Move compile_yara

salt/strelka/compile_yara/compile_yara.py

@@ -0,0 +1,19 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+import os
+import yara
+import glob
+import sys
+
+def compile_yara_rules(rules_dir: str) -> None:
+		compiled_rules_path: str = os.path.join(rules_dir, "rules.yar.compiled")
+		rule_files: list[str] = glob.glob(os.path.join(rules_dir, '**/*.yar'), recursive=True)
+
+		if rule_files:
+				rules: yara.Rules = yara.compile(filepaths={os.path.basename(f): f for f in rule_files})
+				rules.save(compiled_rules_path)
+
+compile_yara_rules(sys.argv[1])

salt/strelka/config.sls

@@ -14,6 +14,14 @@ strelkaconfdir:
     - group: 939
     - makedirs: True
 
+strelkacompileyara:
+  file.managed:
+    - name: /opt/so/conf/strelka/compile_yara.py
+    - source: salt://strelka/compile_yara/compile_yara.py
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 strelkarulesdir:
   file.directory:
     - name: /opt/so/conf/strelka/rules