Refactor rules location

salt/allowed_states.map.jinja

@@ -38,7 +38,6 @@
     'hydra',
     'elasticfleet',
     'elastic-fleet-package-registry',
-    'suricata.manager',
     'utility'
 ] %}
 

salt/suricata/config.sls

@@ -90,7 +90,7 @@ suridir:
 
 suriruledir:
   file.directory:
-    - name: /opt/so/conf/suricata/rules
+    - name: /opt/so/rules/suricata
     - user: 940
     - group: 939
     - mode: 775
@@ -118,12 +118,10 @@ suridatadir:
     - mode: 770
     - makedirs: True
 
-# salt:// would resolve to /opt/so/rules/nids because of the defined file_roots and
-#  not existing under /opt/so/saltstack/local/salt or /opt/so/saltstack/default/salt
 surirulesync:
   file.recurse:
-    - name: /opt/so/conf/suricata/rules/
+    - name: /opt/so/rules/suricata/
-    - source: salt://suri/
+    - source: salt://suricata/rules/
     - user: 940
     - group: 940
     - show_changes: False

salt/suricata/enabled.sls

@@ -36,7 +36,7 @@ so-suricata:
       - /opt/so/conf/suricata/suricata.yaml:/etc/suricata/suricata.yaml:ro
       - /opt/so/conf/suricata/threshold.conf:/etc/suricata/threshold.conf:ro
       - /opt/so/conf/suricata/classification.config:/etc/suricata/classification.config:ro
-      - /opt/so/conf/suricata/rules:/etc/suricata/rules:ro
+      - /opt/so/rules/suricata:/etc/suricata/rules:ro
       - /opt/so/log/suricata/:/var/log/suricata/:rw
       - /nsm/suricata/:/nsm/:rw
       - /nsm/suricata/extracted:/var/log/suricata//filestore:rw

salt/suricata/manager.sls

@@ -1,30 +0,0 @@
-{% from 'allowed_states.map.jinja' import allowed_states %}
-{% if sls in allowed_states %}
-
-surilocaldir:
-  file.directory:
-    - name: /opt/so/saltstack/local/salt/suricata
-    - user: socore
-    - group: socore
-    - makedirs: True
-
-ruleslink:
-  file.symlink:
-    - name: /opt/so/saltstack/local/salt/suricata/rules
-    - user: socore
-    - group: socore
-    - target: /opt/so/rules/nids/suri
-
-refresh_salt_master_fileserver_suricata_ruleslink:
-  salt.runner:
-    - name: fileserver.update
-    - onchanges:
-      - file: ruleslink
-
-{% else %}
-
-{{sls}}_state_not_allowed:
-  test.fail_without_changes:
-    - name: {{sls}}_state_not_allowed
-
-{% endif %}

salt/top.sls

@@ -74,7 +74,6 @@ base:
     - sensoroni
     - telegraf
     - firewall
-    - suricata.manager
     - healthcheck
     - elasticsearch
     - elastic-fleet-package-registry
@@ -105,7 +104,6 @@ base:
     - firewall
     - sensoroni
     - telegraf
-    - suricata.manager
     - healthcheck
     - elasticsearch
     - logstash
@@ -140,7 +138,6 @@ base:
     - sensoroni
     - telegraf
     - backup.config_backup
-    - suricata.manager
     - elasticsearch
     - logstash
     - redis
@@ -174,7 +171,6 @@ base:
     - sensoroni
     - telegraf
     - backup.config_backup
-    - suricata.manager
     - elasticsearch
     - logstash
     - redis
@@ -204,7 +200,6 @@ base:
     - sensoroni
     - telegraf
     - firewall
-    - suricata.manager
     - pcap
     - elasticsearch
     - elastic-fleet-package-registry