Add Redis pillar and fix idstools

salt/common/tools/sbin/soup

@@ -251,6 +251,9 @@ rc3_to_2.3.0() {
   if [ ! -f /etc/profile.d/securityonion.sh ]; then
     echo "complete -cf sudo" > /etc/profile.d/securityonion.sh
   fi
+  # Add Redis settings to global pillar
+  echo "redis_settings:" >> /opt/so/saltstack/local/pillar/global.sls
+		"  redis_maxmemory: 827" >> /opt/so/saltstack/local/pillar/global.sls
 }
 
 space_check() {

salt/idstools/etc/rulecat.conf

@@ -17,16 +17,16 @@
 --disable=/opt/so/idstools/etc/disable.conf
 --enable=/opt/so/idstools/etc/enable.conf
 --modify=/opt/so/idstools/etc/modify.conf
-  {%- if RULESET == 'ETOPEN' -%}
+  {%- if RULESET == 'ETOPEN' %}
 --etopen
-  {%- elif RULESET == 'ETPRO' -%}
+  {%- elif RULESET == 'ETPRO' %}
 --etpro={{ OINKCODE }}
-  {%- elif RULESET == 'TALOS' -%}
+  {%- elif RULESET == 'TALOS' %}
 --url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }}
-  {%- endif -%}
-{%- endif -%}
-{%- if URLS != None -%}
-{%- for URL in URLS -%}
+  {%- endif %}
+{%- endif %}
+{%- if URLS != None %}
+{%- for URL in URLS %}
 --url={{ URL }}
-{%- endfor -%}
-{%- endif -%}
+{%- endfor %}
+{%- endif %}

salt/redis/etc/redis.conf

@@ -1,3 +1,5 @@
+{% set MAXMEM = salt['pillar.get']('redis_settings:redis_maxmemory', 812) %}
+
 # Redis configuration file example.
 #
 # Note that in order to read the configuration file, Redis must be
@@ -858,7 +860,7 @@ acllog-max-len 128
 # limit for maxmemory so that there is some free RAM on the system for replica
 # output buffers (but this is not needed if the policy is 'noeviction').
 #
-maxmemory 817m
+maxmemory {{ MAXMEM }}m
 
 # MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
 # is reached. You can select one from the following behaviors:

setup/so-functions

@@ -1273,6 +1273,9 @@ manager_global() {
 		"  playbook:"\
 		"    rulesets:"\
 		"      - windows" >> "$global_pillar"
+		"redis_settings:"\
+		"  redis_maxmemory: 812"\
+
 		
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
 }