Merge pull request #8751 from Security-Onion-Solutions/funstuff

Funstuff
2025-12-06 09:12:45 +01:00 · 2022-09-15 13:15:51 -04:00
parent 4357f013f0 7d6e847f86
commit c49c7348ff
5 changed files with 6 additions and 51 deletions
--- a/salt/common/tools/sbin/so-minion
+++ b/salt/common/tools/sbin/so-minion
@@ -165,7 +165,8 @@ function add_sensor_to_minion() {
 	echo "  mtu: 9000" >> $PILLARFILE
 	echo "zeek:" >> $PILLARFILE
 	echo "    config:" >> $PILLARFILE
-	echo "        lb_procs: '$CORECOUNT'" >> $PILLARFILE
+	echo "        node:" >> $PILLARFILE
+	echo "            lb_procs: '$CORECOUNT'" >> $PILLARFILE
 	echo "suricata:" >> $PILLARFILE
 	echo "    config:" >> $PILLARFILE
 	echo "        af-packet:" >> $PILLARFILE
--- a/salt/pcap/defaults.yaml
+++ b/salt/pcap/defaults.yaml
@@ -6,6 +6,6 @@ pcap:
        blocks: 2048
        preallocate_file_mb: 4096
        aiops: 128
-        stenopin: False
-        stenopins: []
+        pin_to_cpu: False
+        cpus_to_pin_to: []
        disks: []
--- a/salt/pcap/soc_pcap.yaml
+++ b/salt/pcap/soc_pcap.yaml
@@ -1,6 +1,6 @@
 pcap:
  enabled: 
-  description: Enable or Disable Stenographer on all sensors or a single sensor
+    description: Enable or Disable Stenographer on all sensors or a single sensor
  config:
    maxdirectoryfiles:
      description: The maximum number of packet/index files to create before deleting old files. The default is about 8 days regardless of free space. 
@@ -18,7 +18,7 @@ pcap:
    pin_to_cpu:
      description: Enable CPU pinning for PCAP.
    cpus_to_pin_to:
-      description: CPU to pin PCAP to. Currently only a single SPU is supported
+      description: CPU to pin PCAP to. Currently only a single CPU is supported
    disks:
      description: List of disks to use for PCAP. This is currently not used.
      advanced: True
--- a/salt/suricata/afpacket.map.jinja
+++ b/salt/suricata/afpacket.map.jinja
@@ -1,14 +0,0 @@
-{% import_yaml 'suricata/defaults.yaml' as suricata_defaults with context %}
-{% set suricata_pillar = pillar.suricata %}
-{% set surimerge = salt['defaults.merge'](suricata_defaults, suricata_pillar, in_place=False)
-{% load_yaml as afpacket %}
-af-packet:
-  - interface: {{ surimerge.suricata.config.af-packet.interface }}
-    cluster-id: {{ surimerge.suricata.config.af-packet.cluster-id }}
-    cluster-type: {{ surimerge.suricata.config.af-packet.cluster-type }}
-    defrag: {{ surimerge.suricata.config.af-packet.defrag }}
-    use-mmap: {{ surimerge.suricata.config.af-packet.use-mmap }}
-    threads: {{ surimerge.suricata.config.af-packet.threads }}
-    tpacket-v3: {{ surimerge.suricata.config.af-packet.tpacket-v3 }}
-    ring-size: {{ surimerge.suricata.config.af-packet.ring-size }}
-{% endload %}
--- a/salt/suricata/threading.map.jinja
+++ b/salt/suricata/threading.map.jinja
@@ -1,32 +0,0 @@
-{% if salt['pillar.get']('sensor:suripins') %}
-  {% load_yaml as cpu_affinity%}
-cpu-affinity:
-  - management-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - receive-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - worker-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]
-      mode: "exclusive"
-      threads: {{ salt['pillar.get']('sensor:suripins')|length }}
-      prio:
-        default: "high"
-  {% endload %}
-{% elif salt['pillar.get']('sensor:suriprocs') %}
-  {% load_yaml as cpu_affinity%}
-cpu-affinity:
-  - management-cpu-set:
-      cpu: [ all ]  # include only these CPUs in affinity settings
-  - receive-cpu-set:
-      cpu: [ all ]  # include only these CPUs in affinity settings
-  - worker-cpu-set:
-      cpu: [ "all" ]
-      mode: "exclusive"
-      threads: {{ salt['pillar.get']('sensor:suriprocs') }}
-      prio:
-        low: [ 0 ]
-        medium: [ "1-2" ]
-        high: [ 3 ]
-        default: "high"
-  {% endload %}
-{% endif %}