From 322efa304a451d40afa2b9a66939815a763ecca3 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Tue, 10 Jan 2023 16:47:18 -0500 Subject: [PATCH 1/3] Avoid unnecessary processes in Import Mode --- salt/pcap/map.jinja | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/salt/pcap/map.jinja b/salt/pcap/map.jinja index ad23f763b..ee939a0b4 100644 --- a/salt/pcap/map.jinja +++ b/salt/pcap/map.jinja @@ -4,12 +4,8 @@ # don't start the docker container if it is an import node or disabled via pillar {% if grains.id.split('_')|last == 'import' or ENABLED is sameas false %} {% do STENOOPTIONS.update({'start': False}) %} -{% else %} - {% do STENOOPTIONS.update({'start': True}) %} -{% endif %} - -{% if ENABLED is sameas false %} {% do STENOOPTIONS.update({'status': 'absent'}) %} {% else %} + {% do STENOOPTIONS.update({'start': True}) %} {% do STENOOPTIONS.update({'status': 'running'}) %} {% endif %} From 554754421c29c86c76572e53d780cf48ebb5f1b0 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Tue, 10 Jan 2023 16:48:06 -0500 Subject: [PATCH 2/3] Avoid unecessary Suricata processes in Import Mode --- salt/suricata/map.jinja | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/salt/suricata/map.jinja b/salt/suricata/map.jinja index 2ffd5ad08..550781436 100644 --- a/salt/suricata/map.jinja +++ b/salt/suricata/map.jinja @@ -4,12 +4,8 @@ # don't start the docker container if it is an import node or disabled via pillar {% if grains.id.split('_')|last == 'import' or ENABLED is sameas false %} {% do SURICATAOPTIONS.update({'start': False}) %} -{% else %} - {% do SURICATAOPTIONS.update({'start': True}) %} -{% endif %} - -{% if ENABLED is sameas false %} {% do SURICATAOPTIONS.update({'status': 'absent'}) %} {% else %} + {% do SURICATAOPTIONS.update({'start': True}) %} {% do SURICATAOPTIONS.update({'status': 'running'}) %} -{% endif %} \ No newline at end of file +{% endif %} From c15db735611f8fa5299baae89299a2552a884d66 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Tue, 10 Jan 2023 16:48:47 -0500 Subject: [PATCH 3/3] Avoid unnecessary Zeek processes in Import Mode --- salt/zeek/config.map.jinja | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/salt/zeek/config.map.jinja b/salt/zeek/config.map.jinja index ced2175e7..8c7d99cde 100644 --- a/salt/zeek/config.map.jinja +++ b/salt/zeek/config.map.jinja @@ -11,13 +11,9 @@ {% if grains.id.split('_')|last == 'import' or not ENABLED %} {% do ZEEKOPTIONS.update({'start': False}) %} {% do ZEEKOPTIONS.update({'pl_cron_state': 'absent'}) %} + {% do ZEEKOPTIONS.update({'status': 'absent'}) %} {% else %} {% do ZEEKOPTIONS.update({'start': True}) %} {% do ZEEKOPTIONS.update({'pl_cron_state': 'present'}) %} -{% endif %} - -{% if not ENABLED %} - {% do ZEEKOPTIONS.update({'status': 'absent'}) %} -{% else %} {% do ZEEKOPTIONS.update({'status': 'running'}) %} {% endif %}