Fix Strelka Rule updates, repo fix

salt/common/tools/sbin/soup

@@ -159,7 +159,7 @@ generate_and_clean_tarballs() {
   local new_version
   new_version=$(cat $UPDATE_DIR/VERSION)
   [ -d /opt/so/repo ] || mkdir -p /opt/so/repo
-  tar -cxf "/opt/so/repo/$new_version.tar.gz" "$UPDATE_DIR"
+  tar -czf "/opt/so/repo/$new_version.tar.gz" "$UPDATE_DIR"
   find "/opt/so/repo" -type f -not -name "$new_version.tar.gz" -exec rm -rf {} \;
 }
 
@@ -340,6 +340,10 @@ up_2.3.2X_to_2.3.30() {
   for pillar in "${minion_pillars[@]}"; do
     sed -i -r "s/ (\{\{.*}})$/ '\1'/g" "$pillar" 
   done
+
+  # Change the IMAGEREPO
+  sed -i "/  imagerepo: 'securityonion'/c\  imagerepo: 'security-onion-solutions'" /opt/so/saltstack/local/pillar/global.sls
+  sed -i "/  imagerepo: securityonion/c\  imagerepo: 'security-onion-solutions'" /opt/so/saltstack/local/pillar/global.sls 
 }
 
 space_check() {

salt/docker_clean/init.sls

@@ -45,6 +45,41 @@ remove_images_{{ VERSION }}:
       - '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-thehive-es:{{ VERSION }}'
       - '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-wazuh:{{ VERSION }}'
       - '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-acng:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-thehive-cortex:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-curator:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-domainstats:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-elastalert:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-elasticsearch:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-filebeat:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-fleet:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-fleet-launcher:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-freqserver:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-grafana:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-idstools:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-influxdb:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-kibana:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-kratos:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-logstash:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-minio:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-mysql:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-nginx:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-pcaptools:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-playbook:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-redis:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-soc:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-soctopus:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-steno:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-strelka-frontend:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-strelka-manager:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-strelka-backend:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-strelka-filestream:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-suricata:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-telegraf:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-thehive:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-thehive-es:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-wazuh:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-zeek:{{ VERSION }}'
 {% endfor %}
 
 {% else %}

salt/registry/bin/so-buildregistry

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-VERSION=HH1.1.4
-TARBALL=/nsm/docker-registry/docker/so-dockers-$VERSION.tar
-
-# See if the tarball is there. If so do soemthing otherwise peace out.
-if [ -f "$TARBALL" ]; then
-  cd /nsm/docker-registry/docker
-  tar xvf so-dockers-$VERSION.tar
-fi
-
-exit 0

salt/registry/init.sls

@@ -29,17 +29,6 @@ dockerregistryconf:
     - name: /opt/so/conf/docker-registry/etc/config.yml
     - source: salt://registry/etc/config.yml
 
-# Copy the registry script
-#dockerregistrybuild:
-#  file.managed:
-#    - name: /opt/so/conf/docker-registry/so-buildregistry
-#    - source: salt://registry/bin/so-buildregistry
-#    - mode: 755
-
-#dockerexpandregistry:
-# cmd.run:
-#   - name: /opt/so/conf/docker-registry/so-buildregistry
-
 # Install the registry container
 so-dockerregistry:
   docker_container.running:

setup/so-functions

@@ -1558,9 +1558,17 @@ manager_global() {
 		"  node_checkin_interval_ms: $NODE_CHECKIN_INTERVAL_MS"\
 		"strelka:"\
 		"  enabled: $STRELKA"\
-		"  rules: 1"\
+		"  rules: 1" >> "$global_pillar"
+		if [[ $is_airgap ]]; then
+		    printf '%s\n'\
 			    "  repos:"\
-		"    - https://github.com/Neo23x0/signature-base"\
+			    "    - 'https://$HOSTNAME/repo/rules/strelka'" >> "$global_pillar"
+	    else 
+		    printf '%s\n'\
+		        "  repos:"\
+			    "    - 'https://github.com/Neo23x0/signature-base'" >> "$global_pillar"
+	    fi
+	printf '%s\n'\
 		"curator:"\
 		"  hot_warm: False"\
 		"elastic:"\