Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add white_list.rules and black_list.rules to worker sync #9

Merged
merged 1 commit into from Jul 22, 2019

Conversation

@Ucnt
Copy link
Contributor

commented Jul 21, 2019

With pulledpork.conf having black_list=/etc/nsm/rules/black_list.rules:

Maybe I was doing something wrong with my worker architecture sync but doing rule-udpate on the master and worker didn't pull the white_list.rules and black_list.rules over from /etc/nsm/rules until I added these lines to the worker's sync.

Once added and run on the worker, it pulled the lists from the master and properly alerted.

@dougburks

This comment has been minimized.

Copy link
Contributor

commented Jul 22, 2019

Hi @Ucnt ,

Thanks for taking the time to submit a pull request!

Maybe I was doing something wrong with my worker architecture sync but doing rule-udpate on the master and worker didn't pull the white_list.rules and black_list.rules over from /etc/nsm/rules until I added these lines to the worker's sync.

Our current default for distributed deployments is to run salt instead of the older rule-update script and salt automatically replicates the entire /etc/nsm/rules/ directory so this is not an issue for salt users. But we can go ahead and merge your PR for the benefit of folks still running the older rule-update script.

Thanks again!

@dougburks dougburks merged commit 08ce0e0 into Security-Onion-Solutions:master Jul 22, 2019

@Ucnt

This comment has been minimized.

Copy link
Contributor Author

commented Jul 22, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.