CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-02-22 23:15:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

pillarize local.zeek and move zeekctl from defaults.yml to zeek pillar - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/585

Browse Source
This commit is contained in:
m0duspwnens
2020-04-28 09:44:37 -04:00
parent 90aabde4c9
commit b6741daca6
7 changed files with 75 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/zeek/init.sls
View File

@@ -4,8 +4,7 @@
{% set BPF_STATUS = 0 %}
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
{% import_yaml 'zeek/defaults.yml' as ZEEKDEFAULTS %}
{% set ZEEK = salt['pillar.get']('zeek', default=ZEEKDEFAULTS.zeek, merge=True) %}
{% set ZEEK = salt['pillar.get']('zeek', {} %}
# Zeek Salt State
@@ -144,13 +143,16 @@ zeekbpf:
- "ip or not ip"
{% endif %}
localzeeksync:
file.managed:
- name: /opt/so/conf/zeek/local.zeek
- source: salt://zeek/files/local.zeek
- source: salt://zeek/files/local.zeek.jinja
- user: 937
- group: 939
- template: jinja
- defaults:
LOCAL: {{ ZEEK.local | tojson }}
so-zeek:
docker_container.running: