CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix final bugs

Browse Source
This commit is contained in:
Mike Reeves
2020-07-18 17:29:11 -04:00
parent 1d24d7bc7f
commit 3de2afe618
4 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
salt/common/maps/broversion.map.jinja → salt/common/maps/zeekversion.map.jinja
View File

12
salt/idstools/etc/rulecat.conf
View File

@@ -1,6 +1,6 @@
{% set URLS = salt['pillar.get']('idstools:config:urls', {}) -%} {%- set URLS = salt['pillar.get']('idstools:config:urls') -%}
{% set RULESET = salt['pillar.get']('idstools:config:ruleset') -%} {%- set RULESET = salt['pillar.get']('idstools:config:ruleset') -%}
{% set OINKCODE = salt['pillar.get']('idstools:config:oinkcode') -%} {%- set OINKCODE = salt['pillar.get']('idstools:config:oinkcode', '' ) -%}
--suricata-version=5.0 --suricata-version=5.0
--merged=/opt/so/rules/nids/all.rules --merged=/opt/so/rules/nids/all.rules
--local=/opt/so/rules/nids/local.rules --local=/opt/so/rules/nids/local.rules
@@ -10,10 +10,12 @@
{%- if RULESET == 'ETOPEN' %} {%- if RULESET == 'ETOPEN' %}
--etopen --etopen
{%- elif RULESET == 'ETPRO' %} {%- elif RULESET == 'ETPRO' %}
--etpro={{ OINKCODE }} --etpro={{ OINCODE }}
{%- elif RULESET == 'TALOS' %} {%- elif RULESET == 'TALOS' %}
--url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }} --url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }}
{%- endif %} {%- endif %}
{%- if URLS != None %}
{%- for URL in URLS %} {%- for URL in URLS %}
--url={{ URL }} --url={{ URL }}
{%- endfor %} {%- endfor %}
{%- endif %}

6
salt/zeek/init.sls
View File

@@ -43,7 +43,7 @@ zeekspooldir:
file.directory: file.directory:
- name: /nsm/zeek/spool/manager - name: /nsm/zeek/spool/manager
- user: 937 - user: 937
- makedirs: true - makedirs: True
# Zeek extracted # Zeek extracted
zeekextractdir: zeekextractdir:
@@ -57,7 +57,7 @@ zeekextractcompletedir:
file.directory: file.directory:
- name: /nsm/zeek/extracted/complete - name: /nsm/zeek/extracted/complete
- user: 937 - user: 937
- makedirs: true - makedirs: True
# Sync the policies # Sync the policies
zeekpolicysync: zeekpolicysync:
@@ -75,6 +75,7 @@ zeekintelloadsync:
- source: salt://zeek/policy/intel/__load__.zeek - source: salt://zeek/policy/intel/__load__.zeek
- user: 937 - user: 937
- group: 939 - group: 939
- makedirs: True
zeekctlcfg: zeekctlcfg:
file.managed: file.managed:
@@ -186,3 +187,4 @@ so-zeek:
- file: /opt/so/conf/zeek/zeekctl.cfg - file: /opt/so/conf/zeek/zeekctl.cfg
- file: /opt/so/conf/zeek/policy - file: /opt/so/conf/zeek/policy
- file: /opt/so/conf/zeek/bpf - file: /opt/so/conf/zeek/bpf

14
salt/zeek/policy/securityonion/file-extraction/extract.zeek
View File

@@ -1,4 +1,4 @@
{%- from zeek/fileextraction_defaults.yaml import zeek %} {%- import_yaml "zeek/fileextraction_defaults.yaml" as zeek with context %}
# Directory to stage Zeek extracted files before processing # Directory to stage Zeek extracted files before processing
redef FileExtract::prefix = "/nsm/zeek/extracted/"; redef FileExtract::prefix = "/nsm/zeek/extracted/";
# Set a limit to the file size # Set a limit to the file size
@@ -6,14 +6,16 @@ redef FileExtract::default_limit = 9000000;
# These are the mimetypes we want to rip off the networks # These are the mimetypes we want to rip off the networks
export { export {
global _mime_whitelist: table[string] of string = { global _mime_whitelist: table[string] of string = {
{%- for li in zeek.policy.file_extraction %} {%- for li in zeek.zeek.policy.file_extraction %}
{%- for k,v in li %}
{%- if not loop.last %} {%- if not loop.last %}
{%- for k,v in li.items() %}
["{{ k }}"] = "{{ v }}", ["{{ k }}"] = "{{ v }}",
{%- else %}
["{{ k }}"] = "{{ v }}"
{%- endif %}
{%- endfor %} {%- endfor %}
{%- else %}
{%- for k,v in li.items() %}
["{{ k }}"] = "{{ v }}"
{%- endfor %}
{%- endif %}
{%- endfor %} {%- endfor %}
}; };
} }