From eff6a767c3438e03ae18827afc5fe226a253c995 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 17 Apr 2018 16:43:32 -0400
Subject: [PATCH] IDSTools Module - change local rules structure

---
 salt/idstools/etc/rulecat.conf                | 2 +-
 salt/idstools/init.sls                        | 7 +++++++
 salt/idstools/{etc => localrules}/local.rules | 0
 3 files changed, 8 insertions(+), 1 deletion(-)
 rename salt/idstools/{etc => localrules}/local.rules (100%)

diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf
index 87a881fb8..7affb6621 100644
--- a/salt/idstools/etc/rulecat.conf
+++ b/salt/idstools/etc/rulecat.conf
@@ -1,5 +1,5 @@
 --suricata-version 4.0
---merged=/opt/so/rules/nids/downloaded.rules
+--merged=/opt/so/rules/nids/all.rules
 --local=/opt/so/rules/nids/local.rules
 --disable=disable.conf
 --enable=enable.conf
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index fc9356316..642d8e08e 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -36,6 +36,13 @@ rulesdir:
     - group: 939
     - makedirs: True
 
+synclocalnidsrules:
+  file.managed:
+    - name: /opt/so/rules/local.rules
+    - source: salt://idstools/localrules/local.rules
+    - user: 939
+    - group: 939
+
 ruleslink:
   file.symlink:
     - name: /opt/so/saltstack/salt/idstools/rules
diff --git a/salt/idstools/etc/local.rules b/salt/idstools/localrules/local.rules
similarity index 100%
rename from salt/idstools/etc/local.rules
rename to salt/idstools/localrules/local.rules