merge 2.4/dev

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
2025-12-06 09:12:45 +01:00 · 2024-05-08 16:30:45 -04:00
parent eca2a4a9c8 b916465b06
commit 2ad87bf1fe
26 changed files with 504 additions and 281 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1270,6 +1270,13 @@ soc_pillar() {
 		"  config:"\
 		"    server:"\
 		"      srvKey: '$SOCSRVKEY'"\
+		"      modules:"\
+		"        elastalertengine:"\
+		"          allowRegex: '$ELASTALERT_ALLOW_REGEX'"\
+		"        strelkaengine:"\
+		"          allowRegex: '$STRELKA_ALLOW_REGEX'"\
+		"        suricataengine:"\
+		"          allowRegex: '$SURICATA_ALLOW_REGEX'"\
 		"" > "$soc_pillar_file"

 	if [[ $telemetry -ne 0 ]]; then
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -245,6 +245,9 @@ if [ -n "$test_profile" ]; then
 	WEBUSER=onionuser@somewhere.invalid
 	WEBPASSWD1=0n10nus3r
 	WEBPASSWD2=0n10nus3r
+	STRELKA_ALLOW_REGEX="EquationGroup_Toolset_Apr17__ELV_.*"
+	ELASTALERT_ALLOW_REGEX="Security Onion"
+	SURICATA_ALLOW_REGEX="(200033\\d|2100538|2102466)"

 	update_sudoers_for_testing
 fi
@@ -818,7 +821,6 @@ if ! [[ -f $install_opt_file ]]; then
 		configure_minion "$minion_type"
 		check_sos_appliance
 		drop_install_options
-		logCmd "salt-call state.apply setup.highstate_cron --local --file-root=../salt/"
 		verify_setup
 	fi

--- a/setup/so-verify
+++ b/setup/so-verify
@@ -67,6 +67,7 @@ log_has_errors() {
        grep -vE "Reading first line of patchfile" | \
        grep -vE "Command failed with exit code" | \
        grep -vE "Running scope as unit" | \
+        grep -vE "securityonion-resources/sigma/stable" | \
        grep -vE "log-.*-pipeline_failed_attempts" &> "$error_log"
    
    if [[ $? -eq 0 ]]; then
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -14,7 +14,7 @@ whiptail_airgap() {
 	[[ $is_manager || $is_import ]] && node_str='manager'

 	INTERWEBS=$(whiptail --title "$whiptail_title" --menu \
-	"How should this $node_str be installed?" 10 70 2 \
+	"How should this $node_str be installed?\n\nFor more information, please see:\n$DOC_BASE_URL/airgap.html" 13 70 2 \
 	"Standard    " "This $node_str has access to the Internet"  \
 	"Airgap      " "This $node_str does not have access to the Internet" 3>&1 1>&2 2>&3 )

@@ -592,8 +592,8 @@ whiptail_install_type() {
 			"IMPORT" "Import PCAP or log files " \
 			"EVAL" "Evaluation mode (not for production) " \
 			"STANDALONE" "Standalone production install " \
-			"DISTRIBUTED" "Distributed install submenu " \
-			"DESKTOP" "Install Security Onion Desktop" \
+			"DISTRIBUTED" "Distributed deployment " \
+			"DESKTOP" "Security Onion Desktop" \
 			3>&1 1>&2 2>&3
 		)
 	elif [[ "$OSVER" == "focal" ]]; then