diff --git a/HOTFIX b/HOTFIX index 8b1378917..393a7e913 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1,2 @@ +CURATOR diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 16dbd024f..7b75e8583 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.70 ISO image built on 2021/08/17 +### 2.3.70-CURATOR ISO image built on 2021/08/20 ### Download and Verify -2.3.70 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.70.iso +2.3.70-CURATOR ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.70-CURATOR.iso -MD5: F048FABC7FD2D0E1A8B02381F115D1E0 -SHA1: DF6D20FEF13CDC1B19309D2A1178D6E5D25FDA6F -SHA256: B193FFD7EE69958A8E257117149DCFB2125C5772FBFA6003AD80FD1CC129E571 +MD5: E0F7882E37B1B6BC4F9A6C8FD6F213F6 +SHA1: 82E1204BAD9489B275A083A642F175E352F9A332 +SHA256: 147CA7F5082273EDCC32EF6322D86A04CCB2E96B3A7F0B01EFA8A029BD84C3D7 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70-CURATOR.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70-CURATOR.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.70.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.70-CURATOR.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.70.iso.sig securityonion-2.3.70.iso +gpg --verify securityonion-2.3.70-CURATOR.iso.sig securityonion-2.3.70-CURATOR.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Tue 17 Aug 2021 10:52:17 PM EDT using RSA key ID FE507013 +gpg: Signature made Fri 20 Aug 2021 01:23:59 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/salt/curator/init.sls b/salt/curator/init.sls index 144864b44..1acea5d25 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -4,6 +4,7 @@ {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} +{% set REMOVECURATORCRON = False %} {% if grains['role'] in ['so-eval', 'so-node', 'so-managersearch', 'so-heavynode', 'so-standalone', 'so-manager'] %} {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %} {% from "curator/map.jinja" import CURATOROPTIONS with context %} @@ -88,36 +89,6 @@ curdel: - group: 939 - mode: 755 -so-curatorcloseddeletecron: - cron.present: - - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1 - - user: root - - minute: '*' - - hour: '*' - - daymonth: '*' - - month: '*' - - dayweek: '*' - -so-curatorclosecron: - cron.present: - - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1 - - user: root - - minute: '*' - - hour: '*' - - daymonth: '*' - - month: '*' - - dayweek: '*' - -so-curatordeletecron: - cron.present: - - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1 - - user: root - - minute: '*' - - hour: '*' - - daymonth: '*' - - month: '*' - - dayweek: '*' - so-curator: docker_container.{{ CURATOROPTIONS.status }}: {% if CURATOROPTIONS.status == 'running' %} @@ -152,12 +123,77 @@ so-curator_so-status.disabled: file.comment: - name: /opt/so/conf/so-status/so-status.conf - regex: ^so-curator$ + + # need to remove cronjobs here since curator is disabled + {% set REMOVECURATORCRON = True %} {% else %} delete_so-curator_so-status.disabled: file.uncomment: - name: /opt/so/conf/so-status/so-status.conf - regex: ^so-curator$ + {% endif %} + + {% else %} +delete_so-curator_so-status: + file.line: + - name: /opt/so/conf/so-status/so-status.conf + - match: ^so-curator$ + - mode: delete + + # need to remove cronjobs here since curator is disabled + {% set REMOVECURATORCRON = True %} + + {% endif %} + + {% if REMOVECURATORCRON %} +so-curatorcloseddeletecron: + cron.absent: + - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1 + - user: root + +so-curatorclosecron: + cron.absent: + - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1 + - user: root + +so-curatordeletecron: + cron.absent: + - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1 + - user: root + + {% else %} + +so-curatorcloseddeletecron: + cron.present: + - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1 + - user: root + - minute: '*' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + +so-curatorclosecron: + cron.present: + - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1 + - user: root + - minute: '*' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + +so-curatordeletecron: + cron.present: + - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1 + - user: root + - minute: '*' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + {% endif %} # Begin Curator Cron Jobs diff --git a/salt/curator/map.jinja b/salt/curator/map.jinja index 9b4a75a96..470143a4f 100644 --- a/salt/curator/map.jinja +++ b/salt/curator/map.jinja @@ -3,13 +3,13 @@ {% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} {% do CURATOROPTIONS.update({'manage_sostatus': True}) %} -# don't start the docker container if searchnode and true clustering is enabled or curator disabled via pillar or true cluster not enabled and manager -{% if not ENABLED or (TRUECLUSTER and grains.id.split('_')|last == 'searchnode') or (not TRUECLUSTER and grains.id.split('_')|last == 'manager') %} +# don't start the docker container if curator is disabled via pillar +{% if not ENABLED or grains.id.split('_')|last == 'manager'%} {% do CURATOROPTIONS.update({'start': False}) %} {% do CURATOROPTIONS.update({'status': 'absent'}) %} - {% if (TRUECLUSTER and grains.id.split('_')|last == 'searchnode') or (not TRUECLUSTER and grains.id.split('_')|last == 'manager') %} + {% if grains.id.split('_')|last == 'manager' %} {% do CURATOROPTIONS.update({'manage_sostatus': False}) %} - {% endif %}%} + {% endif %} {% else %} {% do CURATOROPTIONS.update({'start': True}) %} {% do CURATOROPTIONS.update({'status': 'running'}) %} diff --git a/salt/telegraf/node_config.json.jinja b/salt/telegraf/node_config.json.jinja index ec05426a8..482590f2b 100644 --- a/salt/telegraf/node_config.json.jinja +++ b/salt/telegraf/node_config.json.jinja @@ -1,6 +1,6 @@ { - "manint": "{{ salt['pillar.get']('host:mainint', '') }}", {%- if grains.role in ['so-standalone', 'so-eval', 'so-sensor', 'so-heavynode', ] %} - "monint": "{{ salt['pillar.get']('sensor:interface', '') }}" -{% endif -%} + "monint": "{{ salt['pillar.get']('sensor:interface', '') }}", +{%- endif %} + "manint": "{{ salt['pillar.get']('host:mainint', '') }}" } diff --git a/salt/top.sls b/salt/top.sls index 4f0792c0c..b38d315d8 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -189,13 +189,13 @@ base: {%- if KIBANA %} - kibana {%- endif %} - - curator {%- if ELASTALERT %} - elastalert {%- endif %} {%- if FILEBEAT %} - filebeat {%- endif %} + - curator - utility - schedule {%- if FLEETMANAGER or FLEETNODE %} diff --git a/sigs/securityonion-2.3.70-CURATOR.iso.sig b/sigs/securityonion-2.3.70-CURATOR.iso.sig new file mode 100644 index 000000000..a9dfc3d1d Binary files /dev/null and b/sigs/securityonion-2.3.70-CURATOR.iso.sig differ