From 96b72d46be65d8becd1346c649bcd50355249e7e Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 16 Dec 2020 12:01:48 -0500
Subject: [PATCH] show steno,zeek,suricata as disabled in so-status on import
 node

---
 salt/pcap/init.sls     | 2 +-
 salt/suricata/init.sls | 8 ++++++++
 salt/zeek/init.sls     | 8 ++++++++
 setup/so-functions     | 5 +++++
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index e98bbecf5..a43f90288 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -133,7 +133,7 @@ append_so-steno_so-status.conf:
   file.append:
     - name: /opt/so/conf/so-status/so-status.conf
     - text: so-steno
-    - unless: grep so-steno /opt/so/conf/so-status/so-status.conf
+    - unless: grep -q so-steno /opt/so/conf/so-status/so-status.conf
 
   {% if STENOOPTIONS.status == 'running' %}
 delete_so-steno_so-status.disabled:
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 0c50bb5d1..99609be32 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -167,6 +167,14 @@ append_so-suricata_so-status.conf:
   file.append:
     - name: /opt/so/conf/so-status/so-status.conf
     - text: so-suricata
+    - unless: grep -q so-suricata /opt/so/conf/so-status/so-status.conf
+
+{% if grains.role == 'so-import' %}
+disable_so-suricata_so-status.conf:
+  file.comment:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-suricata$
+{% endif %}
 
 surilogrotate:
   file.managed:
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index f6edae136..6fa289d5c 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -200,6 +200,14 @@ append_so-zeek_so-status.conf:
   file.append:
     - name: /opt/so/conf/so-status/so-status.conf
     - text: so-zeek
+    - unless: grep -q so-zeek /opt/so/conf/so-status/so-status.conf
+
+{% if grains.role == 'so-import' %}
+disable_so-zeek_so-status.conf:
+  file.comment:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-zeek$
+{% endif %}
 
 {% else %}
 
diff --git a/setup/so-functions b/setup/so-functions
index 5f98e685e..c49babaae 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1941,6 +1941,11 @@ sensor_pillar() {
 	if [ "$HNSENSOR" != 'inherit' ]; then
 		echo "  hnsensor: $HNSENSOR" >> "$pillar_file"
 	fi
+	if [[ $is_import ]]; then
+		printf '%s\n'\
+			"steno:"\
+			"  enabled: false" >> "$pillar_file"
+	fi
 
 }