Merge pull request #8751 from Security-Onion-Solutions/funstuff

Funstuff

salt/common/tools/sbin/so-minion

@@ -165,7 +165,8 @@ function add_sensor_to_minion() {
 	echo "  mtu: 9000" >> $PILLARFILE
 	echo "zeek:" >> $PILLARFILE
 	echo "    config:" >> $PILLARFILE
-	echo "        lb_procs: '$CORECOUNT'" >> $PILLARFILE
+	echo "        node:" >> $PILLARFILE
+	echo "            lb_procs: '$CORECOUNT'" >> $PILLARFILE
 	echo "suricata:" >> $PILLARFILE
 	echo "    config:" >> $PILLARFILE
 	echo "        af-packet:" >> $PILLARFILE

salt/pcap/defaults.yaml

@@ -6,6 +6,6 @@ pcap:
         blocks: 2048
         preallocate_file_mb: 4096
         aiops: 128
-        stenopin: False
+        pin_to_cpu: False
-        stenopins: []
+        cpus_to_pin_to: []
         disks: []

salt/pcap/soc_pcap.yaml

@@ -1,6 +1,6 @@
 pcap:
   enabled: 
-  description: Enable or Disable Stenographer on all sensors or a single sensor
+    description: Enable or Disable Stenographer on all sensors or a single sensor
   config:
     maxdirectoryfiles:
       description: The maximum number of packet/index files to create before deleting old files. The default is about 8 days regardless of free space. 
@@ -18,7 +18,7 @@ pcap:
     pin_to_cpu:
       description: Enable CPU pinning for PCAP.
     cpus_to_pin_to:
-      description: CPU to pin PCAP to. Currently only a single SPU is supported
+      description: CPU to pin PCAP to. Currently only a single CPU is supported
     disks:
       description: List of disks to use for PCAP. This is currently not used.
       advanced: True

salt/suricata/afpacket.map.jinja

@@ -1,14 +0,0 @@
-{% import_yaml 'suricata/defaults.yaml' as suricata_defaults with context %}
-{% set suricata_pillar = pillar.suricata %}
-{% set surimerge = salt['defaults.merge'](suricata_defaults, suricata_pillar, in_place=False)
-{% load_yaml as afpacket %}
-af-packet:
-  - interface: {{ surimerge.suricata.config.af-packet.interface }}
-    cluster-id: {{ surimerge.suricata.config.af-packet.cluster-id }}
-    cluster-type: {{ surimerge.suricata.config.af-packet.cluster-type }}
-    defrag: {{ surimerge.suricata.config.af-packet.defrag }}
-    use-mmap: {{ surimerge.suricata.config.af-packet.use-mmap }}
-    threads: {{ surimerge.suricata.config.af-packet.threads }}
-    tpacket-v3: {{ surimerge.suricata.config.af-packet.tpacket-v3 }}
-    ring-size: {{ surimerge.suricata.config.af-packet.ring-size }}
-{% endload %}

salt/suricata/threading.map.jinja

@@ -1,32 +0,0 @@
-{% if salt['pillar.get']('sensor:suripins') %}
-  {% load_yaml as cpu_affinity%}
-cpu-affinity:
-  - management-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - receive-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - worker-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]
-      mode: "exclusive"
-      threads: {{ salt['pillar.get']('sensor:suripins')|length }}
-      prio:
-        default: "high"
-  {% endload %}
-{% elif salt['pillar.get']('sensor:suriprocs') %}
-  {% load_yaml as cpu_affinity%}
-cpu-affinity:
-  - management-cpu-set:
-      cpu: [ all ]  # include only these CPUs in affinity settings
-  - receive-cpu-set:
-      cpu: [ all ]  # include only these CPUs in affinity settings
-  - worker-cpu-set:
-      cpu: [ "all" ]
-      mode: "exclusive"
-      threads: {{ salt['pillar.get']('sensor:suriprocs') }}
-      prio:
-        low: [ 0 ]
-        medium: [ "1-2" ]
-        high: [ 3 ]
-        default: "high"
-  {% endload %}
-{% endif %}