Rewrite docs

Security-Onion-Solutions · Nov 7, 2024 · f5bd8ab · f5bd8ab
1 parent 28d468d
commit f5bd8ab
Showing 1 changed file with 62 additions and 14 deletions.
diff --git a/salt/soc/files/soc/detections_custom_repo_template_readme.jinja b/salt/soc/files/soc/detections_custom_repo_template_readme.jinja
@@ -8,15 +8,39 @@ Just add your rule file and commit it.
 
 For example:
 
-First, create the rule file; make sure to create the file with a .yar extension
-`sudo vi my_custom_rule.yar`
+** Note: If this is your first time making changes to this repo, you may run into the following error:
 
-Next, use git to stage the new rule to be commited:
-`sudo git add my_custom_rule.yar`
+fatal: detected dubious ownership in repository at '/nsm/rules/custom-local-repos/local-yara'
+To add an exception for this directory, call:
+	git config --global --add safe.directory /nsm/rules/custom-local-repos/local-yara
 
-Finally, commit it.
-If this is your first time making changes to this repo, you will be asked to set some configuration.
-`sudo git commit -m "Initial commit of my_custom_rule.yar"`
+This means that the user you are running commands as does not match the user that is used for this git repo (socore).
+You will need to make sure your rule files are accessible to the socore user, so either su to socore 
+or add the exception and then chown the rule files later.
+
+Also, you will be asked to set some configuration:
+```
+Author identity unknown
+*** Please tell me who you are.
+Run
+  git config --global user.email "[email protected]"
+  git config --global user.name "Your Name"
+to set your account's default identity.
+Omit --global to set the identity only in this repository.
+```
+
+Run these commands, ommitting the `--global`.
+
+With that out of the way:
+
+First, create the rule file with a .yar extension:
+`vi my_custom_rule.yar`
+
+Next, use git to stage the new rule to be committed:
+`git add my_custom_rule.yar`
+
+Finally, commit it:
+`git commit -m "Initial commit of my_custom_rule.yar"`
 
 The next time the Strelka / YARA engine syncs, the new rule should be imported
 If there are errors, review the sync log to troubleshoot further.
@@ -31,15 +55,39 @@ Just add your rule file and commit it.
 
 For example:
 
-First, create the rule file; make sure to create the file with a .yaml|.yml extension
-`sudo vi my_custom_rule.yml`
+** Note: If this is your first time making changes to this repo, you may run into the following error:
+
+fatal: detected dubious ownership in repository at '/nsm/rules/custom-local-repos/local-sigma'
+To add an exception for this directory, call:
+	git config --global --add safe.directory /nsm/rules/custom-local-repos/local-sigma
+
+This means that the user you are running commands as does not match the user that is used for this git repo (socore).
+You will need to make sure your rule files are accessible to the socore user, so either su to socore 
+or add the exception and then chown the rule files later.
+
+Also, you will be asked to set some configuration:
+```
+Author identity unknown
+*** Please tell me who you are.
+Run
+  git config --global user.email "[email protected]"
+  git config --global user.name "Your Name"
+to set your account's default identity.
+Omit --global to set the identity only in this repository.
+```
+
+Run these commands, ommitting the `--global`.
+
+With that out of the way:
+
+First, create the rule file with a .yml or .yaml extension:
+`vi my_custom_rule.yml`
 
-Next, use git to stage the new rule to be commited:
-`sudo git add my_custom_rule.yml`
+Next, use git to stage the new rule to be committed:
+`git add my_custom_rule.yml`
 
-Finally, commit it.
-If this is your first time making changes to this repo, you will be asked to set some configuration.
-`sudo git commit -m "Initial commit of my_custom_rule.yml"`
+Finally, commit it:
+`git commit -m "Initial commit of my_custom_rule.yml"`
 
 The next time the Elastalert / Sigma engine syncs, the new rule should be imported
 If there are errors, review the sync log to troubleshoot further.