Bro Salt Module - add file syncs

2025-12-06 17:22:49 +01:00 · 2018-03-06 09:41:46 -05:00
parent e519b04a42
commit f3f531afd2
4 changed files with 66 additions and 28 deletions
--- a/salt/bro/files/local.bro
+++ b/salt/bro/files/local.bro
@@ -122,7 +122,7 @@
@load securityonion/shellshock
 #############################
-##  End SO Scrips Section  ##
+##  End SO Scripts Section  ##
 #############################
 #############################
--- a/salt/bro/files/node.cfg
+++ b/salt/bro/files/node.cfg
@@ -1,19 +1,33 @@
-{%- set interface = salt['pillar.get'](sensor:interface) %}
+{%- set interface = salt['pillar.get']('sensor:interface', '') %}
-{%- set lbprocs = salt['pillar.get'](sensor:lbprocs) %}
+
 {%- if salt['pillar.get']('sensor:bro_pins')|length > 1 %}
 {%- if salt['pillar.get']('sensor:bro_proxies'|length > 1) %}
  {%- set proxies =  salt['pillar.get']('sensor:bro_proxies') %}
 {%- else %}
  {%- set proxies = (salt['pillar.get']('sensor:bro_pins')|length/10)|round(0, 'ceil')|int %}
 {%- endif %}
 [manager]
 type=manager
 host=localhost
-[proxy]
+{%- for demproxies in range(proxies) %}
 [proxy-{{ demproxies }}]
 type=proxy
 host=localhost
-[sotest-eth1]
+[worker-1]
 type=worker
 host=localhost
 interface=af_packet::{{ interface }}
 lb_method=custom
 {%- if salt['pillar.get']('sensor:bro_lbprocs'|length > 1) %}
 lb_procs={{ lbprocs }}
 {%- else %}
 lb_procs={{ salt['pillar.get']('sensor:bro_pins')|length }}
 {%- endif %}
 {%- if salt['pillar.get']('sensor:bro_pins'|length > 1) %}
 pin_cpus={{ salt['pillar.get']('sensor:bro_pins')|join(", ") }}
 {%- endif %}
 af_packet_fanout_id=23
 af_packet_fanout_mode=AF_Packet::FANOUT_HASH
 af_packet_buffer_size=128*1024*1024
--- a/salt/bro/init.sls
+++ b/salt/bro/init.sls
@@ -6,30 +6,53 @@ bro:
    - gid: 937
    - home: /home/bro
-file.directory:
+# Create some directories
-  - name: /opt/so/conf/bro
+bropolicydir:
-  - user: 937
+  file.directory:
  - group: 939
 file.directory:
    - name: /opt/so/conf/bro/policy
    - user: 937
    - group: 939
    - makedirs: True
 # Sync the policies
 bropolicysync:
  file.recurse:
    - name: /opt/so/conf/bro/policy
    - source: salt://bro/policy
    - user: 937
    - group: 939
    - template: jinja
 # Sync local.bro
 localbrosync:
  file.managed:
    - name: /opt/so/conf/bro/local.bro
    - source: salt://bro/files/local.bro
    - user: 937
    - group: 939
    - template: jinja
 # Sync node.cfg
 nodecfgsync:
  file.managed:
    - name: /opt/so/conf/bro/node.cfg
    - source: salt://bro/files/node.config
    - user: 937
    - group: 939
    - template: jinja
 # Add the container
-so-bro:
+#so-bro:
-  dockerng.running:
+#  dockerng.running:
-    - image: {{ dockerrepo }}/so-bro:{{ broversion }}
+#    - image: {{ dockerrepo }}/so-bro:{{ broversion }}
-    - hostname: bro
+#    - hostname: bro
-    - user: bro
+#    - user: bro
-    - priviledged: true
+#    - priviledged: true
-    - binds:
+#    - binds:
-      - /nsm/bro/logs:/nsm/bro/logs:rw
+#      - /nsm/bro/logs:/nsm/bro/logs:rw
-      - /nsm/bro/spool:/nsm/bro/spool:rw
+#      - /nsm/bro/spool:/nsm/bro/spool:rw
-      - /opt/so/conf/bro/etc:/opt/bro/etc:ro
+#      - /opt/so/conf/bro/etc:/opt/bro/etc:ro
-      - /opt/so/conf/bro/etc/node.cfg:/opt/bro/etc/node.cfg:ro
+#      - /opt/so/conf/bro/etc/node.cfg:/opt/bro/etc/node.cfg:ro
-      - /opt/so/conf/share/bro:/opt/bro/share/bro:ro
+#      - /opt/so/conf/share/bro:/opt/bro/share/bro:ro
-    - network_mode: host
+#    - network_mode: host
 # Add Bro cron
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -3,6 +3,7 @@ base:
    - common
    - pcap
    - suricata
    - bro
  'G@role:eval':
    - common