CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Bro Module - Choose your docker

Browse Source
This commit is contained in:
Mike Reeves
2018-09-28 11:01:42 -04:00
parent d774b65512
commit aa3aae4b51
1 changed files with 34 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
salt/bro/init.sls
View File

@@ -44,25 +44,6 @@ bropolicysync:
- group: 939
- template: jinja
# Sync local.bro
{% if salt['pillar.get']('static:hnmaster', '') == 'COMMUNITY' %}
localbrosync:
file.managed:
- name: /opt/so/conf/bro/local.bro
- source: salt://bro/files/local.bro.community
- user: 937
- group: 939
- template: jinja
{% else %}
localbrosync:
file.managed:
- name: /opt/so/conf/bro/local.bro
- source: salt://bro/files/local.bro
- user: 937
- group: 939
- template: jinja
{% endif %}
# Sync node.cfg
nodecfgsync:
file.managed:
@@ -72,7 +53,15 @@ nodecfgsync:
- group: 939
- template: jinja
# Add the container
# Sync local.bro
{% if salt['pillar.get']('static:hnmaster', '') == 'COMMUNITY' %}
localbrosync:
file.managed:
- name: /opt/so/conf/bro/local.bro
- source: salt://bro/files/local.bro.community
- user: 937
- group: 939
- template: jinja
so-bro:
docker_container.running:
@@ -87,3 +76,28 @@ so-bro:
- /opt/so/conf/bro/policy/custom:/opt/bro/share/bro/policy/custom:ro
- /opt/so/conf/bro/policy/intel:/opt/bro/share/bro/policy/intel:rw
- network_mode: host
{% else %}
localbrosync:
file.managed:
- name: /opt/so/conf/bro/local.bro
- source: salt://bro/files/local.bro
- user: 937
- group: 939
- template: jinja
so-bro:
docker_container.running:
- image: toosmooth/so-bro:techpreview
- privileged: True
- binds:
- /nsm/bro/logs:/nsm/bro/logs:rw
- /nsm/bro/spool:/nsm/bro/spool:rw
- /opt/so/conf/bro/local.bro:/opt/bro/share/bro/site/local.bro:ro
- /opt/so/conf/bro/node.cfg:/opt/bro/etc/node.cfg:ro
- /opt/so/conf/bro/policy/securityonion:/opt/bro/share/bro/policy/securityonion:ro
- /opt/so/conf/bro/policy/custom:/opt/bro/share/bro/policy/custom:ro
- /opt/so/conf/bro/policy/intel:/opt/bro/share/bro/policy/intel:rw
- network_mode: host
{% endif %}