change how we populate local.zeek - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/585

2025-12-08 18:22:47 +01:00 · 2020-04-28 14:10:57 -04:00
parent c46a45f00f
commit 8d2ca003fb
3 changed files with 5 additions and 5 deletions
--- a/pillar/zeek/init.sls
+++ b/pillar/zeek/init.sls
@@ -16,7 +16,7 @@ zeek:
    CfgDir: /opt/zeek/etc
    CompressLogs: 1
  local:
-    load:
+    '@load':
      - misc/loaded-scripts
      - tuning/defaults
      - misc/capture-loss
@@ -48,7 +48,7 @@ zeek:
      - securityonion/bpfconf
      - securityonion/communityid
      - securityonion/file-extraction
-    load-sigs:
+    '@load-sigs':
      - frameworks/signatures/detect-windows-shells
    redef:
      - LogAscii::use_json = T;
--- a/salt/zeek/files/local.zeek.jinja
+++ b/salt/zeek/files/local.zeek.jinja
@@ -1,11 +1,11 @@
 ##! Local site policy.
-{%- set ALLOWEDOPTIONS = [ 'load', 'load-sigs', 'redef' ] %}
+{%- set ALLOWEDOPTIONS = [ '@load', '@load-sigs', 'redef' ] %}
 {%- for k, v in LOCAL.items() %}
  {%- if k|lower in ALLOWEDOPTIONS %}
    {%- for li in v|sort %}
-@{{ k }} {{ li }}
+{{ k }} {{ li }}
    {%- endfor %}
  {%- endif %}
 {%- endfor %}