From ad9441bb60d7df746e9ae1a05a2f60607513d08d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 16 Jun 2021 08:06:26 -0400 Subject: [PATCH 1/2] prevent suricata state from running on manager and managersearch https://github.com/Security-Onion-Solutions/securityonion/issues/2977 --- salt/suricata/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index 58bbe2a05..8df1a5a00 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -13,7 +13,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . {% from 'allowed_states.map.jinja' import allowed_states %} -{% if sls in allowed_states %} +{% if sls in allowed_states and grains.role not in ['so-manager', 'so-managersearch'] %} {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %} {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} @@ -205,4 +205,4 @@ clean_suricata_eve_files: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} From ebea9a7198d21f0e5d6e636a83a5626bf0235fb3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 16 Jun 2021 08:07:28 -0400 Subject: [PATCH 2/2] remove space --- salt/suricata/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index 8df1a5a00..4cbda4bb4 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -13,7 +13,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . {% from 'allowed_states.map.jinja' import allowed_states %} -{% if sls in allowed_states and grains.role not in ['so-manager', 'so-managersearch'] %} +{% if sls in allowed_states and grains.role not in ['so-manager', 'so-managersearch'] %} {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %} {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}