CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #301 from Security-Onion-Solutions/quickfix/zeek

Browse Source 
fix zeek state
This commit is contained in:
Josh Patterson
2020-02-03 11:17:39 -05:00
committed by GitHub
parent 6220c92cb2 820462e45a
commit 8148be6ec8
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/zeek/init.sls
View File

@@ -1,6 +1,6 @@
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %} {% set MASTER = salt['grains.get']('master') %}
{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf') %} {% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
{% set BPF_STATUS = 0 %} {% set BPF_STATUS = 0 %}
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %} {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
# Zeek Salt State # Zeek Salt State
@@ -101,9 +101,9 @@ plcronscript:
{% else %} {% else %}
zeekbpfcompilationfailure: zeekbpfcompilationfailure:
test.configurable_test_state: test.configurable_test_state:
- changes: False - changes: False
- result: False - result: False
- comment: "BPF Syntax Error - Discarding Specified BPF" - comment: "BPF Syntax Error - Discarding Specified BPF"
{% endif %} {% endif %}
{% endif %} {% endif %}
@@ -112,12 +112,12 @@ zeekbpf:
- name: /opt/so/conf/zeek/bpf - name: /opt/so/conf/zeek/bpf
- user: 940 - user: 940
- group: 940 - group: 940
{% if BPF_STATUS %} {% if BPF_STATUS %}
- contents_pillar: zeek:bpf - contents_pillar: zeek:bpf
{% else %} {% else %}
- contents: - contents:
- "ip or not ip" - "ip or not ip"
{% endif %} {% endif %}
localzeeksync: localzeeksync:
file.managed: file.managed:
@@ -142,7 +142,7 @@ so-zeek:
- /opt/so/conf/zeek/policy/cve-2020-0601:/opt/zeek/share/zeek/policy/cve-2020-0601:ro - /opt/so/conf/zeek/policy/cve-2020-0601:/opt/zeek/share/zeek/policy/cve-2020-0601:ro
- /opt/so/conf/zeek/policy/intel:/opt/zeek/share/zeek/policy/intel:rw - /opt/so/conf/zeek/policy/intel:/opt/zeek/share/zeek/policy/intel:rw
- /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro - /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro
- network_mode: host - network_mode: host
- watch: - watch:
- file: /opt/so/conf/zeek/local.zeek - file: /opt/so/conf/zeek/local.zeek
- file: /opt/so/conf/zeek/node.cfg - file: /opt/so/conf/zeek/node.cfg