From 2f99821736fc0b54005358a417df99b91b27a7ae Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 7 Feb 2023 09:05:16 -0500 Subject: [PATCH 01/11] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 94bcb4d36..108d96ff2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.210 +2.3.220 From e07f4bd0ed31c2d05e02ce0833a42da0b8217129 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 8 Feb 2023 13:03:33 -0500 Subject: [PATCH 02/11] Workaround for FleetDM PW Req --- salt/common/tools/sbin/so-fleet-user-add | 7 ++++++- setup/so-functions | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-fleet-user-add b/salt/common/tools/sbin/so-fleet-user-add index 2b803326b..747e8a780 100755 --- a/salt/common/tools/sbin/so-fleet-user-add +++ b/salt/common/tools/sbin/so-fleet-user-add @@ -53,8 +53,10 @@ if [[ $? -ne 0 ]]; then exit 2 fi +TEMPPW=$FLEET_SA_PW! + # Create New User -CREATE_OUTPUT=$(docker exec so-fleet fleetctl user create --email $USER_EMAIL --name $USER_EMAIL --password $USER_PASS --global-role admin 2>&1) +CREATE_OUTPUT=$(docker exec so-fleet fleetctl user create --email $USER_EMAIL --name $USER_EMAIL --password $TEMPPW --global-role admin 2>&1) if [[ $? -eq 0 ]]; then echo "Successfully added user to Fleet" @@ -64,6 +66,9 @@ else exit 2 fi +# Reset New User Password to user supplied password +echo "$USER_PW" | so-fleet-user-update "$USER_EMAIL" + # Disable forced password reset MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PW fleet -e \ "UPDATE users SET admin_forced_password_reset = 0 WHERE email = '$USER_EMAIL'" 2>&1) diff --git a/setup/so-functions b/setup/so-functions index a38a8ce7b..f39b65c43 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1511,7 +1511,7 @@ generate_passwords(){ PLAYBOOKADMINPASS=$(get_random_value) PLAYBOOKAUTOMATIONPASS=$(get_random_value) FLEETPASS=$(get_random_value) - FLEETSAPASS=$(get_random_value) + FLEETSAPASS="$(get_random_value)!" FLEETJWT=$(get_random_value) GRAFANAPASS=$(get_random_value) SENSORONIKEY=$(get_random_value) From 4dd54cea6c37a4ff988afb9e0b20cb62bdf03ee6 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 8 Feb 2023 16:58:47 -0500 Subject: [PATCH 03/11] Use correct variable name --- salt/common/tools/sbin/so-fleet-user-add | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-fleet-user-add b/salt/common/tools/sbin/so-fleet-user-add index 747e8a780..8bba73853 100755 --- a/salt/common/tools/sbin/so-fleet-user-add +++ b/salt/common/tools/sbin/so-fleet-user-add @@ -67,7 +67,7 @@ else fi # Reset New User Password to user supplied password -echo "$USER_PW" | so-fleet-user-update "$USER_EMAIL" +echo "$USER_PASS" | so-fleet-user-update "$USER_EMAIL" # Disable forced password reset MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PW fleet -e \ From 09bebf08d6e648763e79f3923b0282e5737bbcf4 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 9 Feb 2023 09:10:50 -0500 Subject: [PATCH 04/11] Fix FleetDM SOC Link --- salt/soc/files/soc/tools.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/soc/files/soc/tools.json b/salt/soc/files/soc/tools.json index b53f112e5..a2f1338de 100644 --- a/salt/soc/files/soc/tools.json +++ b/salt/soc/files/soc/tools.json @@ -3,6 +3,6 @@ { "name": "toolGrafana", "description": "toolGrafanaHelp", "icon": "fa-external-link-alt", "target": "so-grafana", "link": "/grafana/d/so_overview" }, { "name": "toolCyberchef", "description": "toolCyberchefHelp", "icon": "fa-external-link-alt", "target": "so-cyberchef", "link": "/cyberchef/" }, { "name": "toolPlaybook", "description": "toolPlaybookHelp", "icon": "fa-external-link-alt", "target": "so-playbook", "link": "/playbook/projects/detection-playbooks/issues/" }, - { "name": "toolFleet", "description": "toolFleetHelp", "icon": "fa-external-link-alt", "target": "so-fleet", "link": "/fleet/" }, + { "name": "toolFleet", "description": "toolFleetHelp", "icon": "fa-external-link-alt", "target": "so-fleet", "link": "/fleet/dashboard" }, { "name": "toolNavigator", "description": "toolNavigatorHelp", "icon": "fa-external-link-alt", "target": "so-navigator", "link": "/navigator/" } -] \ No newline at end of file +] From b7e97eceb3b1091ee1944a56039682c533a69703 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 9 Feb 2023 14:08:48 -0500 Subject: [PATCH 05/11] Fix link for FleetDM standalone nodes --- salt/nginx/etc/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index f82d63c1a..4d26a6312 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -319,7 +319,7 @@ http { {%- if fleet_node %} location /fleet/ { - return 307 https://{{ fleet_ip }}/fleet; + return 307 https://{{ fleet_ip }}/fleet/dashboard; } {%- else %} From 69f889dbd962ffc745e58a4890f36d27a7f4e4d5 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Tue, 14 Feb 2023 08:42:35 -0500 Subject: [PATCH 06/11] Update soup for 2.3.220 --- salt/common/tools/sbin/soup | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 4f5fdc29c..d7074619f 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -553,6 +553,7 @@ preupgrade_changes() { [[ "$INSTALLEDVERSION" == 2.3.182 ]] && up_to_2.3.190 [[ "$INSTALLEDVERSION" == 2.3.190 ]] && up_to_2.3.200 [[ "$INSTALLEDVERSION" == 2.3.200 ]] && up_to_2.3.210 + [[ "$INSTALLEDVERSION" == 2.3.210 ]] && up_to_2.3.220 true } @@ -578,6 +579,7 @@ postupgrade_changes() { [[ "$POSTVERSION" == 2.3.182 ]] && post_to_2.3.190 [[ "$POSTVERSION" == 2.3.190 ]] && post_to_2.3.200 [[ "$POSTVERSION" == 2.3.200 ]] && post_to_2.3.210 + [[ "$POSTVERSION" == 2.3.210 ]] && post_to_2.3.220 true } @@ -706,6 +708,11 @@ post_to_2.3.210() { POSTVERSION=2.3.210 } +post_to_2.3.220() { + echo "Nothing to do for .220" + POSTVERSION=2.3.220 +} + stop_salt_master() { # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts set +e @@ -1041,6 +1048,11 @@ up_to_2.3.210() { INSTALLEDVERSION=2.3.210 } +up_to_2.3.220() { + echo "Upgrading to 2.3.220" + INSTALLEDVERSION=2.3.220 +} + verify_upgradespace() { CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') if [ "$CURRENTSPACE" -lt "10" ]; then From 3a22978c2bf4df1394bed49c1ed8ea28aabd57b9 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 15 Feb 2023 15:25:35 -0500 Subject: [PATCH 07/11] Fix password gen edge case --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index f39b65c43..c3be68b73 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1511,7 +1511,7 @@ generate_passwords(){ PLAYBOOKADMINPASS=$(get_random_value) PLAYBOOKAUTOMATIONPASS=$(get_random_value) FLEETPASS=$(get_random_value) - FLEETSAPASS="$(get_random_value)!" + FLEETSAPASS="$(get_random_value)!1" FLEETJWT=$(get_random_value) GRAFANAPASS=$(get_random_value) SENSORONIKEY=$(get_random_value) From b80b80e82563050adffc9d407f9af02b93cc6bc7 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 17 Feb 2023 07:03:47 -0500 Subject: [PATCH 08/11] UPGRADE: Elastic 8.6.2 #9804 --- salt/kibana/files/config_saved_objects.ndjson | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/kibana/files/config_saved_objects.ndjson b/salt/kibana/files/config_saved_objects.ndjson index 3ac67ed27..6a821ac60 100644 --- a/salt/kibana/files/config_saved_objects.ndjson +++ b/salt/kibana/files/config_saved_objects.ndjson @@ -1 +1 @@ -{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.1","id": "8.6.1","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} +{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.2","id": "8.6.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} From 002403055df087f4e7b00ccf42038180e625eba8 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 17 Feb 2023 07:04:57 -0500 Subject: [PATCH 09/11] UPGRADE: Elastic 8.6.2 #9804 --- salt/kibana/bin/so-kibana-config-load | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load index 942cbe58a..550b97b19 100644 --- a/salt/kibana/bin/so-kibana-config-load +++ b/salt/kibana/bin/so-kibana-config-load @@ -59,7 +59,7 @@ update() { IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))' for i in "${LINES[@]}"; do - RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.6.1" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") + RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.6.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi done From 6e637f559c641b7579361b2070bafa68b79020f1 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 21 Feb 2023 16:35:11 -0500 Subject: [PATCH 10/11] Remove unsupported config option --- salt/fleet/files/packs/osquery-config.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/salt/fleet/files/packs/osquery-config.conf b/salt/fleet/files/packs/osquery-config.conf index 04659f3de..6734a124e 100644 --- a/salt/fleet/files/packs/osquery-config.conf +++ b/salt/fleet/files/packs/osquery-config.conf @@ -26,9 +26,6 @@ spec: distributed_tls_write_endpoint: /api/v1/osquery/distributed/write enable_windows_events_publisher: true enable_windows_events_subscriber: true - logger_plugin: tls - logger_tls_endpoint: /api/v1/osquery/log - logger_tls_period: 10 pack_delimiter: _ host_settings: enable_software_inventory: false From 5c8ba3af65d6db47b7b63f4b22c130c6e2d1f05a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 27 Feb 2023 09:23:33 -0500 Subject: [PATCH 11/11] 2.3.220 --- VERIFY_ISO.md | 22 ++++++++++---------- sigs/securityonion-2.3.220-20230224.iso.sig | Bin 0 -> 543 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.3.220-20230224.iso.sig diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 0cdeb52be..d52a2354f 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.210-20230202 ISO image built on 2023/02/02 +### 2.3.220-20230224 ISO image built on 2023/02/24 ### Download and Verify -2.3.210-20230202 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.210-20230202.iso +2.3.220-20230224 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230224.iso -MD5: ED38C36DBE40509FC5E87D82B07141C0 -SHA1: EDEBDBE75FF34DAD87E141CA8F8614295ED23FB5 -SHA256: 30068D4B910E83B63287EAB98E49497A584BAE07854367716813E5D610D3E5E3 +MD5: 74CDCE07BC5787567E07C1CAC64DC381 +SHA1: 8DA0E8541C46CBDCFA0FB9B60F3C95D027D4BB37 +SHA256: E5EDB011693AC33C40CAB483400F72FAF9615053867FD9C80DDD1AACAD9100B3 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.210-20230202.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230224.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.210-20230202.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230224.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.210-20230202.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230224.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.210-20230202.iso.sig securityonion-2.3.210-20230202.iso +gpg --verify securityonion-2.3.220-20230224.iso.sig securityonion-2.3.220-20230224.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 02 Feb 2023 08:31:18 PM EST using RSA key ID FE507013 +gpg: Signature made Fri 24 Feb 2023 02:32:08 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.220-20230224.iso.sig b/sigs/securityonion-2.3.220-20230224.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..916523a7c2780474f8846d39fc754c918c6c2e71 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;IF5V!ye2@re`V7LBIa1#Mj5B?}G9417Hz==^%y@X%~ zR*OtD7|9s_ScIq-u-24u4)Hm(#P*@>2^`>XB6`38_ovTWjJ%U8`zE9W(_&>=kOIw8 z(Nu-kHl+n-D&bEab16$EsYo1sH0{QO(oE2*M!8WTE;bQr>0%l!bmzI$xTSjPklE!6 z=&p&VmgOF3Ck$HiOP+Y4nR9hXcJ4l3t<|9TRM0B<&JA(Yxre?tIVzPt{;@6f;p}m# zmD`M7>_-U}=6f`_nJpLP-61z#S(mVa37%r-)6I{y56{LlKNYniwRXrFjwFiQU_K|l z`K%C&>hQ3i9z+Gkt*I4Yv_Y64&xRa|1;GSm zu04hFH=eMa@DTi1;GZv2dlBoMoW-BD5^7yC_eR`GAoO|%7RoZ6b(C2=s7`yN5kb^% zQ8WRfW#{1ShcU#-M+*i-q91$AKVW8hR$KH!FgMWwAkEIuTJbieBph-0j}kl1c29@* ziWEoD^X~{GF2*})v^K_V@BC19n_1J=0@~103<|$2zk|5&PE97Z#a>IGYoACyv_M4g zlZnamz~gxyxas9G6m&o literal 0 HcmV?d00001