From 833106775f067312716cbc4c98d95df51123e198 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 6 Apr 2022 16:53:55 -0400 Subject: [PATCH 1/8] update the centos repo for airgap prior to applying hotfix or standard soup run --- salt/common/tools/sbin/soup | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 8a6132898..f1b23b3bd 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -1094,6 +1094,12 @@ main() { upgrade_check_salt set -e + if [[ $is_airgap -eq 0 ]]; then + update_centos_repo + yum clean all + check_os_updates + fi + if [ "$is_hotfix" == "true" ]; then echo "Applying $HOTFIXVERSION hotfix" copy_new_files @@ -1115,9 +1121,6 @@ main() { echo "Updating dockers to $NEWVERSION." if [[ $is_airgap -eq 0 ]]; then airgap_update_dockers - update_centos_repo - yum clean all - check_os_updates # if not airgap but -f was used elif [[ ! -z "$ISOLOC" ]]; then airgap_update_dockers From 08ac696f143196366bb04312a2c076e03d67a444 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 6 Apr 2022 17:38:06 -0400 Subject: [PATCH 2/8] remove saltstack repo created by bootstrap-salt for ubuntu --- salt/common/tools/sbin/soup | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index f1b23b3bd..7181b1b9e 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -946,6 +946,7 @@ update_repo() { exit 1 fi + rm -f /etc/apt/sources.list.d/salt.list echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt $OSVER main" > /etc/apt/sources.list.d/saltstack.list apt-get update fi From be3769fd7c1cc1a754c542537d08bf59830ea837 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 7 Apr 2022 08:53:44 -0400 Subject: [PATCH 3/8] run apt-get update if saltstack.list changes --- salt/repo/client/ubuntu.sls | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/salt/repo/client/ubuntu.sls b/salt/repo/client/ubuntu.sls index efc06b24a..63980c90e 100644 --- a/salt/repo/client/ubuntu.sls +++ b/salt/repo/client/ubuntu.sls @@ -3,3 +3,8 @@ saltstack.list: - name: /etc/apt/sources.list.d/saltstack.list - contents: - deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/{{grains.osrelease}}/amd64/salt/ {{grains.oscodename}} main + +apt_update: + cmd.run: + - name: apt-get update + - onchanges: saltstack.list From b2a98af18b6a32023e0d59bcc6a74e39c4fbbc99 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 7 Apr 2022 08:55:30 -0400 Subject: [PATCH 4/8] proper formatting --- salt/repo/client/ubuntu.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/repo/client/ubuntu.sls b/salt/repo/client/ubuntu.sls index 63980c90e..9f8a3e4ec 100644 --- a/salt/repo/client/ubuntu.sls +++ b/salt/repo/client/ubuntu.sls @@ -7,4 +7,5 @@ saltstack.list: apt_update: cmd.run: - name: apt-get update - - onchanges: saltstack.list + - onchanges: + - file: saltstack.list From 722b200e16d172200e79962f9e10c07b0e10032f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 7 Apr 2022 08:58:07 -0400 Subject: [PATCH 5/8] add retry to apt_update incase running in background --- salt/repo/client/ubuntu.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/repo/client/ubuntu.sls b/salt/repo/client/ubuntu.sls index 9f8a3e4ec..1d61a1007 100644 --- a/salt/repo/client/ubuntu.sls +++ b/salt/repo/client/ubuntu.sls @@ -9,3 +9,7 @@ apt_update: - name: apt-get update - onchanges: - file: saltstack.list + - timeout: 30 + - retry: + attempts: 5 + interval: 30 From 8fbd16f75d580c642da64e4d531116a408cb793a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 7 Apr 2022 09:03:51 -0400 Subject: [PATCH 6/8] ensure salt.list is absent --- salt/repo/client/ubuntu.sls | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/salt/repo/client/ubuntu.sls b/salt/repo/client/ubuntu.sls index 1d61a1007..301bdabae 100644 --- a/salt/repo/client/ubuntu.sls +++ b/salt/repo/client/ubuntu.sls @@ -1,3 +1,8 @@ +# this removes the repo file left by bootstrap-salt.sh without -r +remove_salt.list: + file.absent: + - name: /etc/apt/sources.list.d/salt.list + saltstack.list: file.managed: - name: /etc/apt/sources.list.d/saltstack.list From 93e04850c445f153b5ce3950fe4bfcfa8594881e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 7 Apr 2022 14:40:54 -0400 Subject: [PATCH 7/8] Update HOTFIX --- HOTFIX | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HOTFIX b/HOTFIX index e4a42e6ac..644f9e9ee 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ -04012022 04052022 +04012022 04052022 04072022 From 6a28e752f0b658d56b9b489c3d0df4a321080a64 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 7 Apr 2022 16:03:13 -0400 Subject: [PATCH 8/8] 2.3.110 hotfix 0407 --- VERIFY_ISO.md | 22 ++++++++++---------- sigs/securityonion-2.3.110-20220407.iso.sig | Bin 0 -> 543 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.3.110-20220407.iso.sig diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 13999abee..c8e0158f9 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.110-20220405 ISO image built on 2022/04/05 +### 2.3.110-20220407 ISO image built on 2022/04/07 ### Download and Verify -2.3.110-20220405 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220405.iso +2.3.110-20220407 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220407.iso -MD5: 9CE982FE45DC2957A3A6D376E6DCC048 -SHA1: 10E3FF28A69F9617D4CCD2F5061AA2DC062B8F94 -SHA256: 0C178A422ABF7B61C08728E32CE20A9F9C1EC65807EB67D06F1C23F7D1EA51A7 +MD5: 928D589709731EFE9942CA134A6F4C6B +SHA1: CA588A684586CC0D5BDE5E0E41C935FFB939B6C7 +SHA256: CBF8743838AF2C7323E629FB6B28D5DD00AE6658B0E29E4D0916411D2D526BD2 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220405.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220407.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220405.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220407.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220405.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220407.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.110-20220405.iso.sig securityonion-2.3.110-20220405.iso +gpg --verify securityonion-2.3.110-20220407.iso.sig securityonion-2.3.110-20220407.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Tue 05 Apr 2022 06:37:40 PM EDT using RSA key ID FE507013 +gpg: Signature made Thu 07 Apr 2022 03:30:03 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.110-20220407.iso.sig b/sigs/securityonion-2.3.110-20220407.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..2ea694428e65f9c571dea027b6398028cafd3da3 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;DEJG%f12@re`V7LBIa1&?<5C2>F$KwVTPphWkRG5e^ zkI4UDI?PgP49EDJeSx(r*qp(EDAKKyO}+20qN9N5NS6MNqwu#M`oigDwVj|MdRsED z?mRwt{^!1<&}n|V75vS0@{^+aR(lf?JOMPP#QI&50uw4Z8U}+G{QRBd9O-_jk*9`~ zgzJTNdPx+apX6VbdV+(ecGf!_6!8{(_rHI3yy)w>>ATpwi0F477~;uvLLjTm_R&mZ zl@HGUc8gBO<44