IDSTools Overhaul

setup/so-functions

@@ -46,6 +46,12 @@ logCmd() {
 	$cmd >> "$setup_log" 2>&1
 }
 
+airgap_rules() {
+	# Copy the rules for suricata if using Airgap
+	mkdir -p /opt/so/rules/nids
+	cp -v /root/SecurityOnion/agrules/emerging-all.rules /opt/so/rules/nids/
+}
+
 analyze_system() {
 	title "System Characteristics"
 	logCmd "uptime"
@@ -630,6 +636,12 @@ create_local_directories() {
 
 }
 
+create_local_nids_rules() {
+	# Create a local.rules file so it doesn't get blasted on updates
+	mkdir -p /opt/so/saltstack/local/salt/idstools
+	echo "# Custom Suricata rules go in this file" > /opt/so/saltstack/local/salt/idstools/local.rules
+}
+
 create_repo() {
 	# Create the repo for airgap
 	createrepo /nsm/repo