CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

ensure ownership of /opt/so/log/strelka/filecheck_stdout.log

Browse Source
This commit is contained in:
m0duspwnens
2023-08-08 17:48:34 -04:00
parent 553b758c61
commit 58fe25623b
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/strelka/filestream/config.sls
View File

@@ -7,6 +7,7 @@
{% if sls.split('.')[0] in allowed_states %} {% if sls.split('.')[0] in allowed_states %}
{% from 'strelka/map.jinja' import STRELKAMERGED %} {% from 'strelka/map.jinja' import STRELKAMERGED %}
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'strelka/map.jinja' import filecheck_runas %}
include: include:
- strelka.config - strelka.config
@@ -78,6 +79,12 @@ filecheck_script:
- group: 939 - group: 939
- mode: 755 - mode: 755
filecheck_stdout.log:
file.managed:
- name: /opt/so/log/strelka/filecheck_stdout.log
- user: {{ filecheck_runas }}
- group: {{ filecheck_runas }}
{% if GLOBALS.md_engine == 'ZEEK' %} {% if GLOBALS.md_engine == 'ZEEK' %}
filecheck_run_socore: filecheck_run_socore:

2
salt/strelka/map.jinja
View File

@@ -24,8 +24,10 @@
{% if GLOBALS.md_engine == "SURICATA" %} {% if GLOBALS.md_engine == "SURICATA" %}
{% set extract_path = '/nsm/suricata/extracted' %} {% set extract_path = '/nsm/suricata/extracted' %}
{% set filecheck_runas = 'suricata' %}
{% else %} {% else %}
{% set extract_path = '/nsm/zeek/extracted/complete' %} {% set extract_path = '/nsm/zeek/extracted/complete' %}
{% set filecheck_runas = 'socore' %}
{% endif %} {% endif %}
{% do STRELKADEFAULTS.strelka.filecheck.update({'extract_path': extract_path}) %} {% do STRELKADEFAULTS.strelka.filecheck.update({'extract_path': extract_path}) %}