CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-20 07:53:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

enable/disable zeek in ui

Browse Source
This commit is contained in:
m0duspwnens
2023-05-05 16:33:59 -04:00
parent 2a8ed24045
commit a97fa9675b
7 changed files with 319 additions and 297 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
salt/zeek/config.map.jinja
View File

@@ -1,28 +1,14 @@
{% from 'vars/sensor.map.jinja' import ROLE_GLOBALS %}
{% import_yaml 'zeek/defaults.yaml' as zeek_defaults with context %}
{% set ZEEKMERGED = salt['pillar.get']('zeek', zeek_defaults.zeek, merge=True) %}
{% import_yaml 'zeek/defaults.yaml' as ZEEKDEFAULTS with context %}
{% set ZEEKMERGED = salt['pillar.get']('zeek', ZEEKDEFAULTS.zeek, merge=True) %}
{% do ZEEKMERGED.config.node.update({'interface': ROLE_GLOBALS.sensor.interface}) %}
{# we have to add the @ sign for the config since we remove it from defaults for the UI #}
{% if ZEEKMERGED.config.local.load is defined %}
{% set LOCALLOAD = ZEEKMERGED.config.local.pop('load') %}
{% do ZEEKMERGED.config.local.update({'@load': LOCALLOAD}) %}
{% endif %}
{% if ZEEKMERGED.config.local['load-sigs'] is defined %}
{% set LOCALLOADSIGS = ZEEKMERGED.config.local.pop('load-sigs') %}
{% do ZEEKMERGED.config.local.update({'@load-sigs': LOCALLOADSIGS}) %}
{% endif %}
{% set ZEEKOPTIONS = {} %}
{% set ENABLED = salt['pillar.get']('zeek:enabled', True) %}
# don't start the docker container if it is an import node or disabled via pillar
{% if grains.id.split('_')|last == 'import' or not ENABLED %}
{% do ZEEKOPTIONS.update({'start': False}) %}
{% do ZEEKOPTIONS.update({'pl_cron_state': 'absent'}) %}
{% do ZEEKOPTIONS.update({'status': 'absent'}) %}
{% else %}
{% do ZEEKOPTIONS.update({'start': True}) %}
{% do ZEEKOPTIONS.update({'pl_cron_state': 'present'}) %}
{% do ZEEKOPTIONS.update({'status': 'running'}) %}
{% endif %}