Merge master into dev to pull in 2.0.1-rc.1 patch

VERSION

@@ -1 +1 @@
-2.1.0-rc.2
+2.1.0-rc.2

salt/common/init.sls

@@ -1,5 +1,10 @@
 {% set role = grains.id.split('_') | last %}
 
+# Remove variables.txt from /tmp - This is temp
+rmvariablesfile:
+  file.absent:
+    - name: /tmp/variables.txt
+
 # Add socore Group
 socoregroup:
   group.present:

salt/common/tools/sbin/so-docker-refresh

@@ -64,7 +64,7 @@ if [ $MANAGERCHECK != 'so-helix' ]; then
     "so-thehive-cortex:$VERSION" \
     "so-curator:$VERSION" \
     "so-domainstats:$VERSION" \
-    "so-elastalert$VERSION" \
+    "so-elastalert:$VERSION" \
     "so-elasticsearch:$VERSION" \
     "so-filebeat:$VERSION" \
     "so-fleet:$VERSION" \
@@ -84,7 +84,10 @@ if [ $MANAGERCHECK != 'so-helix' ]; then
     "so-soc:$VERSION" \
     "so-soctopus:$VERSION" \
     "so-steno:$VERSION" \
-    "so-strelka:$VERSION" \
+    "so-strelka-frontend:$VERSION" \
+		"so-strelka-manager:$VERSION" \
+		"so-strelka-backend:$VERSION" \
+		"so-strelka-filestream:$VERSION" \
     "so-suricata:$VERSION" \
     "so-telegraf:$VERSION" \
     "so-thehive:$VERSION" \

salt/common/tools/sbin/soup

@@ -43,8 +43,11 @@ clone_to_tmp() {
   # Make a temp location for the files
   mkdir -p /tmp/sogh
   cd /tmp/sogh
-  #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion.git
+  SOUP_BRANCH=""
-  git clone https://github.com/Security-Onion-Solutions/securityonion.git
+  if [ -n "$BRANCH" ]; then
+    SOUP_BRANCH="-b $BRANCH"
+  fi
+  git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git
   cd /tmp
   if [ ! -f $UPDATE_DIR/VERSION ]; then
     echo "Update was unable to pull from github. Please check your internet."
@@ -102,7 +105,10 @@ update_dockers() {
       "so-soc" \
       "so-soctopus" \
       "so-steno" \
-      "so-strelka" \
+      "so-strelka-frontend" \
+      "so-strelka-manager" \
+      "so-strelka-backend" \
+      "so-strelka-filestream" \
       "so-suricata" \
       "so-telegraf" \
       "so-thehive" \
@@ -139,7 +145,7 @@ update_version() {
   # Update the version to the latest
   echo "Updating the version file."
   echo $NEWVERSION > /etc/soversion
-  sed -i 's/$INSTALLEDVERSION/$NEWVERISON/g' /opt/so/saltstack/local/pillar/static.sls
+  sed -i "s/$INSTALLEDVERSION/$NEWVERSION/g" /opt/so/saltstack/local/pillar/static.sls
 }
 
 upgrade_check() {
@@ -192,10 +198,10 @@ echo ""
 echo "Copying new code"
 copy_new_files
 echo ""
-echo "Running a highstate to complete upgrade"
-highstate
-echo ""
 echo "Updating version"
 update_version
 echo ""
+echo "Running a highstate to complete upgrade"
+highstate
+echo ""
 echo "Upgrade from $INSTALLEDVERSION to $NEWVERSION complete."

salt/pcap/files/sensoroni.json

@@ -1,6 +1,6 @@
 {%- set MANAGER = salt['grains.get']('master') -%}
 {%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%}
-{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms') -%}
+{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms', 10000) -%}
 {
   "logFilename": "/opt/sensoroni/logs/sensoroni.log",
   "logLevel":"debug",

salt/thehive/scripts/cortex_init

@@ -9,6 +9,12 @@
 
 default_salt_dir=/opt/so/saltstack/default
 
+cortex_clean(){
+    sed -i '/^  cortexuser:/d' /opt/so/saltstack/local/pillar/static.sls
+    sed -i '/^  cortexpassword:/d' /opt/so/saltstack/local/pillar/static.sls
+    sed -i '/^  cortexorguser:/d' /opt/so/saltstack/local/pillar/static.sls
+}
+
 cortex_init(){
     sleep 60
     CORTEX_IP="{{MANAGERIP}}"
@@ -51,6 +57,7 @@ cortex_init(){
 }
 
 if [ -f /opt/so/state/cortex.txt ]; then
+    cortex_clean
     exit 0
 else
     rm -f garbage_file
@@ -63,4 +70,5 @@ else
     rm -f garbage_file
     sleep 5
     cortex_init
+    cortex_clean
 fi

salt/thehive/scripts/hive_init

@@ -4,6 +4,11 @@
 # {%- set THEHIVEPASSWORD = salt['pillar.get']('static:hivepassword', 'hivechangeme') %}
 # {%- set THEHIVEKEY = salt['pillar.get']('static:hivekey', '') %}
 
+thehive_clean(){
+    sed -i '/^  hiveuser:/d' /opt/so/saltstack/local/pillar/static.sls
+    sed -i '/^  hivepassword:/d' /opt/so/saltstack/local/pillar/static.sls 
+}
+
 thehive_init(){
     sleep 120
     THEHIVE_IP="{{MANAGERIP}}"
@@ -49,6 +54,7 @@ thehive_init(){
 }
 
 if [ -f /opt/so/state/thehive.txt ]; then
+    thehive_clean
     exit 0
 else
     rm -f garbage_file
@@ -61,4 +67,5 @@ else
     rm -f garbage_file
     sleep 5
     thehive_init
+    thehive_clean
 fi

setup/so-functions

@@ -990,9 +990,6 @@ manager_pillar() {
 		"  lsheap: $LS_HEAP_SIZE"\
 		"  ls_pipeline_workers: $num_cpu_cores"\
 		""\
-		"pcap:">> "$pillar_file"\
-		"  sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\
-		""\
 		"idstools:"\
 		"  config:"\
 		"    ruleset: $RULESETUP"\
@@ -1028,10 +1025,10 @@ manager_static() {
 		"  ids: $NIDS"\
 		"  managerip: $MAINIP"\
 		"  hiveuser: $WEBUSER"\
-		"  hivepassword: $WEBPASSWD1"\
+		"  hivepassword: '$WEBPASSWD1'"\
 		"  hivekey: $HIVEKEY"\
 		"  cortexuser: $WEBUSER"\
-		"  cortexpassword: $WEBPASSWD1"\
+		"  cortexpassword: '$WEBPASSWD1'"\
 		"  cortexkey: $CORTEXKEY"\
 		"  cortexorgname: SecurityOnion"\
 		"  cortexorguser: $WEBUSER"\
@@ -1047,6 +1044,8 @@ manager_static() {
 		"  wazuh: $WAZUH"\
         "  managerupdate: $MANAGERUPDATES"\
 		"  imagerepo: $IMAGEREPO"\
+		"pcap:"\
+		"  sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\
 		"strelka:"\
 		"  enabled: $STRELKA"\
 		"  rules: $STRELKARULES"\