Fix final bugs

2025-12-06 09:12:45 +01:00 · 2020-07-18 17:29:11 -04:00
parent 1d24d7bc7f
commit 3de2afe618
4 changed files with 19 additions and 13 deletions
--- a/salt/common/maps/zeekversion.map.jinja
+++ b/salt/common/maps/zeekversion.map.jinja
--- a/salt/idstools/etc/rulecat.conf
+++ b/salt/idstools/etc/rulecat.conf
@@ -1,6 +1,6 @@
-{% set URLS = salt['pillar.get']('idstools:config:urls', {}) -%}
-{% set RULESET = salt['pillar.get']('idstools:config:ruleset') -%}
-{% set OINKCODE = salt['pillar.get']('idstools:config:oinkcode') -%}
+{%- set URLS = salt['pillar.get']('idstools:config:urls') -%}
+{%- set RULESET = salt['pillar.get']('idstools:config:ruleset') -%}
+{%- set OINKCODE = salt['pillar.get']('idstools:config:oinkcode', '' ) -%}
 --suricata-version=5.0
 --merged=/opt/so/rules/nids/all.rules
 --local=/opt/so/rules/nids/local.rules
@@ -10,10 +10,12 @@
 {%- if RULESET == 'ETOPEN' %}
 --etopen
 {%- elif RULESET == 'ETPRO' %}
--etpro={{ OINKCODE }}
+--etpro={{ OINCODE }}
 {%- elif RULESET == 'TALOS' %}
 --url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }}
 {%- endif %}
+{%- if URLS != None %}
 {%- for URL in URLS %}
 --url={{ URL }}
 {%- endfor %}
+{%- endif %}
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -43,7 +43,7 @@ zeekspooldir:
  file.directory:
    - name: /nsm/zeek/spool/manager
    - user: 937
-    - makedirs: true
+    - makedirs: True

 # Zeek extracted
 zeekextractdir:
@@ -57,7 +57,7 @@ zeekextractcompletedir:
  file.directory:
    - name: /nsm/zeek/extracted/complete
    - user: 937
-    - makedirs: true
+    - makedirs: True

 # Sync the policies
 zeekpolicysync:
@@ -75,6 +75,7 @@ zeekintelloadsync:
    - source: salt://zeek/policy/intel/__load__.zeek
    - user: 937
    - group: 939
+    - makedirs: True

 zeekctlcfg:
  file.managed:
@@ -186,3 +187,4 @@ so-zeek:
      - file: /opt/so/conf/zeek/zeekctl.cfg
      - file: /opt/so/conf/zeek/policy
      - file: /opt/so/conf/zeek/bpf
+      
--- a/salt/zeek/policy/securityonion/file-extraction/extract.zeek
+++ b/salt/zeek/policy/securityonion/file-extraction/extract.zeek
@@ -1,4 +1,4 @@
-{%- from zeek/fileextraction_defaults.yaml import zeek %}
+{%- import_yaml "zeek/fileextraction_defaults.yaml" as zeek with context %}
 # Directory to stage Zeek extracted files before processing
 redef FileExtract::prefix = "/nsm/zeek/extracted/";
 # Set a limit to the file size
@@ -6,14 +6,16 @@ redef FileExtract::default_limit = 9000000;
 # These are the mimetypes we want to rip off the networks
 export {
    global _mime_whitelist: table[string] of string = {
-        {%- for li in zeek.policy.file_extraction %}
-          {%- for k,v in li %}
+        {%- for li in zeek.zeek.policy.file_extraction %}
          {%- if not loop.last %}
+          {%- for k,v in li.items() %}
        ["{{ k }}"] = "{{ v }}",
-          {%- else %}
-        ["{{ k }}"] = "{{ v }}"
-          {%- endif %}
          {%- endfor %}
+          {%- else %}
+          {%- for k,v in li.items() %}
+        ["{{ k }}"] = "{{ v }}"
+          {%- endfor %}
+          {%- endif %}
        {%- endfor %}
        };
 }