Bro Salt Module - add file syncs

salt/bro/files/local.bro

@@ -122,7 +122,7 @@
 @load securityonion/shellshock
 
 #############################
-##  End SO Scrips Section  ##
+##  End SO Scripts Section  ##
 #############################
 
 #############################

salt/bro/files/node.cfg

@@ -1,19 +1,33 @@
-{%- set interface = salt['pillar.get'](sensor:interface) %}
-{%- set lbprocs = salt['pillar.get'](sensor:lbprocs) %}
+{%- set interface = salt['pillar.get']('sensor:interface', '') %}
+
+{%- if salt['pillar.get']('sensor:bro_pins')|length > 1 %}
+{%- if salt['pillar.get']('sensor:bro_proxies'|length > 1) %}
+  {%- set proxies =  salt['pillar.get']('sensor:bro_proxies') %}
+{%- else %}
+  {%- set proxies = (salt['pillar.get']('sensor:bro_pins')|length/10)|round(0, 'ceil')|int %}
+{%- endif %}
 [manager]
 type=manager
 host=localhost
 
-[proxy]
+{%- for demproxies in range(proxies) %}
+[proxy-{{ demproxies }}]
 type=proxy
 host=localhost
 
-[sotest-eth1]
+[worker-1]
 type=worker
 host=localhost
 interface=af_packet::{{ interface }}
 lb_method=custom
+{%- if salt['pillar.get']('sensor:bro_lbprocs'|length > 1) %}
 lb_procs={{ lbprocs }}
+{%- else %}
+lb_procs={{ salt['pillar.get']('sensor:bro_pins')|length }}
+{%- endif %}
+{%- if salt['pillar.get']('sensor:bro_pins'|length > 1) %}
+pin_cpus={{ salt['pillar.get']('sensor:bro_pins')|join(", ") }}
+{%- endif %}
 af_packet_fanout_id=23
 af_packet_fanout_mode=AF_Packet::FANOUT_HASH
 af_packet_buffer_size=128*1024*1024

salt/bro/init.sls

@@ -6,30 +6,53 @@ bro:
     - gid: 937
     - home: /home/bro
 
-file.directory:
-  - name: /opt/so/conf/bro
-  - user: 937
-  - group: 939
+# Create some directories
+bropolicydir:
+  file.directory:
+    - name: /opt/so/conf/bro/policy
+    - user: 937
+    - group: 939
+    - makedirs: True
 
-file.directory:
-  - name: /opt/so/conf/bro/policy
-  - user: 937
-  - group: 939
+# Sync the policies
+bropolicysync:
+  file.recurse:
+    - name: /opt/so/conf/bro/policy
+    - source: salt://bro/policy
+    - user: 937
+    - group: 939
+    - template: jinja
 
+# Sync local.bro
+localbrosync:
+  file.managed:
+    - name: /opt/so/conf/bro/local.bro
+    - source: salt://bro/files/local.bro
+    - user: 937
+    - group: 939
+    - template: jinja
+
+# Sync node.cfg
+nodecfgsync:
+  file.managed:
+    - name: /opt/so/conf/bro/node.cfg
+    - source: salt://bro/files/node.config
+    - user: 937
+    - group: 939
+    - template: jinja
+    
 # Add the container
 
-so-bro:
-  dockerng.running:
-    - image: {{ dockerrepo }}/so-bro:{{ broversion }}
-    - hostname: bro
-    - user: bro
-    - priviledged: true
-    - binds:
-      - /nsm/bro/logs:/nsm/bro/logs:rw
-      - /nsm/bro/spool:/nsm/bro/spool:rw
-      - /opt/so/conf/bro/etc:/opt/bro/etc:ro
-      - /opt/so/conf/bro/etc/node.cfg:/opt/bro/etc/node.cfg:ro
-      - /opt/so/conf/share/bro:/opt/bro/share/bro:ro
-    - network_mode: host
-
-# Add Bro cron
+#so-bro:
+#  dockerng.running:
+#    - image: {{ dockerrepo }}/so-bro:{{ broversion }}
+#    - hostname: bro
+#    - user: bro
+#    - priviledged: true
+#    - binds:
+#      - /nsm/bro/logs:/nsm/bro/logs:rw
+#      - /nsm/bro/spool:/nsm/bro/spool:rw
+#      - /opt/so/conf/bro/etc:/opt/bro/etc:ro
+#      - /opt/so/conf/bro/etc/node.cfg:/opt/bro/etc/node.cfg:ro
+#      - /opt/so/conf/share/bro:/opt/bro/share/bro:ro
+#    - network_mode: host

salt/top.sls

@@ -3,6 +3,7 @@ base:
     - common
     - pcap
     - suricata
+    - bro
 
   'G@role:eval':
     - common