strelka ui things

salt/strelka/defaults.yaml

@@ -531,10 +531,9 @@ strelka:
       response:
         log: "/var/log/strelka/strelka.log"
     manager:
-        coordinator:
-          addr: 'HOST:6380'
-          db: 0
-
+      coordinator:
+        addr: 'HOST:6380'
+        db: 0
   rules:
     enabled: True
     repos:
@@ -557,3 +556,7 @@ strelka:
       - gen_susp_xor.yar
       - gen_webshells_ext_vars.yar
       - configured_vulns_ext_vars.yar
+  filecheck:
+    historypath: '/nsm/strelka/history/'
+    strelkapath: '/nsm/strelka/unprocessed/'
+    logfile: '/opt/so/log/strelka/filecheck.log'

salt/strelka/filecheck/filecheck.yaml.jinja

@@ -1 +1,2 @@
-{{ FILECHECKCONFIG | yaml(false) }}
+filecheck:
+{{ FILECHECKCONFIG | yaml(false) | indent(width=2) }}

salt/strelka/filecheck/map.jinja

@@ -1,12 +0,0 @@
-{% from 'vars/globals.map.jinja' import GLOBALS %}
-{% import_yaml 'strelka/filecheck/defaults.yaml' as FILECHECKDEFAULTS %}
-
-{% if GLOBALS.md_engine == "SURICATA" %}
-{%   set extract_path = '/nsm/suricata/extracted' %}
-{%   set filecheck_runas = 'suricata' %}
-{% else %}
-{%   set extract_path = '/nsm/zeek/extracted/complete' %}
-{%   set filecheck_runas = 'socore' %}
-{% endif %}
-
-{% do FILECHECKDEFAULTS.filecheck.update({'extract_path': extract_path}) %}

salt/strelka/init.sls

@@ -99,7 +99,7 @@ manager_config:
     - defaults:
         MANAGERCONFIG: {{ STRELKAMERGED.config.manager }}
 
-{% if STRELKAMERGED.rules.enabled %}
+{%   if STRELKAMERGED.rules.enabled %}
 
 strelkarules:
   file.recurse:
@@ -109,7 +109,7 @@ strelkarules:
     - group: 939
     - clean: True
 
-{% if grains['role'] in GLOBALS.manager_roles %}
+{%     if grains['role'] in GLOBALS.manager_roles %}
 strelkarepos:
   file.managed:
     - name: /opt/so/conf/strelka/repos.txt
@@ -118,8 +118,8 @@ strelkarepos:
     - defaults:
         STRELKAREPOS: {{ STRELKAMERGED.rules.repos }}
 
-{% endif %}
-{% endif %}
+{%     endif %}
+{%   endif %}
 
 strelkadatadir:
    file.directory:
@@ -185,7 +185,7 @@ filecheck_conf:
     - source: salt://strelka/filecheck/filecheck.yaml.jinja
     - template: jinja
     - defaults:
-        FILECHECKCONFIG: {{ FILECHECKDEFAULTS }}
+        FILECHECKCONFIG: {{ STRELKAMERGED.filecheck }}
 
 filecheck_script:
   file.managed:

salt/strelka/map.jinja

@@ -17,4 +17,14 @@
 {% set manager_coordinator_port = STRELKADEFAULTS.strelka.config.manager.coordinator.addr.split(':')[1] %}
 {% do STRELKADEFAULTS.strelka.config.manager.coordinator.update({'addr': HOST ~ ':' ~ manager_coordinator_port}) %}
 
+{% if GLOBALS.md_engine == "SURICATA" %}
+{%   set extract_path = '/nsm/suricata/extracted' %}
+{%   set filecheck_runas = 'suricata' %}
+{% else %}
+{%   set extract_path = '/nsm/zeek/extracted/complete' %}
+{%   set filecheck_runas = 'socore' %}
+{% endif %}
+
+{% do STRELKADEFAULTS.strelka.filecheck.update({'extract_path': extract_path}) %}
+
 {% set STRELKAMERGED = salt['pillar.get']('strelka', STRELKADEFAULTS.strelka, merge=True) %}