strelka compiled rules

2025-12-06 17:22:49 +01:00 · 2024-05-09 11:26:02 -04:00
parent 3a99624eb8
commit a74fee4cd0
3 changed files with 21 additions and 30 deletions
--- a/salt/strelka/compile_yara/compile_yara.py
+++ b/salt/strelka/compile_yara/compile_yara.py
@@ -20,7 +20,7 @@ def check_syntax(rule_file):

 def compile_yara_rules(rules_dir):
    compiled_dir = os.path.join(rules_dir, "compiled")
-    compiled_rules_path = [ os.path.join(compiled_dir, "rules.compiled"), "/opt/so/saltstack/default/salt/strelka/rules/compiled/rules.compiled" ]
+    compiled_rules_path = "/opt/so/saltstack/local/salt/strelka/rules/compiled/rules.compiled"
    rule_files = glob.glob(os.path.join(rules_dir, '**/*.yar'), recursive=True)
    files_to_compile = {}
    removed_count = 0
@@ -57,9 +57,12 @@ def compile_yara_rules(rules_dir):
    # Compile all remaining valid rules into a single file
    if files_to_compile:
        compiled_rules = yara.compile(filepaths=files_to_compile)
-        for path in compiled_rules_path:
-          compiled_rules.save(path)
-          print(f"All remaining rules compiled and saved into {path}")
+        compiled_rules.save(compiled_rules_path)
+        print(f"All remaining rules compiled and saved into {compiled_rules_path}")
+    # Remove the rules.compiled if there aren't any files to be compiled
+    else:
+        if os.path.exists(compiled_rules_path):
+            os.remove(compiled_rules_path)

    # Print summary of compilation results
    print(f"Summary: {success_count} rules compiled successfully, {removed_count} rules removed due to errors.")
--- a/salt/strelka/config.sls
+++ b/salt/strelka/config.sls
@@ -34,7 +34,18 @@ strelkalogdir:
    - name: /nsm/strelka/log
    - user: 939
    - group: 939
-    - makedirs: True
+
+strelkagkredisdatadir:
+  file.directory:
+    - name: /nsm/strelka/gk-redis-data
+    - user: 939
+    - group: 939
+
+strelkacoordredisdatadir:
+  file.directory:
+    - name: /nsm/strelka/coord-redis-data
+    - user: 939
+    - group: 939

 strelka_sbin:
  file.recurse:
@@ -44,20 +55,6 @@ strelka_sbin:
    - group: 939
    - file_mode: 755

-strelkagkredisdatadir:
-  file.directory:
-    - name: /nsm/strelka/gk-redis-data
-    - user: 939
-    - group: 939
-    - makedirs: True
-
-strelkacoordredisdatadir:
-  file.directory:
-    - name: /nsm/strelka/coord-redis-data
-    - user: 939
-    - group: 939
-    - makedirs: True
-
 {% else %}

 {{sls}}_state_not_allowed:
--- a/salt/strelka/manager.sls
+++ b/salt/strelka/manager.sls
@@ -7,9 +7,9 @@
 {% if sls in allowed_states %}

 # Strelka config
-strelkaconfdir:
+strelkarulesdir:
  file.directory:
-    - name: /opt/so/conf/strelka/rules/compiled/
+    - name: /opt/so/conf/strelka/rules
    - user: 939
    - group: 939
    - makedirs: True
@@ -20,21 +20,12 @@ strelkacompileyara:
    - source: salt://strelka/compile_yara/compile_yara.py
    - user: 939
    - group: 939
-    - makedirs: True
-
-strelkarulesdir:
-  file.directory:
-    - name: /opt/so/conf/strelka/rules
-    - user: 939
-    - group: 939
-    - makedirs: True

 strelkareposdir:
  file.directory:
    - name: /opt/so/conf/strelka/repos
    - user: 939
    - group: 939
-    - makedirs: True

 {% else %}