Merge remote-tracking branch 'origin/2.4/dev' into reyesj2/kafka

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
2026-01-03 14:53:34 +01:00 · 2024-05-29 23:37:40 -04:00
parent 949cea95f4 12762e08ef
commit 1fd5165079
53 changed files with 933 additions and 300 deletions
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -246,8 +246,11 @@ if [ -n "$test_profile" ]; then
 	WEBPASSWD1=0n10nus3r
 	WEBPASSWD2=0n10nus3r
 	STRELKA_ALLOW_REGEX="EquationGroup_Toolset_Apr17__ELV_.*"
+	STRELKA_FAIL_ERROR_COUNT=1
 	ELASTALERT_ALLOW_REGEX="Security Onion"
+	ELASTALERT_FAIL_ERROR_COUNT=1
 	SURICATA_ALLOW_REGEX="(200033\\d|2100538|2102466)"
+	SURICATA_FAIL_ERROR_COUNT=1

 	update_sudoers_for_testing
 fi
@@ -679,7 +682,7 @@ if ! [[ -f $install_opt_file ]]; then
 		# Add the socore user
 		add_socore_user_manager
 		
-		create_local_directories
+		create_local_directories ${SCRIPTDIR::-5}
 		setup_salt_master_dirs
 		create_manager_pillars

@@ -771,16 +774,10 @@ if ! [[ -f $install_opt_file ]]; then
 		if [[ ! $is_airgap ]]; then
 			title "Downloading IDS Rules"
 			logCmd "so-rule-update"
-			title "Downloading YARA rules"
-			logCmd "su socore -c '/usr/sbin/so-yara-download'"
 			if [[ $monints || $is_import ]]; then
 				title "Restarting Suricata to pick up the new rules"
 				logCmd "so-suricata-restart"
 			fi
-			if [[ $monints ]]; then
-				title "Restarting Strelka to use new rules"
-				logCmd "so-strelka-restart"
-			fi
 		fi
 		title "Setting up Kibana Default Space"
 		logCmd "so-kibana-space-defaults"