From acda73feab2c5703effaa76f8138513ee0c637ae Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 27 Feb 2018 14:57:26 -0500
Subject: [PATCH] Suricata Salt Module - add env variable for start script

---
 salt/suricata/init.sls | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 50ff949db..07c312127 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -13,7 +13,24 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
+
 # Suricata
+
+# Add Suricata Group
+suricatagroup:
+  group.present:
+    - name: suricata
+    - gid: 940
+
+# Add ES user
+suricata:
+  user.present:
+    - uid: 940
+    - gid: 940
+    - home: /opt/so/conf/suricata
+    - createhome: False
+
 suridir:
   file.directory:
     - name: /opt/so/conf/suricata
@@ -51,6 +68,8 @@ so-suricata:
   docker_container.running:
     - image: toosmooth/so-suricata:test2
     - privileged: True
+    - environment:
+      - interface={{ interface }}
     - binds:
       - /opt/so/conf/suricata/suricata.yaml:/usr/local/etc/suricata/suricata.yaml:ro
       - /opt/so/conf/suricata/rules:/usr/local/etc/suricata/rules:ro