prevent suricata state from running on manager and managersearch https://github.com/Security-Onion-Solutions/securityonion/issues/2977

2025-12-06 09:12:45 +01:00 · 2021-06-16 08:06:26 -04:00
parent 2d27e0d9a9
commit ad9441bb60
1 changed files with 2 additions and 2 deletions
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -13,7 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% from 'allowed_states.map.jinja' import allowed_states %}
-{% if sls in allowed_states %}
+{% if sls in allowed_states  and grains.role not in ['so-manager', 'so-managersearch'] %}

 {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -205,4 +205,4 @@ clean_suricata_eve_files:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed

-{% endif %}
+{% endif %}