jinja for strelka

salt/manager/files/so-yara-update.jinja

@@ -9,7 +9,7 @@ echo "Starting to check for yara rule updates at $(date)..."
 
 output_dir="/opt/so/saltstack/default/salt/strelka/rules"
 mkdir -p $output_dir
-repos="$output_dir/repos.txt"
+repos="/opt/so/conf/strelka/repos.txt"
 newcounter=0
 excludedcounter=0
 excluded_rules=({{ EXCLUDEDRULES | join(' ') }})

salt/manager/init.sls

@@ -33,7 +33,7 @@ yara_update_script:
     - template: jinja
     - defaults:
         ISAIRGAP: {{ GLOBALS.airgap }}
-        EXCLUDEDRULES: {{ STRELKAMERGED.excluded_rules }}
+        EXCLUDEDRULES: {{ STRELKAMERGED.rules.excluded }}
 
 strelka_yara_update:
   cron.present:

salt/strelka/defaults.yaml

@@ -13,7 +13,7 @@ strelka:
           addr: 'HOST:6380'
           db: 0
         tasting:
-          mime_db: ''
+          mime_db: null
           yara_rules: '/etc/strelka/taste/'
         scanners:
           'ScanBase64':
@@ -535,23 +535,11 @@ strelka:
           addr: 'HOST:6380'
           db: 0
 
-
+  rules:
-
+    enabled: True
-
+    repos:
-
+      - https://github.com/Neo23x0/signature-base
-
+    excluded:
-
-
-
-
-
-
-
-
-
-
-        
-  excluded_rules:
       - apt_flame2_orchestrator.yar
       - apt_tetris.yar
       - gen_susp_js_obfuscatorio.yar

salt/strelka/init.sls

@@ -7,7 +7,6 @@
 {% if sls in allowed_states %}
 {% from 'docker/docker.map.jinja' import DOCKER %}
 {% from 'vars/globals.map.jinja' import GLOBALS %}
-{% set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') %}
 
 {% from 'strelka/map.jinja' import STRELKAMERGED %}
 {% from 'strelka/filecheck/map.jinja' import FILECHECKDEFAULTS %}
@@ -35,6 +34,7 @@ backend_backend_config:
     - template: jinja
     - user: 939
     - group: 939
+    - makedirs: True
     - defaults:
         BACKENDCONFIG: {{ STRELKAMERGED.config.backend.backend }}
 
@@ -65,6 +65,7 @@ filestream_config:
     - template: jinja
     - user: 939
     - group: 939
+    - makedirs: True
     - defaults:
         FILESTREAMCONFIG: {{ STRELKAMERGED.config.filestream }}
 
@@ -75,6 +76,7 @@ frontend_config:
     - template: jinja
     - user: 939
     - group: 939
+    - makedirs: True
     - defaults:
         FRONTENDCONFIG: {{ STRELKAMERGED.config.frontend }}
 
@@ -85,10 +87,11 @@ manager_config:
     - template: jinja
     - user: 939
     - group: 939
+    - makedirs: True
     - defaults:
         MANAGERCONFIG: {{ STRELKAMERGED.config.manager }}
 
-{% if STRELKA_RULES == 1 %}
+{% if STRELKAMERGED.rules.enabled %}
 
 strelkarules:
   file.recurse:
@@ -101,9 +104,11 @@ strelkarules:
 {% if grains['role'] in GLOBALS.manager_roles %}
 strelkarepos:
   file.managed:
-    - name: /opt/so/saltstack/default/salt/strelka/rules/repos.txt
+    - name: /opt/so/conf/strelka/repos.txt
-    - source: salt://strelka/rules/repos.txt.jinja
+    - source: salt://strelka/repos.txt.jinja
     - template: jinja
+    - defaults:
+        STRELKAREPOS: {{ STRELKAMERGED.rules.repos }}
 
 {% endif %}
 {% endif %}

salt/strelka/repos.txt.jinja

@@ -0,0 +1,2 @@
+# DO NOT EDIT THIS FILE! Strelka YARA rule repos are stored here from the strelka:rules:repos pillar section
+{{ STRELKAREPOS | join('\n') }}

salt/strelka/rules/ignore.txt

@@ -1,4 +0,0 @@
-generic_anomalies.yar
-general_cloaking.yar
-thor_inverse_matches.yar
-yara_mixed_ext_vars.yar

salt/strelka/rules/repos.txt

@@ -1 +0,0 @@
-https://github.com/Neo23x0/signature-base

salt/strelka/rules/repos.txt.jinja

@@ -1,4 +0,0 @@
-# DO NOT EDIT THIS FILE! Strelka YARA rule repos are stored here from the strelka.repos pillar section
-{%- for repo in salt['pillar.get']('strelka:repos', {}) %}
-{{ repo }}
-{%- endfor %}