Merge remote-tracking branch 'origin/2.4/dev' into 2.4/templaterepos

2026-03-24 21:42:42 +01:00 · 2024-11-07 07:25:01 -05:00
parent c509dab5f1 07b867df76
commit 28d468dd41
6 changed files with 73 additions and 13 deletions
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -599,6 +599,35 @@ elasticsearch:
              set_priority:
                priority: 50
            min_age: 30d
+    so-ip-mappings:
+      index_sorting: false
+      index_template:
+        composed_of:
+        - so-ip-mappings
+        ignore_missing_component_templates: []
+        index_patterns:
+        - so-ip*
+        priority: 500
+        template:
+          mappings:
+            date_detection: false
+            dynamic_templates:
+            - strings_as_keyword:
+                mapping:
+                  ignore_above: 1024
+                  type: keyword
+                match_mapping_type: string
+          settings:
+            index:
+              mapping:
+                total_fields:
+                  limit: 1500
+              number_of_replicas: 0
+              number_of_shards: 1
+              refresh_interval: 30s
+              sort:
+                field: '@timestamp'
+                order: desc
    so-items:
      index_sorting: false
      index_template:
--- a/salt/elasticsearch/templates/component/so/so-ip-mappings.json
+++ b/salt/elasticsearch/templates/component/so/so-ip-mappings.json
@@ -0,0 +1,25 @@
+{
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-network.html",
+    "ecs_version": "1.12.2"
+  },
+  "template": {
+    "mappings": {
+      "properties": {
+        "@timestamp": {
+          "type": "date"
+        },
+        "so": {
+          "properties": {
+            "ip_address": {
+              "type": "ip"
+            },
+            "description": {
+              "type": "text"
+            }
+          }
+        }
+      }
+    }
+  }
+}
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -719,6 +719,9 @@ up_to_2.4.120() {
  mkdir /opt/so/saltstack/local/pillar/versionlock
  touch /opt/so/saltstack/local/pillar/versionlock/adv_versionlock.sls /opt/so/saltstack/local/pillar/versionlock/soc_versionlock.sls

+  # New Grid Integration added this release
+  rm -f /opt/so/state/eaintegrations.txt
+
  INSTALLEDVERSION=2.4.120
 }

--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1447,6 +1447,8 @@ soc:
          rulesFingerprintFile: /opt/sensoroni/fingerprints/emerging-all.fingerprint
          stateFilePath: /opt/sensoroni/fingerprints/suricataengine.state
          integrityCheckFrequencySeconds: 1200
+          ignoredSidRanges:
+            - '1100000-1101000'
      client:
        enableReverseLookup: false
        docsUrl: /docs/
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -390,6 +390,12 @@ soc:
            advanced: True
            forcedType: "[]{}"
            helpLink: suricata.html
+          ignoredSidRanges:
+            description: 'List of Suricata SID ranges to ignore during the Integrity Check. This is useful for ignoring specific rules not governed by the UI. Each line should contain 1 range in the format "1100000-1200000". The ranges are treated as inclusive.'
+            global: True
+            advanced: True
+            forcedType: "[]string"
+            helpLink: detections.html#rule-engine-status
      client:
        enableReverseLookup:
          description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1843,9 +1843,9 @@ repo_sync_local() {
 			fi
 			dnf install -y yum-utils device-mapper-persistent-data lvm2
 			curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo
-			rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
+			rpm --import https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public
 			dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
-			curl -fsSL "https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/$SALTVERSION.repo" | tee /etc/yum.repos.d/salt.repo
+			curl -fsSL "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" | tee /etc/yum.repos.d/salt.repo
 			dnf repolist
 			curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
 		else
@@ -1878,27 +1878,22 @@ saltify() {
 		logCmd "mkdir -vp /etc/apt/keyrings"
 		logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg"

+		# Download public key
+		logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public"
+		# Create apt repo target configuration
+		echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch=amd64] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" | sudo tee /etc/apt/sources.list.d/salt.list
+
 		if [[ $is_ubuntu ]]; then
-
-			# Add Salt Repo
-			logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
-			echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ $OSVER main" | sudo tee /etc/apt/sources.list.d/salt.list
-
 			# Add Docker Repo
 			add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" 
 		
 		else
-			# Add Salt Repo *NOTE* You have to use debian 11 since it isn't out for 12
-			logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
-			echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/ bullseye main" | sudo tee /etc/apt/sources.list.d/salt.list
-
 			# Add Docker Repo
 			curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
 			echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $OSVER stable" > /etc/apt/sources.list.d/docker.list 
-		
 		fi

-		logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg"
+		logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.pgp"

 		#logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub"
 		logCmd "apt-key add /etc/apt/keyrings/docker.pub"