Merge remote-tracking branch 'origin/2.4/dev' into vlb2

2025-12-06 09:12:45 +01:00 · 2025-06-25 15:35:30 -04:00
parent b2acf2f807 02dbbc5289
commit 1e9f3a65a4
8 changed files with 26 additions and 27 deletions
--- a/.github/DISCUSSION_TEMPLATE/2-4.yml
+++ b/.github/DISCUSSION_TEMPLATE/2-4.yml
@@ -29,6 +29,7 @@ body:
        - 2.4.141
        - 2.4.150
        - 2.4.160
+        - 2.4.170
        - Other (please provide detail below)
    validations:
      required: true
--- a/DOWNLOAD_AND_VERIFY_ISO.md
+++ b/DOWNLOAD_AND_VERIFY_ISO.md
@@ -1,17 +1,17 @@
-### 2.4.150-20250522 ISO image released on 2025/05/22
+### 2.4.160-20250625 ISO image released on 2025/06/25


 ### Download and Verify

-2.4.150-20250522 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.150-20250522.iso
+2.4.160-20250625 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.160-20250625.iso
 
-MD5: 239E69B83072BBF2602D4043FE53A160  
-SHA1: C62893D3C7F5592665BFDCBC9A45BB20A926F9A8  
-SHA256: 2ADE037C7FD34591030B1FAC10392C4E6613F152DD24BFBD897E57EE300895B9  
+MD5: 78CF5602EFFAB84174C56AD2826E6E4E  
+SHA1: FC7EEC3EC95D97D3337501BAA7CA8CAE7C0E15EA  
+SHA256: 0ED965E8BEC80EE16AE90A0F0F96A3046CEF2D92720A587278DDDE3B656C01C2  

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.150-20250522.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.160-20250625.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.150-20250522.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.160-20250625.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.150-20250522.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.160-20250625.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.150-20250522.iso.sig securityonion-2.4.150-20250522.iso
+gpg --verify securityonion-2.4.160-20250625.iso.sig securityonion-2.4.160-20250625.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Thu 22 May 2025 11:15:06 AM EDT using RSA key ID FE507013
+gpg: Signature made Wed 25 Jun 2025 10:13:33 AM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/2
+++ b/2
@@ -1 +1 @@
-2.4.160
+2.4.170
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -99,6 +99,17 @@ add_interface_bond0() {
 	fi
 }

+airgap_playbooks() {
+	SRC_DIR=$1
+	# Copy playbooks if using airgap
+	mkdir -p /nsm/airgap-resources
+	# Purge old airgap playbooks to ensure SO only uses the latest released playbooks
+	rm -fr /nsm/airgap-resources/playbooks
+	tar xf $SRC_DIR/airgap-resources/playbooks.tgz -C /nsm/airgap-resources/
+	chown -R socore:socore /nsm/airgap-resources/playbooks
+	git config --global --add safe.directory /nsm/airgap-resources/playbooks
+}
+
 check_container() {
 	docker ps | grep "$1:" > /dev/null 2>&1
 	return $?
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -1090,13 +1090,6 @@ update_airgap_rules() {
  rsync -a $UPDATE_DIR/agrules/securityonion-resources/* /nsm/securityonion-resources/
 }

-update_airgap_playbooks() {
-  # Copy the playbooks over to update them for airgap.
-  mkdir -p /nsm/airgap-resources/playbooks
-  chown -R socore:socore /nsm/airgap-resources/playbooks
-  rsync -a --delete --chown=socore:socore $UPDATE_DIR/airgap-resources/playbooks/ /nsm/airgap-resources/playbooks/
-}
-
 update_airgap_repo() {
  # Update the files in the repo
  echo "Syncing new updates to /nsm/repo"
@@ -1447,7 +1440,7 @@ main() {
      echo "Updating Rule Files to the Latest."
      update_airgap_rules
      echo "Updating Playbooks to the Latest."
-      update_airgap_playbooks
+      airgap_playbooks "$UPDATE_DIR"
    fi

    # since we don't run the backup.config_backup state on import we wont snapshot previous version states and pillars
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -56,12 +56,6 @@ airgap_detection_summaries() {
 	logCmd "git config --global --add safe.directory /opt/so/conf/soc/ai_summary_repos/securityonion-resources"
 	logCmd "git -C /opt/so/conf/soc/ai_summary_repos/securityonion-resources checkout generated-summaries-published"
 }
-airgap_playbooks() {
-	# Copy playbooks if using airgap
-	mkdir -p /nsm/airgap-resources/playbooks
-	logCmd "rsync -av --chown=socore:socore /root/SecurityOnion/airgap-resources/playbooks/ /nsm/airgap-resources/playbooks/"
-	logCmd "git config --global --add safe.directory /nsm/airgap-resources/playbooks"
-}

 add_admin_user() {
 	title "Adding $ADMINUSER to the system with sudo rights"
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -810,7 +810,7 @@ if ! [[ -f $install_opt_file ]]; then
 		fi
 		if [[ $is_airgap ]]; then
 			title "Syncing Playbooks"
-			airgap_playbooks
+			logCmd "airgap_playbooks /root/SecurityOnion"
 		fi
 		title "Setting up Kibana Default Space"
 		logCmd "so-kibana-space-defaults"
--- a/sigs/securityonion-2.4.160-20250625.iso.sig
+++ b/sigs/securityonion-2.4.160-20250625.iso.sig
@@ -1 +1 @@
 .4.160
 .4.170