CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-22 04:32:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

add status updates for pillar conversions

Browse Source
This commit is contained in:
Josh Patterson
2026-03-20 16:12:10 -04:00
parent e857a8487a
commit f0f9de4b44
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/manager/tools/sbin/soup
View File

@@ -384,6 +384,7 @@ check_minimum_version() {
### 3.0.0 Scripts ### ### 3.0.0 Scripts ###
convert_suricata_yes_no() { convert_suricata_yes_no() {
echo "Starting suricata yes/no values to true/false conversion."
local SURICATA_FILE=/opt/so/saltstack/local/pillar/suricata/soc_suricata.sls local SURICATA_FILE=/opt/so/saltstack/local/pillar/suricata/soc_suricata.sls
local MINIONDIR=/opt/so/saltstack/local/pillar/minions local MINIONDIR=/opt/so/saltstack/local/pillar/minions
local pillar_files=() local pillar_files=()
@@ -396,6 +397,7 @@ convert_suricata_yes_no() {
done done
for pillar_file in "${pillar_files[@]}"; do for pillar_file in "${pillar_files[@]}"; do
echo "Checking $pillar_file for suricata yes/no values."
local yaml_output local yaml_output
yaml_output=$(so-yaml.py get -r "$pillar_file" suricata 2>/dev/null) || continue yaml_output=$(so-yaml.py get -r "$pillar_file" suricata 2>/dev/null) || continue
@@ -416,24 +418,30 @@ find(yaml.safe_load(sys.stdin) or {})
while IFS=' ' read -r key value; do while IFS=' ' read -r key value; do
[[ -z "$key" ]] && continue [[ -z "$key" ]] && continue
if [[ "$value" == "yes" ]]; then if [[ "$value" == "yes" ]]; then
echo "Replacing suricata.${key} yes -> true in $pillar_file"
so-yaml.py replace "$pillar_file" "suricata.${key}" true so-yaml.py replace "$pillar_file" "suricata.${key}" true
else else
echo "Replacing suricata.${key} no -> false in $pillar_file"
so-yaml.py replace "$pillar_file" "suricata.${key}" false so-yaml.py replace "$pillar_file" "suricata.${key}" false
fi fi
done <<< "$keys_to_fix" done <<< "$keys_to_fix"
done done
echo "Completed suricata yes/no conversion."
} }
migrate_pcap_to_suricata() { migrate_pcap_to_suricata() {
echo "Starting pillar pcap.enabled to suricata.pcap.enabled migration."
local MINIONDIR=/opt/so/saltstack/local/pillar/minions local MINIONDIR=/opt/so/saltstack/local/pillar/minions
local PCAPFILE=/opt/so/saltstack/local/pillar/pcap/soc_pcap.sls local PCAPFILE=/opt/so/saltstack/local/pillar/pcap/soc_pcap.sls
for pillar_file in "$PCAPFILE" "$MINIONDIR"/*.sls; do for pillar_file in "$PCAPFILE" "$MINIONDIR"/*.sls; do
[[ -f "$pillar_file" ]] || continue [[ -f "$pillar_file" ]] || continue
pcap_enabled=$(so-yaml.py get -r "$pillar_file" pcap.enabled 2>/dev/null) || continue pcap_enabled=$(so-yaml.py get -r "$pillar_file" pcap.enabled 2>/dev/null) || continue
echo "Migrating pcap.enabled -> suricata.pcap.enabled in $pillar_file"
so-yaml.py add "$pillar_file" suricata.pcap.enabled "$pcap_enabled" so-yaml.py add "$pillar_file" suricata.pcap.enabled "$pcap_enabled"
so-yaml.py remove "$pillar_file" pcap so-yaml.py remove "$pillar_file" pcap
done done
echo "Completed pcap.enabled to suricata.pcap.enabled pillar migration."
} }
up_to_3.0.0() { up_to_3.0.0() {