Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago Add the following in backend init.sls for OSSEC rules:
# Create the symlink for OSSEC rules to be synced
/opt/onionsalt/salt/sensor/ossec:
file.symlink:
- target: /var/ossec/rulesOriginal comment by doug.bu...@gmail.com on 27 Mar 2014 at 6:14
GoogleCodeExporter
commented
9 years ago [deleted comment][deleted comment]# Watch the NIDS rules and restart when needed
/etc/nsm/rules:
file.recurse:
# Don't mess with maxdepth or you will go on a recursed loop of pain
- maxdepth: 0
- source: salt://sensor/rules
restart-ids:
cmd.wait:
- name: /usr/sbin/nsm_sensor_ps-restart --only-snort-alert
- cwd: /
- watch:
- file: /etc/nsm/rules
restart-barnyard:
cmd.wait:
- name: /usr/sbin/nsm_sensor_ps-restart --only-barnyard2
- cwd: /
- watch:
- file: /etc/nsm/rules
# Watch the Bro policy directory and restart when needed
/opt/bro/share/bro/policy:
file.recurse:
- source: salt://sensor/bro/policy
# Sometimes Bro restart results in no logging, so disabling this for now
#restart-bro:
# cmd.wait:
# - name: /opt/bro/bin/broctl install; /opt/bro/bin/broctl restart
# - cwd: /
# - watch:
# - file: /opt/bro/share/bro/policy
# Watch the OSSEC rules and restart when needed
/var/ossec/rules:
file.recurse:
# Don't need to copy subdirectories so set maxdepth to 0
- maxdepth: 0
- source: salt://sensor/ossec
restart-ossec:
cmd.wait:
- name: service ossec-hids-server restart
- cwd: /
- watch:
- file: /var/ossec/rules
Original comment by doug.bu...@gmail.com on 28 Mar 2014 at 5:39
GoogleCodeExporter
commented
9 years ago Published:
http://blog.securityonion.net/2014/04/new-securityonion-onionsalt-package.htmlOriginal comment by doug.bu...@gmail.com on 21 Apr 2014 at 10:52
Original issue reported on code.google.com by
doug.bu...@gmail.comon 27 Mar 2014 at 6:02