Misc pillars

2025-12-10 03:02:58 +01:00 · 2020-07-17 17:38:10 -04:00
parent 693a101d34
commit 1d24d7bc7f
11 changed files with 68 additions and 44 deletions
--- a/setup/files/intel.dat
+++ b/setup/files/intel.dat
@@ -0,0 +1,5 @@
+#fields	indicator	indicator_type	meta.source	meta.do_notice
+# EXAMPLES:
+#66.32.119.38	Intel::ADDR	Test Address	T
+#www.honeynet.org	Intel::DOMAIN	Test Domain	T
+#4285358dd748ef74cb8161108e11cb73	Intel::FILE_HASH	Test MD5	T
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -986,12 +986,12 @@ manager_pillar() {
 		"  config:"\
 		"    ruleset: $RULESETUP"\
 		"    oinkcode: $OINKCODE"\
-		"    url:"\
+		"    urls:"\
 		"  sids:"\
 		"    enabled:"\
 		"    disabled:"\
 		"    modify:"\
-		""
+		""\
 		"kratos:" >> "$pillar_file"
 		

@@ -1441,9 +1441,11 @@ setup_salt_master_dirs() {
 	if [ "$setup_type" = 'iso' ]; then
 		rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1
 		rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1
+		cp -Rv /home/$INSTALLUSERNAME/SecurityOnion/files/intel.dat $local_salt_dir/salt/zeek/policy/intel/ >> "$setup_log" 2>&1
 	else
-		cp -R ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1
-		cp -R ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1
+		cp -Rv ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1
+		cp -Rv ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1
+		cp -Rv files/intel.dat $local_salt_dir/salt/zeek/policy/intel/ >> "$setup_log" 2>&1
 	fi

 	echo "Chown the salt dirs on the manager for socore" >> "$setup_log" 2>&1