From 35027e32b35938fe4d2ded10be0cba7b2b651cf9 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 14 Aug 2020 14:43:37 -0400
Subject: [PATCH] dont constantly run steno or suricata containers for import
 node

---
 salt/pcap/init.sls      | 2 ++
 salt/pcap/map.jinja     | 6 ++++++
 salt/suricata/init.sls  | 2 ++
 salt/suricata/map.jinja | 6 ++++++
 4 files changed, 16 insertions(+)
 create mode 100644 salt/pcap/map.jinja
 create mode 100644 salt/suricata/map.jinja

diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index 3db7a227c..135b49334 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -18,6 +18,7 @@
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
 {% set BPF_COMPILED = "" %}
+{% from "pcap/map.jinja" import START with context %}
 
 # PCAP Section
 
@@ -131,6 +132,7 @@ sensoronilog:
 so-steno:
   docker_container.running:
     - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }}
+    - start: {{ START }}
     - network_mode: host
     - privileged: True
     - port_bindings:
diff --git a/salt/pcap/map.jinja b/salt/pcap/map.jinja
new file mode 100644
index 000000000..ad4d70e80
--- /dev/null
+++ b/salt/pcap/map.jinja
@@ -0,0 +1,6 @@
+# don't start the docker container if it is an import node
+{% if grains.id.split('_')|last == 'import' %}
+  {% set START = False %}
+{% else %}
+  {% set START = True %}
+{% endif %}
\ No newline at end of file
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 783f174ca..a15255af1 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -23,6 +23,7 @@
 
 {# import_yaml 'suricata/files/defaults2.yaml' as suricata #}
 {% from 'suricata/suricata_config.map.jinja' import suricata_defaults as suricata_config with context %}
+{% from "suricata/map.jinja" import START with context %}
 
 # Suricata
 
@@ -134,6 +135,7 @@ suribpf:
 so-suricata:
   docker_container.running:
     - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-suricata:{{ VERSION }}
+    - start: {{ START }}
     - privileged: True
     - environment:
       - INTERFACE={{ interface }}
diff --git a/salt/suricata/map.jinja b/salt/suricata/map.jinja
new file mode 100644
index 000000000..ad4d70e80
--- /dev/null
+++ b/salt/suricata/map.jinja
@@ -0,0 +1,6 @@
+# don't start the docker container if it is an import node
+{% if grains.id.split('_')|last == 'import' %}
+  {% set START = False %}
+{% else %}
+  {% set START = True %}
+{% endif %}
\ No newline at end of file