add GLOBALS.pcap_engine

2025-12-06 17:22:49 +01:00 · 2024-01-29 16:54:08 -05:00
parent 88d2ddba8b
commit d118ff4728
7 changed files with 19 additions and 17 deletions
--- a/salt/global/map.jinja
+++ b/salt/global/map.jinja
@@ -0,0 +1,2 @@
 {% import_yaml 'global/defaults.yaml' as GLOBALDEFAULTS %}
 {% set GLOBALMERGED = salt['pillar.get']('global', GLOBALDEFAULTS.global, merge=True) %}
--- a/salt/sensoroni/files/sensoroni.json
+++ b/salt/sensoroni/files/sensoroni.json
@@ -24,21 +24,21 @@
      "statickeyauth": {
        "apiKey": "{{ GLOBALS.sensoroni_key }}"
 {%- if PCAPMERGED.enabled %}
-{%-   if PCAPENGINE.steno %} 
+{%-   if GLOBALS.pcap_engine == "STENO" %}
      },     
      "stenoquery": {
        "executablePath": "/opt/sensoroni/scripts/stenoquery.sh",
        "pcapInputPath": "/nsm/pcap",
        "pcapOutputPath": "/nsm/pcapout"
      }
-{%- elif PCAPENGINE.suri %}
+{%-   elif GLOBALS.pcap_engine == "SURICATA" %}
      },     
      "suriquery": {
        "executablePath": "/opt/sensoroni/scripts/suriquery.sh",
        "pcapInputPath": "/nsm/suripcap",
        "pcapOutputPath": "/nsm/pcapout"
      }
-{%- endif %}
+{%-   endif %}
 {%- else %}
      }
 {%- endif %}
--- a/salt/suricata/enabled.sls
+++ b/salt/suricata/enabled.sls
@@ -12,9 +12,9 @@
 include:
  - suricata.config
  - suricata.sostatus
-  if blah
+{%   if GLOBALS.pcap_engine == "SURICATA" %}
  - suricata.pcap
-  endif
+{%   endif %}
 so-suricata:
  docker_container.running:
--- a/salt/suricata/pcap.sls
+++ b/salt/suricata/pcap.sls
@@ -1,6 +1,5 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
-{% import_yaml 'suricata/defaults.yaml' as SURICATADEFAULTS %}
+{% from 'suricata/map.jinja' import SURICATAMERGED %}
 {% set SURICATAMERGED = salt['pillar.get']('suricata', SURICATADEFAULTS.suricata, merge=True) %}
 suripcapdir:
  file.directory:
@@ -10,16 +9,14 @@ suripcapdir:
    - mode: 755
    - makedirs: True
 {{ SURICATAMERGED.config['af-packet'].threads }}
-for thread in afp.threads
+{% for i in range(1, SURICATAMERGED.config['af-packet'].threads) + 1) %}
-suripcapthreaddir:
+suripcapthread{{i}}dir:
  file.directory:
-    - name: /nsm/suripcap/{{thread}}
+    - name: /nsm/suripcap/{{i}}
    - user: 940
    - group: 939
    - mode: 755
    - makedirs: True
-endfor
+{% endfor %}
--- a/salt/telegraf/config.sls
+++ b/salt/telegraf/config.sls
@@ -41,6 +41,8 @@ tgraf_sync_script_{{script}}:
    - mode: 770
    - template: jinja
    - source: salt://telegraf/scripts/{{script}}
    - defaults:
        GLOBALS: {{ GLOBALS }}
 {% endfor %}
 telegraf_sbin:
--- a/salt/telegraf/scripts/oldpcap.sh
+++ b/salt/telegraf/scripts/oldpcap.sh
@@ -5,13 +5,12 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
-{%- if pcap is steno
+{%- if GLOBALS.pcap_engine == "SURICATA" %}
 PCAPLOC=/host/nsm/pcap
 {%- else %}
 PCAPLOC=/host/nsm/suripcap
 {%- else %}
 PCAPLOC=/host/nsm/pcap
 {%- endif %}
 # if this script isn't already running
 if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
--- a/salt/vars/globals.map.jinja
+++ b/salt/vars/globals.map.jinja
@@ -1,5 +1,6 @@
 {% import 'vars/init.map.jinja' as INIT %}
 {% from 'docker/docker.map.jinja' import DOCKER %}
 {% from 'global/map.jinja' import GLOBALMERGED %}
 {% from 'vars/' ~ INIT.GRAINS.role.split('-')[1] ~ '.map.jinja' import ROLE_GLOBALS %} {# role is so-role so we have to split off the 'so' #}
@@ -20,6 +21,7 @@
    'influxdb_host': INIT.PILLAR.global.influxdb_host,
    'manager_ip': INIT.PILLAR.global.managerip,
    'md_engine': INIT.PILLAR.global.mdengine,
    'pcap_engine': GLOBALMERGED.pcapengine
    'pipeline': INIT.PILLAR.global.pipeline,
    'so_version': INIT.PILLAR.global.soversion,
    'so_docker_gateway': DOCKER.gateway,
		`@@ -0,0 +1,2 @@`
							`{% import_yaml 'global/defaults.yaml' as GLOBALDEFAULTS %}`
							`{% set GLOBALMERGED = salt['pillar.get']('global', GLOBALDEFAULTS.global, merge=True) %}`