ensure /nsm/rules/yara directory exists

salt/manager/init.sls

@@ -104,6 +104,12 @@ yara_update_scripts:
     - defaults:
         EXCLUDEDRULES: {{ STRELKAMERGED.rules.excluded }}
 
+rules_dir:
+  file.directory:
+    - name: /nsm/rules/yara
+    - user: socore
+    - group: socore
+
 {%   if GLOBALS.airgap %}
 remove_strelka-yara-download:
   cron.absent:

salt/manager/tools/sbin_jinja/so-yara-download

@@ -11,6 +11,7 @@ export https_proxy={{ proxy }}
 export no_proxy= salt['pillar.get']('manager:no_proxy') 
 {%- endif %}
 
+repos="/opt/so/conf/strelka/repos.txt"
 outputdir=/nsm/rules/yara
 gh_status=$(curl -s -o /dev/null -w "%{http_code}" https://github.com)
 clone_dir="/tmp"

salt/manager/tools/sbin_jinja/so-yara-update

@@ -9,12 +9,10 @@ NOROOT=1
 
 echo "Starting to check for yara rule updates at $(date)..."
 
-repos="/opt/so/conf/strelka/repos.txt"
 newcounter=0
 excludedcounter=0
 excluded_rules=({{ EXCLUDEDRULES | join(' ') }})
 
-
 # Pull down the SO Rules
 SORULEDIR=/nsm/rules/yara
 OUTPUTDIR=/opt/so/saltstack/local/salt/strelka/rules