From 75aa121b2d29fa9298a5d43b131c4d1ffc48e508 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 20 Sep 2022 13:19:15 -0400
Subject: [PATCH] fix some things

---
 pillar/zeek/init.sls       | 1 +
 salt/vars/sensor.map.jinja | 7 +++----
 salt/zeek/config.map.jinja | 4 ++--
 salt/zeek/defaults.yaml    | 2 +-
 salt/zeek/init.sls         | 6 +++---
 5 files changed, 10 insertions(+), 10 deletions(-)
 create mode 100644 pillar/zeek/init.sls

diff --git a/pillar/zeek/init.sls b/pillar/zeek/init.sls
new file mode 100644
index 000000000..c06759744
--- /dev/null
+++ b/pillar/zeek/init.sls
@@ -0,0 +1 @@
+zeek:
diff --git a/salt/vars/sensor.map.jinja b/salt/vars/sensor.map.jinja
index 33f26de84..425d72969 100644
--- a/salt/vars/sensor.map.jinja
+++ b/salt/vars/sensor.map.jinja
@@ -2,10 +2,9 @@
 
 {% set SENSOR_GLOBALS = {
     'sensor': {
-      'interface': INIT.PILLAR.sensor.interface
+      'interface': pillar.sensor.interface
+    }
    }
 %}
 
-{% for sg in SENSOR_GLOBALS %}
-{%   do salt['defaults.merge'](ROLE_GLOBALS, sg, merge_lists=False, in_place=True) %}
-{% endfor %}
+{% do salt['defaults.merge'](ROLE_GLOBALS, SENSOR_GLOBALS, merge_lists=False, in_place=True) %}
diff --git a/salt/zeek/config.map.jinja b/salt/zeek/config.map.jinja
index 74e4942c2..ced2175e7 100644
--- a/salt/zeek/config.map.jinja
+++ b/salt/zeek/config.map.jinja
@@ -1,8 +1,8 @@
-{% from 'vars/sensor.map.jinja' import GLOBALS %}
+{% from 'vars/sensor.map.jinja' import ROLE_GLOBALS %}
 {% import_yaml 'zeek/defaults.yaml' as zeek_defaults with context %}
 {% set zeek_pillar = salt['pillar.get']('zeek', []) %}
-{% do ZEEKMERGED.zeek.config.node.update({'interface': GLOBALS.sensor.interface}) %} {# update this first so user can specify a differet interface with pillar.zeek.config.node.interface #}
 {% set ZEEKMERGED = salt['defaults.merge'](zeek_defaults, zeek_pillar, in_place=False) %}
+{% do ZEEKMERGED.zeek.config.node.update({'interface': ROLE_GLOBALS.sensor.interface}) %}
 
 {% set ZEEKOPTIONS = {} %}
 {% set ENABLED = salt['pillar.get']('zeek:enabled', True) %}
diff --git a/salt/zeek/defaults.yaml b/salt/zeek/defaults.yaml
index b3cd183cd..eb7ce8453 100644
--- a/salt/zeek/defaults.yaml
+++ b/salt/zeek/defaults.yaml
@@ -59,7 +59,7 @@ zeek:
         - LogAscii::use_json = T;
         - CaptureLoss::watch_interval = 5 mins;
     networks:
-      HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"
+      HOME_NET: 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12
   file_extraction:
     - application/x-dosexec: exe
     - application/pdf: pdf
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index c2b1af5d0..b292a20a3 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -73,7 +73,7 @@ zeekpolicysync:
     - group: 939
     - template: jinja
     - defaults:
-        FILE_EXTRACTION: {{ ZEEKMERGED.file_extraction }}
+        FILE_EXTRACTION: {{ ZEEKMERGED.zeek.file_extraction }}
 
 # Ensure the zeek spool tree (and state.db) ownership is correct
 zeekspoolownership:
@@ -110,7 +110,7 @@ zeekctlcfg:
 nodecfg:
   file.managed:
     - name: /opt/so/conf/zeek/node.cfg
-    - source: salt://zeek/files/node.cfg,jinja
+    - source: salt://zeek/files/node.cfg.jinja
     - user: 937
     - group: 939
     - template: jinja
@@ -125,7 +125,7 @@ networkscfg:
     - group: 939
     - template: jinja
     - defaults:
-        NETWORKS: {{ ZEEKMERGED.zeek.networks }}
+        NETWORKS: {{ ZEEKMERGED.zeek.config.networks }}
 
 #zeekcleanscript:
 #  file.managed: