diff --git a/salt/elasticsearch/files/ingest/zeek.bsap_serial_header b/salt/elasticsearch/files/ingest/zeek.bsap_serial_header index 1c81dbf2a..8647e94c8 100644 --- a/salt/elasticsearch/files/ingest/zeek.bsap_serial_header +++ b/salt/elasticsearch/files/ingest/zeek.bsap_serial_header @@ -5,7 +5,7 @@ { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, { "rename": { "field": "message2.ser", "target_field": "bsap.message.serial.number", "ignore_missing": true } }, { "rename": { "field": "message2.dadd", "target_field": "bsap.destination.address", "ignore_missing": true } }, - { "rename": { "field": "message2.sadd", "target_field": "bsap.scource.address", "ignore_missing": true } }, + { "rename": { "field": "message2.sadd", "target_field": "bsap.source.address", "ignore_missing": true } }, { "rename": { "field": "message2.ctl", "target_field": "bsap.control.byte", "ignore_missing": true } }, { "rename": { "field": "message2.dfun", "target_field": "bsap.destination.function", "ignore_missing": true } }, { "rename": { "field": "message2.seq", "target_field": "bsap.message.sequence", "ignore_missing": true } }, @@ -14,4 +14,4 @@ { "rename": { "field": "message2.type_name", "target_field": "bsap.message.type", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] -} \ No newline at end of file +} diff --git a/salt/elasticsearch/files/ingest/zeek.ecat_aoe_info b/salt/elasticsearch/files/ingest/zeek.ecat_aoe_info index 009cd311f..c5f9b9dc3 100644 --- a/salt/elasticsearch/files/ingest/zeek.ecat_aoe_info +++ b/salt/elasticsearch/files/ingest/zeek.ecat_aoe_info @@ -3,12 +3,12 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.targetid", "target_field": "ecat.target.id", "ignore_missing": true } }, - { "rename": { "field": "message2.targetport", "target_field": "ecat.target.port", "ignore_missing": true } }, - { "convert": { "field": "ecat.target.port", "type": "integer", "ignore_missing": true } }, - { "rename": { "field": "message2.senderid", "target_field": "ecat.sender.id", "ignore_missing": true } }, - { "rename": { "field": "message2.senderport", "target_field": "ecat.sender.port", "ignore_missing": true } }, - { "convert": { "field": "ecat.sender.port", "type": "integer", "ignore_missing": true } }, + { "rename": { "field": "message2.targetid", "target_field": "destination.mac", "ignore_missing": true } }, + { "rename": { "field": "message2.targetport", "target_field": "destination.port", "ignore_missing": true } }, + { "convert": { "field": "destination.port", "type": "integer", "ignore_missing": true } }, + { "rename": { "field": "message2.senderid", "target_field": "source.mac", "ignore_missing": true } }, + { "rename": { "field": "message2.senderport", "target_field": "source.port", "ignore_missing": true } }, + { "convert": { "field": "source.port", "type": "integer", "ignore_missing": true } }, { "rename": { "field": "message2.cmd", "target_field": "ecat.command", "ignore_missing": true } }, { "rename": { "field": "message2.stateflags", "target_field": "ecat.state.flags", "ignore_missing": true } }, { "rename": { "field": "message2.data", "target_field": "ecat.data", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.ecat_arp_info b/salt/elasticsearch/files/ingest/zeek.ecat_arp_info index 522efecf5..cbc3676ab 100644 --- a/salt/elasticsearch/files/ingest/zeek.ecat_arp_info +++ b/salt/elasticsearch/files/ingest/zeek.ecat_arp_info @@ -4,11 +4,11 @@ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, { "rename": { "field": "message2.arp_type", "target_field": "ecat.arp.type", "ignore_missing": true } }, - { "rename": { "field": "message2.mac_src", "target_field": "ecat.srcmac", "ignore_missing": true } }, - { "rename": { "field": "message2.mac_dst", "target_field": "ecat.dstmac", "ignore_missing": true } }, - { "rename": { "field": "message2.SPA", "target_field": "ecat.sender.protocol.address", "ignore_missing": true } }, + { "rename": { "field": "message2.mac_src", "target_field": "source.mac", "ignore_missing": true } }, + { "rename": { "field": "message2.mac_dst", "target_field": "destination.mac", "ignore_missing": true } }, + { "rename": { "field": "message2.SPA", "target_field": "source.ip", "ignore_missing": true } }, { "rename": { "field": "message2.SHA", "target_field": "ecat.sender.hardware.address", "ignore_missing": true } }, - { "rename": { "field": "message2.TPA", "target_field": "ecat.target.protocol.address", "ignore_missing": true } }, + { "rename": { "field": "message2.TPA", "target_field": "destination.ip", "ignore_missing": true } }, { "rename": { "field": "message2.THA", "target_field": "ecat.target.hardware.address", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] diff --git a/salt/elasticsearch/files/ingest/zeek.ecat_log_address b/salt/elasticsearch/files/ingest/zeek.ecat_log_address index 141eeda00..ad0ee161f 100644 --- a/salt/elasticsearch/files/ingest/zeek.ecat_log_address +++ b/salt/elasticsearch/files/ingest/zeek.ecat_log_address @@ -3,8 +3,8 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.srcmac", "target_field": "ecat.srcmac", "ignore_missing": true } }, - { "rename": { "field": "message2.dstmac", "target_field": "ecat.dstmac", "ignore_missing": true } }, + { "rename": { "field": "message2.srcmac", "target_field": "source.mac", "ignore_missing": true } }, + { "rename": { "field": "message2.dstmac", "target_field": "destination.mac", "ignore_missing": true } }, { "rename": { "field": "message2.Log_Addr", "target_field": "ecat.log.address", "ignore_missing": true } }, { "rename": { "field": "message2.Length", "target_field": "ecat.length", "ignore_missing": true } }, { "rename": { "field": "message2.Command", "target_field": "ecat.command", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.ecat_registers b/salt/elasticsearch/files/ingest/zeek.ecat_registers index 4b4d4eebe..d0a11ba83 100644 --- a/salt/elasticsearch/files/ingest/zeek.ecat_registers +++ b/salt/elasticsearch/files/ingest/zeek.ecat_registers @@ -3,8 +3,8 @@ "processors" : [ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, - { "rename": { "field": "message2.srcmac", "target_field": "ecat.srcmac", "ignore_missing": true } }, - { "rename": { "field": "message2.dstmac", "target_field": "ecat.dstmac", "ignore_missing": true } }, + { "rename": { "field": "message2.srcmac", "target_field": "source.mac", "ignore_missing": true } }, + { "rename": { "field": "message2.dstmac", "target_field": "destination.mac", "ignore_missing": true } }, { "rename": { "field": "message2.Command", "target_field": "ecat.command", "ignore_missing": true } }, { "rename": { "field": "message2.Slave_Addr", "target_field": "ecat.slave.address", "ignore_missing": true } }, { "rename": { "field": "message2.Register_Type", "target_field": "ecat.register.type", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_browse b/salt/elasticsearch/files/ingest/zeek.opcua_browse index fa0f8bf81..80cd86fd5 100644 --- a/salt/elasticsearch/files/ingest/zeek.opcua_browse +++ b/salt/elasticsearch/files/ingest/zeek.opcua_browse @@ -4,13 +4,13 @@ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } }, - { "rename": { "field": "browse_service_type", "target_field": "opcua.service_type", "ignore_missing": true } }, - { "rename": { "field": "browse_view_id_encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "browse_view_id_numeric", "target_field": "opcua.identifier_numeric", "ignore_missing": true } }, - { "rename": { "field": "browse_view_description_timestamp", "target_field": "opcua.view.description_timestamp", "ignore_missing": true } }, - { "rename": { "field": "browse_view_description_view_version", "target_field": "opcua.description.view_version", "ignore_missing": true } }, - { "rename": { "field": "browse_description_link_id", "target_field": "opcua.description.link_id", "ignore_missing": true } }, - { "rename": { "field": "req_max_ref_nodes", "target_field": "opcua.request.max_ref_nodes", "ignore_missing": true } }, + { "rename": { "field": "message2.browse_service_type", "target_field": "opcua.service_type", "ignore_missing": true } }, + { "rename": { "field": "message2.browse_view_id_encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } }, + { "rename": { "field": "message2.browse_view_id_numeric", "target_field": "opcua.identifier_numeric", "ignore_missing": true } }, + { "rename": { "field": "message2.browse_view_description_timestamp", "target_field": "opcua.view.description_timestamp", "ignore_missing": true } }, + { "rename": { "field": "message2.browse_view_description_view_version", "target_field": "opcua.description.view_version", "ignore_missing": true } }, + { "rename": { "field": "message2.browse_description_link_id", "target_field": "opcua.description.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.req_max_ref_nodes", "target_field": "opcua.request.max_ref_nodes", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] } diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_description b/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_description index ef3755c8d..c84a9f16a 100644 --- a/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_description +++ b/salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_description @@ -4,17 +4,18 @@ { "remove": { "field": ["host"], "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, { "rename": { "field": "message2.endpoint_description_link_id", "target_field": "opcua.endpoint_description_link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.endpoint_uri", "target_field": "opcua.final", "ignore_missing": true } }, - { "rename": { "field": "message2.product_uri", "target_field": "opcua.message_size", "ignore_missing": true } }, - { "rename": { "field": "message2.encoding_mask", "target_field": "opcua.sender.buffer_size", "ignore_missing": true } }, - { "rename": { "field": "message2.locale", "target_field": "opcua.sequence_number", "ignore_missing": true } }, - { "rename": { "field": "message2.text", "target_field": "opcua.secure_channel.id", "ignore_missing": true } }, - { "rename": { "field": "message2.application_type", "target_field": "opcua.sequence_number", "ignore_missing": true } }, - { "rename": { "field": "message2.message_security_mode", "target_field": "opcua.link_id", "ignore_missing": true } }, - { "rename": { "field": "message2.security_policy_uri", "target_field": "opcua.request_id", "ignore_missing": true } }, - { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.namespace_index", "ignore_missing": true } }, - { "rename": { "field": "message2.transport_profile_uri", "target_field": "opcua.encoding_mask", "ignore_missing": true } }, - { "rename": { "field": "message2.security_level", "target_field": "opcua.identifier", "ignore_missing": true } }, + { "rename": { "field": "message2.application_uri", "target_field": "opcua.application_uri", "ignore_missing": true } }, + { "rename": { "field": "message2.endpoint_uri", "target_field": "opcua.endpoint_uri", "ignore_missing": true } }, + { "rename": { "field": "message2.product_uri", "target_field": "opcua.product_uri", "ignore_missing": true } }, + { "rename": { "field": "message2.encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } }, + { "rename": { "field": "message2.locale", "target_field": "opcua.locale", "ignore_missing": true } }, + { "rename": { "field": "message2.text", "target_field": "opcua.text", "ignore_missing": true } }, + { "rename": { "field": "message2.application_type", "target_field": "opcua.application_type", "ignore_missing": true } }, + { "rename": { "field": "message2.message_security_mode", "target_field": "opcua.message_security_mode", "ignore_missing": true } }, + { "rename": { "field": "message2.security_policy_uri", "target_field": "opcua.security_policy_uri", "ignore_missing": true } }, + { "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token_link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.transport_profile_uri", "target_field": "transport_profile_uri", "ignore_missing": true } }, + { "rename": { "field": "message2.security_level", "target_field": "opcua.security_level", "ignore_missing": true } }, { "pipeline": { "name": "zeek.common" } } ] } diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_read b/salt/elasticsearch/files/ingest/zeek.opcua_read new file mode 100644 index 000000000..e5d1c15fe --- /dev/null +++ b/salt/elasticsearch/files/ingest/zeek.opcua_read @@ -0,0 +1,10 @@ +{ + "description" : "zeek.opcua_read", + "processors" : [ + { "remove": { "field": ["host"], "ignore_failure": true } }, + { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, + { "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.read_results_link_id", "target_field": "opcua.read_results.link_id", "ignore_missing": true } }, + { "pipeline": { "name": "zeek.common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_read_nodes_to_read b/salt/elasticsearch/files/ingest/zeek.opcua_read_nodes_to_read new file mode 100644 index 000000000..a531531ef --- /dev/null +++ b/salt/elasticsearch/files/ingest/zeek.opcua_read_nodes_to_read @@ -0,0 +1,16 @@ +{ + "description" : "zeek.opcua_read_nodes_to_read", + "processors" : [ + { "remove": { "field": ["host"], "ignore_failure": true } }, + { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, + { "rename": { "field": "message2.nodes_to_read_link_id", "target_field": "opcua.nodes_to_read.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.node_id_encoding_mask", "target_field": "opcua.node_id.encoding_mask", "ignore_missing": true } }, + { "rename": { "field": "message2.node_id_namespace_idx", "target_field": "opcua.node_id.namespace_idx", "ignore_missing": true } }, + { "rename": { "field": "message2.node_id_string", "target_field": "opcua.node_id.string", "ignore_missing": true } }, + { "rename": { "field": "message2.attribute_id", "target_field": "opcua.attribute_id", "ignore_missing": true } }, + { "rename": { "field": "message2.attribute_id_str", "target_field": "opcua.attribute_id_str", "ignore_missing": true } }, + { "rename": { "field": "message2.data_encoding_name_idx", "target_field": "opcua.encoding_name_idx", "ignore_missing": true } }, + { "rename": { "field": "message2.data_encoding_name", "target_field": "opcua.encoding_name", "ignore_missing": true } }, + { "pipeline": { "name": "zeek.common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_read_results b/salt/elasticsearch/files/ingest/zeek.opcua_read_results new file mode 100644 index 000000000..28c417eba --- /dev/null +++ b/salt/elasticsearch/files/ingest/zeek.opcua_read_results @@ -0,0 +1,12 @@ +{ + "description" : "zeek.opcua_read_results", + "processors" : [ + { "remove": { "field": ["host"], "ignore_failure": true } }, + { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, + { "rename": { "field": "message2.results_link_id", "target_field": "opcua.results.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.level", "target_field": "opcua.level", "ignore_missing": true } }, + { "rename": { "field": "message2.data_value_encoding_mask", "target_field": "opcua.data_value_encoding_mask", "ignore_missing": true } }, + { "rename": { "field": "message2.status_code_link_id", "target_field": "opcua.status_code.link_id", "ignore_missing": true } }, + { "pipeline": { "name": "zeek.common" } } + ] +} diff --git a/salt/elasticsearch/files/ingest/zeek.opcua_read_results_link b/salt/elasticsearch/files/ingest/zeek.opcua_read_results_link new file mode 100644 index 000000000..0a1edc57b --- /dev/null +++ b/salt/elasticsearch/files/ingest/zeek.opcua_read_results_link @@ -0,0 +1,10 @@ +{ + "description" : "zeek.opcua_read_results_link", + "processors" : [ + { "remove": { "field": ["host"], "ignore_failure": true } }, + { "json": { "field": "message", "target_field": "message2", "ignore_failure": true} }, + { "rename": { "field": "message2.read_results_link_id", "target_field": "opcua.read_results.link_id", "ignore_missing": true } }, + { "rename": { "field": "message2.results_link_id", "target_field": "opcua.results.link_id", "ignore_missing": true } }, + { "pipeline": { "name": "zeek.common" } } + ] +} diff --git a/salt/sensoroni/files/analyzers/emailrep/emailrep.py b/salt/sensoroni/files/analyzers/emailrep/emailrep.py index d48977a07..0897c541a 100755 --- a/salt/sensoroni/files/analyzers/emailrep/emailrep.py +++ b/salt/sensoroni/files/analyzers/emailrep/emailrep.py @@ -53,7 +53,7 @@ def analyze(conf, input): def main(): dir = os.path.dirname(os.path.realpath(__file__)) - parser = argparse.ArgumentParser(description='Search Greynoise for a given artifact') + parser = argparse.ArgumentParser(description='Search EmailRep for a given artifact') parser.add_argument('artifact', help='the artifact represented in JSON format') parser.add_argument('-c', '--config', metavar="CONFIG_FILE", default=dir + "/emailrep.yaml", help='optional config file to use instead of the default config file') diff --git a/salt/sensoroni/files/analyzers/pulsedive/README.md b/salt/sensoroni/files/analyzers/pulsedive/README.md index d3879fb8d..7550457a8 100644 --- a/salt/sensoroni/files/analyzers/pulsedive/README.md +++ b/salt/sensoroni/files/analyzers/pulsedive/README.md @@ -5,7 +5,7 @@ Search Pulsedive for a domain, hash, IP, URI, URL, or User Agent. ## Configuration Requirements -``api_key`` - API key used for communication with the Virustotal API +``api_key`` - API key used for communication with the Pulsedive API This value should be set in the ``sensoroni`` pillar, like so: diff --git a/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py b/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py index fd9e0072f..68e08bfa2 100644 --- a/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py +++ b/salt/sensoroni/files/analyzers/pulsedive/pulsedive.py @@ -91,7 +91,7 @@ def analyze(conf, input): def main(): dir = os.path.dirname(os.path.realpath(__file__)) - parser = argparse.ArgumentParser(description='Search VirusTotal for a given artifact') + parser = argparse.ArgumentParser(description='Search Pulsedive for a given artifact') parser.add_argument('artifact', help='the artifact represented in JSON format') parser.add_argument('-c', '--config', metavar="CONFIG_FILE", default=dir + "/pulsedive.yaml", help='optional config file to use instead of the default config file') diff --git a/salt/sensoroni/files/analyzers/urlscan/README.md b/salt/sensoroni/files/analyzers/urlscan/README.md index 9f33c3106..cab1e7aa6 100644 --- a/salt/sensoroni/files/analyzers/urlscan/README.md +++ b/salt/sensoroni/files/analyzers/urlscan/README.md @@ -5,7 +5,7 @@ Submit a URL to Urlscan for analysis. ## Configuration Requirements -``api_key`` - API key used for communication with the Virustotal API +``api_key`` - API key used for communication with the urlscan API ``enabled`` - Determines whether or not the analyzer is enabled. Defaults to ``False`` ``visibility`` - Determines whether or not scan results are visibile publicly. Defaults to ``public`` ``timeout`` - Time to wait for scan results. Defaults to ``180``s diff --git a/salt/sensoroni/files/analyzers/urlscan/urlscan.py b/salt/sensoroni/files/analyzers/urlscan/urlscan.py index a07e61c89..1f226da53 100755 --- a/salt/sensoroni/files/analyzers/urlscan/urlscan.py +++ b/salt/sensoroni/files/analyzers/urlscan/urlscan.py @@ -77,7 +77,7 @@ def analyze(conf, input): def main(): dir = os.path.dirname(os.path.realpath(__file__)) - parser = argparse.ArgumentParser(description='Search Alienvault OTX for a given artifact') + parser = argparse.ArgumentParser(description='Search urlscan for a given artifact') parser.add_argument('artifact', help='the artifact represented in JSON format') parser.add_argument('-c', '--config', metavar="CONFIG_FILE", default=dir + "/urlscan.yaml", help='optional config file to use instead of the default config file') diff --git a/salt/soc/files/soc/motd.md b/salt/soc/files/soc/motd.md index fbc643993..061707fac 100644 --- a/salt/soc/files/soc/motd.md +++ b/salt/soc/files/soc/motd.md @@ -6,7 +6,7 @@ If you're ready to dive in, take a look at the [Alerts](/#/alerts) interface to ## What's New -To see all the latest features and fixes in this version of Security Onion, click the upper-right menu and then click the [What's New](/docs/#release-notes) link. +To see all the latest features and fixes in this version of Security Onion, click the upper-right menu and then click the [What's New](/docs/release-notes.html) link. ## Customize This Space diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index e6ee71b51..7c58796e3 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -123,15 +123,9 @@ } }, "client": { - {%- if ISAIRGAP is sameas true %} "docsUrl": "/docs/", "cheatsheetUrl": "/docs/cheatsheet.pdf", - "releaseNotesUrl": "/docs/#release-notes", - {%- else %} - "docsUrl": "https://docs.securityonion.net/en/2.3/", - "cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf", - "releaseNotesUrl": "https://docs.securityonion.net/en/2.3/release-notes", - {%- endif %} + "releaseNotesUrl": "/docs/release-notes.html", "apiTimeoutMs": {{ API_TIMEOUT }}, "webSocketTimeoutMs": {{ WEBSOCKET_TIMEOUT }}, "tipTimeoutMs": {{ TIP_TIMEOUT }}, diff --git a/salt/zeek/policy/securityonion/file-extraction/extract.zeek b/salt/zeek/policy/securityonion/file-extraction/extract.zeek index 8cdaf42dd..2ea98037b 100644 --- a/salt/zeek/policy/securityonion/file-extraction/extract.zeek +++ b/salt/zeek/policy/securityonion/file-extraction/extract.zeek @@ -47,7 +47,7 @@ event file_state_remove(f: fa_file) # Delete the file if it didn't pass our requirements check. local nuke = fmt("rm %s/%s", FileExtract::prefix, f$info$extracted); - when ( local nukeit = Exec::run([$cmd=nuke]) ) + when [nuke] ( local nukeit = Exec::run([$cmd=nuke]) ) { } return; @@ -58,7 +58,7 @@ event file_state_remove(f: fa_file) local dest = fmt("%scomplete/%s-%s-%s.%s", FileExtract::prefix, f$source, f$id, f$info$md5, extension); # Copy it to the $prefix/complete folder then delete it. I got some weird results with moving when it came to watchdog in python. local cmd = fmt("cp %s/%s %s && rm %s/%s", FileExtract::prefix, orig, dest, FileExtract::prefix, orig); - when ( local result = Exec::run([$cmd=cmd]) ) + when [cmd] ( local result = Exec::run([$cmd=cmd]) ) { } f$info$extracted = dest; diff --git a/setup/so-functions b/setup/so-functions index 062e4ccad..bd48d3fc5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1190,17 +1190,17 @@ installer_prereq_packages() { logCmd "systemctl start NetworkManager" elif [ "$OS" == ubuntu ]; then # Print message to stdout so the user knows setup is doing something - retry 50 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 # Install network manager so we can do interface stuff if ! command -v nmcli > /dev/null 2>&1; then - retry 50 10 "apt-get -y install network-manager" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y install network-manager" >> "$setup_log" 2>&1 || exit 1 { systemctl enable NetworkManager systemctl start NetworkManager } >> "$setup_log" 2<&1 fi if ! command -v curl > /dev/null 2>&1; then - retry 50 10 "apt-get -y install curl" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y install curl" >> "$setup_log" 2>&1 || exit 1 fi fi } @@ -1247,23 +1247,23 @@ docker_install() { else case "$install_type" in 'MANAGER' | 'EVAL' | 'STANDALONE' | 'MANAGERSEARCH' | 'IMPORT') - retry 50 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 ;; *) - retry 50 10 "apt-key add $temp_install_dir/gpg/docker.pub" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-key add $temp_install_dir/gpg/docker.pub" >> "$setup_log" 2>&1 || exit 1 add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> "$setup_log" 2>&1 - retry 50 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 ;; esac if [ $OSVER == "bionic" ]; then service docker stop apt -y purge docker-ce docker-ce-cli docker-ce-rootless-extras - retry 50 10 "apt-get -y install --allow-downgrades docker-ce=5:20.10.5~3-0~ubuntu-bionic docker-ce-cli=5:20.10.5~3-0~ubuntu-bionic docker-ce-rootless-extras=5:20.10.5~3-0~ubuntu-bionic python3-docker" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y install --allow-downgrades docker-ce=5:20.10.5~3-0~ubuntu-bionic docker-ce-cli=5:20.10.5~3-0~ubuntu-bionic docker-ce-rootless-extras=5:20.10.5~3-0~ubuntu-bionic python3-docker" >> "$setup_log" 2>&1 || exit 1 apt-mark hold docker-ce docker-ce-cli docker-ce-rootless-extras elif [ $OSVER == "focal" ]; then service docker stop apt -y purge docker-ce docker-ce-cli docker-ce-rootless-extras - retry 50 10 "apt-get -y install --allow-downgrades docker-ce=5:20.10.8~3-0~ubuntu-focal docker-ce-cli=5:20.10.8~3-0~ubuntu-focal docker-ce-rootless-extras=5:20.10.8~3-0~ubuntu-focal python3-docker" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y install --allow-downgrades docker-ce=5:20.10.8~3-0~ubuntu-focal docker-ce-cli=5:20.10.8~3-0~ubuntu-focal docker-ce-rootless-extras=5:20.10.8~3-0~ubuntu-focal python3-docker" >> "$setup_log" 2>&1 || exit 1 apt-mark hold docker-ce docker-ce-cli docker-ce-rootless-extras fi fi @@ -2296,7 +2296,7 @@ saltify() { logCmd "systemctl enable salt-minion" logCmd "yum versionlock salt*" else - DEBIAN_FRONTEND=noninteractive retry 50 10 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || exit 1 + DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || exit 1 if [ $OSVER == "bionic" ]; then # Switch to Python 3 as default for bionic @@ -2316,7 +2316,7 @@ saltify() { 'netcat' 'jq' ) - retry 50 10 "apt-get -y install ${pkg_arr[*]}" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y install ${pkg_arr[*]}" >> "$setup_log" 2>&1 || exit 1 # Grab the version from the os-release file local ubuntu_version @@ -2324,7 +2324,7 @@ saltify() { case "$install_type" in 'FLEET') - retry 50 10 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || exit 1 ;; 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT' | 'HELIXSENSOR') @@ -2347,12 +2347,12 @@ saltify() { # Add repo echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" - retry 50 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 set_progress_str 6 'Installing various dependencies' - retry 50 10 "apt-get -y install sqlite3 libssl-dev" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y install sqlite3 libssl-dev" >> "$setup_log" 2>&1 || exit 1 set_progress_str 7 'Installing salt-master' - retry 50 10 "apt-get -y install salt-master=3004.2+ds-1" >> "$setup_log" 2>&1 || exit 1 - retry 50 10 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y install salt-master=3004.2+ds-1" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || exit 1 ;; *) # Copy down the gpg keys and install them from the manager @@ -2367,11 +2367,11 @@ saltify() { ;; esac - retry 50 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 set_progress_str 8 'Installing salt-minion & python modules' - retry 50 10 "apt-get -y install salt-minion=3004.2+ds-1 salt-common=3004.2+ds-1" >> "$setup_log" 2>&1 || exit 1 - retry 50 10 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || exit 1 - retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y install salt-minion=3004.2+ds-1 salt-common=3004.2+ds-1" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" >> "$setup_log" 2>&1 || exit 1 fi } @@ -2870,8 +2870,8 @@ update_packages() { logCmd "yum repolist" logCmd "yum -y update --exclude=salt*,wazuh*,docker*,containerd*" else - retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1 - retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1 + retry 150 20 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1 fi } diff --git a/setup/so-preflight b/setup/so-preflight index d1fd89b6e..fca878be1 100755 --- a/setup/so-preflight +++ b/setup/so-preflight @@ -65,7 +65,7 @@ check_default_repos() { printf '%s' 'apt update.' | tee -a "$preflight_log" fi echo "" >> "$preflight_log" - retry 50 10 "apt-get -y update" >> $preflight_log 2>&1 + retry 150 20 "apt-get -y update" >> $preflight_log 2>&1 ret_code=$? [[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE' @@ -174,7 +174,7 @@ preflight_prereqs() { if [[ $OS == 'centos' ]]; then : # no-op to match structure of other checks for $OS var else - retry 50 10 "apt-get -y install curl" >> "$preflight_log" 2>&1 || ret_code=1 + retry 150 20 "apt-get -y install curl" >> "$preflight_log" 2>&1 || ret_code=1 fi return $ret_code