Suricata Airgap

salt/idstools/etc/rulecat.conf

@@ -1,12 +1,12 @@
-{%- from 'vars/globals.map.jinja' import GLOBALS %}
-{%- from 'idstools/map.jinja' import IDSTOOLSMERGED %}
+{%- from 'vars/globals.map.jinja' import GLOBALS -%}
+{%- from 'idstools/map.jinja' import IDSTOOLSMERGED -%}
 --merged=/nsm/rules/suricata/all.rules
 --local=/nsm/rules/local/local.rules
 {%-   if GLOBALS.md_engine == "SURICATA" %}
 --local=/nsm/rules/sorules/ids/extraction.rules
 --local=/nsm/rules/sorules/filters.rules
 {%-   endif %}
---url=http://{{ GLOBALS.manager }}:7788/rules/emerging-all.rules
+--url=http://{{ GLOBALS.manager }}:7788/suricata/emerging-all.rules
 --disable=/opt/so/idstools/etc/disable.conf
 --enable=/opt/so/idstools/etc/enable.conf
 --modify=/opt/so/idstools/etc/modify.conf

salt/nginx/enabled.sls

@@ -42,6 +42,7 @@ so-nginx:
       - /opt/so/conf/navigator/enterprise-attack.json:/opt/socore/html/navigator/assets/enterprise-attack.json:ro
       - /opt/so/conf/navigator/pre-attack.json:/opt/socore/html/navigator/assets/pre-attack.json:ro
       - /nsm/repo:/opt/socore/html/repo:ro
+      - /nsm/rules:/nsm/rules:ro
       {% endif %}
       {% if DOCKER.containers['so-nginx'].custom_bind_mounts %}
         {% for BIND in DOCKER.containers['so-nginx'].custom_bind_mounts %}

salt/nginx/etc/nginx.conf

@@ -84,8 +84,8 @@ http {
 	server {
 		listen 7788;
 		server_name {{ GLOBALS.url_base }};
-		root /opt/socore/html/repo;
-		location /rules/ {
+		root /nsm/rules;
+		location / {
 			allow all;
 			sendfile on;
 			sendfile_max_chunk 1m;