From ea085c5ff6aafb1e06b5851e8731c934c6fc3ccf Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 29 Sep 2023 21:38:13 -0400 Subject: [PATCH 01/22] more known errors --- salt/common/tools/sbin/so-log-check | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/common/tools/sbin/so-log-check b/salt/common/tools/sbin/so-log-check index 63a33c4ee..ba5285bf3 100755 --- a/salt/common/tools/sbin/so-log-check +++ b/salt/common/tools/sbin/so-log-check @@ -105,6 +105,7 @@ if [[ $EXCLUDE_STARTUP_ERRORS == 'Y' ]]; then EXCLUDED_ERRORS="$EXCLUDED_ERRORS|missing shards" # server not yet ready EXCLUDED_ERRORS="$EXCLUDED_ERRORS|failed to send metrics" # server not yet ready EXCLUDED_ERRORS="$EXCLUDED_ERRORS|broken pipe" # server not yet ready + EXCLUDED_ERRORS="$EXCLUDED_ERRORS|status: 502" # server not yet ready (nginx waiting on upstream) EXCLUDED_ERRORS="$EXCLUDED_ERRORS|timeout exceeded" # server not yet ready (telegraf waiting on elasticsearch) EXCLUDED_ERRORS="$EXCLUDED_ERRORS|influxsize kbytes" # server not yet ready (telegraf waiting on influx) EXCLUDED_ERRORS="$EXCLUDED_ERRORS|expected field at" # server not yet ready (telegraf waiting on health data) @@ -153,6 +154,8 @@ if [[ $EXCLUDE_KNOWN_ERRORS == 'Y' ]]; then EXCLUDED_ERRORS="$EXCLUDED_ERRORS|generating elastalert config" # playbook expected error EXCLUDED_ERRORS="$EXCLUDED_ERRORS|activerecord" # playbook expected error EXCLUDED_ERRORS="$EXCLUDED_ERRORS|monitoring.metrics" # known issue with elastic agent casting the field incorrectly if an integer value shows up before a float + EXCLUDED_ERRORS="$EXCLUDED_ERRORS|repodownload.conf does not" # known issue with reposync on pre-2.4.20 + EXCLUDED_ERRORS="$EXCLUDED_ERRORS|missing versions record" # stenographer corrupt index EXCLUDED_ERRORS="$EXCLUDED_ERRORS|iteration" EXCLUDED_ERRORS="$EXCLUDED_ERRORS|communication packets" EXCLUDED_ERRORS="$EXCLUDED_ERRORS|use of closed" From 8c7933cd60feabd414036da72cf3c2282212b99d Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Sat, 30 Sep 2023 18:11:29 -0400 Subject: [PATCH 02/22] fix exclusion --- salt/common/tools/sbin/so-log-check | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-log-check b/salt/common/tools/sbin/so-log-check index ba5285bf3..dac1121bc 100755 --- a/salt/common/tools/sbin/so-log-check +++ b/salt/common/tools/sbin/so-log-check @@ -154,7 +154,7 @@ if [[ $EXCLUDE_KNOWN_ERRORS == 'Y' ]]; then EXCLUDED_ERRORS="$EXCLUDED_ERRORS|generating elastalert config" # playbook expected error EXCLUDED_ERRORS="$EXCLUDED_ERRORS|activerecord" # playbook expected error EXCLUDED_ERRORS="$EXCLUDED_ERRORS|monitoring.metrics" # known issue with elastic agent casting the field incorrectly if an integer value shows up before a float - EXCLUDED_ERRORS="$EXCLUDED_ERRORS|repodownload.conf does not" # known issue with reposync on pre-2.4.20 + EXCLUDED_ERRORS="$EXCLUDED_ERRORS|repodownload.conf" # known issue with reposync on pre-2.4.20 EXCLUDED_ERRORS="$EXCLUDED_ERRORS|missing versions record" # stenographer corrupt index EXCLUDED_ERRORS="$EXCLUDED_ERRORS|iteration" EXCLUDED_ERRORS="$EXCLUDED_ERRORS|communication packets" From cd8a74290b6f1259d21e294282ac83dc9aeddaa5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 10:36:17 -0400 Subject: [PATCH 03/22] hold openssl version --- salt/common/init.sls | 1 - salt/common/packages.sls | 11 ++++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index f50f0c61b..37ea4239d 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -91,7 +91,6 @@ vimconfig: alwaysupdated: pkg.latest: - pkgs: - - openssl - openssh-server - bash - skip_suggestions: True diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 8b54bdbf5..f5707a377 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -46,6 +46,12 @@ python-rich: {% endif %} {% if GLOBALS.os_family == 'RedHat' %} + +holdversion_openssl: + pkg.held: + - name: - openssl + - version: 1:3.0.7-16.0.1.el9_2 + commonpkgs: pkg.installed: - skip_suggestions: True @@ -65,7 +71,7 @@ commonpkgs: - mariadb-devel - net-tools - nmap-ncat - - openssl + - openssl: 1:3.0.7-16.0.1.el9_2 - procps-ng - python3-dnf-plugin-versionlock - python3-docker @@ -79,4 +85,7 @@ commonpkgs: - unzip - wget - yum-utils + + + {% endif %} From 70a36bafa54b92e258f4e5a2942006c04dcd7b1e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 10:38:54 -0400 Subject: [PATCH 04/22] remove - --- salt/common/packages.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index f5707a377..ae723fd94 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -49,7 +49,7 @@ python-rich: holdversion_openssl: pkg.held: - - name: - openssl + - name: openssl - version: 1:3.0.7-16.0.1.el9_2 commonpkgs: From dfe399291f9398435fd0520955bf19826400bb04 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 10:54:41 -0400 Subject: [PATCH 05/22] hold openssl-libs --- salt/common/packages.sls | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index ae723fd94..f7c8fd5dc 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -52,6 +52,11 @@ holdversion_openssl: - name: openssl - version: 1:3.0.7-16.0.1.el9_2 +holdversion_openssl-libs: + pkg.held: + - name: openssl-libs + - version: 1:3.0.7-16.0.1.el9_2 + commonpkgs: pkg.installed: - skip_suggestions: True From c1ab8952eb727c0cf0cea085c6b75aa468109b0e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 10:59:51 -0400 Subject: [PATCH 06/22] hold openssl-devel --- salt/common/packages.sls | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index f7c8fd5dc..a4a32f15f 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -57,6 +57,11 @@ holdversion_openssl-libs: - name: openssl-libs - version: 1:3.0.7-16.0.1.el9_2 +holdversion_openssl-devel: + pkg.held: + - name: openssl-devel + - version: 1:3.0.7-16.0.1.el9_2 + commonpkgs: pkg.installed: - skip_suggestions: True From f85dd910a302bad9515390d99d7929fe8106fe3c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 11:13:08 -0400 Subject: [PATCH 07/22] hold openssl from update during setup --- salt/common/packages.sls | 2 ++ setup/so-functions | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index a4a32f15f..0bf8616be 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -47,6 +47,8 @@ python-rich: {% if GLOBALS.os_family == 'RedHat' %} +# holding these since openssl-devel-1:3.0.7-16.0.1.el9_2 seems to be a requirement for mariadb-devel-3:10.5.16-2.el9_0 +# https://github.com/Security-Onion-Solutions/securityonion/discussions/11443 holdversion_openssl: pkg.held: - name: openssl diff --git a/setup/so-functions b/setup/so-functions index 679142e2a..26e1b2dab 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2443,7 +2443,8 @@ update_sudoers_for_testing() { update_packages() { if [[ $is_oracle ]]; then logCmd "dnf repolist" - logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" + # holding openssl https://github.com/Security-Onion-Solutions/securityonion/discussions/11443 + logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*,openssl*" RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo") info "Removing repo files added by oracle-repos package update" for FILE in ${RMREPOFILES[@]}; do From 0f08d5d640a2e0e0fa6767ded9a7ec9d934c15ae Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 11:43:03 -0400 Subject: [PATCH 08/22] install openssl version 1:3.0.7-16.0.1.el9_2 --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index 26e1b2dab..243e89c99 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2444,6 +2444,7 @@ update_packages() { if [[ $is_oracle ]]; then logCmd "dnf repolist" # holding openssl https://github.com/Security-Onion-Solutions/securityonion/discussions/11443 + logCmd "dnf -y install openssl-1:3.0.7-16.0.1.el9_2 openssl-libs-1:3.0.7-16.0.1.el9_2 openssl-devel-1:3.0.7-16.0.1.el9_2" logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*,openssl*" RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo") info "Removing repo files added by oracle-repos package update" From 3a5c6ee43aac37d2f385bd93091f89dd3dd84bc1 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 12:09:13 -0400 Subject: [PATCH 09/22] install version lock before we try to hold pkgs --- salt/common/packages.sls | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 0bf8616be..827cc6bf0 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -47,6 +47,11 @@ python-rich: {% if GLOBALS.os_family == 'RedHat' %} +# install versionlock first so we can hold packages in the next states +install_versionlock: + pkg.installed: + - name: python3-dnf-plugin-versionlock + # holding these since openssl-devel-1:3.0.7-16.0.1.el9_2 seems to be a requirement for mariadb-devel-3:10.5.16-2.el9_0 # https://github.com/Security-Onion-Solutions/securityonion/discussions/11443 holdversion_openssl: @@ -85,7 +90,6 @@ commonpkgs: - nmap-ncat - openssl: 1:3.0.7-16.0.1.el9_2 - procps-ng - - python3-dnf-plugin-versionlock - python3-docker - python3-m2crypto - python3-packaging From 6547afe6c07cc064587a44c3ca13b723c92d7375 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 13:35:00 -0400 Subject: [PATCH 10/22] dont hold openssl-devel --- salt/common/packages.sls | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 827cc6bf0..185bf536e 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -64,11 +64,6 @@ holdversion_openssl-libs: - name: openssl-libs - version: 1:3.0.7-16.0.1.el9_2 -holdversion_openssl-devel: - pkg.held: - - name: openssl-devel - - version: 1:3.0.7-16.0.1.el9_2 - commonpkgs: pkg.installed: - skip_suggestions: True @@ -85,10 +80,10 @@ commonpkgs: - httpd-tools - jq - lvm2 + - openssl: 1:3.0.7-16.0.1.el9_2 - mariadb-devel - net-tools - nmap-ncat - - openssl: 1:3.0.7-16.0.1.el9_2 - procps-ng - python3-docker - python3-m2crypto @@ -102,6 +97,4 @@ commonpkgs: - wget - yum-utils - - {% endif %} From 6b90961e87221dcb3e16a5702ff618b237274a28 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 14:26:28 -0400 Subject: [PATCH 11/22] openssl-libs --- salt/common/packages.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 185bf536e..adef3828b 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -81,6 +81,7 @@ commonpkgs: - jq - lvm2 - openssl: 1:3.0.7-16.0.1.el9_2 + - openssl-libs: 1:3.0.7-16.0.1.el9_2 - mariadb-devel - net-tools - nmap-ncat From d7a14d9e00ab8b098a32c4487a09b22332980da2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 15:08:22 -0400 Subject: [PATCH 12/22] update holds --- salt/common/packages.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index adef3828b..b002c62e9 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -67,6 +67,7 @@ holdversion_openssl-libs: commonpkgs: pkg.installed: - skip_suggestions: True + - update_holds: True - pkgs: - curl - device-mapper-persistent-data From 57e76232eca7076451d7075ad400d8156daae718 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 15:48:53 -0400 Subject: [PATCH 13/22] openssl pkgs in own state --- salt/common/packages.sls | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index b002c62e9..ca0326839 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -64,10 +64,18 @@ holdversion_openssl-libs: - name: openssl-libs - version: 1:3.0.7-16.0.1.el9_2 -commonpkgs: +openssl_pkgs: pkg.installed: - skip_suggestions: True - update_holds: True + - pkgs: + - openssl: 1:3.0.7-16.0.1.el9_2 + - openssl-libs: 1:3.0.7-16.0.1.el9_2 + - openssl-devel: 1:3.0.7-16.0.1.el9_2 + +commonpkgs: + pkg.installed: + - skip_suggestions: True - pkgs: - curl - device-mapper-persistent-data @@ -81,8 +89,6 @@ commonpkgs: - httpd-tools - jq - lvm2 - - openssl: 1:3.0.7-16.0.1.el9_2 - - openssl-libs: 1:3.0.7-16.0.1.el9_2 - mariadb-devel - net-tools - nmap-ncat From 8995752c2722116e2cf328d067a24371e68bcd33 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Oct 2023 16:17:26 -0400 Subject: [PATCH 14/22] let openssl-devel be installed with mariadb --- salt/common/packages.sls | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index ca0326839..b4e97a81d 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -71,7 +71,6 @@ openssl_pkgs: - pkgs: - openssl: 1:3.0.7-16.0.1.el9_2 - openssl-libs: 1:3.0.7-16.0.1.el9_2 - - openssl-devel: 1:3.0.7-16.0.1.el9_2 commonpkgs: pkg.installed: From c699c2fe2ab9cb2d94e6460d5a5ea69cc60d38fa Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 3 Oct 2023 09:43:29 -0400 Subject: [PATCH 15/22] exclude known issues --- salt/common/tools/sbin/so-log-check | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-log-check b/salt/common/tools/sbin/so-log-check index dac1121bc..c2d16fd86 100755 --- a/salt/common/tools/sbin/so-log-check +++ b/salt/common/tools/sbin/so-log-check @@ -118,7 +118,7 @@ fi if [[ $EXCLUDE_FALSE_POSITIVE_ERRORS == 'Y' ]]; then EXCLUDED_ERRORS="$EXCLUDED_ERRORS|elastalert_status_error" # false positive - EXCLUDED_ERRORS="$EXCLUDED_ERRORS|elastalert_error.json" # false positive + EXCLUDED_ERRORS="$EXCLUDED_ERRORS|elastalert_error" # false positive EXCLUDED_ERRORS="$EXCLUDED_ERRORS|error: '0'" # false positive EXCLUDED_ERRORS="$EXCLUDED_ERRORS|errors_index" # false positive EXCLUDED_ERRORS="$EXCLUDED_ERRORS|noerror" # false positive @@ -156,6 +156,7 @@ if [[ $EXCLUDE_KNOWN_ERRORS == 'Y' ]]; then EXCLUDED_ERRORS="$EXCLUDED_ERRORS|monitoring.metrics" # known issue with elastic agent casting the field incorrectly if an integer value shows up before a float EXCLUDED_ERRORS="$EXCLUDED_ERRORS|repodownload.conf" # known issue with reposync on pre-2.4.20 EXCLUDED_ERRORS="$EXCLUDED_ERRORS|missing versions record" # stenographer corrupt index + EXCLUDED_ERRORS="$EXCLUDED_ERRORS|soc.field." # known ingest type collisions issue with earlier versions of SO EXCLUDED_ERRORS="$EXCLUDED_ERRORS|iteration" EXCLUDED_ERRORS="$EXCLUDED_ERRORS|communication packets" EXCLUDED_ERRORS="$EXCLUDED_ERRORS|use of closed" From 66be04e78a8c1a6717134024c89773af2b9d1b7f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 3 Oct 2023 09:53:40 -0400 Subject: [PATCH 16/22] remove mariadb --- salt/common/init.sls | 1 + salt/common/packages.sls | 29 ++++------------------------- salt/common/tools/sbin/so-common | 2 +- setup/so-functions | 3 +-- 4 files changed, 7 insertions(+), 28 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index 37ea4239d..f50f0c61b 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -91,6 +91,7 @@ vimconfig: alwaysupdated: pkg.latest: - pkgs: + - openssl - openssh-server - bash - skip_suggestions: True diff --git a/salt/common/packages.sls b/salt/common/packages.sls index b4e97a81d..c5d2729fd 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -47,35 +47,15 @@ python-rich: {% if GLOBALS.os_family == 'RedHat' %} -# install versionlock first so we can hold packages in the next states -install_versionlock: - pkg.installed: - - name: python3-dnf-plugin-versionlock - -# holding these since openssl-devel-1:3.0.7-16.0.1.el9_2 seems to be a requirement for mariadb-devel-3:10.5.16-2.el9_0 -# https://github.com/Security-Onion-Solutions/securityonion/discussions/11443 -holdversion_openssl: - pkg.held: - - name: openssl - - version: 1:3.0.7-16.0.1.el9_2 - -holdversion_openssl-libs: - pkg.held: - - name: openssl-libs - - version: 1:3.0.7-16.0.1.el9_2 - -openssl_pkgs: - pkg.installed: - - skip_suggestions: True - - update_holds: True - - pkgs: - - openssl: 1:3.0.7-16.0.1.el9_2 - - openssl-libs: 1:3.0.7-16.0.1.el9_2 +remove_mariadb: + pkg.removed: + - name: mariadb-devel commonpkgs: pkg.installed: - skip_suggestions: True - pkgs: + - python3-dnf-plugin-versionlock - curl - device-mapper-persistent-data - fuse @@ -88,7 +68,6 @@ commonpkgs: - httpd-tools - jq - lvm2 - - mariadb-devel - net-tools - nmap-ncat - procps-ng diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 0dfb19bbe..f754b34ef 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -240,7 +240,7 @@ gpg_rpm_import() { else local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys" fi - RPMKEYS=('RPM-GPG-KEY-oracle' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY') + RPMKEYS=('RPM-GPG-KEY-oracle' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub') for RPMKEY in "${RPMKEYS[@]}"; do rpm --import $RPMKEYSLOC/$RPMKEY echo "Imported $RPMKEY" diff --git a/setup/so-functions b/setup/so-functions index 243e89c99..84d6d80f9 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2444,8 +2444,7 @@ update_packages() { if [[ $is_oracle ]]; then logCmd "dnf repolist" # holding openssl https://github.com/Security-Onion-Solutions/securityonion/discussions/11443 - logCmd "dnf -y install openssl-1:3.0.7-16.0.1.el9_2 openssl-libs-1:3.0.7-16.0.1.el9_2 openssl-devel-1:3.0.7-16.0.1.el9_2" - logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*,openssl*" + logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo") info "Removing repo files added by oracle-repos package update" for FILE in ${RMREPOFILES[@]}; do From 2434ce14d3fe1ed8773e085a6696b9d01026d1c5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 3 Oct 2023 10:01:07 -0400 Subject: [PATCH 17/22] remove removing mariadb-devel --- salt/common/packages.sls | 4 ---- setup/so-functions | 1 - 2 files changed, 5 deletions(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index c5d2729fd..521f2201c 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -47,10 +47,6 @@ python-rich: {% if GLOBALS.os_family == 'RedHat' %} -remove_mariadb: - pkg.removed: - - name: mariadb-devel - commonpkgs: pkg.installed: - skip_suggestions: True diff --git a/setup/so-functions b/setup/so-functions index 84d6d80f9..679142e2a 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2443,7 +2443,6 @@ update_sudoers_for_testing() { update_packages() { if [[ $is_oracle ]]; then logCmd "dnf repolist" - # holding openssl https://github.com/Security-Onion-Solutions/securityonion/discussions/11443 logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo") info "Removing repo files added by oracle-repos package update" From f3ba28062b48e6bfd9adb55c649057eb6987ca14 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 3 Oct 2023 10:05:56 -0400 Subject: [PATCH 18/22] Remove MySQL --- salt/mysql/config.sls | 2 +- setup/so-functions | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/mysql/config.sls b/salt/mysql/config.sls index 5f9010011..274f25d76 100644 --- a/salt/mysql/config.sls +++ b/salt/mysql/config.sls @@ -9,7 +9,7 @@ # MySQL Setup mysqlpkgs: - pkg.installed: + pkg.removed: - skip_suggestions: False - pkgs: {% if grains['os_family'] != 'RedHat' %} diff --git a/setup/so-functions b/setup/so-functions index 679142e2a..aad627a8d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2088,7 +2088,7 @@ saltify() { if [[ $waitforstate ]]; then retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION salt-master=$SALTVERSION" || fail_setup retry 150 20 "apt-mark hold salt-minion salt-common salt-master" || fail_setup - retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1 + retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-packaging python3-influxdb python3-lxml" || exit 1 else retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION" || fail_setup retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup From d78b55873d369e0fa759d8c484ad2e51289ee286 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 3 Oct 2023 10:15:28 -0400 Subject: [PATCH 19/22] remove mariadb-devel --- salt/common/packages.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 521f2201c..c5d2729fd 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -47,6 +47,10 @@ python-rich: {% if GLOBALS.os_family == 'RedHat' %} +remove_mariadb: + pkg.removed: + - name: mariadb-devel + commonpkgs: pkg.installed: - skip_suggestions: True From d79e27774c06e77787e8cb171990444594b37abb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 5 Oct 2023 11:27:48 -0400 Subject: [PATCH 20/22] 2.4.20 --- DOWNLOAD_AND_VERIFY_ISO.md | 22 ++++++++++----------- sigs/securityonion-2.4.20-20231006.iso.sig | Bin 0 -> 566 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.4.20-20231006.iso.sig diff --git a/DOWNLOAD_AND_VERIFY_ISO.md b/DOWNLOAD_AND_VERIFY_ISO.md index 1e6299a8e..f78ed8045 100644 --- a/DOWNLOAD_AND_VERIFY_ISO.md +++ b/DOWNLOAD_AND_VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.4.10-20230821 ISO image released on 2023/08/21 +### 2.4.20-20231006 ISO image released on 2023/08/21 ### Download and Verify -2.4.10-20230821 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.4.10-20230821.iso +2.4.20-20231006 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.4.20-20231006.iso -MD5: 353EB36F807DC947F08F79B3DCFA420E -SHA1: B25E3BEDB81BBEF319DC710267E6D78422F39C56 -SHA256: 3D369E92FEB65D14E1A981E99FA223DA52C92057A037C243AD6332B6B9A6D9BC +MD5: 269F00308C53976BF0EAE788D1DB29DB +SHA1: 3F7C2324AE1271112F3B752BA4724AF36688FC27 +SHA256: 542B8B3F4F75AD24DC78007F8FE0857E00DC4CC9F4870154DCB8D5D0C4144B65 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.10-20230821.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.20-20231006.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2. Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.10-20230821.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.20-20231006.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.4.10-20230821.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.4.20-20231006.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.4.10-20230821.iso.sig securityonion-2.4.10-20230821.iso +gpg --verify securityonion-2.4.20-20231006.iso.sig securityonion-2.4.20-20231006.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Mon 21 Aug 2023 09:47:50 AM EDT using RSA key ID FE507013 +gpg: Signature made Tue 03 Oct 2023 11:40:51 AM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.4.20-20231006.iso.sig b/sigs/securityonion-2.4.20-20231006.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..b253c67343b7b2cf16a7e755c9994273a0ddcbf3 GIT binary patch literal 566 zcmV-60?GY}0y6{v0SEvc79j-41gSkXz6^6dp_W8^5Ma0dP;e6k0%aUF0{{vM5PT3| zxBgIY6PPIv|8AKBz*y#69E5wO6vi|oL@`l#Tb0V-g6qpodgIz_Qz?#fV&dsL)bw7; zEQ5dR`7WH2!A2&_oP21_JVTNA-V)o_J5B1nXhuKq`dW;jVYtmpO|bDSl2_jc>+i~z z!YaS~vE>O;Knj%{_=6*d1>;fqP7xtOq7dlE*J3+rJ@LOtG8j8$gDzLp(Yp+n>O*9Y zZ;w4lR4oDEQ5tlI#JsHlxdTPdpKI;7=?!Mjr=4})v59Qq@d3juf)K@ROkoR{Vtq8j zOfw_a81qDfNkCEs`A^plu`Gznwc-l3IdkH{5K}tU%EmV33V?2_i~4tT02)RIxGEU&aRRnk}JYjQpnhK>`SjSi# ze2u@u?YU>5_R;{3*6BAG1}iQSBOdN#r48V3bvTv`XYcuiUoJom;3*m4_}RLXHbgV~ zRnf9Ycgu(Tuxhq02}9f7VB85+A9}Q#K&Y5;+wQ~#<o@5C8xG literal 0 HcmV?d00001 From c25aed9a2b285631764a5ce2dfd93f01022d81c1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 5 Oct 2023 11:37:49 -0400 Subject: [PATCH 21/22] Update DOWNLOAD_AND_VERIFY_ISO.md --- DOWNLOAD_AND_VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DOWNLOAD_AND_VERIFY_ISO.md b/DOWNLOAD_AND_VERIFY_ISO.md index f78ed8045..dabfd285c 100644 --- a/DOWNLOAD_AND_VERIFY_ISO.md +++ b/DOWNLOAD_AND_VERIFY_ISO.md @@ -1,4 +1,4 @@ -### 2.4.20-20231006 ISO image released on 2023/08/21 +### 2.4.20-20231006 ISO image released on 2023/10/06 From 4dc24b22c79042e8f6959f5e59e21b8fb7249410 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 10 Oct 2023 10:51:59 -0400 Subject: [PATCH 22/22] accept icmp on input chain --- salt/firewall/iptables.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/firewall/iptables.jinja b/salt/firewall/iptables.jinja index c15a54e46..074663e15 100644 --- a/salt/firewall/iptables.jinja +++ b/salt/firewall/iptables.jinja @@ -89,7 +89,6 @@ COMMIT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate INVALID -j DROP --A INPUT -j REJECT --reject-with icmp-host-prohibited -A INPUT -p icmp -j ACCEPT -A INPUT -j LOGGING -A FORWARD -j DOCKER-USER @@ -103,6 +102,7 @@ COMMIT -A FORWARD -m conntrack --ctstate INVALID -j DROP -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A OUTPUT -o lo -j ACCEPT +# block icmp timestamp reply -A OUTPUT -p icmp -m icmp --icmp-type 14 -j DROP {%- for rule in D2 %}