From b052a75e641576d81fdbb13422f0df032aaffb83 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 24 Jun 2025 09:34:57 -0400 Subject: [PATCH 1/7] refactor airgap playbook to eliminate dupe code and shrink ISO --- salt/common/tools/sbin/so-common | 11 +++++++++++ salt/manager/tools/sbin/soup | 9 +-------- setup/so-functions | 6 ------ setup/so-setup | 2 +- 4 files changed, 13 insertions(+), 15 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 3e05614d6..0fe46d7bb 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -99,6 +99,17 @@ add_interface_bond0() { fi } +airgap_playbooks() { + SRC_DIR=$1 + # Copy playbooks if using airgap + mkdir -p /nsm/airgap-resources + # Purge old airgap playbooks to ensure SO only uses the latest released playbooks + rm -fr /nsm/airgap-resources/playbooks + logCmd "tar xf $SRC_DIR/airgap-resources/playbooks.tgz -C /nsm/airgap-resources/" + logCmd "chown -R socore:socore /nsm/airgap-resources/playbooks" + logCmd "git config --global --add safe.directory /nsm/airgap-resources/playbooks" +} + check_container() { docker ps | grep "$1:" > /dev/null 2>&1 return $? diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index aa030bcdb..d27239228 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -1069,13 +1069,6 @@ update_airgap_rules() { rsync -a $UPDATE_DIR/agrules/securityonion-resources/* /nsm/securityonion-resources/ } -update_airgap_playbooks() { - # Copy the playbooks over to update them for airgap. - mkdir -p /nsm/airgap-resources/playbooks - chown -R socore:socore /nsm/airgap-resources/playbooks - rsync -a --delete --chown=socore:socore $UPDATE_DIR/airgap-resources/playbooks/ /nsm/airgap-resources/playbooks/ -} - update_airgap_repo() { # Update the files in the repo echo "Syncing new updates to /nsm/repo" @@ -1426,7 +1419,7 @@ main() { echo "Updating Rule Files to the Latest." update_airgap_rules echo "Updating Playbooks to the Latest." - update_airgap_playbooks + airgap_playbooks "$UPDATE_DIR" fi # since we don't run the backup.config_backup state on import we wont snapshot previous version states and pillars diff --git a/setup/so-functions b/setup/so-functions index 54fb49f9f..82dd9d375 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -56,12 +56,6 @@ airgap_detection_summaries() { logCmd "git config --global --add safe.directory /opt/so/conf/soc/ai_summary_repos/securityonion-resources" logCmd "git -C /opt/so/conf/soc/ai_summary_repos/securityonion-resources checkout generated-summaries-published" } -airgap_playbooks() { - # Copy playbooks if using airgap - mkdir -p /nsm/airgap-resources/playbooks - logCmd "rsync -av --chown=socore:socore /root/SecurityOnion/airgap-resources/playbooks/ /nsm/airgap-resources/playbooks/" - logCmd "git config --global --add safe.directory /nsm/airgap-resources/playbooks" -} add_admin_user() { title "Adding $ADMINUSER to the system with sudo rights" diff --git a/setup/so-setup b/setup/so-setup index 7f2e87c16..784d9d623 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -771,7 +771,7 @@ if ! [[ -f $install_opt_file ]]; then fi if [[ $is_airgap ]]; then title "Syncing Playbooks" - airgap_playbooks + airgap_playbooks /root/SecurityOnion fi title "Setting up Kibana Default Space" logCmd "so-kibana-space-defaults" From 21d9964827efc30a191f99137c3ffc6cf1261770 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 24 Jun 2025 11:03:08 -0400 Subject: [PATCH 2/7] fix logging --- salt/common/tools/sbin/so-common | 6 +++--- setup/so-setup | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 0fe46d7bb..203b54cd0 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -105,9 +105,9 @@ airgap_playbooks() { mkdir -p /nsm/airgap-resources # Purge old airgap playbooks to ensure SO only uses the latest released playbooks rm -fr /nsm/airgap-resources/playbooks - logCmd "tar xf $SRC_DIR/airgap-resources/playbooks.tgz -C /nsm/airgap-resources/" - logCmd "chown -R socore:socore /nsm/airgap-resources/playbooks" - logCmd "git config --global --add safe.directory /nsm/airgap-resources/playbooks" + tar xf $SRC_DIR/airgap-resources/playbooks.tgz -C /nsm/airgap-resources/ + chown -R socore:socore /nsm/airgap-resources/playbooks + git config --global --add safe.directory /nsm/airgap-resources/playbooks } check_container() { diff --git a/setup/so-setup b/setup/so-setup index 784d9d623..bb3779035 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -771,7 +771,7 @@ if ! [[ -f $install_opt_file ]]; then fi if [[ $is_airgap ]]; then title "Syncing Playbooks" - airgap_playbooks /root/SecurityOnion + logCmd "airgap_playbooks /root/SecurityOnion" fi title "Setting up Kibana Default Space" logCmd "so-kibana-space-defaults" From 38c74b46b613662b03d926ece6797faaa60b6005 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Wed, 25 Jun 2025 11:05:28 -0400 Subject: [PATCH 3/7] change salt upgrade process --- salt/salt/minion.sls | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 9f2a6f3fa..57bb27694 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -39,11 +39,17 @@ unhold_salt_packages: install_salt_minion: cmd.run: - - name: | - exec 0>&- # close stdin - exec 1>&- # close stdout - exec 2>&- # close stderr - nohup /bin/sh -c '{{ UPGRADECOMMAND }}' & + - name: /bin/sh -c '{{ UPGRADECOMMAND }}' + +# minion service is in failed state after upgrade. this command will start it after the state run for the upgrade completes +start_minion: + cmd.run: + - name: nohup /bin/sh -c 'sleep 30; systemctl start salt-minion' & + - require: + - cmd: install_salt_minion + - watch: + - cmd: install_salt_minion + - order: last {% endif %} From bc24a6c574065b38656a5869b4be65d9eeb77551 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Wed, 25 Jun 2025 12:19:45 -0400 Subject: [PATCH 4/7] Revert "change salt upgrade process" --- salt/salt/minion.sls | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 57bb27694..9f2a6f3fa 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -39,17 +39,11 @@ unhold_salt_packages: install_salt_minion: cmd.run: - - name: /bin/sh -c '{{ UPGRADECOMMAND }}' - -# minion service is in failed state after upgrade. this command will start it after the state run for the upgrade completes -start_minion: - cmd.run: - - name: nohup /bin/sh -c 'sleep 30; systemctl start salt-minion' & - - require: - - cmd: install_salt_minion - - watch: - - cmd: install_salt_minion - - order: last + - name: | + exec 0>&- # close stdin + exec 1>&- # close stdout + exec 2>&- # close stderr + nohup /bin/sh -c '{{ UPGRADECOMMAND }}' & {% endif %} From 7e746b87c5a822fca75e737ce99067cbe3a029c7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 25 Jun 2025 13:00:26 -0400 Subject: [PATCH 5/7] 2.4.160 --- DOWNLOAD_AND_VERIFY_ISO.md | 22 ++++++++++---------- sigs/securityonion-2.4.160-20250625.iso.sig | Bin 0 -> 566 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.4.160-20250625.iso.sig diff --git a/DOWNLOAD_AND_VERIFY_ISO.md b/DOWNLOAD_AND_VERIFY_ISO.md index 0e726eaeb..2e0b2aa5d 100644 --- a/DOWNLOAD_AND_VERIFY_ISO.md +++ b/DOWNLOAD_AND_VERIFY_ISO.md @@ -1,17 +1,17 @@ -### 2.4.150-20250522 ISO image released on 2025/05/22 +### 2.4.160-20250625 ISO image released on 2025/06/25 ### Download and Verify -2.4.150-20250522 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.4.150-20250522.iso +2.4.160-20250625 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.4.160-20250625.iso -MD5: 239E69B83072BBF2602D4043FE53A160 -SHA1: C62893D3C7F5592665BFDCBC9A45BB20A926F9A8 -SHA256: 2ADE037C7FD34591030B1FAC10392C4E6613F152DD24BFBD897E57EE300895B9 +MD5: 78CF5602EFFAB84174C56AD2826E6E4E +SHA1: FC7EEC3EC95D97D3337501BAA7CA8CAE7C0E15EA +SHA256: 0ED965E8BEC80EE16AE90A0F0F96A3046CEF2D92720A587278DDDE3B656C01C2 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.150-20250522.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.160-20250625.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS @@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2. Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.150-20250522.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.160-20250625.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.4.150-20250522.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.4.160-20250625.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.4.150-20250522.iso.sig securityonion-2.4.150-20250522.iso +gpg --verify securityonion-2.4.160-20250625.iso.sig securityonion-2.4.160-20250625.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 22 May 2025 11:15:06 AM EDT using RSA key ID FE507013 +gpg: Signature made Wed 25 Jun 2025 10:13:33 AM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.4.160-20250625.iso.sig b/sigs/securityonion-2.4.160-20250625.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..0145af053164dc7b1cbd40b9a2978a1140aaeb66 GIT binary patch literal 566 zcmV-60?GY}0y6{v0SEvc79j-41gSkXz6^6dp_W8^5Ma0dP;e6k0%%+W4FC!W5PT3| zxBgIY6Cy|t|5BF?^=?}sFeF9#Kk!gQ5#*(!ZvGydNg&f^^0EsGaXs z^N^s0KDu5#@4cMe1Ajik?ax+|5ZCmeU&di=c&@L^yy6wp3!yLk{K8iFi-Qb7gTmK< zGB45)?0)bJ8o#EE;|)w}yksi%0{=T(!PB4eD$)BzZz6M$n|&z|;llTXY!FQSsMeoO zN7uo-MU!fzFdMDexJSjG{v;Qa8Bc3gX4A)8Sovj0OGWxqqaHGyH6NKoqlAIpmlOT9 zPRc?~se3-Mmg6NQB*+#Fs5_6ogK0?hN~4g=KlL*jj%KLgTlf#B%rHk>^mVp0Qp*%! z8#{gov}O=#gx0;7MyGu4_fXvpCAT7O4mq?IP$<$y#GF+yWL^Cx8v$(EqY#zw_;4`L zE>Q^IU~~?Yd2jM5A~!2iCbJW8I0#)wU39OdvhMaR1 z&*LZa*C!(IEvJRUhf88o6BzkJ{ANqtZ^qAdwHQojD=i)^vcq>0D2Qd&kB_E};8;heM4M)OW7@fqMM~-;}wBSv>UwC9Z EkVcdVQvd(} literal 0 HcmV?d00001 From 373ef9fe91f9ccf918011ccfd083a879affba76b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 25 Jun 2025 13:58:25 -0400 Subject: [PATCH 6/7] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 3fe7dce73..032d0bb01 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4.160 +2.4.170 From 5e62d3ecb230f1a2afbce32fab147e30dec15d90 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 25 Jun 2025 13:58:57 -0400 Subject: [PATCH 7/7] Update 2-4.yml --- .github/DISCUSSION_TEMPLATE/2-4.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/DISCUSSION_TEMPLATE/2-4.yml b/.github/DISCUSSION_TEMPLATE/2-4.yml index d192a0eec..dca40818a 100644 --- a/.github/DISCUSSION_TEMPLATE/2-4.yml +++ b/.github/DISCUSSION_TEMPLATE/2-4.yml @@ -29,6 +29,7 @@ body: - 2.4.141 - 2.4.150 - 2.4.160 + - 2.4.170 - Other (please provide detail below) validations: required: true