From 1ac72e5b24db0dcef1461036c21b2ee3b0517a0f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 10 Jul 2023 11:10:37 -0400 Subject: [PATCH] ensure /nsm/rules/yara directory exists --- salt/manager/init.sls | 6 ++++++ salt/manager/tools/sbin_jinja/so-yara-download | 1 + salt/manager/tools/sbin_jinja/so-yara-update | 2 -- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/salt/manager/init.sls b/salt/manager/init.sls index 1fc00f3c7..c4fb48b6b 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -104,6 +104,12 @@ yara_update_scripts: - defaults: EXCLUDEDRULES: {{ STRELKAMERGED.rules.excluded }} +rules_dir: + file.directory: + - name: /nsm/rules/yara + - user: socore + - group: socore + {% if GLOBALS.airgap %} remove_strelka-yara-download: cron.absent: diff --git a/salt/manager/tools/sbin_jinja/so-yara-download b/salt/manager/tools/sbin_jinja/so-yara-download index 2fc9c129d..ea369d6ad 100644 --- a/salt/manager/tools/sbin_jinja/so-yara-download +++ b/salt/manager/tools/sbin_jinja/so-yara-download @@ -11,6 +11,7 @@ export https_proxy={{ proxy }} export no_proxy= salt['pillar.get']('manager:no_proxy') {%- endif %} +repos="/opt/so/conf/strelka/repos.txt" outputdir=/nsm/rules/yara gh_status=$(curl -s -o /dev/null -w "%{http_code}" https://github.com) clone_dir="/tmp" diff --git a/salt/manager/tools/sbin_jinja/so-yara-update b/salt/manager/tools/sbin_jinja/so-yara-update index b57bb0d4b..c54997481 100755 --- a/salt/manager/tools/sbin_jinja/so-yara-update +++ b/salt/manager/tools/sbin_jinja/so-yara-update @@ -9,12 +9,10 @@ NOROOT=1 echo "Starting to check for yara rule updates at $(date)..." -repos="/opt/so/conf/strelka/repos.txt" newcounter=0 excludedcounter=0 excluded_rules=({{ EXCLUDEDRULES | join(' ') }}) - # Pull down the SO Rules SORULEDIR=/nsm/rules/yara OUTPUTDIR=/opt/so/saltstack/local/salt/strelka/rules