From eee612e73da33b9028a0e34e21cc7323c3970fca Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 27 Oct 2021 11:43:09 -0400
Subject: [PATCH] Make folder/file states explicit

Rather than using /nsm/zeek (max_depth: 1) create explicit states for /nsm/zeek/spool and /nsm/zeek/spool/state.db that set correct ownership
---
 salt/zeek/init.sls | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 5f5adfaa6..f83293742 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -90,11 +90,14 @@ zeekpolicysync:
 # Ensure the zeek spool tree (and state.db) ownership is correct
 zeekspoolownership:
   file.directory:
-    - name: /nsm/zeek
+    - name: /nsm/zeek/spool
     - user: 937
-    - max_depth: 1
-    - recurse:
-      - user
+zeekstatedbownership:
+  file.managed:
+    - name: /nsm/zeek/spool/state.db
+    - user: 937
+    - replace: False
+    - create: False
 
 # Sync Intel
 zeekintelloadsync:
@@ -247,4 +250,4 @@ delete_so-zeek_so-status.disabled:
   test.fail_without_changes:
     - name: {{sls}}_state_not_allowed
 
-{% endif %}
\ No newline at end of file
+{% endif %}