Merge pull request #2359 from Security-Onion-Solutions/fix/so-status-import-node

Fix/so status import node
2025-12-06 09:12:45 +01:00 · 2020-12-16 14:22:08 -05:00
parent eecb323459 2d497cb724
commit 3ff99da302
5 changed files with 25 additions and 9 deletions
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
@@ -217,6 +217,6 @@ https://{{ URLBASE }}/#/hunt?q=import.id:${HASH}%20%7C%20groupby%20event.module%
 or you can manually set your Time Range to be (in UTC):
 From: $START_OLDEST    To: $END_NEWEST

-Please note that it may take 30 seconds or more for events to appear in Onion Hunt.
+Please note that it may take 30 seconds or more for events to appear in Hunt.
 EOF
 fi
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -133,18 +133,19 @@ append_so-steno_so-status.conf:
  file.append:
    - name: /opt/so/conf/so-status/so-status.conf
    - text: so-steno
-    - unless: grep so-steno /opt/so/conf/so-status/so-status.conf
+    - unless: grep -q so-steno /opt/so/conf/so-status/so-status.conf

-  {% if STENOOPTIONS.status == 'running' %}
-delete_so-steno_so-status.disabled:
-  file.uncomment:
-    - name: /opt/so/conf/so-status/so-status.conf
-    - regex: ^so-steno$
-  {% elif STENOOPTIONS.status == 'stopped' %}
+
+  {% if not STENOOPTIONS.start %}
 so-steno_so-status.disabled:
  file.comment:
    - name: /opt/so/conf/so-status/so-status.conf
    - regex: ^so-steno$
+  {% else %}
+delete_so-steno_so-status.disabled:
+  file.uncomment:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-steno$
  {% endif %}

 {% else %}
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -167,6 +167,14 @@ append_so-suricata_so-status.conf:
  file.append:
    - name: /opt/so/conf/so-status/so-status.conf
    - text: so-suricata
+    - unless: grep -q so-suricata /opt/so/conf/so-status/so-status.conf
+
+{% if grains.role == 'so-import' %}
+disable_so-suricata_so-status.conf:
+  file.comment:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-suricata$
+{% endif %}

 surilogrotate:
  file.managed:
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -200,6 +200,14 @@ append_so-zeek_so-status.conf:
  file.append:
    - name: /opt/so/conf/so-status/so-status.conf
    - text: so-zeek
+    - unless: grep -q so-zeek /opt/so/conf/so-status/so-status.conf
+
+{% if grains.role == 'so-import' %}
+disable_so-zeek_so-status.conf:
+  file.comment:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-zeek$
+{% endif %}

 {% else %}

--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1941,7 +1941,6 @@ sensor_pillar() {
 	if [ "$HNSENSOR" != 'inherit' ]; then
 		echo "  hnsensor: $HNSENSOR" >> "$pillar_file"
 	fi
-
 }

 set_default_log_size() {