CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-22 02:08:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add salt states for custom Zeek package loading

Browse Source 
Create /opt/so/conf/zeek/zkg directory and sync custom packages
from the manager via file.recurse. Bind mount the directory into
the so-zeek container so the entrypoint can install packages on
startup.
This commit is contained in:
Mike Reeves
2026-03-17 13:22:59 -04:00
parent 70597a77ab
commit e6ee7dac7c
3 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/zeek/config.sls
+14
View File
@@ -32,6 +32,20 @@ zeekpolicydir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
zeekzkgdir:
file.directory:
- name: /opt/so/conf/zeek/zkg
- user: 937
- group: 939
- makedirs: True
zeekzkgsync:
file.recurse:
- name: /opt/so/conf/zeek/zkg
- source: salt://zeek/zkg
- user: 937
- group: 939
# Zeek Log Directory # Zeek Log Directory
zeeklogdir: zeeklogdir:
file.directory: file.directory:
salt/zeek/enabled.sls
+1
View File
@@ -35,6 +35,7 @@ so-zeek:
- /opt/so/conf/zeek/policy/intel:/opt/zeek/share/zeek/policy/intel:rw - /opt/so/conf/zeek/policy/intel:/opt/zeek/share/zeek/policy/intel:rw
- /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro - /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro
- /opt/so/conf/zeek/config.zeek:/opt/zeek/share/zeek/site/packages/ja4/config.zeek:ro - /opt/so/conf/zeek/config.zeek:/opt/zeek/share/zeek/site/packages/ja4/config.zeek:ro
- /opt/so/conf/zeek/zkg:/opt/so/conf/zeek/zkg:ro
{% if DOCKER.containers['so-zeek'].custom_bind_mounts %} {% if DOCKER.containers['so-zeek'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-zeek'].custom_bind_mounts %} {% for BIND in DOCKER.containers['so-zeek'].custom_bind_mounts %}
- {{ BIND }} - {{ BIND }}
salt/zeek/zkg/README
+1
View File
@@ -0,0 +1 @@
# Place custom Zeek packages in /opt/so/saltstack/local/salt/zeek/zkg/