From 00029e6f83792623b97ab7242f1fab3e267b63d6 Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@DefensiveDepth.com>
Date: Mon, 14 Apr 2025 08:04:46 -0400
Subject: [PATCH 1/2] Run so-rule-update when it changes

---
 salt/idstools/enabled.sls | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/salt/idstools/enabled.sls b/salt/idstools/enabled.sls
index 5e4c4c066..8c8b46589 100644
--- a/salt/idstools/enabled.sls
+++ b/salt/idstools/enabled.sls
@@ -55,6 +55,7 @@ so-idstools:
     {% endif %}
     - watch:
       - file: idstoolsetcsync
+      - file: idstools_sbin_jinja
 
 delete_so-idstools_so-status.disabled:
   file.uncomment:
@@ -76,6 +77,7 @@ run_so-rule-update:
     - require:
       - docker_container: so-idstools
     - onchanges:
+      - file: idstools_sbin_jinja
       - file: idstoolsetcsync
       - file: synclocalnidsrules
     - order: last

From ceabb673e0dde6df0827f527f74b44d848992083 Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@DefensiveDepth.com>
Date: Mon, 14 Apr 2025 11:08:35 -0400
Subject: [PATCH 2/2] Refactor for so-rule-update

---
 salt/idstools/config.sls  | 20 +++++++++++++++-----
 salt/idstools/enabled.sls |  4 ++--
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/salt/idstools/config.sls b/salt/idstools/config.sls
index 6d4b1036e..a44b02807 100644
--- a/salt/idstools/config.sls
+++ b/salt/idstools/config.sls
@@ -24,13 +24,23 @@ idstools_sbin:
     - group: 939
     - file_mode: 755
 
-idstools_sbin_jinja:
-  file.recurse:
-    - name: /usr/sbin
-    - source: salt://idstools/tools/sbin_jinja
+# If this is used, exclude so-rule-update
+#idstools_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://idstools/tools/sbin_jinja
+#    - user: 934
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
+idstools_so-rule-update:
+  file.managed:
+    - name: /usr/sbin/so-rule-update
+    - source: salt://idstools/tools/sbin_jinja/so-rule-update
     - user: 934
     - group: 939 
-    - file_mode: 755
+    - mode: 755
     - template: jinja
 
 suricatacustomdirsfile:
diff --git a/salt/idstools/enabled.sls b/salt/idstools/enabled.sls
index 8c8b46589..365b38772 100644
--- a/salt/idstools/enabled.sls
+++ b/salt/idstools/enabled.sls
@@ -55,7 +55,7 @@ so-idstools:
     {% endif %}
     - watch:
       - file: idstoolsetcsync
-      - file: idstools_sbin_jinja
+      - file: idstools_so-rule-update
 
 delete_so-idstools_so-status.disabled:
   file.uncomment:
@@ -77,7 +77,7 @@ run_so-rule-update:
     - require:
       - docker_container: so-idstools
     - onchanges:
-      - file: idstools_sbin_jinja
+      - file: idstools_so-rule-update
       - file: idstoolsetcsync
       - file: synclocalnidsrules
     - order: last