Merge pull request #339 from Security-Onion-Solutions/feature/nginx

Move index.html outside the docker

salt/common/init.sls

@@ -102,6 +102,13 @@ nginxconf:
     - template: jinja
     - source: salt://common/nginx/nginx.conf.{{ grains.role }}
 
+copyindex:
+  file.managed:
+    - name: /opt/so/conf/nginx/index.html
+    - user: 939
+    - group: 939
+    - source: salt://common/nginx/index.html
+
 nginxlogdir:
   file.directory:
     - name: /opt/so/log/nginx/
@@ -124,6 +131,7 @@ so-core:
     - binds:
       - /opt/so:/opt/so:rw
       - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - /opt/so/conf/nginx/index.html:/opt/socore/html/index.html:ro
       - /opt/so/log/nginx/:/var/log/nginx:rw
       - /opt/so/tmp/nginx/:/var/lib/nginx:rw
       - /opt/so/tmp/nginx/:/run:rw
@@ -189,7 +197,7 @@ so-telegraf:
       - /proc:/host/proc:ro
       - /nsm:/host/nsm:ro
       - /etc:/host/etc:ro
-      {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
+      {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-mastersearch' %}
       - /etc/pki/ca.crt:/etc/telegraf/ca.crt:ro
       {% else %}
       - /etc/ssl/certs/intca.crt:/etc/telegraf/ca.crt:ro

salt/common/nginx/index.html

@@ -76,6 +76,7 @@ a {
 <body>
 	<div class="center">
 		<div class="topnav center">
+			<a href="/so-auth/loginpage/create-user" target="_blank">Create New User</a>
 			<a href="/kibana/" target="_blank">Kibana</a>
 			<a href="/grafana/" target="_blank">Grafana</a>
 			<a href="/sensoroni/" target="_blank">Sensoroni</a>
@@ -91,30 +92,27 @@ a {
 		<div class="content center">
 			<center><a href="https://securityonion.net"><img STYLE="border: none;" src="alpha_logo.jpg" alt="Security Onion" align="center" target="_blank"></img></a><br></center>
 
-			<p><center><h1>Hybrid Hunter Alpha v1.1.3 Release Notes</h1></center><br>
+			<p><center><h1>Hybrid Hunter Alpha 1.1.4 - Feature Parity Release</h1></center><br>
 				<h2>Changes:</h2>
         <ul>
-		<li>Overhaul of the setup script to support both ISO and network based setups</li>
-		<li>ISO will now boot properly from a USB stick.</li>
-		<li>Python 3 is now default.</li>
-		<li>Fix Filebeat from restarting every check in due to x509 refresh issue.</li>
-		<li>Cortex installed and integrated with TheHive.</li>
-		<li>Switched to using vanilla Kolide Fleet and upgraded to latest version (2.4) .</li>
-		<li>&nbsp;Playbook changes
-		<ul>
-		<li>Now preloaded with Plays generated from Sysmon Sigma signatures in the <a href="https://github.com/Neo23x0/sigma/tree/master/rules/windows/sysmon">Sigma community repo</a></li>
-		<li>New update script that updates / pulls in new Sigma signatures from the community repo .</li>
-		<li>Bulk enable / disable plays from the webui .</li>
-		<li>Updated sigmac mapping template &amp; configuration (backend is now elastalert) .</li>
-		<li>Updated TheHive alerts formatting</li>
-		</ul>
-		</li>
-		<li>OS patch scheduling
-		<ul>
-		<li>During setup, choose between auto, manual, or scheduled OS patch interval</li>
-		<li>For scheduled, create a new or import an existing named schedule</li>
-		</ul>
-		</li>
+          <li>Added new in-house auth method [Security Onion Auth](https://github.com/Security-Onion-Solutions/securityonion-auth).</li>
+          <li>Web user creation is done via the browser now instead of so-user-add.</li>
+          <li>New Logstash pipeline setup. Now uses multiple pipelines.</li>
+          <li>New Master + Search node type and well as a Heavy Node type in the install.</li>
+          <li>Change all nodes to point to the docker registry on the Master. This cuts down on the calls to dockerhub.</li>
+          <li>Zeek 3.0.1</li>
+          <li>Elastic 6.8.6</li>
+          <li>New SO Start | Stop | Restart scripts for all components (eg. `so-playbook-restart`).</li>
+          <li>BPF support for Suricata (NIDS), Steno (PCAP) & Zeek ([Docs](https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/BPF)).</li>
+          <li>Updated Domain Stats & Frequency Server containers to Python3 & created new Salt states for them.</li>
+          <li>Added so-status script which gives an easy to read look at container status.</li>
+          <li>Manage threshold.conf for Suricata using the thresholding pillar.</li>
+          <li>The ISO now includes all the docker containers for faster install speeds.</li>
+          <li>You now set the password for the onion account during the iso install. This account is temporary and will be removed after so-setup.</li>
+          <li>Updated Helix parsers for better compatibility.</li>
+          <li>Updated telegraf docker to include curl and jq.</li>
+          <li>CVE-2020-0601 Zeek Detection Script.</li>
+          <li>ISO Install now prompts you to create a password for the onion user during imaging. This account gets disabled during setup.</li>
     		  <li>Check out the <a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Hybrid-Hunter-Quick-Start-Guide" target="_blank">Hybrid Hunter Quick Start Guide</a>.</li>
 		   </ul>
 	  </p>