From 5aa611302a7cdf3a1f6159758710dd7ab20141f3 Mon Sep 17 00:00:00 2001 From: Wes Date: Mon, 6 May 2024 19:08:01 +0000 Subject: [PATCH] Handle YARA rules for distributed deployments --- salt/allowed_states.map.jinja | 3 +++ salt/strelka/config.sls | 9 +++++++++ salt/top.sls | 3 +++ 3 files changed, 15 insertions(+) diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 7fbf4ff14..109e244d7 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -65,6 +65,7 @@ 'registry', 'manager', 'nginx', + 'strelka.manager', 'soc', 'kratos', 'influxdb', @@ -91,6 +92,7 @@ 'nginx', 'telegraf', 'influxdb', + 'strelka.manager', 'soc', 'kratos', 'elasticfleet', @@ -111,6 +113,7 @@ 'nginx', 'telegraf', 'influxdb', + 'strelka.manager', 'soc', 'kratos', 'elastic-fleet-package-registry', diff --git a/salt/strelka/config.sls b/salt/strelka/config.sls index 90bba58a7..c65f9c2cb 100644 --- a/salt/strelka/config.sls +++ b/salt/strelka/config.sls @@ -29,6 +29,15 @@ strelkarulesdir: - group: 939 - makedirs: True +{%- if grains.role in ['so-sensor', 'so-heavynode'] %} +strelkasensorrules: + file.managed: + - name: /opt/so/conf/strelka/rules/compiled/rules.compiled + - source: salt://strelka/rules/compiled/rules.compiled + - user: 939 + - group: 939 +{%- endif %} + strelkareposdir: file.directory: - name: /opt/so/conf/strelka/repos diff --git a/salt/top.sls b/salt/top.sls index d4852aa4d..e4eaab786 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -87,6 +87,7 @@ base: - registry - nginx - influxdb + - strelka.manager - soc - kratos - firewall @@ -161,6 +162,7 @@ base: - registry - nginx - influxdb + - strelka.manager - soc - kratos - firewall @@ -210,6 +212,7 @@ base: - manager - nginx - influxdb + - strelka.manager - soc - kratos - sensoroni