Misc pillars

salt/idstools/etc/disable.conf

@@ -1,4 +1,4 @@
-{% set disabled_sids = salt['pillar.get']('idstools:sids:disabled', {}) -%}
+{%- set disabled_sids = salt['pillar.get']('idstools:sids:disabled', {}) -%}
 # idstools - disable.conf
 
 # Example of disabling a rule by signature ID (gid is optional).

salt/idstools/etc/enable.conf

@@ -1,4 +1,4 @@
-{% set enabled_sids = salt['pillar.get']('idstools:sids:enabled', {}) -%}
+{%- set enabled_sids = salt['pillar.get']('idstools:sids:enabled', {}) -%}
 # idstools-rulecat - enable.conf
 
 # Example of enabling a rule by signature ID (gid is optional).

salt/idstools/etc/modify.conf

@@ -1,18 +1,10 @@
-{% set modify_sids = salt['pillar.get']('idstools:sids:modify', {}) -%}
+{%- set modify_sids = salt['pillar.get']('idstools:sids:modify', {}) -%}
 # idstools-rulecat - modify.conf
 
 # Format: <sid> "<from>" "<to>"
 
 # Example changing the seconds for rule 2019401 to 3600.
 #2019401 "seconds \d+" "seconds 3600"
-
-# Change all trojan-activity rules to drop. Its better to setup a
-# drop.conf for this, but this does show the use of back references.
-#re:classtype:trojan-activity "(alert)(.*)" "drop\\2"
-
-# For compatibility, most Oinkmaster modifysid lines should work as
-# well.
-#modifysid * "^drop(.*)noalert(.*)" | "alert${1}noalert${2}"
 {%- for sid in modify_sids %}
 {{ sid }}
 {%- endfor %}

salt/idstools/etc/rulecat.conf

@@ -1,4 +1,4 @@
-{% set URLS = salt['pillar.get']('idstools:config:urls') -%}
+{% set URLS = salt['pillar.get']('idstools:config:urls', {}) -%}
 {% set RULESET = salt['pillar.get']('idstools:config:ruleset') -%}
 {% set OINKCODE = salt['pillar.get']('idstools:config:oinkcode') -%}
 --suricata-version=5.0