Handle YARA rules for distributed deployments

2025-12-22 08:53:06 +01:00 · 2024-05-06 19:08:01 +00:00
parent a67f0d93a0
commit 5aa611302a
3 changed files with 15 additions and 0 deletions
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -65,6 +65,7 @@
          'registry',
          'manager',
          'nginx',
+          'strelka.manager',
          'soc',
          'kratos',
          'influxdb',
@@ -91,6 +92,7 @@
          'nginx',
          'telegraf',
          'influxdb',
+          'strelka.manager',
          'soc',
          'kratos',
          'elasticfleet',
@@ -111,6 +113,7 @@
          'nginx',
          'telegraf',
          'influxdb',
+          'strelka.manager',
          'soc',
          'kratos',
          'elastic-fleet-package-registry',
--- a/salt/strelka/config.sls
+++ b/salt/strelka/config.sls
@@ -29,6 +29,15 @@ strelkarulesdir:
    - group: 939
    - makedirs: True

+{%- if grains.role in ['so-sensor', 'so-heavynode'] %}
+strelkasensorrules:
+  file.managed:
+    - name: /opt/so/conf/strelka/rules/compiled/rules.compiled
+    - source: salt://strelka/rules/compiled/rules.compiled
+    - user: 939
+    - group: 939
+{%- endif %}
+
 strelkareposdir:
  file.directory:
    - name: /opt/so/conf/strelka/repos
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -87,6 +87,7 @@ base:
    - registry
    - nginx
    - influxdb
+    - strelka.manager
    - soc
    - kratos
    - firewall
@@ -161,6 +162,7 @@ base:
    - registry
    - nginx
    - influxdb
+    - strelka.manager
    - soc
    - kratos
    - firewall
@@ -210,6 +212,7 @@ base:
    - manager
    - nginx
    - influxdb
+    - strelka.manager
    - soc
    - kratos
    - sensoroni