CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

IDSTools module - Initial commit

Browse Source
This commit is contained in:
Mike Reeves
2018-04-17 13:05:49 -04:00
parent 926e380075
commit 611ace6f17
2 changed files with 56 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
salt/idstools/init.sls Normal file
View File

@@ -0,0 +1,55 @@
# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# PulledProk Setup
ppdir:
file.directory:
- name: /opt/so/conf/idstools/etc
- user: 939
- group: 939
- makedirs: True
ppetcsync:
file.recurse:
- name: /opt/so/conf/idstools/etc
- source: salt://idstools/etc
- user: 939
- group: 939
- template: jinja
rulesdir:
file.directory:
- name: /opt/so/rules/nids
- user: 939
- group: 939
- makedirs: True
ruleslink:
file.symlink:
- name: /opt/so/saltstack/salt/pulledpork/rules
- target: /opt/so/rules/nids
toosmooth/so-pulledpork:test2:
docker_image.present
so-pulledpork:
docker_container.running:
- image: toosmooth/so-idstools:test2
- hostname: so-idstools
- user: socore
- binds:
- /opt/so/conf/idstools/etc:/opt/so/idstools/etc:ro
- /opt/so/rules/nids:/opt/so/rules/nids:rw
- network_mode: so-elastic-net

2
salt/pulledpork/etc/pulledpork.conf
View File

@@ -26,7 +26,7 @@
#rule_url=https://snort.org/downloads/community/|opensource.tar.gz|Opensource #rule_url=https://snort.org/downloads/community/|opensource.tar.gz|Opensource
# THE FOLLOWING URL is for emergingthreats downloads, note the tarball name change! # THE FOLLOWING URL is for emergingthreats downloads, note the tarball name change!
# and open-nogpl, to avoid conflicts. # and open-nogpl, to avoid conflicts.
rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open rule_url=https://rules.emergingthreats.net/open/suricata-4.0/|emerging.rules.tar.gz|open
# THE FOLLOWING URL is for etpro downloads, note the tarball name change! # THE FOLLOWING URL is for etpro downloads, note the tarball name change!
# and the et oinkcode requirement! # and the et oinkcode requirement!
#rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode> #rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode>