diff --git a/VERSION b/VERSION index ac97ff772..9212e0f1f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1.0-rc.2 \ No newline at end of file +2.1.0-rc.2 diff --git a/salt/common/init.sls b/salt/common/init.sls index 69aaa4a17..967c74c42 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -1,5 +1,10 @@ {% set role = grains.id.split('_') | last %} +# Remove variables.txt from /tmp - This is temp +rmvariablesfile: + file.absent: + - name: /tmp/variables.txt + # Add socore Group socoregroup: group.present: diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh index 16b8fb930..ace1e9554 100755 --- a/salt/common/tools/sbin/so-docker-refresh +++ b/salt/common/tools/sbin/so-docker-refresh @@ -64,7 +64,7 @@ if [ $MANAGERCHECK != 'so-helix' ]; then "so-thehive-cortex:$VERSION" \ "so-curator:$VERSION" \ "so-domainstats:$VERSION" \ - "so-elastalert$VERSION" \ + "so-elastalert:$VERSION" \ "so-elasticsearch:$VERSION" \ "so-filebeat:$VERSION" \ "so-fleet:$VERSION" \ @@ -84,7 +84,10 @@ if [ $MANAGERCHECK != 'so-helix' ]; then "so-soc:$VERSION" \ "so-soctopus:$VERSION" \ "so-steno:$VERSION" \ - "so-strelka:$VERSION" \ + "so-strelka-frontend:$VERSION" \ + "so-strelka-manager:$VERSION" \ + "so-strelka-backend:$VERSION" \ + "so-strelka-filestream:$VERSION" \ "so-suricata:$VERSION" \ "so-telegraf:$VERSION" \ "so-thehive:$VERSION" \ diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 878372e68..b2b8cacc4 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -43,8 +43,11 @@ clone_to_tmp() { # Make a temp location for the files mkdir -p /tmp/sogh cd /tmp/sogh - #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion.git - git clone https://github.com/Security-Onion-Solutions/securityonion.git + SOUP_BRANCH="" + if [ -n "$BRANCH" ]; then + SOUP_BRANCH="-b $BRANCH" + fi + git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git cd /tmp if [ ! -f $UPDATE_DIR/VERSION ]; then echo "Update was unable to pull from github. Please check your internet." @@ -102,7 +105,10 @@ update_dockers() { "so-soc" \ "so-soctopus" \ "so-steno" \ - "so-strelka" \ + "so-strelka-frontend" \ + "so-strelka-manager" \ + "so-strelka-backend" \ + "so-strelka-filestream" \ "so-suricata" \ "so-telegraf" \ "so-thehive" \ @@ -139,7 +145,7 @@ update_version() { # Update the version to the latest echo "Updating the version file." echo $NEWVERSION > /etc/soversion - sed -i 's/$INSTALLEDVERSION/$NEWVERISON/g' /opt/so/saltstack/local/pillar/static.sls + sed -i "s/$INSTALLEDVERSION/$NEWVERSION/g" /opt/so/saltstack/local/pillar/static.sls } upgrade_check() { @@ -192,10 +198,10 @@ echo "" echo "Copying new code" copy_new_files echo "" -echo "Running a highstate to complete upgrade" -highstate -echo "" echo "Updating version" update_version echo "" +echo "Running a highstate to complete upgrade" +highstate +echo "" echo "Upgrade from $INSTALLEDVERSION to $NEWVERSION complete." diff --git a/salt/pcap/files/sensoroni.json b/salt/pcap/files/sensoroni.json index 76fb0e502..e379d5003 100644 --- a/salt/pcap/files/sensoroni.json +++ b/salt/pcap/files/sensoroni.json @@ -1,6 +1,6 @@ {%- set MANAGER = salt['grains.get']('master') -%} {%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%} -{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms') -%} +{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms', 10000) -%} { "logFilename": "/opt/sensoroni/logs/sensoroni.log", "logLevel":"debug", diff --git a/salt/thehive/scripts/cortex_init b/salt/thehive/scripts/cortex_init index 90980da9c..9fc1caf25 100644 --- a/salt/thehive/scripts/cortex_init +++ b/salt/thehive/scripts/cortex_init @@ -9,6 +9,12 @@ default_salt_dir=/opt/so/saltstack/default +cortex_clean(){ + sed -i '/^ cortexuser:/d' /opt/so/saltstack/local/pillar/static.sls + sed -i '/^ cortexpassword:/d' /opt/so/saltstack/local/pillar/static.sls + sed -i '/^ cortexorguser:/d' /opt/so/saltstack/local/pillar/static.sls +} + cortex_init(){ sleep 60 CORTEX_IP="{{MANAGERIP}}" @@ -51,6 +57,7 @@ cortex_init(){ } if [ -f /opt/so/state/cortex.txt ]; then + cortex_clean exit 0 else rm -f garbage_file @@ -63,4 +70,5 @@ else rm -f garbage_file sleep 5 cortex_init + cortex_clean fi diff --git a/salt/thehive/scripts/hive_init b/salt/thehive/scripts/hive_init index a8307c0d6..0caff6e2d 100755 --- a/salt/thehive/scripts/hive_init +++ b/salt/thehive/scripts/hive_init @@ -4,6 +4,11 @@ # {%- set THEHIVEPASSWORD = salt['pillar.get']('static:hivepassword', 'hivechangeme') %} # {%- set THEHIVEKEY = salt['pillar.get']('static:hivekey', '') %} +thehive_clean(){ + sed -i '/^ hiveuser:/d' /opt/so/saltstack/local/pillar/static.sls + sed -i '/^ hivepassword:/d' /opt/so/saltstack/local/pillar/static.sls +} + thehive_init(){ sleep 120 THEHIVE_IP="{{MANAGERIP}}" @@ -49,6 +54,7 @@ thehive_init(){ } if [ -f /opt/so/state/thehive.txt ]; then + thehive_clean exit 0 else rm -f garbage_file @@ -61,4 +67,5 @@ else rm -f garbage_file sleep 5 thehive_init + thehive_clean fi diff --git a/setup/so-functions b/setup/so-functions index 4074f1701..01f70f5e3 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -990,9 +990,6 @@ manager_pillar() { " lsheap: $LS_HEAP_SIZE"\ " ls_pipeline_workers: $num_cpu_cores"\ ""\ - "pcap:">> "$pillar_file"\ - " sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\ - ""\ "idstools:"\ " config:"\ " ruleset: $RULESETUP"\ @@ -1028,10 +1025,10 @@ manager_static() { " ids: $NIDS"\ " managerip: $MAINIP"\ " hiveuser: $WEBUSER"\ - " hivepassword: $WEBPASSWD1"\ + " hivepassword: '$WEBPASSWD1'"\ " hivekey: $HIVEKEY"\ " cortexuser: $WEBUSER"\ - " cortexpassword: $WEBPASSWD1"\ + " cortexpassword: '$WEBPASSWD1'"\ " cortexkey: $CORTEXKEY"\ " cortexorgname: SecurityOnion"\ " cortexorguser: $WEBUSER"\ @@ -1047,6 +1044,8 @@ manager_static() { " wazuh: $WAZUH"\ " managerupdate: $MANAGERUPDATES"\ " imagerepo: $IMAGEREPO"\ + "pcap:"\ + " sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\ "strelka:"\ " enabled: $STRELKA"\ " rules: $STRELKARULES"\