From 8ee2142de488348e7ceb39b891365c8e61f1e5ae Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 29 Jun 2020 11:21:47 -0400
Subject: [PATCH] pillarize idstools -
 https://github.com/Security-Onion-Solutions/securityonion/issues/583

---
 salt/idstools/etc/disable.conf | 6 ++++++
 salt/idstools/etc/enable.conf  | 6 ++++++
 salt/idstools/init.sls         | 2 ++
 3 files changed, 14 insertions(+)

diff --git a/salt/idstools/etc/disable.conf b/salt/idstools/etc/disable.conf
index e8928c495..9eb69575e 100644
--- a/salt/idstools/etc/disable.conf
+++ b/salt/idstools/etc/disable.conf
@@ -1,3 +1,5 @@
+{% set disabled_sids = salt['pillar.get']('idstools:sids:disabled', {}) -%}
+
 # idstools - disable.conf
 
 # Example of disabling a rule by signature ID (gid is optional).
@@ -8,3 +10,7 @@
 # - All regular expression matches are case insensitive.
 # re:hearbleed
 # re:MS(0[7-9]|10)-\d+
+
+{%- for sid in disabled_sids %}
+{{ sid }}
+{% endfor -%}
\ No newline at end of file
diff --git a/salt/idstools/etc/enable.conf b/salt/idstools/etc/enable.conf
index b7738677c..3f965541f 100644
--- a/salt/idstools/etc/enable.conf
+++ b/salt/idstools/etc/enable.conf
@@ -1,3 +1,5 @@
+{% set enabled_sids = salt['pillar.get']('idstools:sids:enabled', {}) -%}
+
 # idstools-rulecat - enable.conf
 
 # Example of enabling a rule by signature ID (gid is optional).
@@ -8,3 +10,7 @@
 # - All regular expression matches are case insensitive.
 # re:hearbleed
 # re:MS(0[7-9]|10)-\d+
+
+{%- for sid in enabled_sids %}
+{{ sid }}
+{% endfor -%}
\ No newline at end of file
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index d145a4e15..078cb5b03 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -66,3 +66,5 @@ so-idstools:
     - binds:
       - /opt/so/conf/idstools/etc:/opt/so/idstools/etc:ro
       - /opt/so/rules/nids:/opt/so/rules/nids:rw
+    - watch:
+      - file: idstoolsetcsync