CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12865 from Security-Onion-Solutions/issue/12637

Browse Source 
only apply ulimits to suricata container if user enable mmap-locked
This commit is contained in:
Josh Patterson
2024-04-25 10:08:05 -04:00
committed by GitHub
parent cc17de2184 2c7eb3c755
commit ed05d51969
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/suricata/enabled.sls
View File

@@ -7,6 +7,7 @@
{% if sls.split('.')[0] in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'docker/docker.map.jinja' import DOCKER %}
{% from 'suricata/map.jinja' import SURICATAMERGED %}
include:
@@ -24,7 +25,8 @@ so-suricata:
- {{ XTRAENV }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-suricata'].ulimits %}
{# we look at SURICATAMERGED.config['af-packet'][0] since we only allow one interface and therefore always the first list item #}
{% if SURICATAMERGED.config['af-packet'][0]['mmap-locked'] == "yes" and DOCKER.containers['so-suricata'].ulimits %}
- ulimits:
{% for ULIMIT in DOCKER.containers['so-suricata'].ulimits %}
- {{ ULIMIT }}