Merge pull request #14537 from Security-Onion-Solutions/2.4/idstoolsfix

Run so-rule-update when it changes

salt/idstools/config.sls

@@ -24,13 +24,23 @@ idstools_sbin:
     - group: 939
     - file_mode: 755
 
-idstools_sbin_jinja:
-  file.recurse:
-    - name: /usr/sbin
-    - source: salt://idstools/tools/sbin_jinja
+# If this is used, exclude so-rule-update
+#idstools_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://idstools/tools/sbin_jinja
+#    - user: 934
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
+idstools_so-rule-update:
+  file.managed:
+    - name: /usr/sbin/so-rule-update
+    - source: salt://idstools/tools/sbin_jinja/so-rule-update
     - user: 934
     - group: 939 
-    - file_mode: 755
+    - mode: 755
     - template: jinja
 
 suricatacustomdirsfile:

salt/idstools/enabled.sls

@@ -55,6 +55,7 @@ so-idstools:
     {% endif %}
     - watch:
       - file: idstoolsetcsync
+      - file: idstools_so-rule-update
 
 delete_so-idstools_so-status.disabled:
   file.uncomment:
@@ -76,6 +77,7 @@ run_so-rule-update:
     - require:
       - docker_container: so-idstools
     - onchanges:
+      - file: idstools_so-rule-update
       - file: idstoolsetcsync
       - file: synclocalnidsrules
     - order: last