mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-03-11 23:35:32 +01:00
Compare commits
1 Commits
delta
...
stenoclean
| Author | SHA1 | Date | |
|---|---|---|---|
|
b3ed54633f |
59
salt/pcap/cleanup.sls
Normal file
59
salt/pcap/cleanup.sls
Normal file
@@ -0,0 +1,59 @@
|
||||
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||
# Elastic License 2.0.
|
||||
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
{% if GLOBALS.is_sensor %}
|
||||
|
||||
delete_so-steno_so-status.conf:
|
||||
file.line:
|
||||
- name: /opt/so/conf/so-status/so-status.conf
|
||||
- mode: delete
|
||||
- match: so-steno
|
||||
|
||||
remove_stenographer_user:
|
||||
user.absent:
|
||||
- name: stenographer
|
||||
- force: True
|
||||
|
||||
remove_stenographer_log_dir:
|
||||
file.absent:
|
||||
- name: /opt/so/log/stenographer
|
||||
|
||||
remove_stenoloss_script:
|
||||
file.absent:
|
||||
- name: /opt/so/conf/telegraf/scripts/stenoloss.sh
|
||||
|
||||
remove_steno_conf_dir:
|
||||
file.absent:
|
||||
- name: /opt/so/conf/steno
|
||||
|
||||
remove_so_pcap_export:
|
||||
file.absent:
|
||||
- name: /usr/sbin/so-pcap-export
|
||||
|
||||
remove_so_pcap_restart:
|
||||
file.absent:
|
||||
- name: /usr/sbin/so-pcap-restart
|
||||
|
||||
remove_so_pcap_start:
|
||||
file.absent:
|
||||
- name: /usr/sbin/so-pcap-start
|
||||
|
||||
remove_so_pcap_stop:
|
||||
file.absent:
|
||||
- name: /usr/sbin/so-pcap-stop
|
||||
|
||||
so-steno:
|
||||
docker_container.absent:
|
||||
- force: True
|
||||
|
||||
{% else %}
|
||||
|
||||
{{sls}}.non_sensor_node:
|
||||
test.show_notification:
|
||||
- text: "Stenographer cleanup not applicable on non-sensor nodes."
|
||||
|
||||
{% endif %}
|
||||
@@ -85,6 +85,7 @@ base:
|
||||
- elastalert
|
||||
- utility
|
||||
- elasticfleet
|
||||
- pcap.cleanup
|
||||
|
||||
'*_standalone and G@saltversion:{{saltversion}} and not I@node_data:False':
|
||||
- match: compound
|
||||
@@ -116,6 +117,7 @@ base:
|
||||
- elasticfleet
|
||||
- stig
|
||||
- kafka
|
||||
- pcap.cleanup
|
||||
|
||||
'*_manager or *_managerhype and G@saltversion:{{saltversion}} and not I@node_data:False':
|
||||
- match: compound
|
||||
@@ -197,6 +199,7 @@ base:
|
||||
- suricata
|
||||
- zeek
|
||||
- elasticfleet
|
||||
- pcap.cleanup
|
||||
|
||||
'*_searchnode and G@saltversion:{{saltversion}}':
|
||||
- match: compound
|
||||
@@ -223,6 +226,7 @@ base:
|
||||
- strelka
|
||||
- elasticfleet.install_agent_grid
|
||||
- stig
|
||||
- pcap.cleanup
|
||||
|
||||
'*_heavynode and G@saltversion:{{saltversion}}':
|
||||
- match: compound
|
||||
@@ -240,6 +244,7 @@ base:
|
||||
- zeek
|
||||
- elasticfleet.install_agent_grid
|
||||
- elasticagent
|
||||
- pcap.cleanup
|
||||
|
||||
'*_receiver and G@saltversion:{{saltversion}}':
|
||||
- match: compound
|
||||
|
||||
Reference in New Issue
Block a user