -# don't start the docker container if it is an import node -{% if grains.id.split('_')|last == 'import' %} - {% set START = False %} +{% set PCAPOPTIONS = {} %} +{% set ENABLED = salt['pillar.get']('steno:enabled', 'True') %} + +# don't start the docker container if it is an import node or disabled via pillar +{% if grains.id.split('_')|last == 'import' || ENABLED is sameas false %} + {% set PCAPOPTIONS['start'] = False %} {% else %} - {% set START = True %} + {% set PCAPOPTIONS['start'] = True %} +{% endif %} + +{% if ENABLED is sameas false %} + {% set PCAPOPTIONS['status'] = 'stopped' %} +{% else %} + {% set PCAPOPTIONS['status'] = 'running' %} {% endif %} \ No newline at end of file