Refactor rules location

2025-12-06 01:02:46 +01:00 · 2025-11-18 09:58:14 -05:00
parent af7f7d0728
commit 1b55642c86
6 changed files with 4 additions and 42 deletions
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -38,7 +38,6 @@
    'hydra',
    'elasticfleet',
    'elastic-fleet-package-registry',
-    'suricata.manager',
    'utility'
 ] %}

--- a/salt/suricata/config.sls
+++ b/salt/suricata/config.sls
@@ -90,7 +90,7 @@ suridir:

 suriruledir:
  file.directory:
-    - name: /opt/so/conf/suricata/rules
+    - name: /opt/so/rules/suricata
    - user: 940
    - group: 939
    - mode: 775
@@ -118,12 +118,10 @@ suridatadir:
    - mode: 770
    - makedirs: True

-# salt:// would resolve to /opt/so/rules/nids because of the defined file_roots and
-#  not existing under /opt/so/saltstack/local/salt or /opt/so/saltstack/default/salt
 surirulesync:
  file.recurse:
-    - name: /opt/so/conf/suricata/rules/
-    - source: salt://suri/
+    - name: /opt/so/rules/suricata/
+    - source: salt://suricata/rules/
    - user: 940
    - group: 940
    - show_changes: False
--- a/salt/suricata/enabled.sls
+++ b/salt/suricata/enabled.sls
@@ -36,7 +36,7 @@ so-suricata:
      - /opt/so/conf/suricata/suricata.yaml:/etc/suricata/suricata.yaml:ro
      - /opt/so/conf/suricata/threshold.conf:/etc/suricata/threshold.conf:ro
      - /opt/so/conf/suricata/classification.config:/etc/suricata/classification.config:ro
-      - /opt/so/conf/suricata/rules:/etc/suricata/rules:ro
+      - /opt/so/rules/suricata:/etc/suricata/rules:ro
      - /opt/so/log/suricata/:/var/log/suricata/:rw
      - /nsm/suricata/:/nsm/:rw
      - /nsm/suricata/extracted:/var/log/suricata//filestore:rw
--- a/salt/suricata/manager.sls
+++ b/salt/suricata/manager.sls
@@ -1,30 +0,0 @@
-{% from 'allowed_states.map.jinja' import allowed_states %}
-{% if sls in allowed_states %}
-
-surilocaldir:
-  file.directory:
-    - name: /opt/so/saltstack/local/salt/suricata
-    - user: socore
-    - group: socore
-    - makedirs: True
-
-ruleslink:
-  file.symlink:
-    - name: /opt/so/saltstack/local/salt/suricata/rules
-    - user: socore
-    - group: socore
-    - target: /opt/so/rules/nids/suri
-
-refresh_salt_master_fileserver_suricata_ruleslink:
-  salt.runner:
-    - name: fileserver.update
-    - onchanges:
-      - file: ruleslink
-
-{% else %}
-
-{{sls}}_state_not_allowed:
-  test.fail_without_changes:
-    - name: {{sls}}_state_not_allowed
-
-{% endif %}
--- a/salt/suricata/rules/PLACEHOLDER
+++ b/salt/suricata/rules/PLACEHOLDER
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -74,7 +74,6 @@ base:
    - sensoroni
    - telegraf
    - firewall
-    - suricata.manager
    - healthcheck
    - elasticsearch
    - elastic-fleet-package-registry
@@ -105,7 +104,6 @@ base:
    - firewall
    - sensoroni
    - telegraf
-    - suricata.manager
    - healthcheck
    - elasticsearch
    - logstash
@@ -140,7 +138,6 @@ base:
    - sensoroni
    - telegraf
    - backup.config_backup
-    - suricata.manager
    - elasticsearch
    - logstash
    - redis
@@ -174,7 +171,6 @@ base:
    - sensoroni
    - telegraf
    - backup.config_backup
-    - suricata.manager
    - elasticsearch
    - logstash
    - redis
@@ -204,7 +200,6 @@ base:
    - sensoroni
    - telegraf
    - firewall
-    - suricata.manager
    - pcap
    - elasticsearch
    - elastic-fleet-package-registry