From ab551a747ddafe1fd0b602e3f84d8130e9ffe5bc Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Mon, 29 Jan 2024 15:44:57 -0500
Subject: [PATCH] Threads placeholder logic

---
 salt/suricata/enabled.sls |  3 +++
 salt/suricata/pcap.sls    | 25 +++++++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 salt/suricata/pcap.sls

diff --git a/salt/suricata/enabled.sls b/salt/suricata/enabled.sls
index ce309e41a..6dce49c8c 100644
--- a/salt/suricata/enabled.sls
+++ b/salt/suricata/enabled.sls
@@ -12,6 +12,9 @@
 include:
   - suricata.config
   - suricata.sostatus
+  if blah
+  - suricata.pcap
+  endif
 
 so-suricata:
   docker_container.running:
diff --git a/salt/suricata/pcap.sls b/salt/suricata/pcap.sls
new file mode 100644
index 000000000..f677532f0
--- /dev/null
+++ b/salt/suricata/pcap.sls
@@ -0,0 +1,25 @@
+{% from 'vars/globals.map.jinja' import GLOBALS %}
+{% import_yaml 'suricata/defaults.yaml' as SURICATADEFAULTS %}
+{% set SURICATAMERGED = salt['pillar.get']('suricata', SURICATADEFAULTS.suricata, merge=True) %}
+
+suripcapdir:
+  file.directory:
+    - name: /nsm/suripcap
+    - user: 940
+    - group: 939
+    - mode: 755
+    - makedirs: True
+
+{{ SURICATAMERGED.config['af-packet'].threads }}
+
+for thread in afp.threads
+
+suripcapthreaddir:
+  file.directory:
+    - name: /nsm/suripcap/{{thread}}
+    - user: 940
+    - group: 939
+    - mode: 755
+    - makedirs: True
+
+endfor
\ No newline at end of file