From 1fc389a1b964d52a0d303707cf8ea5081caefa75 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 25 Jul 2019 12:49:54 -0400
Subject: [PATCH] idstools module - add cron job to update rules

---
 salt/common/tools/sbin/so-ruleupdate | 13 +++++++++++++
 salt/idstools/init.sls               | 13 +++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 salt/common/tools/sbin/so-ruleupdate

diff --git a/salt/common/tools/sbin/so-ruleupdate b/salt/common/tools/sbin/so-ruleupdate
new file mode 100644
index 000000000..f50d49322
--- /dev/null
+++ b/salt/common/tools/sbin/so-ruleupdate
@@ -0,0 +1,13 @@
+#!/bin/bash
+got_root() {
+
+  # Make sure you are root
+  if [ "$(id -u)" -ne 0 ]; then
+          echo "This script must be run using sudo!"
+          exit 1
+  fi
+
+}
+
+got_root
+docker exec -it so-idstools /bin/bash -c 'cd /opt/so/idstools/etc && idstools-rulecat'
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index 7878f4f77..2d021ee10 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -21,6 +21,13 @@ idstoolsdir:
     - group: 939
     - makedirs: True
 
+idstoolslogdir:
+  file.directory:
+    - name: /opt/so/log/idstools
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 idstoolsetcsync:
   file.recurse:
     - name: /opt/so/conf/idstools/etc
@@ -29,6 +36,12 @@ idstoolsetcsync:
     - group: 939
     - template: jinja
 
+/usr/sbin/so-ruleupdate.sh > /opt/so/log/idstools/download.log:
+  cron.present:
+    - user: root
+    - minute: '1'
+    - hour: '7'
+
 rulesdir:
   file.directory:
     - name: /opt/so/rules/nids