From 2c4ba2e8b24330ee8cb92d551e129423a9cccd3d Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 24 May 2023 09:35:50 -0400
Subject: [PATCH] Add Suricata

---
 salt/suricata/enabled.sls | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/salt/suricata/enabled.sls b/salt/suricata/enabled.sls
index bfe91d244..d032b4d98 100644
--- a/salt/suricata/enabled.sls
+++ b/salt/suricata/enabled.sls
@@ -17,6 +17,11 @@ so-suricata:
     - privileged: True
     - environment:
       - INTERFACE={{ GLOBALS.sensor.interface }}
+      {% if DOCKER.containers['so-suricata'].extra_env %}
+        {% for XTRAENV in DOCKER.containers['so-suricata'].extra_env %}
+      - {{ XTRAENV }}
+        {% endfor %}
+      {% endif %}
     - binds:
       - /opt/so/conf/suricata/suricata.yaml:/etc/suricata/suricata.yaml:ro
       - /opt/so/conf/suricata/threshold.conf:/etc/suricata/threshold.conf:ro
@@ -25,7 +30,18 @@ so-suricata:
       - /nsm/suricata/:/nsm/:rw
       - /nsm/suricata/extracted:/var/log/suricata//filestore:rw
       - /opt/so/conf/suricata/bpf:/etc/suricata/bpf:ro
+      {% if DOCKER.containers['so-suricata'].custom_bind_mounts %}
+        {% for BIND in DOCKER.containers['so-suricata'].custom_bind_mounts %}
+      - {{ BIND }}
+        {% endfor %}
+      {% endif %}
     - network_mode: host
+    {% if DOCKER.containers['so-suricata'].extra_hosts %}
+    - extra_hosts:
+      {% for XTRAHOST in DOCKER.containers['so-suricata'].extra_hosts %}
+      - {{ XTRAHOST }}
+      {% endfor %}
+    {% endif %}
     - watch:
       - file: suriconfig
       - file: surithresholding