diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 0cdeb52be..d52a2354f 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.210-20230202 ISO image built on 2023/02/02 +### 2.3.220-20230224 ISO image built on 2023/02/24 ### Download and Verify -2.3.210-20230202 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.210-20230202.iso +2.3.220-20230224 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230224.iso -MD5: ED38C36DBE40509FC5E87D82B07141C0 -SHA1: EDEBDBE75FF34DAD87E141CA8F8614295ED23FB5 -SHA256: 30068D4B910E83B63287EAB98E49497A584BAE07854367716813E5D610D3E5E3 +MD5: 74CDCE07BC5787567E07C1CAC64DC381 +SHA1: 8DA0E8541C46CBDCFA0FB9B60F3C95D027D4BB37 +SHA256: E5EDB011693AC33C40CAB483400F72FAF9615053867FD9C80DDD1AACAD9100B3 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.210-20230202.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230224.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.210-20230202.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230224.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.210-20230202.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230224.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.210-20230202.iso.sig securityonion-2.3.210-20230202.iso +gpg --verify securityonion-2.3.220-20230224.iso.sig securityonion-2.3.220-20230224.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 02 Feb 2023 08:31:18 PM EST using RSA key ID FE507013 +gpg: Signature made Fri 24 Feb 2023 02:32:08 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/VERSION b/VERSION index 94bcb4d36..108d96ff2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.210 +2.3.220 diff --git a/salt/common/tools/sbin/so-fleet-user-add b/salt/common/tools/sbin/so-fleet-user-add index 2b803326b..8bba73853 100755 --- a/salt/common/tools/sbin/so-fleet-user-add +++ b/salt/common/tools/sbin/so-fleet-user-add @@ -53,8 +53,10 @@ if [[ $? -ne 0 ]]; then exit 2 fi +TEMPPW=$FLEET_SA_PW! + # Create New User -CREATE_OUTPUT=$(docker exec so-fleet fleetctl user create --email $USER_EMAIL --name $USER_EMAIL --password $USER_PASS --global-role admin 2>&1) +CREATE_OUTPUT=$(docker exec so-fleet fleetctl user create --email $USER_EMAIL --name $USER_EMAIL --password $TEMPPW --global-role admin 2>&1) if [[ $? -eq 0 ]]; then echo "Successfully added user to Fleet" @@ -64,6 +66,9 @@ else exit 2 fi +# Reset New User Password to user supplied password +echo "$USER_PASS" | so-fleet-user-update "$USER_EMAIL" + # Disable forced password reset MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PW fleet -e \ "UPDATE users SET admin_forced_password_reset = 0 WHERE email = '$USER_EMAIL'" 2>&1) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 4f5fdc29c..d7074619f 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -553,6 +553,7 @@ preupgrade_changes() { [[ "$INSTALLEDVERSION" == 2.3.182 ]] && up_to_2.3.190 [[ "$INSTALLEDVERSION" == 2.3.190 ]] && up_to_2.3.200 [[ "$INSTALLEDVERSION" == 2.3.200 ]] && up_to_2.3.210 + [[ "$INSTALLEDVERSION" == 2.3.210 ]] && up_to_2.3.220 true } @@ -578,6 +579,7 @@ postupgrade_changes() { [[ "$POSTVERSION" == 2.3.182 ]] && post_to_2.3.190 [[ "$POSTVERSION" == 2.3.190 ]] && post_to_2.3.200 [[ "$POSTVERSION" == 2.3.200 ]] && post_to_2.3.210 + [[ "$POSTVERSION" == 2.3.210 ]] && post_to_2.3.220 true } @@ -706,6 +708,11 @@ post_to_2.3.210() { POSTVERSION=2.3.210 } +post_to_2.3.220() { + echo "Nothing to do for .220" + POSTVERSION=2.3.220 +} + stop_salt_master() { # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts set +e @@ -1041,6 +1048,11 @@ up_to_2.3.210() { INSTALLEDVERSION=2.3.210 } +up_to_2.3.220() { + echo "Upgrading to 2.3.220" + INSTALLEDVERSION=2.3.220 +} + verify_upgradespace() { CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') if [ "$CURRENTSPACE" -lt "10" ]; then diff --git a/salt/fleet/files/packs/osquery-config.conf b/salt/fleet/files/packs/osquery-config.conf index 04659f3de..6734a124e 100644 --- a/salt/fleet/files/packs/osquery-config.conf +++ b/salt/fleet/files/packs/osquery-config.conf @@ -26,9 +26,6 @@ spec: distributed_tls_write_endpoint: /api/v1/osquery/distributed/write enable_windows_events_publisher: true enable_windows_events_subscriber: true - logger_plugin: tls - logger_tls_endpoint: /api/v1/osquery/log - logger_tls_period: 10 pack_delimiter: _ host_settings: enable_software_inventory: false diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load index 942cbe58a..550b97b19 100644 --- a/salt/kibana/bin/so-kibana-config-load +++ b/salt/kibana/bin/so-kibana-config-load @@ -59,7 +59,7 @@ update() { IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))' for i in "${LINES[@]}"; do - RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.6.1" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") + RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.6.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi done diff --git a/salt/kibana/files/config_saved_objects.ndjson b/salt/kibana/files/config_saved_objects.ndjson index 3ac67ed27..6a821ac60 100644 --- a/salt/kibana/files/config_saved_objects.ndjson +++ b/salt/kibana/files/config_saved_objects.ndjson @@ -1 +1 @@ -{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.1","id": "8.6.1","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} +{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.2","id": "8.6.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index f82d63c1a..4d26a6312 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -319,7 +319,7 @@ http { {%- if fleet_node %} location /fleet/ { - return 307 https://{{ fleet_ip }}/fleet; + return 307 https://{{ fleet_ip }}/fleet/dashboard; } {%- else %} diff --git a/salt/soc/files/soc/tools.json b/salt/soc/files/soc/tools.json index b53f112e5..a2f1338de 100644 --- a/salt/soc/files/soc/tools.json +++ b/salt/soc/files/soc/tools.json @@ -3,6 +3,6 @@ { "name": "toolGrafana", "description": "toolGrafanaHelp", "icon": "fa-external-link-alt", "target": "so-grafana", "link": "/grafana/d/so_overview" }, { "name": "toolCyberchef", "description": "toolCyberchefHelp", "icon": "fa-external-link-alt", "target": "so-cyberchef", "link": "/cyberchef/" }, { "name": "toolPlaybook", "description": "toolPlaybookHelp", "icon": "fa-external-link-alt", "target": "so-playbook", "link": "/playbook/projects/detection-playbooks/issues/" }, - { "name": "toolFleet", "description": "toolFleetHelp", "icon": "fa-external-link-alt", "target": "so-fleet", "link": "/fleet/" }, + { "name": "toolFleet", "description": "toolFleetHelp", "icon": "fa-external-link-alt", "target": "so-fleet", "link": "/fleet/dashboard" }, { "name": "toolNavigator", "description": "toolNavigatorHelp", "icon": "fa-external-link-alt", "target": "so-navigator", "link": "/navigator/" } -] \ No newline at end of file +] diff --git a/setup/so-functions b/setup/so-functions index a38a8ce7b..c3be68b73 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1511,7 +1511,7 @@ generate_passwords(){ PLAYBOOKADMINPASS=$(get_random_value) PLAYBOOKAUTOMATIONPASS=$(get_random_value) FLEETPASS=$(get_random_value) - FLEETSAPASS=$(get_random_value) + FLEETSAPASS="$(get_random_value)!1" FLEETJWT=$(get_random_value) GRAFANAPASS=$(get_random_value) SENSORONIKEY=$(get_random_value) diff --git a/sigs/securityonion-2.3.220-20230224.iso.sig b/sigs/securityonion-2.3.220-20230224.iso.sig new file mode 100644 index 000000000..916523a7c Binary files /dev/null and b/sigs/securityonion-2.3.220-20230224.iso.sig differ