From 7314e2dea8ec3c1705d2106ce800476f47715055 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 30 Sep 2020 15:08:44 -0400
Subject: [PATCH] Add Redis pillar and fix idstools

---
 salt/common/tools/sbin/soup    |  3 +++
 salt/idstools/etc/rulecat.conf | 18 +++++++++---------
 salt/redis/etc/redis.conf      |  4 +++-
 setup/so-functions             |  3 +++
 4 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index bb9d9d343..a6c910e85 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -251,6 +251,9 @@ rc3_to_2.3.0() {
   if [ ! -f /etc/profile.d/securityonion.sh ]; then
     echo "complete -cf sudo" > /etc/profile.d/securityonion.sh
   fi
+  # Add Redis settings to global pillar
+  echo "redis_settings:" >> /opt/so/saltstack/local/pillar/global.sls
+		"  redis_maxmemory: 827" >> /opt/so/saltstack/local/pillar/global.sls
 }
 
 space_check() {
diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf
index 90de18277..ea58c5567 100644
--- a/salt/idstools/etc/rulecat.conf
+++ b/salt/idstools/etc/rulecat.conf
@@ -17,16 +17,16 @@
 --disable=/opt/so/idstools/etc/disable.conf
 --enable=/opt/so/idstools/etc/enable.conf
 --modify=/opt/so/idstools/etc/modify.conf
-  {%- if RULESET == 'ETOPEN' -%}
+  {%- if RULESET == 'ETOPEN' %}
 --etopen
-  {%- elif RULESET == 'ETPRO' -%}
+  {%- elif RULESET == 'ETPRO' %}
 --etpro={{ OINKCODE }}
-  {%- elif RULESET == 'TALOS' -%}
+  {%- elif RULESET == 'TALOS' %}
 --url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }}
-  {%- endif -%}
-{%- endif -%}
-{%- if URLS != None -%}
-{%- for URL in URLS -%}
+  {%- endif %}
+{%- endif %}
+{%- if URLS != None %}
+{%- for URL in URLS %}
 --url={{ URL }}
-{%- endfor -%}
-{%- endif -%}
+{%- endfor %}
+{%- endif %}
diff --git a/salt/redis/etc/redis.conf b/salt/redis/etc/redis.conf
index 7679a789e..7c52a6217 100644
--- a/salt/redis/etc/redis.conf
+++ b/salt/redis/etc/redis.conf
@@ -1,3 +1,5 @@
+{% set MAXMEM = salt['pillar.get']('redis_settings:redis_maxmemory', 812) %}
+
 # Redis configuration file example.
 #
 # Note that in order to read the configuration file, Redis must be
@@ -858,7 +860,7 @@ acllog-max-len 128
 # limit for maxmemory so that there is some free RAM on the system for replica
 # output buffers (but this is not needed if the policy is 'noeviction').
 #
-maxmemory 817m
+maxmemory {{ MAXMEM }}m
 
 # MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
 # is reached. You can select one from the following behaviors:
diff --git a/setup/so-functions b/setup/so-functions
index 255e054db..945176d57 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1273,6 +1273,9 @@ manager_global() {
 		"  playbook:"\
 		"    rulesets:"\
 		"      - windows" >> "$global_pillar"
+		"redis_settings:"\
+		"  redis_maxmemory: 812"\
+
 		
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
 }