Rule Updates

salt/idstools/etc/rulecat.conf

@@ -1,10 +1,10 @@
 {%- from 'vars/globals.map.jinja' import GLOBALS -%}
 {%- from 'idstools/map.jinja' import IDSTOOLSMERGED -%}
---merged=/nsm/rules/suricata/all.rules
---local=/nsm/rules/local/local.rules
+--merged=/opt/so/rules/nids/all.rules
+--local=/opt/so/rules/nids/local.rules
 {%-   if GLOBALS.md_engine == "SURICATA" %}
---local=/nsm/rules/sorules/ids/extraction.rules
---local=/nsm/rules/sorules/filters.rules
+--local=/opt/so/rules/nids/sorules/extraction.rules
+--local=/opt/so/rules/nids/sorules/filters.rules
 {%-   endif %}
 --url=http://{{ GLOBALS.manager }}:7788/suricata/emerging-all.rules
 --disable=/opt/so/idstools/etc/disable.conf

salt/idstools/tools/sbin_jinja/so-rule-update

@@ -1,5 +1,4 @@
 #!/bin/bash
-
 . /usr/sbin/so-common
 
 {%- from 'vars/globals.map.jinja' import GLOBALS %}

salt/nginx/enabled.sls

@@ -12,6 +12,15 @@ include:
   - nginx.config
   - nginx.sostatus
 
+make-rule-dir-nginx:
+  file.directory:
+    - name: /nsm/rules
+    - user: socore
+    - group: socore
+    - recurse:
+      - user
+      - group
+
 so-nginx:
   docker_container.running:
     - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-nginx:{{ GLOBALS.so_version }}

setup/so-setup

@@ -648,7 +648,7 @@ if ! [[ -f $install_opt_file ]]; then
 			title "Downloading IDS Rules"
 			logCmd "so-rule-update"
 			title "Downloading YARA rules"
-			logCmd "so-yara-update"
+			logCmd "runuser -l socore 'so-yara-update'"
 		fi
 		title "Setting up Kibana Default Space"
 		logCmd "so-kibana-space-defaults"