CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

jinja for steno/pcap

Browse Source
This commit is contained in:
m0duspwnens
2022-09-15 15:12:40 -04:00
parent 9a75d939b4
commit 52b58ad6ae
3 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/pcap/config.map.jinja
View File

@@ -1,3 +1,3 @@
{% import_yaml 'pcap/defaults.yaml' as pcap_defaults with context %} {% import_yaml 'pcap/defaults.yaml' as pcap_defaults with context %}
{% set pcap_pillar = pillar.pcap %} {% set pcap_pillar = pillar.pcap %}
{% set pcapmerge = salt['defaults.merge'](pcap_defaults, pcap_pillar, in_place=False) %} {% set PCAPMERGED = salt['defaults.merge'](pcap_defaults, pcap_pillar, in_place=False) %}

12
salt/pcap/files/config.jinja
View File

@@ -1,16 +1,10 @@
{%- set INTERFACE = salt['pillar.get']('sensor:interface') %}
{%- set DISKFREEPERCENTAGE = salt['pillar.get']('pcap:config:diskfreepercentage') %}
{%- set MAXFILES = salt['pillar.get']('pcap:config:maxdirectoryfiles') %}
{%- set BLOCKS = salt['pillar.get']('pcap:config:blocks') %}
{%- set FILEMB = salt['pillar.get']('pcap:config:preallocate_file_mb') %}
{%- set AIOPS = salt['pillar.get']('pcap:config:aiops') %}
{ {
"Threads": [ "Threads": [
{ "PacketsDirectory": "/nsm/pcap", "IndexDirectory": "/nsm/pcapindex", "MaxDirectoryFiles": {{ MAXFILES }}, "DiskFreePercentage": {{ DISKFREEPERCENTAGE }} } { "PacketsDirectory": "/nsm/pcap", "IndexDirectory": "/nsm/pcapindex", "MaxDirectoryFiles": {{ PCAPMERGED.pcap.config.maxdirectoryfiles }}, "DiskFreePercentage": {{ PCAPMERGED.pcap.config.DISKFREEPERCENTAGE }} }
, "StenotypePath": "/usr/bin/stenotype" , "StenotypePath": "/usr/bin/stenotype"
, "Interface": "{{ INTERFACE }}" , "Interface": "{{ pillar.sensor.interface }}"
, "Port": 1234 , "Port": 1234
, "Host": "127.0.0.1" , "Host": "127.0.0.1"
, "Flags": ["-v", "--blocks={{ BLOCKS }}", "--preallocate_file_mb={{ FILEMB }}", "--aiops={{ AIOPS }}", "--uid=stenographer", "--gid=stenographer"{{ BPF_COMPILED }}] , "Flags": ["-v", "--blocks={{ PCAPMERGED.pcap.config.blocks }}", "--preallocate_file_mb={{ PCAPMERGED.pcap.config.preallocate_file_mb }}", "--aiops={{ PCAPMERGED.pcap.config.aiops }}", "--uid=stenographer", "--gid=stenographer"{{ BPF_COMPILED }}]
, "CertPath": "/etc/stenographer/certs" , "CertPath": "/etc/stenographer/certs"
} }

2
salt/pcap/init.sls
View File

@@ -7,6 +7,7 @@
{% if sls in allowed_states %} {% if sls in allowed_states %}
{% from "pcap/map.jinja" import STENOOPTIONS with context %} {% from "pcap/map.jinja" import STENOOPTIONS with context %}
{% from "pcap/config.map.jinja" import PCAPMERGED with context %}
{% set VERSION = salt['pillar.get']('global:soversion') %} {% set VERSION = salt['pillar.get']('global:soversion') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -58,6 +59,7 @@ stenoconf:
- mode: 644 - mode: 644
- template: jinja - template: jinja
- defaults: - defaults:
PCAPMERGED: {{ PCAPMERGED }}
BPF_COMPILED: "{{ BPF_COMPILED }}" BPF_COMPILED: "{{ BPF_COMPILED }}"
stenoca: stenoca: