CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12983 from Security-Onion-Solutions/fix/strelka

Browse Source 
fix strelka errors
This commit is contained in:
Josh Patterson
2024-05-09 12:04:40 -04:00
committed by GitHub
parent 656bf60fda c864fec70c
commit fb8456b4a6
4 changed files with 31 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/strelka/backend/enabled.sls
View File

@@ -43,7 +43,7 @@ strelka_backend:
{% endif %} {% endif %}
- restart_policy: on-failure - restart_policy: on-failure
- watch: - watch:
- file: strelkasensorrules - file: strelkasensorcompiledrules
delete_so-strelka-backend_so-status.disabled: delete_so-strelka-backend_so-status.disabled:
file.uncomment: file.uncomment:

11
salt/strelka/compile_yara/compile_yara.py
View File

@@ -20,7 +20,7 @@ def check_syntax(rule_file):
def compile_yara_rules(rules_dir): def compile_yara_rules(rules_dir):
compiled_dir = os.path.join(rules_dir, "compiled") compiled_dir = os.path.join(rules_dir, "compiled")
compiled_rules_path = [ os.path.join(compiled_dir, "rules.compiled"), "/opt/so/saltstack/default/salt/strelka/rules/compiled/rules.compiled" ] compiled_rules_path = "/opt/so/saltstack/local/salt/strelka/rules/compiled/rules.compiled"
rule_files = glob.glob(os.path.join(rules_dir, '**/*.yar'), recursive=True) rule_files = glob.glob(os.path.join(rules_dir, '**/*.yar'), recursive=True)
files_to_compile = {} files_to_compile = {}
removed_count = 0 removed_count = 0
@@ -57,9 +57,12 @@ def compile_yara_rules(rules_dir):
# Compile all remaining valid rules into a single file # Compile all remaining valid rules into a single file
if files_to_compile: if files_to_compile:
compiled_rules = yara.compile(filepaths=files_to_compile) compiled_rules = yara.compile(filepaths=files_to_compile)
for path in compiled_rules_path: compiled_rules.save(compiled_rules_path)
compiled_rules.save(path) print(f"All remaining rules compiled and saved into {compiled_rules_path}")
print(f"All remaining rules compiled and saved into {path}") # Remove the rules.compiled if there aren't any files to be compiled
else:
if os.path.exists(compiled_rules_path):
os.remove(compiled_rules_path)
# Print summary of compilation results # Print summary of compilation results
print(f"Summary: {success_count} rules compiled successfully, {removed_count} rules removed due to errors.") print(f"Summary: {success_count} rules compiled successfully, {removed_count} rules removed due to errors.")

65
salt/strelka/config.sls
View File

@@ -5,45 +5,21 @@
{% from 'allowed_states.map.jinja' import allowed_states %} {% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %} {% if sls.split('.')[0] in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% if GLOBALS.is_manager %}
include:
- strelka.manager
{% endif %}
# Strelka config # Strelka config
strelkaconfdir: strelkasensorcompiledrules:
file.directory:
- name: /opt/so/conf/strelka/rules/compiled/
- user: 939
- group: 939
- makedirs: True
strelkacompileyara:
file.managed:
- name: /opt/so/conf/strelka/compile_yara.py
- source: salt://strelka/compile_yara/compile_yara.py
- user: 939
- group: 939
- makedirs: True
strelkarulesdir:
file.directory:
- name: /opt/so/conf/strelka/rules
- user: 939
- group: 939
- makedirs: True
{%- if grains.role in ['so-sensor', 'so-heavynode'] %}
strelkasensorrules:
file.recurse: file.recurse:
- name: /opt/so/conf/strelka/rules/compiled/ - name: /opt/so/conf/strelka/rules/compiled/
- source: salt://strelka/rules/compiled/ - source: salt://strelka/rules/compiled/
- user: 939 - user: 939
- group: 939 - group: 939
- clean: True - clean: True
{%- endif %}
strelkareposdir:
file.directory:
- name: /opt/so/conf/strelka/repos
- user: 939
- group: 939
- makedirs: True - makedirs: True
strelkadatadir: strelkadatadir:
@@ -58,7 +34,18 @@ strelkalogdir:
- name: /nsm/strelka/log - name: /nsm/strelka/log
- user: 939 - user: 939
- group: 939 - group: 939
- makedirs: True
strelkagkredisdatadir:
file.directory:
- name: /nsm/strelka/gk-redis-data
- user: 939
- group: 939
strelkacoordredisdatadir:
file.directory:
- name: /nsm/strelka/coord-redis-data
- user: 939
- group: 939
strelka_sbin: strelka_sbin:
file.recurse: file.recurse:
@@ -68,20 +55,6 @@ strelka_sbin:
- group: 939 - group: 939
- file_mode: 755 - file_mode: 755
strelkagkredisdatadir:
file.directory:
- name: /nsm/strelka/gk-redis-data
- user: 939
- group: 939
- makedirs: True
strelkacoordredisdatadir:
file.directory:
- name: /nsm/strelka/coord-redis-data
- user: 939
- group: 939
- makedirs: True
{% else %} {% else %}
{{sls}}_state_not_allowed: {{sls}}_state_not_allowed:

16
salt/strelka/manager.sls
View File

@@ -4,12 +4,13 @@
# Elastic License 2.0. # Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %} {% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls in allowed_states %} {# if strelka.manager or strelka in allowed_states #}
{% if sls in allowed_states or sls.split('.')[0] in allowed_states %}
# Strelka config # Strelka config
strelkaconfdir: strelkarulesdir:
file.directory: file.directory:
- name: /opt/so/conf/strelka/rules/compiled/ - name: /opt/so/conf/strelka/rules
- user: 939 - user: 939
- group: 939 - group: 939
- makedirs: True - makedirs: True
@@ -20,21 +21,12 @@ strelkacompileyara:
- source: salt://strelka/compile_yara/compile_yara.py - source: salt://strelka/compile_yara/compile_yara.py
- user: 939 - user: 939
- group: 939 - group: 939
- makedirs: True
strelkarulesdir:
file.directory:
- name: /opt/so/conf/strelka/rules
- user: 939
- group: 939
- makedirs: True
strelkareposdir: strelkareposdir:
file.directory: file.directory:
- name: /opt/so/conf/strelka/repos - name: /opt/so/conf/strelka/repos
- user: 939 - user: 939
- group: 939 - group: 939
- makedirs: True
{% else %} {% else %}