CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

only apply ulimits to suricata container if user enable mmap-locked

Browse Source
This commit is contained in:
m0duspwnens
2024-04-25 10:05:59 -04:00
parent cc17de2184
commit 2c7eb3c755
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/suricata/enabled.sls
View File

@@ -7,6 +7,7 @@
{% if sls.split('.')[0] in allowed_states %} {% if sls.split('.')[0] in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'docker/docker.map.jinja' import DOCKER %} {% from 'docker/docker.map.jinja' import DOCKER %}
{% from 'suricata/map.jinja' import SURICATAMERGED %}
include: include:
@@ -24,7 +25,8 @@ so-suricata:
- {{ XTRAENV }} - {{ XTRAENV }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if DOCKER.containers['so-suricata'].ulimits %} {# we look at SURICATAMERGED.config['af-packet'][0] since we only allow one interface and therefore always the first list item #}
{% if SURICATAMERGED.config['af-packet'][0]['mmap-locked'] == "yes" and DOCKER.containers['so-suricata'].ulimits %}
- ulimits: - ulimits:
{% for ULIMIT in DOCKER.containers['so-suricata'].ulimits %} {% for ULIMIT in DOCKER.containers['so-suricata'].ulimits %}
- {{ ULIMIT }} - {{ ULIMIT }}