From 45b11b2321aaf861ab73ee1585220b1ff0bf742a Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 9 Sep 2020 18:38:07 -0400
Subject: [PATCH] Fix Rulecat

---
 salt/idstools/etc/rulecat.conf | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf
index b7b7f8424..bdea850aa 100644
--- a/salt/idstools/etc/rulecat.conf
+++ b/salt/idstools/etc/rulecat.conf
@@ -1,19 +1,29 @@
 {%- set URLS = salt['pillar.get']('idstools:config:urls') -%}
 {%- set RULESET = salt['pillar.get']('idstools:config:ruleset') -%}
 {%- set OINKCODE = salt['pillar.get']('idstools:config:oinkcode', '' ) -%}
+{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') -%}
+{% if ISAIRGAP is sameas true %}
+--merged=/opt/so/rules/nids/all.rules
+--local=/opt/so/rules/nids/local.rules
+--local=/opt/so/rules/nids/emerging-all.rules
+--disable=/opt/so/idstools/etc/disable.conf
+--enable=/opt/so/idstools/etc/enable.conf
+--modify=/opt/so/idstools/etc/modify.conf
+{%- else -%}
 --suricata-version=5.0
 --merged=/opt/so/rules/nids/all.rules
 --local=/opt/so/rules/nids/local.rules
 --disable=/opt/so/idstools/etc/disable.conf
 --enable=/opt/so/idstools/etc/enable.conf
 --modify=/opt/so/idstools/etc/modify.conf
-{%- if RULESET == 'ETOPEN' %}
+  {%- if RULESET == 'ETOPEN' -%}
 --etopen
-{%- elif RULESET == 'ETPRO' %}
+  {%- elif RULESET == 'ETPRO' -%}
 --etpro={{ OINKCODE }}
-{%- elif RULESET == 'TALOS' %}
+  {%- elif RULESET == 'TALOS' -%}
 --url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }}
-{%- endif %}
+  {%- endif -%}
+{%- endif -%}
 {%- if URLS != None %}
 {%- for URL in URLS %}
 --url={{ URL }}