Merge remote-tracking branch 'origin/2.4/dev' into feature/fleet-artifacts

2025-12-06 17:22:49 +01:00 · 2024-02-10 10:57:46 -05:00
parent 683abf0179 94b6e781bb
commit feabb7c51f
11 changed files with 26 additions and 15 deletions
--- a/files/salt/master/master
+++ b/files/salt/master/master
@@ -41,9 +41,8 @@ file_roots:
  base:
    - /opt/so/saltstack/local/salt
    - /opt/so/saltstack/default/salt
    - /opt/so/rules
  elasticartifacts:
    - /nsm/elastic-fleet/artifacts
    - /opt/so/rules/nids
 # The master_roots setting configures a master-only copy of the file_roots dictionary,
 # used by the state compiler.
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-grid-upgrade
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-grid-upgrade
@@ -1,3 +1,5 @@
 #!/bin/bash
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
 # this file except in compliance with the Elastic License 2.0.
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-es-url-update
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-es-url-update
@@ -1,3 +1,5 @@
 #!/bin/bash
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
 # this file except in compliance with the Elastic License 2.0.
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update
@@ -1,3 +1,5 @@
 #!/bin/bash
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
 # this file except in compliance with the Elastic License 2.0.
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-urls-update
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-urls-update
@@ -1,3 +1,5 @@
 #!/bin/bash
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
 # this file except in compliance with the Elastic License 2.0.
--- a/salt/idstools/enabled.sls
+++ b/salt/idstools/enabled.sls
@@ -39,7 +39,7 @@ so-idstools:
    {% endif %}
    - binds:
      - /opt/so/conf/idstools/etc:/opt/so/idstools/etc:ro
-      - /opt/so/rules/nids:/opt/so/rules/nids:rw
+      - /opt/so/rules/nids/suri:/opt/so/rules/nids/suri:rw
      - /nsm/rules/:/nsm/rules/:rw
    {% if DOCKER.containers['so-idstools'].custom_bind_mounts %}
      {% for BIND in DOCKER.containers['so-idstools'].custom_bind_mounts %}
--- a/salt/idstools/etc/rulecat.conf
+++ b/salt/idstools/etc/rulecat.conf
@@ -1,10 +1,10 @@
 {%- from 'vars/globals.map.jinja' import GLOBALS -%}
 {%- from 'idstools/map.jinja' import IDSTOOLSMERGED -%}
--merged=/opt/so/rules/nids/all.rules
+--merged=/opt/so/rules/nids/suri/all.rules
--local=/opt/so/rules/nids/local.rules
+--local=/opt/so/rules/nids/suri/local.rules
 {%-   if GLOBALS.md_engine == "SURICATA" %}
--local=/opt/so/rules/nids/extraction.rules
+--local=/opt/so/rules/nids/suri/extraction.rules
--local=/opt/so/rules/nids/filters.rules
+--local=/opt/so/rules/nids/suri/filters.rules
 {%-   endif %}
 --url=http://{{ GLOBALS.manager }}:7788/suricata/emerging-all.rules
 --disable=/opt/so/idstools/etc/disable.conf
--- a/salt/idstools/sync_files.sls
+++ b/salt/idstools/sync_files.sls
@@ -21,7 +21,7 @@ idstoolsetcsync:
 rulesdir:
  file.directory:
-    - name: /opt/so/rules/nids
+    - name: /opt/so/rules/nids/suri
    - user: 939
    - group: 939
    - makedirs: True
@@ -29,7 +29,7 @@ rulesdir:
 # Don't show changes because all.rules can be large
 synclocalnidsrules:
  file.recurse:
-    - name: /opt/so/rules/nids/
+    - name: /opt/so/rules/nids/suri/
    - source: salt://idstools/rules/
    - user: 939
    - group: 939
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -605,7 +605,11 @@ up_to_2.4.50() {
  # post upgrade changes. POSTVERSION set to INSTALLEDVERSION at start of soup
  cp -v /etc/salt/master "/etc/salt/master.so-$POSTVERSION.bak"
  echo "Adding /opt/so/rules to file_roots in /etc/salt/master using so-yaml"
-  so-yaml.py append /etc/salt/master file_roots.base /opt/so/rules
+  so-yaml.py append /etc/salt/master file_roots.base /opt/so/rules/nids
  echo "Moving Suricata rules"
  mkdir /opt/so/rules/nids/suri
  chown socore:socore /opt/so/rules/nids/suri
  mv -v /opt/so/rules/nids/*.rules /opt/so/rules/nids/suri/.
  INSTALLEDVERSION=2.4.50
 }
--- a/salt/suricata/config.sls
+++ b/salt/suricata/config.sls
@@ -84,12 +84,12 @@ suridatadir:
    - mode: 770
    - makedirs: True
-# salt:// would resolve to /opt/so/rules because of the defined file_roots and
+# salt:// would resolve to /opt/so/rules/nids because of the defined file_roots and
-# nids not existing under /opt/so/saltstack/local/salt or /opt/so/saltstack/default/salt
+#  not existing under /opt/so/saltstack/local/salt or /opt/so/saltstack/default/salt
 surirulesync:
  file.recurse:
    - name: /opt/so/conf/suricata/rules/
-    - source: salt://nids/
+    - source: salt://suri/
    - user: 940
    - group: 940
    - show_changes: False
--- a/salt/suricata/manager.sls
+++ b/salt/suricata/manager.sls
@@ -13,7 +13,7 @@ ruleslink:
    - name: /opt/so/saltstack/local/salt/suricata/rules
    - user: socore
    - group: socore
-    - target: /opt/so/rules/nids
+    - target: /opt/so/rules/nids/suri
 refresh_salt_master_fileserver_suricata_ruleslink:
  salt.runner:
@@ -27,4 +27,4 @@ refresh_salt_master_fileserver_suricata_ruleslink:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
-{% endif %}
+{% endif %}