CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

change how we populate local.zeek - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/585

Browse Source
This commit is contained in:
m0duspwnens
2020-04-28 14:10:57 -04:00
parent c46a45f00f
commit 8d2ca003fb
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pillar/zeek/init.sls
View File

@@ -16,7 +16,7 @@ zeek:
CfgDir: /opt/zeek/etc CfgDir: /opt/zeek/etc
CompressLogs: 1 CompressLogs: 1
local: local:
load: '@load':
- misc/loaded-scripts - misc/loaded-scripts
- tuning/defaults - tuning/defaults
- misc/capture-loss - misc/capture-loss
@@ -48,7 +48,7 @@ zeek:
- securityonion/bpfconf - securityonion/bpfconf
- securityonion/communityid - securityonion/communityid
- securityonion/file-extraction - securityonion/file-extraction
load-sigs: '@load-sigs':
- frameworks/signatures/detect-windows-shells - frameworks/signatures/detect-windows-shells
redef: redef:
- LogAscii::use_json = T; - LogAscii::use_json = T;

4
salt/zeek/files/local.zeek.jinja
View File

@@ -1,11 +1,11 @@
##! Local site policy. ##! Local site policy.
{%- set ALLOWEDOPTIONS = [ 'load', 'load-sigs', 'redef' ] %} {%- set ALLOWEDOPTIONS = [ '@load', '@load-sigs', 'redef' ] %}
{%- for k, v in LOCAL.items() %} {%- for k, v in LOCAL.items() %}
{%- if k|lower in ALLOWEDOPTIONS %} {%- if k|lower in ALLOWEDOPTIONS %}
{%- for li in v|sort %} {%- for li in v|sort %}
@{{ k }} {{ li }} {{ k }} {{ li }}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}

2
salt/zeek/files/zeekctl.cfg.jinja
View File

@@ -6,4 +6,4 @@
{%- if option|lower in ALLOWEDOPTIONS %} {%- if option|lower in ALLOWEDOPTIONS %}
{{ option }} = {{ ZEEKCTL[option] }} {{ option }} = {{ ZEEKCTL[option] }}
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}