CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9857 from Security-Onion-Solutions/dev

Browse Source 
2.3.220
This commit is contained in:
Mike Reeves
2023-02-27 09:35:14 -05:00
committed by GitHub
parent db27c22158 884883a225
commit 2ca2724a4c
11 changed files with 36 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
VERIFY_ISO.md
View File

@@ -1,18 +1,18 @@
### 2.3.210-20230202 ISO image built on 2023/02/02 ### 2.3.220-20230224 ISO image built on 2023/02/24
### Download and Verify ### Download and Verify
2.3.210-20230202 ISO image: 2.3.220-20230224 ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.210-20230202.iso https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230224.iso
MD5: ED38C36DBE40509FC5E87D82B07141C0 MD5: 74CDCE07BC5787567E07C1CAC64DC381
SHA1: EDEBDBE75FF34DAD87E141CA8F8614295ED23FB5 SHA1: 8DA0E8541C46CBDCFA0FB9B60F3C95D027D4BB37
SHA256: 30068D4B910E83B63287EAB98E49497A584BAE07854367716813E5D610D3E5E3 SHA256: E5EDB011693AC33C40CAB483400F72FAF9615053867FD9C80DDD1AACAD9100B3
Signature for ISO image: Signature for ISO image:
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.210-20230202.iso.sig https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230224.iso.sig
Signing key: Signing key:
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
Download the signature file for the ISO: Download the signature file for the ISO:
``` ```
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.210-20230202.iso.sig wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230224.iso.sig
``` ```
Download the ISO image: Download the ISO image:
``` ```
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.210-20230202.iso wget https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230224.iso
``` ```
Verify the downloaded ISO image using the signature file: Verify the downloaded ISO image using the signature file:
``` ```
gpg --verify securityonion-2.3.210-20230202.iso.sig securityonion-2.3.210-20230202.iso gpg --verify securityonion-2.3.220-20230224.iso.sig securityonion-2.3.220-20230224.iso
``` ```
The output should show "Good signature" and the Primary key fingerprint should match what's shown below: The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
``` ```
gpg: Signature made Thu 02 Feb 2023 08:31:18 PM EST using RSA key ID FE507013 gpg: Signature made Fri 24 Feb 2023 02:32:08 PM EST using RSA key ID FE507013
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>" gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.

2
VERSION
View File

@@ -1 +1 @@
2.3.210 2.3.220

7
salt/common/tools/sbin/so-fleet-user-add
View File

@@ -53,8 +53,10 @@ if [[ $? -ne 0 ]]; then
exit 2 exit 2
fi fi
TEMPPW=$FLEET_SA_PW!
# Create New User # Create New User
CREATE_OUTPUT=$(docker exec so-fleet fleetctl user create --email $USER_EMAIL --name $USER_EMAIL --password $USER_PASS --global-role admin 2>&1) CREATE_OUTPUT=$(docker exec so-fleet fleetctl user create --email $USER_EMAIL --name $USER_EMAIL --password $TEMPPW --global-role admin 2>&1)
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
echo "Successfully added user to Fleet" echo "Successfully added user to Fleet"
@@ -64,6 +66,9 @@ else
exit 2 exit 2
fi fi
# Reset New User Password to user supplied password
echo "$USER_PASS" | so-fleet-user-update "$USER_EMAIL"
# Disable forced password reset # Disable forced password reset
MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PW fleet -e \ MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PW fleet -e \
"UPDATE users SET admin_forced_password_reset = 0 WHERE email = '$USER_EMAIL'" 2>&1) "UPDATE users SET admin_forced_password_reset = 0 WHERE email = '$USER_EMAIL'" 2>&1)

12
salt/common/tools/sbin/soup
View File

@@ -553,6 +553,7 @@ preupgrade_changes() {
[[ "$INSTALLEDVERSION" == 2.3.182 ]] && up_to_2.3.190 [[ "$INSTALLEDVERSION" == 2.3.182 ]] && up_to_2.3.190
[[ "$INSTALLEDVERSION" == 2.3.190 ]] && up_to_2.3.200 [[ "$INSTALLEDVERSION" == 2.3.190 ]] && up_to_2.3.200
[[ "$INSTALLEDVERSION" == 2.3.200 ]] && up_to_2.3.210 [[ "$INSTALLEDVERSION" == 2.3.200 ]] && up_to_2.3.210
[[ "$INSTALLEDVERSION" == 2.3.210 ]] && up_to_2.3.220
true true
} }
@@ -578,6 +579,7 @@ postupgrade_changes() {
[[ "$POSTVERSION" == 2.3.182 ]] && post_to_2.3.190 [[ "$POSTVERSION" == 2.3.182 ]] && post_to_2.3.190
[[ "$POSTVERSION" == 2.3.190 ]] && post_to_2.3.200 [[ "$POSTVERSION" == 2.3.190 ]] && post_to_2.3.200
[[ "$POSTVERSION" == 2.3.200 ]] && post_to_2.3.210 [[ "$POSTVERSION" == 2.3.200 ]] && post_to_2.3.210
[[ "$POSTVERSION" == 2.3.210 ]] && post_to_2.3.220
true true
} }
@@ -706,6 +708,11 @@ post_to_2.3.210() {
POSTVERSION=2.3.210 POSTVERSION=2.3.210
} }
post_to_2.3.220() {
echo "Nothing to do for .220"
POSTVERSION=2.3.220
}
stop_salt_master() { stop_salt_master() {
# kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
set +e set +e
@@ -1041,6 +1048,11 @@ up_to_2.3.210() {
INSTALLEDVERSION=2.3.210 INSTALLEDVERSION=2.3.210
} }
up_to_2.3.220() {
echo "Upgrading to 2.3.220"
INSTALLEDVERSION=2.3.220
}
verify_upgradespace() { verify_upgradespace() {
CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
if [ "$CURRENTSPACE" -lt "10" ]; then if [ "$CURRENTSPACE" -lt "10" ]; then

3
salt/fleet/files/packs/osquery-config.conf
View File

@@ -26,9 +26,6 @@ spec:
distributed_tls_write_endpoint: /api/v1/osquery/distributed/write distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
enable_windows_events_publisher: true enable_windows_events_publisher: true
enable_windows_events_subscriber: true enable_windows_events_subscriber: true
logger_plugin: tls
logger_tls_endpoint: /api/v1/osquery/log
logger_tls_period: 10
pack_delimiter: _ pack_delimiter: _
host_settings: host_settings:
enable_software_inventory: false enable_software_inventory: false

2
salt/kibana/bin/so-kibana-config-load
View File

@@ -59,7 +59,7 @@ update() {
IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))' IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))'
for i in "${LINES[@]}"; do for i in "${LINES[@]}"; do
RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.6.1" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.6.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
done done

2
salt/kibana/files/config_saved_objects.ndjson
View File

@@ -1 +1 @@
{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.1","id": "8.6.1","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} {"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.2","id": "8.6.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}

2
salt/nginx/etc/nginx.conf
View File

@@ -319,7 +319,7 @@ http {
{%- if fleet_node %} {%- if fleet_node %}
location /fleet/ { location /fleet/ {
return 307 https://{{ fleet_ip }}/fleet; return 307 https://{{ fleet_ip }}/fleet/dashboard;
} }
{%- else %} {%- else %}

2
salt/soc/files/soc/tools.json
View File

@@ -3,6 +3,6 @@
{ "name": "toolGrafana", "description": "toolGrafanaHelp", "icon": "fa-external-link-alt", "target": "so-grafana", "link": "/grafana/d/so_overview" }, { "name": "toolGrafana", "description": "toolGrafanaHelp", "icon": "fa-external-link-alt", "target": "so-grafana", "link": "/grafana/d/so_overview" },
{ "name": "toolCyberchef", "description": "toolCyberchefHelp", "icon": "fa-external-link-alt", "target": "so-cyberchef", "link": "/cyberchef/" }, { "name": "toolCyberchef", "description": "toolCyberchefHelp", "icon": "fa-external-link-alt", "target": "so-cyberchef", "link": "/cyberchef/" },
{ "name": "toolPlaybook", "description": "toolPlaybookHelp", "icon": "fa-external-link-alt", "target": "so-playbook", "link": "/playbook/projects/detection-playbooks/issues/" }, { "name": "toolPlaybook", "description": "toolPlaybookHelp", "icon": "fa-external-link-alt", "target": "so-playbook", "link": "/playbook/projects/detection-playbooks/issues/" },
{ "name": "toolFleet", "description": "toolFleetHelp", "icon": "fa-external-link-alt", "target": "so-fleet", "link": "/fleet/" }, { "name": "toolFleet", "description": "toolFleetHelp", "icon": "fa-external-link-alt", "target": "so-fleet", "link": "/fleet/dashboard" },
{ "name": "toolNavigator", "description": "toolNavigatorHelp", "icon": "fa-external-link-alt", "target": "so-navigator", "link": "/navigator/" } { "name": "toolNavigator", "description": "toolNavigatorHelp", "icon": "fa-external-link-alt", "target": "so-navigator", "link": "/navigator/" }
] ]

2
setup/so-functions
View File

@@ -1511,7 +1511,7 @@ generate_passwords(){
PLAYBOOKADMINPASS=$(get_random_value) PLAYBOOKADMINPASS=$(get_random_value)
PLAYBOOKAUTOMATIONPASS=$(get_random_value) PLAYBOOKAUTOMATIONPASS=$(get_random_value)
FLEETPASS=$(get_random_value) FLEETPASS=$(get_random_value)
FLEETSAPASS=$(get_random_value) FLEETSAPASS="$(get_random_value)!1"
FLEETJWT=$(get_random_value) FLEETJWT=$(get_random_value)
GRAFANAPASS=$(get_random_value) GRAFANAPASS=$(get_random_value)
SENSORONIKEY=$(get_random_value) SENSORONIKEY=$(get_random_value)

BIN
sigs/securityonion-2.3.220-20230224.iso.sig Normal file
View File

Binary file not shown.