Added Watch Statements

salt/bro/init.sls

@@ -76,6 +76,10 @@ so-bro:
       - /opt/so/conf/bro/policy/custom:/opt/bro/share/bro/policy/custom:ro
       - /opt/so/conf/bro/policy/intel:/opt/bro/share/bro/policy/intel:rw
     - network_mode: host
+    - watch:
+      - file: /opt/so/conf/bro/local.bro
+      - file: /opt/so/conf/bro/node.cfg
+      - file: /opt/so/conf/bro/policy/*
 
 {% else %}
 localbrosync:
@@ -99,5 +103,10 @@ so-bro:
       - /opt/so/conf/bro/policy/custom:/opt/bro/share/bro/policy/custom:ro
       - /opt/so/conf/bro/policy/intel:/opt/bro/share/bro/policy/intel:rw
     - network_mode: host
+    - watch:
+      - file: /opt/so/conf/bro/local.bro
+      - file: /opt/so/conf/bro/node.cfg
+      - file: /opt/so/conf/bro/policy/*
+
 
 {% endif %}

salt/common/init.sls

@@ -127,3 +127,5 @@ so-core:
     - port_bindings:
       - 80:80
       - 443:443
+    - watch:
+      - file: /opt/so/conf/nginx/nginx.conf

salt/filebeat/init.sls

@@ -64,3 +64,5 @@ so-filebeat:
       - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
       - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro
       - /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro
+    - watch:
+      - file: /opt/so/conf/filebeat/etc/filebeat.yml

salt/suricata/init.sls

@@ -14,6 +14,7 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
+{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
 
 # Suricata
 
@@ -60,7 +61,11 @@ surirulesync:
 suriconfigsync:
   file.managed:
     - name: /opt/so/conf/suricata/suricata.yaml
+    {%- if BROVER != SURICATA %}
     - source: salt://suricata/files/suricata.yaml
+    {%- else %}
+    - source: salt://suricata/files/suricataMETA.yaml
+    {%- endif %}
     - user: 940
     - group: 940
     - template: jinja
@@ -76,3 +81,6 @@ so-suricata:
       - /opt/so/conf/suricata/rules:/etc/suricata/rules:ro
       - /opt/so/log/suricata/:/var/log/suricata/:rw
     - network_mode: host
+    - watch:
+      - file: /opt/so/conf/suricata/suricata.yaml
+      - file: /opt/so/conf/rules/all.rules

salt/top.sls

@@ -1,3 +1,4 @@
+{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
 base:
   'G@role:so-sensor':
     - ssl
@@ -5,7 +6,9 @@ base:
     - firewall
     - pcap
     - suricata
+    {%- if BROVER != SURICATA %}
     - bro
+    {%- endif %}
     - filebeat
 
   'G@role:so-eval':