CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-14 14:18:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix some things

Browse Source
This commit is contained in:
m0duspwnens
2022-09-20 13:19:15 -04:00
parent 29285b8fb1
commit 75aa121b2d
5 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pillar/zeek/init.sls
+1
View File
@@ -0,0 +1 @@
zeek:
salt/vars/sensor.map.jinja
+3 -4
View File
@@ -2,10 +2,9 @@
{% set SENSOR_GLOBALS = { {% set SENSOR_GLOBALS = {
'sensor': { 'sensor': {
'interface': INIT.PILLAR.sensor.interface 'interface': pillar.sensor.interface
}
} }
%} %}
{% for sg in SENSOR_GLOBALS %} {% do salt['defaults.merge'](ROLE_GLOBALS, SENSOR_GLOBALS, merge_lists=False, in_place=True) %}
{% do salt['defaults.merge'](ROLE_GLOBALS, sg, merge_lists=False, in_place=True) %}
{% endfor %}
salt/zeek/config.map.jinja
+2 -2
View File
@@ -1,8 +1,8 @@
{% from 'vars/sensor.map.jinja' import GLOBALS %} {% from 'vars/sensor.map.jinja' import ROLE_GLOBALS %}
{% import_yaml 'zeek/defaults.yaml' as zeek_defaults with context %} {% import_yaml 'zeek/defaults.yaml' as zeek_defaults with context %}
{% set zeek_pillar = salt['pillar.get']('zeek', []) %} {% set zeek_pillar = salt['pillar.get']('zeek', []) %}
{% do ZEEKMERGED.zeek.config.node.update({'interface': GLOBALS.sensor.interface}) %} {# update this first so user can specify a differet interface with pillar.zeek.config.node.interface #}
{% set ZEEKMERGED = salt['defaults.merge'](zeek_defaults, zeek_pillar, in_place=False) %} {% set ZEEKMERGED = salt['defaults.merge'](zeek_defaults, zeek_pillar, in_place=False) %}
{% do ZEEKMERGED.zeek.config.node.update({'interface': ROLE_GLOBALS.sensor.interface}) %}
{% set ZEEKOPTIONS = {} %} {% set ZEEKOPTIONS = {} %}
{% set ENABLED = salt['pillar.get']('zeek:enabled', True) %} {% set ENABLED = salt['pillar.get']('zeek:enabled', True) %}
salt/zeek/defaults.yaml
+1 -1
View File
@@ -59,7 +59,7 @@ zeek:
- LogAscii::use_json = T; - LogAscii::use_json = T;
- CaptureLoss::watch_interval = 5 mins; - CaptureLoss::watch_interval = 5 mins;
networks: networks:
HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]" HOME_NET: 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12
file_extraction: file_extraction:
- application/x-dosexec: exe - application/x-dosexec: exe
- application/pdf: pdf - application/pdf: pdf
salt/zeek/init.sls
+3 -3
View File
@@ -73,7 +73,7 @@ zeekpolicysync:
- group: 939 - group: 939
- template: jinja - template: jinja
- defaults: - defaults:
FILE_EXTRACTION: {{ ZEEKMERGED.file_extraction }} FILE_EXTRACTION: {{ ZEEKMERGED.zeek.file_extraction }}
# Ensure the zeek spool tree (and state.db) ownership is correct # Ensure the zeek spool tree (and state.db) ownership is correct
zeekspoolownership: zeekspoolownership:
@@ -110,7 +110,7 @@ zeekctlcfg:
nodecfg: nodecfg:
file.managed: file.managed:
- name: /opt/so/conf/zeek/node.cfg - name: /opt/so/conf/zeek/node.cfg
- source: salt://zeek/files/node.cfg,jinja - source: salt://zeek/files/node.cfg.jinja
- user: 937 - user: 937
- group: 939 - group: 939
- template: jinja - template: jinja
@@ -125,7 +125,7 @@ networkscfg:
- group: 939 - group: 939
- template: jinja - template: jinja
- defaults: - defaults:
NETWORKS: {{ ZEEKMERGED.zeek.networks }} NETWORKS: {{ ZEEKMERGED.zeek.config.networks }}
#zeekcleanscript: #zeekcleanscript:
# file.managed: # file.managed: