issue 10050 and issue 10062

2025-12-06 09:12:45 +01:00 · 2023-03-29 17:21:40 -04:00
parent ebdd74a420
commit 1be86cdf8e
6 changed files with 23 additions and 14 deletions
--- a/salt/zeek/config.map.jinja
+++ b/salt/zeek/config.map.jinja
@@ -1,8 +1,17 @@
 {% from 'vars/sensor.map.jinja' import ROLE_GLOBALS %}
 {% import_yaml 'zeek/defaults.yaml' as zeek_defaults with context %}
-{% set zeek_pillar = salt['pillar.get']('zeek', []) %}
+{% set ZEEKMERGED = salt['pillar.get']('zeek', zeek_defaults.zeek, merge=True) %}
-{% set ZEEKMERGED = salt['defaults.merge'](zeek_defaults, zeek_pillar, in_place=False) %}
+{% do ZEEKMERGED.config.node.update({'interface': ROLE_GLOBALS.sensor.interface}) %}
-{% do ZEEKMERGED.zeek.config.node.update({'interface': ROLE_GLOBALS.sensor.interface}) %}
+
 {% if ZEEKMERGED.config.local.load is defined %}
  {% set LOCALLOAD = ZEEKMERGED.config.local.pop('load') %}
  {% do ZEEKMERGED.config.local.update({'@load': LOCALLOAD}) %}
 {% endif %}
 {% if ZEEKMERGED.config.local['load-sigs'] is defined %}
  {% set LOCALLOADSIGS = ZEEKMERGED.config.local.pop('load-sigs') %}
  {% do ZEEKMERGED.config.local.update({'@load-sigs': LOCALLOADSIGS}) %}
 {% endif %}
 {% set ZEEKOPTIONS = {} %}
 {% set ENABLED = salt['pillar.get']('zeek:enabled', True) %}
--- a/salt/zeek/defaults.yaml
+++ b/salt/zeek/defaults.yaml
@@ -22,7 +22,7 @@ zeek:
      CfgDir: /opt/zeek/etc
      CompressLogs: 1
    local:
-      '@load':
+      load:
        - misc/loaded-scripts
        - tuning/defaults
        - misc/capture-loss
@@ -68,7 +68,7 @@ zeek:
        - zeek-plugin-profinet
        - zeek-spicy-wireguard
        - zeek-spicy-stun
-      '@load-sigs':
+      load-sigs:
        - frameworks/signatures/detect-windows-shells
      redef:
        - LogAscii::use_json = T;
--- a/salt/zeek/files/local.zeek.jinja
+++ b/salt/zeek/files/local.zeek.jinja
@@ -8,4 +8,4 @@
 {{ k }} {{ li }}
    {%- endfor %}
  {%- endif %}
-{%- endfor %}
+{%- endfor %}
--- a/salt/zeek/files/zeekctl.cfg.jinja
+++ b/salt/zeek/files/zeekctl.cfg.jinja
@@ -6,4 +6,4 @@
  {%- if option|lower in ALLOWEDOPTIONS %}
 {{ option }} = {{ ZEEKCTL[option] }}
  {%- endif %}
-{%- endfor %}
+{%- endfor %}
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -78,7 +78,7 @@ zeekpolicysync:
    - group: 939
    - template: jinja
    - defaults:
-        FILE_EXTRACTION: {{ ZEEKMERGED.zeek.file_extraction }}
+        FILE_EXTRACTION: {{ ZEEKMERGED.file_extraction }}
 # Ensure the zeek spool tree (and state.db) ownership is correct
 zeekspoolownership:
@@ -109,7 +109,7 @@ zeekctlcfg:
    - group: 939
    - template: jinja
    - defaults:
-        ZEEKCTL: {{ ZEEKMERGED.zeek.config.zeekctl | tojson }}
+        ZEEKCTL: {{ ZEEKMERGED.config.zeekctl | tojson }}
 # Sync node.cfg
 nodecfg:
@@ -120,7 +120,7 @@ nodecfg:
    - group: 939
    - template: jinja
    - defaults:
-        NODE: {{ ZEEKMERGED.zeek.config.node }}
+        NODE: {{ ZEEKMERGED.config.node }}
 networkscfg:
  file.managed:
@@ -130,7 +130,7 @@ networkscfg:
    - group: 939
    - template: jinja
    - defaults:
-        NETWORKS: {{ ZEEKMERGED.zeek.config.networks }}
+        NETWORKS: {{ ZEEKMERGED.config.networks }}
 #zeekcleanscript:
 #  file.managed:
@@ -198,7 +198,7 @@ localzeek:
    - group: 939
    - template: jinja
    - defaults:
-        LOCAL: {{ ZEEKMERGED.zeek.config.local | tojson }}
+        LOCAL: {{ ZEEKMERGED.config.local | tojson }}
 so-zeek:
  docker_container.{{ ZEEKOPTIONS.status }}:
--- a/salt/zeek/soc_zeek.yaml
+++ b/salt/zeek/soc_zeek.yaml
@@ -5,10 +5,10 @@ zeek:
      helpLink: zeek.html
  config:
    local:
-      '@load':
+      load:
        description: List of Zeek policies to load
        helpLink: zeek.html
-      '@load-sigs':
+      load-sigs:
        description: List of Zeek signatures to load
        helpLink: zeek.html
    node: