CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #301 from Security-Onion-Solutions/quickfix/zeek

Browse Source 
fix zeek state
This commit is contained in:
Josh Patterson
2020-02-03 11:17:39 -05:00
committed by GitHub
parent 6220c92cb2 820462e45a
commit 8148be6ec8
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/zeek/init.sls
View File

@@ -1,6 +1,6 @@
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf') %}
{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
{% set BPF_STATUS = 0 %}
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
# Zeek Salt State
@@ -101,9 +101,9 @@ plcronscript:
{% else %}
zeekbpfcompilationfailure:
test.configurable_test_state:
- changes: False
- result: False
- comment: "BPF Syntax Error - Discarding Specified BPF"
- changes: False
- result: False
- comment: "BPF Syntax Error - Discarding Specified BPF"
{% endif %}
{% endif %}
@@ -112,12 +112,12 @@ zeekbpf:
- name: /opt/so/conf/zeek/bpf
- user: 940
- group: 940
{% if BPF_STATUS %}
{% if BPF_STATUS %}
- contents_pillar: zeek:bpf
{% else %}
{% else %}
- contents:
- "ip or not ip"
{% endif %}
{% endif %}
localzeeksync:
file.managed:
@@ -142,7 +142,7 @@ so-zeek:
- /opt/so/conf/zeek/policy/cve-2020-0601:/opt/zeek/share/zeek/policy/cve-2020-0601:ro
- /opt/so/conf/zeek/policy/intel:/opt/zeek/share/zeek/policy/intel:rw
- /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro
- network_mode: host
- network_mode: host
- watch:
- file: /opt/so/conf/zeek/local.zeek
- file: /opt/so/conf/zeek/node.cfg