strelka ui things

2025-12-06 17:22:49 +01:00 · 2023-03-16 16:32:41 -04:00
parent a36a6d5659
commit 2056ce37c6
6 changed files with 507 additions and 492 deletions
--- a/salt/strelka/defaults.yaml
+++ b/salt/strelka/defaults.yaml
@@ -531,10 +531,9 @@ strelka:
      response:
        log: "/var/log/strelka/strelka.log"
    manager:
-        coordinator:
+      coordinator:
-          addr: 'HOST:6380'
+        addr: 'HOST:6380'
-          db: 0
+        db: 0
  rules:
    enabled: True
    repos:
@@ -557,3 +556,7 @@ strelka:
      - gen_susp_xor.yar
      - gen_webshells_ext_vars.yar
      - configured_vulns_ext_vars.yar
  filecheck:
    historypath: '/nsm/strelka/history/'
    strelkapath: '/nsm/strelka/unprocessed/'
    logfile: '/opt/so/log/strelka/filecheck.log'
--- a/salt/strelka/filecheck/filecheck.yaml.jinja
+++ b/salt/strelka/filecheck/filecheck.yaml.jinja
@@ -1 +1,2 @@
-{{ FILECHECKCONFIG | yaml(false) }}
+filecheck:
 {{ FILECHECKCONFIG | yaml(false) | indent(width=2) }}
--- a/salt/strelka/filecheck/map.jinja
+++ b/salt/strelka/filecheck/map.jinja
@@ -1,12 +0,0 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 {% import_yaml 'strelka/filecheck/defaults.yaml' as FILECHECKDEFAULTS %}
 {% if GLOBALS.md_engine == "SURICATA" %}
 {%   set extract_path = '/nsm/suricata/extracted' %}
 {%   set filecheck_runas = 'suricata' %}
 {% else %}
 {%   set extract_path = '/nsm/zeek/extracted/complete' %}
 {%   set filecheck_runas = 'socore' %}
 {% endif %}
 {% do FILECHECKDEFAULTS.filecheck.update({'extract_path': extract_path}) %}
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -99,7 +99,7 @@ manager_config:
    - defaults:
        MANAGERCONFIG: {{ STRELKAMERGED.config.manager }}
-{% if STRELKAMERGED.rules.enabled %}
+{%   if STRELKAMERGED.rules.enabled %}
 strelkarules:
  file.recurse:
@@ -109,7 +109,7 @@ strelkarules:
    - group: 939
    - clean: True
-{% if grains['role'] in GLOBALS.manager_roles %}
+{%     if grains['role'] in GLOBALS.manager_roles %}
 strelkarepos:
  file.managed:
    - name: /opt/so/conf/strelka/repos.txt
@@ -118,8 +118,8 @@ strelkarepos:
    - defaults:
        STRELKAREPOS: {{ STRELKAMERGED.rules.repos }}
-{% endif %}
+{%     endif %}
-{% endif %}
+{%   endif %}
 strelkadatadir:
   file.directory:
@@ -185,7 +185,7 @@ filecheck_conf:
    - source: salt://strelka/filecheck/filecheck.yaml.jinja
    - template: jinja
    - defaults:
-        FILECHECKCONFIG: {{ FILECHECKDEFAULTS }}
+        FILECHECKCONFIG: {{ STRELKAMERGED.filecheck }}
 filecheck_script:
  file.managed:
--- a/salt/strelka/map.jinja
+++ b/salt/strelka/map.jinja
@@ -17,4 +17,14 @@
 {% set manager_coordinator_port = STRELKADEFAULTS.strelka.config.manager.coordinator.addr.split(':')[1] %}
 {% do STRELKADEFAULTS.strelka.config.manager.coordinator.update({'addr': HOST ~ ':' ~ manager_coordinator_port}) %}
 {% if GLOBALS.md_engine == "SURICATA" %}
 {%   set extract_path = '/nsm/suricata/extracted' %}
 {%   set filecheck_runas = 'suricata' %}
 {% else %}
 {%   set extract_path = '/nsm/zeek/extracted/complete' %}
 {%   set filecheck_runas = 'socore' %}
 {% endif %}
 {% do STRELKADEFAULTS.strelka.filecheck.update({'extract_path': extract_path}) %}
 {% set STRELKAMERGED = salt['pillar.get']('strelka', STRELKADEFAULTS.strelka, merge=True) %}
--- a/salt/strelka/soc_strelka.yaml
+++ b/salt/strelka/soc_strelka.yaml
`@@ -1 +1,2 @@`
	`{{ FILECHECKCONFIG \| yaml(false) }}`	`filecheck:`
		`{{ FILECHECKCONFIG \| yaml(false) \| indent(width=2) }}`