Merge pull request #12632 from Security-Onion-Solutions/fix/remove_temp_yara

Remove temp YARA

salt/manager/init.sls

@@ -117,51 +117,6 @@ rules_dir:
     - group: socore
     - makedirs: True
 
-{% if STRELKAMERGED.rules.enabled %}
-strelkarepos:
-  file.managed:
-    - name: /opt/so/conf/strelka/repos.txt
-    - source: salt://strelka/rules/repos.txt.jinja
-    - template: jinja
-    - defaults:
-      STRELKAREPOS: {{ STRELKAMERGED.rules.repos }}
-    - makedirs: True
-strelka-yara-update:
-  {% if MANAGERMERGED.reposync.enabled and not GLOBALS.airgap %}
-  cron.present:
-  {% else %}
-  cron.absent:
-  {% endif %}
-    - user: socore
-    - name: '/usr/sbin/so-yara-update >> /opt/so/log/yarasync/yara-update.log 2>&1'
-    - identifier: strelka-yara-update
-    - hour: '7'
-    - minute: '1'
-strelka-yara-download:
-  {% if MANAGERMERGED.reposync.enabled and not GLOBALS.airgap %}
-  cron.present:
-  {% else %}
-  cron.absent:
-  {% endif %}
-    - user: socore
-    - name: '/usr/sbin/so-yara-download >> /opt/so/log/yarasync/yara-download.log 2>&1'
-    - identifier: strelka-yara-download
-    - hour: '7'
-    - minute: '1'
-{% if not GLOBALS.airgap %}
-update_yara_rules:
-  cmd.run:
-    - name: /usr/sbin/so-yara-update
-    - onchanges:
-      - file: yara_update_scripts
-download_yara_rules:
-  cmd.run:
-    - name: /usr/sbin/so-yara-download
-    - onchanges:
-      - file: yara_update_scripts
-{% endif %}
-{% endif %}
-
 {% else %}
 
 {{sls}}_state_not_allowed:

salt/strelka/backend/config.sls

@@ -50,16 +50,6 @@ backend_taste:
     - user: 939
     - group: 939
 
-{% if STRELKAMERGED.rules.enabled %}
-strelkarules:
-   file.recurse:
-     - name: /opt/so/conf/strelka/rules
-     - source: salt://strelka/rules
-     - user: 939
-     - group: 939
-     - clean: True
-{% endif %}
-
 {% else %}
 
 {{sls}}_state_not_allowed:

salt/strelka/backend/enabled.sls

@@ -42,8 +42,8 @@ strelka_backend:
       {% endfor %}
     {% endif %}
     - restart_policy: on-failure
-    - watch:
+    #- watch:
-      - file: strelkarules
+      #- file: strelkarules
 
 delete_so-strelka-backend_so-status.disabled:
   file.uncomment: