From 2a300263e193224fd03887b6ee71c4ab27e7e365 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Tue, 13 Nov 2018 13:40:25 -0500
Subject: [PATCH] Added Watch Statements

---
 salt/bro/init.sls      | 9 +++++++++
 salt/common/init.sls   | 2 ++
 salt/filebeat/init.sls | 2 ++
 salt/suricata/init.sls | 8 ++++++++
 salt/top.sls           | 3 +++
 5 files changed, 24 insertions(+)

diff --git a/salt/bro/init.sls b/salt/bro/init.sls
index 0dcccf21f..41a89a94b 100644
--- a/salt/bro/init.sls
+++ b/salt/bro/init.sls
@@ -76,6 +76,10 @@ so-bro:
       - /opt/so/conf/bro/policy/custom:/opt/bro/share/bro/policy/custom:ro
       - /opt/so/conf/bro/policy/intel:/opt/bro/share/bro/policy/intel:rw
     - network_mode: host
+    - watch:
+      - file: /opt/so/conf/bro/local.bro
+      - file: /opt/so/conf/bro/node.cfg
+      - file: /opt/so/conf/bro/policy/*
 
 {% else %}
 localbrosync:
@@ -99,5 +103,10 @@ so-bro:
       - /opt/so/conf/bro/policy/custom:/opt/bro/share/bro/policy/custom:ro
       - /opt/so/conf/bro/policy/intel:/opt/bro/share/bro/policy/intel:rw
     - network_mode: host
+    - watch:
+      - file: /opt/so/conf/bro/local.bro
+      - file: /opt/so/conf/bro/node.cfg
+      - file: /opt/so/conf/bro/policy/*
+
 
 {% endif %}
diff --git a/salt/common/init.sls b/salt/common/init.sls
index f53ee8eeb..6f15c3647 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -127,3 +127,5 @@ so-core:
     - port_bindings:
       - 80:80
       - 443:443
+    - watch:
+      - file: /opt/so/conf/nginx/nginx.conf
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index a9be46951..be829bfb1 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -64,3 +64,5 @@ so-filebeat:
       - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
       - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro
       - /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro
+    - watch:
+      - file: /opt/so/conf/filebeat/etc/filebeat.yml
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 22e753c67..f41ba5069 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -14,6 +14,7 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
+{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
 
 # Suricata
 
@@ -60,7 +61,11 @@ surirulesync:
 suriconfigsync:
   file.managed:
     - name: /opt/so/conf/suricata/suricata.yaml
+    {%- if BROVER != SURICATA %}
     - source: salt://suricata/files/suricata.yaml
+    {%- else %}
+    - source: salt://suricata/files/suricataMETA.yaml
+    {%- endif %}
     - user: 940
     - group: 940
     - template: jinja
@@ -76,3 +81,6 @@ so-suricata:
       - /opt/so/conf/suricata/rules:/etc/suricata/rules:ro
       - /opt/so/log/suricata/:/var/log/suricata/:rw
     - network_mode: host
+    - watch:
+      - file: /opt/so/conf/suricata/suricata.yaml
+      - file: /opt/so/conf/rules/all.rules
diff --git a/salt/top.sls b/salt/top.sls
index 23878e70e..f7ea450ac 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -1,3 +1,4 @@
+{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
 base:
   'G@role:so-sensor':
     - ssl
@@ -5,7 +6,9 @@ base:
     - firewall
     - pcap
     - suricata
+    {%- if BROVER != SURICATA %}
     - bro
+    {%- endif %}
     - filebeat
 
   'G@role:so-eval':