2.4 strelka

salt/strelka/filecheck/defaults.yaml

@@ -0,0 +1,4 @@
+filecheck:
+    historypath: '/nsm/strelka/history/'
+    strelkapath: '/nsm/strelka/unprocessed/'
+    logfile: '/opt/so/log/strelka/filecheck.log'

salt/strelka/filecheck/filecheck.yaml

@@ -1,10 +0,0 @@
-{%- set ENGINE = salt['pillar.get']('global:mdengine', '') %}
-filecheck:
-    {%- if ENGINE == "SURICATA" %}
-    extract_path: '/nsm/suricata/extracted'
-    {%- else %}
-    extract_path: '/nsm/zeek/extracted/complete'
-    {%- endif %}
-    historypath: '/nsm/strelka/history/'
-    strelkapath: '/nsm/strelka/unprocessed/'
-    logfile: '/opt/so/log/strelka/filecheck.log'

salt/strelka/filecheck/filecheck.yaml.jinja

@@ -0,0 +1 @@
+{{ FILECHECKCONFIG | yaml(false) }}

salt/strelka/filecheck/map.jinja

@@ -0,0 +1,12 @@
+{% from 'vars/globals.map.jinja' import GLOBALS %}
+{% import_yaml 'strelka/filecheck/defaults.yaml' as FILECHECKDEFAULTS %}
+
+{% if GLOBALS.md_engine == "SURICATA" %}
+{%   set extract_path = '/nsm/suricata/extracted' %}
+{%   set filecheck_runas = 'suricata' %}
+{% else %}
+{%   set extract_path = '/nsm/zeek/extracted/complete' %}
+{%   set filecheck_runas = 'socore' %}
+{% endif %}
+
+{% do FILECHECKDEFAULTS.filecheck.update({'extract_path': extract_path}) %}