From 611ace6f17057249d76c19ddf246d6f226c6053e Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 17 Apr 2018 13:05:49 -0400
Subject: [PATCH] IDSTools module - Initial commit

---
 salt/idstools/init.sls              | 55 +++++++++++++++++++++++++++++
 salt/pulledpork/etc/pulledpork.conf |  2 +-
 2 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 salt/idstools/init.sls

diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
new file mode 100644
index 000000000..b66b6ce24
--- /dev/null
+++ b/salt/idstools/init.sls
@@ -0,0 +1,55 @@
+# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# PulledProk Setup
+ppdir:
+  file.directory:
+    - name: /opt/so/conf/idstools/etc
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+ppetcsync:
+  file.recurse:
+    - name: /opt/so/conf/idstools/etc
+    - source: salt://idstools/etc
+    - user: 939
+    - group: 939
+    - template: jinja
+
+rulesdir:
+  file.directory:
+    - name: /opt/so/rules/nids
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+ruleslink:
+  file.symlink:
+    - name: /opt/so/saltstack/salt/pulledpork/rules
+    - target: /opt/so/rules/nids
+
+toosmooth/so-pulledpork:test2:
+  docker_image.present
+
+so-pulledpork:
+  docker_container.running:
+    - image: toosmooth/so-idstools:test2
+    - hostname: so-idstools
+    - user: socore
+    - binds:
+      - /opt/so/conf/idstools/etc:/opt/so/idstools/etc:ro
+      - /opt/so/rules/nids:/opt/so/rules/nids:rw
+    - network_mode: so-elastic-net
diff --git a/salt/pulledpork/etc/pulledpork.conf b/salt/pulledpork/etc/pulledpork.conf
index 0c9e6d981..daa5fcb17 100644
--- a/salt/pulledpork/etc/pulledpork.conf
+++ b/salt/pulledpork/etc/pulledpork.conf
@@ -26,7 +26,7 @@
 #rule_url=https://snort.org/downloads/community/|opensource.tar.gz|Opensource
 # THE FOLLOWING URL is for emergingthreats downloads, note the tarball name change!
 # and open-nogpl, to avoid conflicts.
-rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open
+rule_url=https://rules.emergingthreats.net/open/suricata-4.0/|emerging.rules.tar.gz|open
 # THE FOLLOWING URL is for etpro downloads, note the tarball name change!
 # and the et oinkcode requirement!
 #rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode>