Merge pull request #13083 from Security-Onion-Solutions/2.4/soupchange

Backup .yml files too

salt/manager/tools/sbin/soup

@@ -660,6 +660,11 @@ suricata_idstools_migration() {
   	fail "Error: rsync failed to copy the files. Thresholds have not been backed up."
   fi
 
+  #Backup local rules
+  mkdir -p /nsm/backup/detections-migration/suricata/local-rules
+  rsync -av /opt/so/rules/nids/suri/local.rules /nsm/backup/detections-migration/suricata/local-rules
+  rsync -av /opt/so/saltstack/local/salt/idstools/rules/local.rules /nsm/backup/detections-migration/suricata/local-rules/local.rules.bak
+
   #Tell SOC to migrate
   mkdir -p /opt/so/conf/soc/migrations
   echo "0" > /opt/so/conf/soc/migrations/suricata-migration-2.4.70
@@ -677,7 +682,7 @@ playbook_migration() {
   if grep -A 1 'playbook:'  /opt/so/saltstack/local/pillar/minions/* | grep -q 'enabled: True'; then
   
     # Check for active Elastalert rules
-    active_rules_count=$(find /opt/so/rules/elastalert/playbook/ -type f -name "*.yaml" | wc -l)
+    active_rules_count=$(find /opt/so/rules/elastalert/playbook/ -type f \( -name "*.yaml" -o -name "*.yml" \) | wc -l)
 
     if [[ "$active_rules_count" -gt 0 ]]; then
         # Prompt the user to press ENTER if active Elastalert rules found
@@ -691,7 +696,8 @@ playbook_migration() {
         read -r
 
         echo "Backing up the Elastalert rules..."
-        rsync -av --stats /opt/so/rules/elastalert/playbook/*.yaml /nsm/backup/detections-migration/elastalert/
+        rsync -av --stats /opt/so/rules/elastalert/playbook/*.{yaml,yml} /nsm/backup/detections-migration/elastalert/
+    fi
 
         # Verify that rsync completed successfully
         if [[ $? -eq 0 ]]; then