Exclude README from zkg sync

Consolidate zkg directory creation into file.recurse with makedirs
Add salt states for custom Zeek package loading
2026-03-24 05:22:38 +01:00 · 2026-03-17 13:36:56 -04:00 · 2026-03-17 13:36:03 -04:00 · 2026-03-17 13:22:59 -04:00
3 changed files with 11 additions and 0 deletions
--- a/salt/zeek/config.sls
+++ b/salt/zeek/config.sls
@@ -32,6 +32,15 @@ zeekpolicydir:
    - group: 939
    - makedirs: True
 zeekzkgsync:
  file.recurse:
    - name: /opt/so/conf/zeek/zkg
    - source: salt://zeek/zkg
    - user: 937
    - group: 939
    - makedirs: True
    - exclude_pat: README
 # Zeek Log Directory
 zeeklogdir:
  file.directory:
--- a/salt/zeek/enabled.sls
+++ b/salt/zeek/enabled.sls
@@ -35,6 +35,7 @@ so-zeek:
      - /opt/so/conf/zeek/policy/intel:/opt/zeek/share/zeek/policy/intel:rw
      - /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro
      - /opt/so/conf/zeek/config.zeek:/opt/zeek/share/zeek/site/packages/ja4/config.zeek:ro
      - /opt/so/conf/zeek/zkg:/opt/so/conf/zeek/zkg:ro
      {% if DOCKER.containers['so-zeek'].custom_bind_mounts %}
        {% for BIND in DOCKER.containers['so-zeek'].custom_bind_mounts %}
      - {{ BIND }}
--- a/salt/zeek/zkg/README
+++ b/salt/zeek/zkg/README
@@ -0,0 +1 @@
 # Place custom Zeek packages in /opt/so/saltstack/local/salt/zeek/zkg/
Author	SHA1	Message	Date
Mike Reeves	e0e0e3e97b	Exclude README from zkg sync	2026-03-17 13:36:56 -04:00
Mike Reeves	6b039b3f94	Consolidate zkg directory creation into file.recurse with makedirs	2026-03-17 13:36:03 -04:00
Mike Reeves	e6ee7dac7c	Add salt states for custom Zeek package loading Create /opt/so/conf/zeek/zkg directory and sync custom packages from the manager via file.recurse. Bind mount the directory into the so-zeek container so the entrypoint can install packages on startup.	2026-03-17 13:22:59 -04:00
		`@@ -0,0 +1 @@`
							`# Place custom Zeek packages in /opt/so/saltstack/local/salt/zeek/zkg/`