CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

disable zeekpacketlosscron and telegraf checks if zeek is diabled via pillar

Browse Source
This commit is contained in:
m0duspwnens
2021-10-28 07:46:02 -04:00
parent b3e5319806
commit 18ce9c7819
3 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
salt/telegraf/etc/telegraf.conf
View File

@@ -20,6 +20,9 @@
{%- set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %}
{%- set UNIQUEID = salt['pillar.get']('sensor:uniqueid', '') %}
{%- set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %}
{%- set ZEEK_ENABLED = salt['pillar.get']('zeek:enabled', 'True') %}
{%- set MDENGINE = salt['pillar.get']('global:mdengine', 'ZEEK') %}
# Global tags can be specified here in key="value" format.
[global_tags]
@@ -740,10 +743,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
{%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED is sameas true %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
{%- endif %}
"/scripts/oldpcap.sh",
"/scripts/raid.sh",
"/scripts/beatseps.sh"
@@ -757,10 +760,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
{%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED is sameas true %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
{%- endif %}
"/scripts/oldpcap.sh",
"/scripts/eps.sh",
"/scripts/raid.sh",
@@ -776,10 +779,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
{%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED is sameas true %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
{%- endif %}
"/scripts/oldpcap.sh",
"/scripts/eps.sh",
"/scripts/raid.sh",
@@ -794,10 +797,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
{%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED is sameas true %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
{%- endif %}
"/scripts/oldpcap.sh",
"/scripts/influxdbsize.sh",
"/scripts/raid.sh",
@@ -811,10 +814,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
{%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED is sameas true %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
{%- endif %}
"/scripts/oldpcap.sh",
"/scripts/helixeps.sh"
]

2
salt/zeek/init.sls
View File

@@ -146,7 +146,7 @@ plcronscript:
- mode: 755
zeekpacketlosscron:
cron.present:
cron.{{ZEEKOPTIONS.pl_cron_state}}:
- name: /usr/local/bin/packetloss.sh
- user: root
- minute: '*/10'

4
salt/zeek/map.jinja
View File

@@ -4,12 +4,14 @@
# don't start the docker container if it is an import node or disabled via pillar
{% if grains.id.split('_')|last == 'import' or ENABLED is sameas false %}
{% do ZEEKOPTIONS.update({'start': False}) %}
{% do ZEEKOPTIONS.update({'pl_cron_state': 'absent'}) %}
{% else %}
{% do ZEEKOPTIONS.update({'start': True}) %}
{% do ZEEKOPTIONS.update({'pl_cron_state': 'present'}) %}
{% endif %}
{% if ENABLED is sameas false %}
{% do ZEEKOPTIONS.update({'status': 'absent'}) %}
{% else %}
{% do ZEEKOPTIONS.update({'status': 'running'}) %}
{% endif %}
{% endif %}