PulledPork Salt Module- pulledpork.conf

salt/pulledpork/etc/pulledpork.conf

@@ -1,32 +1,32 @@
 # Config file for pulledpork
 # Be sure to read through the entire configuration file
-# If you specify any of these items on the command line, it WILL take 
+# If you specify any of these items on the command line, it WILL take
 # precedence over any value that you specify in this file!
 
 #######
-#######  The below section defines what your oinkcode is (required for 
-#######  VRT rules), defines a temp path (must be writable) and also 
-#######  defines what version of rules that you are getting (for your 
+#######  The below section defines what your oinkcode is (required for
+#######  VRT rules), defines a temp path (must be writable) and also
+#######  defines what version of rules that you are getting (for your
 #######  snort version and subscription etc...)
-####### 
+#######
 
-# You can specify one or as many rule_urls as you like, they 
+# You can specify one or as many rule_urls as you like, they
 # must appear as http://what.site.com/|rulesfile.tar.gz|1234567.  You can specify
 # each on an individual line, or you can specify them in a , separated list
 # i.e. rule_url=http://x.y.z/|a.tar.gz|123,http://z.y.z/|b.tar.gz|456
 # note that the url, rule file, and oinkcode itself are separated by a pipe |
-# i.e. url|tarball|123456789, 
-rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>
+# i.e. url|tarball|123456789,
+#rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>
 # NEW Community ruleset:
-rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community
+#rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community
 # NEW For IP Blacklisting! Note the format is urltofile|IPBLACKLIST|<oinkcode>
 # This format MUST be followed to let pulledpork know that this is a blacklist
-rule_url=https://talosintelligence.com/documents/ip-blacklist|IPBLACKLIST|open
+#rule_url=http://talosintelligence.com/feeds/ip-filter.blf|IPBLACKLIST|open
 # URL for rule documentation! (slow to process)
-rule_url=https://snort.org/downloads/community/|opensource.gz|Opensource
+#rule_url=https://snort.org/downloads/community/|opensource.tar.gz|Opensource
 # THE FOLLOWING URL is for emergingthreats downloads, note the tarball name change!
 # and open-nogpl, to avoid conflicts.
-#rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open-nogpl
+rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open
 # THE FOLLOWING URL is for etpro downloads, note the tarball name change!
 # and the et oinkcode requirement!
 #rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode>
@@ -56,22 +56,22 @@ ignore=deleted.rules,experimental.rules,local.rules
 # previous ignore line and uncomment the following!
 # ignore=deleted,experimental,local,decoder,preprocessor,sensitive-data
 
-# What is our temp path, be sure this path has a bit of space for rule 
+# What is our temp path, be sure this path has a bit of space for rule
 # extraction and manipulation, no trailing slash
 temp_path=/tmp
 
 #######
-#######  The below section is for rule processing.  This section is 
+#######  The below section is for rule processing.  This section is
 #######  required if you are not specifying the configuration using
-#######  runtime switches.  Note that runtime switches do SUPERSEED 
+#######  runtime switches.  Note that runtime switches do SUPERSEED
 #######  any values that you have specified here!
 #######
 
-# What path you want the .rules file containing all of the processed 
-# rules? (this value has changed as of 0.4.0, previously we copied 
+# What path you want the .rules file containing all of the processed
+# rules? (this value has changed as of 0.4.0, previously we copied
 # all of the rules, now we are creating a single large rules file
 # but still keeping a separate file for your so_rules!
-rule_path=/usr/local/etc/snort/rules/snort.rules
+rule_path=/opt/so/rules/nids/downloaded.rules
 
 # What path you want the .rules files to be written to, this is UNIQUE
 # from the rule_path and cannot be used in conjunction, this is to be used with the
@@ -86,24 +86,24 @@ rule_path=/usr/local/etc/snort/rules/snort.rules
 # files that are local to your system here by adding a comma and more paths...
 # remember that the FULL path must be specified for EACH value.
 # local_rules=/path/to/these.rules,/path/to/those.rules
-local_rules=/usr/local/etc/snort/rules/local.rules
+local_rules=/opt/so/rules/nids/local.rules,/opt/so/rules/nids/decoder-events.rules,/opt/so/rules/nids/stream-events.rules,/opt/so/rules/nids/http-events.rules,/opt/so/rules/nids/smtp-events.rules
 
 # Where should I put the sid-msg.map file?
-sid_msg=/usr/local/etc/snort/sid-msg.map
+sid_msg=/opt/so/rules/nids/sid-msg.map
 
 # New for by2 and more advanced msg mapping.  Valid options are 1 or 2
 # specify version 2 if you are running barnyard2.2+.  Otherwise use 1
 sid_msg_version=1
 
-# Where do you want me to put the sid changelog?  This is a changelog 
+# Where do you want me to put the sid changelog?  This is a changelog
 # that pulledpork maintains of all new sids that are imported
-sid_changelog=/var/log/sid_changes.log
+sid_changelog=/var/log/nsm/sid_changes.log
 # this value is optional
 
 #######
 #######  The below section is for so_rule processing only.  If you don't
 #######  need to use them.. then comment this section out!
-#######  Alternately, if you are not using pulledpork to process 
+#######  Alternately, if you are not using pulledpork to process
 #######  so_rules, you can specify -T at runtime to bypass this altogether
 #######
 
@@ -112,11 +112,11 @@ sid_changelog=/var/log/sid_changes.log
 sorule_path=/usr/local/lib/snort_dynamicrules/
 
 # Path to the snort binary, we need this to generate the stub files
-snort_path=/usr/local/bin/snort
+snort_path=/usr/bin/snort
 
 # We need to know where your snort.conf file lives so that we can
 # generate the stub files
-config_path=/usr/local/etc/snort/snort.conf
+config_path=/etc/nsm/templates/snort/snort.conf
 
 ##### Deprecated - The stubs are now  categorically written to the  single rule file!
 # sostub_path=/usr/local/etc/snort/rules/so_rules.rules
@@ -130,7 +130,7 @@ config_path=/usr/local/etc/snort/snort.conf
 # OpenBSD-5-2, OpenBSD-5-3
 # OpenSUSE-11-4, OpenSUSE-12-1
 # Slackware-13-1
-distro=FreeBSD-8-1
+distro=Centos-5-4
 
 #######  This next section is optional, but probably pretty useful to you.
 #######  Please read thoroughly!
@@ -165,8 +165,8 @@ snort_control=/usr/local/bin/snort_control
 # pp_backup.1295886020.tgz
 # backup_file=/tmp/pp_backup
 
-# Where do you want the signature docs to be copied, if this is commented 
-# out then they will not be copied / extracted.  Note that extracting them 
+# Where do you want the signature docs to be copied, if this is commented
+# out then they will not be copied / extracted.  Note that extracting them
 # will add considerable runtime to pulledpork.
 # docs=/path/to/base/www
 
@@ -179,12 +179,12 @@ snort_control=/usr/local/bin/snort_control
 
 
 # Define the path to the pid files of any running process that you want to
-# sent a signal (specified with -H option) after PP has completed its run.
+# HUP after PP has completed its run.
 # pid_path=/var/run/snort.pid,/var/run/barnyard.pid,/var/run/barnyard2.pid
 # and so on...
 # pid_path=/var/run/snort_eth0.pid
 
-# This defines the version of snort that you are using, for use ONLY if the 
+# This defines the version of snort that you are using, for use ONLY if the
 # proper snort binary is not on the system that you are fetching the rules with
 # This value MUST contain all 4 minor version
 # numbers. ET rules are now also dependant on this, verify supported ET versions
@@ -196,18 +196,18 @@ snort_control=/usr/local/bin/snort_control
 
 # Here you can specify what rule modification files to run automatically.
 # simply uncomment and specify the apt path.
-# enablesid=/usr/local/etc/snort/enablesid.conf
-# dropsid=/usr/local/etc/snort/dropsid.conf
-# disablesid=/usr/local/etc/snort/disablesid.conf
-# modifysid=/usr/local/etc/snort/modifysid.conf
+enablesid=/opt/so/pulledpork/etc/enablesid.conf
+dropsid=/opt/so/pulledpork/dropsid.conf
+disablesid=/opt/so/pulledpork/disablesid.conf
+modifysid=/opt/so/pulledpork/modifysid.conf
 
 # What is the base ruleset that you want to use, please uncomment to use
-# and see the README.RULESETS for a description of the options.  
-# Note that setting this value will disable all ET rulesets if you are 
+# and see the README.RULESETS for a description of the options.
+# Note that setting this value will disable all ET rulesets if you are
 # Running such rulesets
 # ips_policy=security
 
-####### Remember, a number of these values are optional.. if you don't 
+####### Remember, a number of these values are optional.. if you don't
 ####### need to process so_rules, simply comment out the so_rule section
 ####### you can also specify -T at runtime to process only GID 1 rules.