Stopping so-ruleupdatecron from occuring. #10430
-
|
Good morning everyone, In the Manager (path: root/SecurityOnion/salt/idstools/init.sls ) there is a line that updates all.rules: so-ruleupdatecron: We would like to ensure that all.rules is not updated. and have changed the above to the following: We directly edited the all.rules file and added a useless Suricata rule to test if all.rules would still be written over and it still appears to have been updated despite changing cron to absent. Does anyone know why this failed and how we can prevent all.rules from updating? Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Where was this sls file located that you made a edit to? If you are going to make changes to a component in Security Onion, you would need to copy over the default salt config file (in your case for idstools, the default location for this file is: /opt/so/saltstack/default/salt/idstools/init.sls) to /opt/so/saltstack/local/salt/idstools/(.) You make your changes there, and not in the installation or default directories. Doing so will overwrite any changes made when a update to the instance is done. I hope this helps. |
Beta Was this translation helpful? Give feedback.
Where was this sls file located that you made a edit to? If you are going to make changes to a component in Security Onion, you would need to copy over the default salt config file (in your case for idstools, the default location for this file is: /opt/so/saltstack/default/salt/idstools/init.sls) to /opt/so/saltstack/local/salt/idstools/(.) You make your changes there, and not in the installation or default directories. Doing so will overwrite any changes made when a update to the instance is done.
I hope this helps.