From 52a0ace1b8d87b4ce0e7e8d1aa8feb584b25a688 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 24 Jun 2020 17:08:58 +0000
Subject: [PATCH] Use Strelka rules if enabled

---
 salt/strelka/init.sls | 6 +++++-
 salt/top.sls          | 2 +-
 setup/so-functions    | 8 +++++---
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls
index 5767531f4..145b9e620 100644
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -15,6 +15,7 @@
 {%- set MASTER = grains['master'] %}
 {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{%- set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') -%}
 
 # Strelka config
 strelkaconfdir:
@@ -32,6 +33,9 @@ strelkasync:
     - user: 939
     - group: 939
     - template: jinja
+    {%- if STRELKA_RULES != 1 %}
+    - exclude_pat: rules/
+    {%- endif %}
 
 strelkadatadir:
    file.directory:
@@ -87,7 +91,7 @@ strelka_backend:
     - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:{{ VERSION }}
     - binds:
       - /opt/so/conf/strelka/backend/:/etc/strelka/:ro
-      - /opt/so/conf/strelka/backend/yara:/etc/yara/:ro
+      - /opt/so/conf/strelka/rules/:/etc/yara/:ro
     - name: so-strelka-backend
     - command: strelka-backend
     - restart_policy: on-failure
diff --git a/salt/top.sls b/salt/top.sls
index 3629fbe0b..7af856b35 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -7,7 +7,7 @@
 {%- set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') -%}
 {%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
 {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
-{%- set STRELKA = salt['pillar.get']('static:strelka', '0') -%}
+{%- set STRELKA = salt['pillar.get']('strelka:enabled', '0') -%}
 
 
 base:
diff --git a/setup/so-functions b/setup/so-functions
index 1ba4b66a1..37145e12b 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -953,9 +953,11 @@ master_static() {
 		"  fleet_hostname: N/A"\
 		"  fleet_ip: N/A"\
 		"  sensoronikey: $SENSORONIKEY"\
-		"  strelka: $STRELKA"\
-        "  wazuh: $WAZUH"\
-		"  masterupdate: $MASTERUPDATES"\
+		"  wazuh: $WAZUH"\
+                "  masterupdate: $MASTERUPDATES"\
+		"strelka:"\
+		"  enabled: $STRELKA"\
+		"  rules: $STRELKARULES"\
 		"elastic:"\
 		"  features: False" > "$static_pillar"