CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-28 10:53:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

move suricata rules to /opt/so/rules/nids/suri

Browse Source
This commit is contained in:
m0duspwnens
2024-02-09 09:47:23 -05:00
parent f02f61c6dd
commit 5903ae596c
7 changed files with 16 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/idstools/enabled.sls
View File

@@ -39,7 +39,7 @@ so-idstools:
{% endif %}
- binds:
- /opt/so/conf/idstools/etc:/opt/so/idstools/etc:ro
- /opt/so/rules/nids:/opt/so/rules/nids:rw
- /opt/so/rules/nids/suri:/opt/so/rules/nids/suri:rw
- /nsm/rules/:/nsm/rules/:rw
{% if DOCKER.containers['so-idstools'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-idstools'].custom_bind_mounts %}

8
salt/idstools/etc/rulecat.conf
View File

@@ -1,10 +1,10 @@
{%- from 'vars/globals.map.jinja' import GLOBALS -%}
{%- from 'idstools/map.jinja' import IDSTOOLSMERGED -%}
--merged=/opt/so/rules/nids/all.rules
--local=/opt/so/rules/nids/local.rules
--merged=/opt/so/rules/nids/suri/all.rules
--local=/opt/so/rules/nids/suri/local.rules
{%- if GLOBALS.md_engine == "SURICATA" %}
--local=/opt/so/rules/nids/extraction.rules
--local=/opt/so/rules/nids/filters.rules
--local=/opt/so/rules/nids/suri/extraction.rules
--local=/opt/so/rules/nids/suri/filters.rules
{%- endif %}
--url=http://{{ GLOBALS.manager }}:7788/suricata/emerging-all.rules
--disable=/opt/so/idstools/etc/disable.conf

4
salt/idstools/sync_files.sls
View File

@@ -21,7 +21,7 @@ idstoolsetcsync:
rulesdir:
file.directory:
- name: /opt/so/rules/nids
- name: /opt/so/rules/nids/suri
- user: 939
- group: 939
- makedirs: True
@@ -29,7 +29,7 @@ rulesdir:
# Don't show changes because all.rules can be large
synclocalnidsrules:
file.recurse:
- name: /opt/so/rules/nids/
- name: /opt/so/rules/nids/suri/
- source: salt://idstools/rules/
- user: 939
- group: 939