CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add support to relaod rules instead of restart

Browse Source
This commit is contained in:
Mike Reeves
2024-08-29 12:55:06 -04:00
parent 9746f6e5e2
commit edce5186b9
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/suricata/enabled.sls
View File

@@ -57,7 +57,6 @@ so-suricata:
- watch: - watch:
- file: suriconfig - file: suriconfig
- file: surithresholding - file: surithresholding
- file: /opt/so/conf/suricata/rules/
- file: /opt/so/conf/suricata/bpf - file: /opt/so/conf/suricata/bpf
- file: suriclassifications - file: suriclassifications
- require: - require:
@@ -66,6 +65,12 @@ so-suricata:
- file: suribpf - file: suribpf
- file: suriclassifications - file: suriclassifications
surirulereload:
cmd.run:
- name: /usr/sbin/so-suricata-reload-rules
- watch:
- onchanges: surirulesync
delete_so-suricata_so-status.disabled: delete_so-suricata_so-status.disabled:
file.uncomment: file.uncomment:
- name: /opt/so/conf/so-status/so-status.conf - name: /opt/so/conf/so-status/so-status.conf

12
salt/suricata/tools/sbin/so-suricata-reload-rules Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/bash
#
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
docker exec -it so-suricata /opt/suricata/bin/suricatasc -c reload-rules /var/run/suricata/suricata-command.socket >> /opt/so/log/suricata/reload.log 2>&1