PulledPork Salt Module- pulledpork.conf

salt/pulledpork/etc/pulledpork.conf

@@ -16,17 +16,17 @@
 # i.e. rule_url=http://x.y.z/|a.tar.gz|123,http://z.y.z/|b.tar.gz|456
 # note that the url, rule file, and oinkcode itself are separated by a pipe |
 # i.e. url|tarball|123456789,
-rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>
+#rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>
 # NEW Community ruleset:
-rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community
+#rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community
 # NEW For IP Blacklisting! Note the format is urltofile|IPBLACKLIST|<oinkcode>
 # This format MUST be followed to let pulledpork know that this is a blacklist
-rule_url=https://talosintelligence.com/documents/ip-blacklist|IPBLACKLIST|open
+#rule_url=http://talosintelligence.com/feeds/ip-filter.blf|IPBLACKLIST|open
 # URL for rule documentation! (slow to process)
-rule_url=https://snort.org/downloads/community/|opensource.gz|Opensource
+#rule_url=https://snort.org/downloads/community/|opensource.tar.gz|Opensource
 # THE FOLLOWING URL is for emergingthreats downloads, note the tarball name change!
 # and open-nogpl, to avoid conflicts.
-#rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open-nogpl
+rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open
 # THE FOLLOWING URL is for etpro downloads, note the tarball name change!
 # and the et oinkcode requirement!
 #rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode>
@@ -71,7 +71,7 @@ temp_path=/tmp
 # rules? (this value has changed as of 0.4.0, previously we copied
 # all of the rules, now we are creating a single large rules file
 # but still keeping a separate file for your so_rules!
-rule_path=/usr/local/etc/snort/rules/snort.rules
+rule_path=/opt/so/rules/nids/downloaded.rules
 
 # What path you want the .rules files to be written to, this is UNIQUE
 # from the rule_path and cannot be used in conjunction, this is to be used with the
@@ -86,10 +86,10 @@ rule_path=/usr/local/etc/snort/rules/snort.rules
 # files that are local to your system here by adding a comma and more paths...
 # remember that the FULL path must be specified for EACH value.
 # local_rules=/path/to/these.rules,/path/to/those.rules
-local_rules=/usr/local/etc/snort/rules/local.rules
+local_rules=/opt/so/rules/nids/local.rules,/opt/so/rules/nids/decoder-events.rules,/opt/so/rules/nids/stream-events.rules,/opt/so/rules/nids/http-events.rules,/opt/so/rules/nids/smtp-events.rules
 
 # Where should I put the sid-msg.map file?
-sid_msg=/usr/local/etc/snort/sid-msg.map
+sid_msg=/opt/so/rules/nids/sid-msg.map
 
 # New for by2 and more advanced msg mapping.  Valid options are 1 or 2
 # specify version 2 if you are running barnyard2.2+.  Otherwise use 1
@@ -97,7 +97,7 @@ sid_msg_version=1
 
 # Where do you want me to put the sid changelog?  This is a changelog
 # that pulledpork maintains of all new sids that are imported
-sid_changelog=/var/log/sid_changes.log
+sid_changelog=/var/log/nsm/sid_changes.log
 # this value is optional
 
 #######
@@ -112,11 +112,11 @@ sid_changelog=/var/log/sid_changes.log
 sorule_path=/usr/local/lib/snort_dynamicrules/
 
 # Path to the snort binary, we need this to generate the stub files
-snort_path=/usr/local/bin/snort
+snort_path=/usr/bin/snort
 
 # We need to know where your snort.conf file lives so that we can
 # generate the stub files
-config_path=/usr/local/etc/snort/snort.conf
+config_path=/etc/nsm/templates/snort/snort.conf
 
 ##### Deprecated - The stubs are now  categorically written to the  single rule file!
 # sostub_path=/usr/local/etc/snort/rules/so_rules.rules
@@ -130,7 +130,7 @@ config_path=/usr/local/etc/snort/snort.conf
 # OpenBSD-5-2, OpenBSD-5-3
 # OpenSUSE-11-4, OpenSUSE-12-1
 # Slackware-13-1
-distro=FreeBSD-8-1
+distro=Centos-5-4
 
 #######  This next section is optional, but probably pretty useful to you.
 #######  Please read thoroughly!
@@ -179,7 +179,7 @@ snort_control=/usr/local/bin/snort_control
 
 
 # Define the path to the pid files of any running process that you want to
-# sent a signal (specified with -H option) after PP has completed its run.
+# HUP after PP has completed its run.
 # pid_path=/var/run/snort.pid,/var/run/barnyard.pid,/var/run/barnyard2.pid
 # and so on...
 # pid_path=/var/run/snort_eth0.pid
@@ -196,10 +196,10 @@ snort_control=/usr/local/bin/snort_control
 
 # Here you can specify what rule modification files to run automatically.
 # simply uncomment and specify the apt path.
-# enablesid=/usr/local/etc/snort/enablesid.conf
-# dropsid=/usr/local/etc/snort/dropsid.conf
-# disablesid=/usr/local/etc/snort/disablesid.conf
-# modifysid=/usr/local/etc/snort/modifysid.conf
+enablesid=/opt/so/pulledpork/etc/enablesid.conf
+dropsid=/opt/so/pulledpork/dropsid.conf
+disablesid=/opt/so/pulledpork/disablesid.conf
+modifysid=/opt/so/pulledpork/modifysid.conf
 
 # What is the base ruleset that you want to use, please uncomment to use
 # and see the README.RULESETS for a description of the options.