CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-31 12:23:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rule Updates

Browse Source
This commit is contained in:
Mike Reeves
2023-05-26 15:16:14 -04:00
parent 8ce0d76287
commit b2d2a9f0ed
6 changed files with 41 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/idstools/tools/sbin_jinja/so-rule-update
View File

@@ -6,6 +6,8 @@
{%- from 'idstools/map.jinja' import IDSTOOLSMERGED %}
{%- set proxy = salt['pillar.get']('manager:proxy') %}
mkdir -p /nsm/rules/suricata
# Download the rules from the internet
{%- if GLOBALS.airgap != 'True' %}
{%- if proxy %}

16
salt/strelka/config.sls
View File

@@ -43,14 +43,14 @@ strelka_sbin:
- group: 939
- file_mode: 755
#strelka_sbin_jinja:
# file.recurse:
# - name: /usr/sbin
# - source: salt://strelka/tools/sbin_jinja
# - user: 939
# - group: 939
# - file_mode: 755
# - template: jinja
strelka_sbin_jinja:
file.recurse:
- name: /usr/sbin
- source: salt://strelka/tools/sbin_jinja
- user: 939
- group: 939
- file_mode: 755
- template: jinja
{% else %}

3
salt/strelka/defaults.yaml
View File

@@ -542,8 +542,7 @@ strelka:
enabled: False
rules:
enabled: True
repos:
- https://github.com/Neo23x0/signature-base
repos: []
excluded:
- apt_flame2_orchestrator.yar
- apt_tetris.yar

21
salt/strelka/tools/sbin_jinja/so-yara-update Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
. /usr/sbin/so-common
{%- set proxy = salt['pillar.get']('manager:proxy') %}
# Download the rules from the internet
{%- if proxy %}
export http_proxy={{ proxy }}
export https_proxy={{ proxy }}
export no_proxy= salt['pillar.get']('manager:no_proxy')
{%- endif %}
mkdir -p /tmp/yara
cd /tmp/yara
git clone https://github.com/Security-Onion-Solutions/securityonion-yara.git
mkdir -p /nsm/rules/yara
rsync -shav --progress /tmp/yara/securityonion-yara/yara /nsm/rules/
cd /tmp
rm -rf /tmp/yara