From 8d2ca003fb7b8552593534e2b5c3c7b0fab4eab0 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 28 Apr 2020 14:10:57 -0400 Subject: [PATCH] change how we populate local.zeek - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/585 --- pillar/zeek/init.sls | 4 ++-- salt/zeek/files/local.zeek.jinja | 4 ++-- salt/zeek/files/zeekctl.cfg.jinja | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pillar/zeek/init.sls b/pillar/zeek/init.sls index 28b43ef5b..10b92bb03 100644 --- a/pillar/zeek/init.sls +++ b/pillar/zeek/init.sls @@ -16,7 +16,7 @@ zeek: CfgDir: /opt/zeek/etc CompressLogs: 1 local: - load: + '@load': - misc/loaded-scripts - tuning/defaults - misc/capture-loss @@ -48,7 +48,7 @@ zeek: - securityonion/bpfconf - securityonion/communityid - securityonion/file-extraction - load-sigs: + '@load-sigs': - frameworks/signatures/detect-windows-shells redef: - LogAscii::use_json = T; diff --git a/salt/zeek/files/local.zeek.jinja b/salt/zeek/files/local.zeek.jinja index 364efa923..61f5df7d8 100644 --- a/salt/zeek/files/local.zeek.jinja +++ b/salt/zeek/files/local.zeek.jinja @@ -1,11 +1,11 @@ ##! Local site policy. -{%- set ALLOWEDOPTIONS = [ 'load', 'load-sigs', 'redef' ] %} +{%- set ALLOWEDOPTIONS = [ '@load', '@load-sigs', 'redef' ] %} {%- for k, v in LOCAL.items() %} {%- if k|lower in ALLOWEDOPTIONS %} {%- for li in v|sort %} -@{{ k }} {{ li }} +{{ k }} {{ li }} {%- endfor %} {%- endif %} {%- endfor %} \ No newline at end of file diff --git a/salt/zeek/files/zeekctl.cfg.jinja b/salt/zeek/files/zeekctl.cfg.jinja index 0a6be371c..6d28d4dbd 100644 --- a/salt/zeek/files/zeekctl.cfg.jinja +++ b/salt/zeek/files/zeekctl.cfg.jinja @@ -6,4 +6,4 @@ {%- if option|lower in ALLOWEDOPTIONS %} {{ option }} = {{ ZEEKCTL[option] }} {%- endif %} -{%- endfor %} +{%- endfor %} \ No newline at end of file