From 3925ed52c7e03693a21015b2baad9030ebd436e0 Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@Defensivedepth.com>
Date: Tue, 28 Jan 2020 22:02:18 -0500
Subject: [PATCH] Suricata - BPF hotfix

---
 salt/suricata/init.sls | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 65b80c9ae..dcea927ae 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -18,7 +18,7 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set BPF_NIDS = salt['pillar.get']('nids:bpf') %}
-
+{% set BPF_STATUS = 0  %}
 
 # Suricata
 
@@ -85,7 +85,9 @@ surithresholding:
 # BPF compilation and configuration
 {% if BPF_NIDS %}
    {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', interface + ' ' + BPF_NIDS|join(" ")  ) %}
-   {% if BPF_CALC['stderr'] != "" %}
+   {% if BPF_CALC['stderr'] == "" %}
+      {% set BPF_STATUS = 1  %}
+   {% else  %}
 suribpfcompilationfailure:
   test.configurable_test_state:
    - changes: False
@@ -99,7 +101,7 @@ suribpf:
     - name: /opt/so/conf/suricata/bpf
     - user: 940
     - group: 940
-   {% if BPF_CALC['stderr'] == "" %}
+   {% if BPF_STATUS %}
     - contents_pillar: nids:bpf
    {% else %}
     - contents: