CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9163 from Security-Onion-Solutions/dev

Browse Source 
Update Foxtrot from Dev
This commit is contained in:
Peter Di Giorgio
2022-11-17 10:44:24 -06:00
committed by GitHub
parent 13b6b43324 7319cb07e2
commit 33bf0c6902
21 changed files with 115 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elasticsearch/files/ingest/zeek.bsap_serial_header
View File

@@ -5,7 +5,7 @@
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.ser", "target_field": "bsap.message.serial.number", "ignore_missing": true } },
{ "rename": { "field": "message2.dadd", "target_field": "bsap.destination.address", "ignore_missing": true } },
{ "rename": { "field": "message2.sadd", "target_field": "bsap.scource.address", "ignore_missing": true } },
{ "rename": { "field": "message2.sadd", "target_field": "bsap.source.address", "ignore_missing": true } },
{ "rename": { "field": "message2.ctl", "target_field": "bsap.control.byte", "ignore_missing": true } },
{ "rename": { "field": "message2.dfun", "target_field": "bsap.destination.function", "ignore_missing": true } },
{ "rename": { "field": "message2.seq", "target_field": "bsap.message.sequence", "ignore_missing": true } },

12
salt/elasticsearch/files/ingest/zeek.ecat_aoe_info
View File

@@ -3,12 +3,12 @@
"processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.targetid", "target_field": "ecat.target.id", "ignore_missing": true } },
{ "rename": { "field": "message2.targetport", "target_field": "ecat.target.port", "ignore_missing": true } },
{ "convert": { "field": "ecat.target.port", "type": "integer", "ignore_missing": true } },
{ "rename": { "field": "message2.senderid", "target_field": "ecat.sender.id", "ignore_missing": true } },
{ "rename": { "field": "message2.senderport", "target_field": "ecat.sender.port", "ignore_missing": true } },
{ "convert": { "field": "ecat.sender.port", "type": "integer", "ignore_missing": true } },
{ "rename": { "field": "message2.targetid", "target_field": "destination.mac", "ignore_missing": true } },
{ "rename": { "field": "message2.targetport", "target_field": "destination.port", "ignore_missing": true } },
{ "convert": { "field": "destination.port", "type": "integer", "ignore_missing": true } },
{ "rename": { "field": "message2.senderid", "target_field": "source.mac", "ignore_missing": true } },
{ "rename": { "field": "message2.senderport", "target_field": "source.port", "ignore_missing": true } },
{ "convert": { "field": "source.port", "type": "integer", "ignore_missing": true } },
{ "rename": { "field": "message2.cmd", "target_field": "ecat.command", "ignore_missing": true } },
{ "rename": { "field": "message2.stateflags", "target_field": "ecat.state.flags", "ignore_missing": true } },
{ "rename": { "field": "message2.data", "target_field": "ecat.data", "ignore_missing": true } },

8
salt/elasticsearch/files/ingest/zeek.ecat_arp_info
View File

@@ -4,11 +4,11 @@
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.arp_type", "target_field": "ecat.arp.type", "ignore_missing": true } },
{ "rename": { "field": "message2.mac_src", "target_field": "ecat.srcmac", "ignore_missing": true } },
{ "rename": { "field": "message2.mac_dst", "target_field": "ecat.dstmac", "ignore_missing": true } },
{ "rename": { "field": "message2.SPA", "target_field": "ecat.sender.protocol.address", "ignore_missing": true } },
{ "rename": { "field": "message2.mac_src", "target_field": "source.mac", "ignore_missing": true } },
{ "rename": { "field": "message2.mac_dst", "target_field": "destination.mac", "ignore_missing": true } },
{ "rename": { "field": "message2.SPA", "target_field": "source.ip", "ignore_missing": true } },
{ "rename": { "field": "message2.SHA", "target_field": "ecat.sender.hardware.address", "ignore_missing": true } },
{ "rename": { "field": "message2.TPA", "target_field": "ecat.target.protocol.address", "ignore_missing": true } },
{ "rename": { "field": "message2.TPA", "target_field": "destination.ip", "ignore_missing": true } },
{ "rename": { "field": "message2.THA", "target_field": "ecat.target.hardware.address", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
]

4
salt/elasticsearch/files/ingest/zeek.ecat_log_address
View File

@@ -3,8 +3,8 @@
"processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.srcmac", "target_field": "ecat.srcmac", "ignore_missing": true } },
{ "rename": { "field": "message2.dstmac", "target_field": "ecat.dstmac", "ignore_missing": true } },
{ "rename": { "field": "message2.srcmac", "target_field": "source.mac", "ignore_missing": true } },
{ "rename": { "field": "message2.dstmac", "target_field": "destination.mac", "ignore_missing": true } },
{ "rename": { "field": "message2.Log_Addr", "target_field": "ecat.log.address", "ignore_missing": true } },
{ "rename": { "field": "message2.Length", "target_field": "ecat.length", "ignore_missing": true } },
{ "rename": { "field": "message2.Command", "target_field": "ecat.command", "ignore_missing": true } },

4
salt/elasticsearch/files/ingest/zeek.ecat_registers
View File

@@ -3,8 +3,8 @@
"processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.srcmac", "target_field": "ecat.srcmac", "ignore_missing": true } },
{ "rename": { "field": "message2.dstmac", "target_field": "ecat.dstmac", "ignore_missing": true } },
{ "rename": { "field": "message2.srcmac", "target_field": "source.mac", "ignore_missing": true } },
{ "rename": { "field": "message2.dstmac", "target_field": "destination.mac", "ignore_missing": true } },
{ "rename": { "field": "message2.Command", "target_field": "ecat.command", "ignore_missing": true } },
{ "rename": { "field": "message2.Slave_Addr", "target_field": "ecat.slave.address", "ignore_missing": true } },
{ "rename": { "field": "message2.Register_Type", "target_field": "ecat.register.type", "ignore_missing": true } },

14
salt/elasticsearch/files/ingest/zeek.opcua_browse
View File

@@ -4,13 +4,13 @@
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },
{ "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } },
{ "rename": { "field": "browse_service_type", "target_field": "opcua.service_type", "ignore_missing": true } },
{ "rename": { "field": "browse_view_id_encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } },
{ "rename": { "field": "browse_view_id_numeric", "target_field": "opcua.identifier_numeric", "ignore_missing": true } },
{ "rename": { "field": "browse_view_description_timestamp", "target_field": "opcua.view.description_timestamp", "ignore_missing": true } },
{ "rename": { "field": "browse_view_description_view_version", "target_field": "opcua.description.view_version", "ignore_missing": true } },
{ "rename": { "field": "browse_description_link_id", "target_field": "opcua.description.link_id", "ignore_missing": true } },
{ "rename": { "field": "req_max_ref_nodes", "target_field": "opcua.request.max_ref_nodes", "ignore_missing": true } },
{ "rename": { "field": "message2.browse_service_type", "target_field": "opcua.service_type", "ignore_missing": true } },
{ "rename": { "field": "message2.browse_view_id_encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } },
{ "rename": { "field": "message2.browse_view_id_numeric", "target_field": "opcua.identifier_numeric", "ignore_missing": true } },
{ "rename": { "field": "message2.browse_view_description_timestamp", "target_field": "opcua.view.description_timestamp", "ignore_missing": true } },
{ "rename": { "field": "message2.browse_view_description_view_version", "target_field": "opcua.description.view_version", "ignore_missing": true } },
{ "rename": { "field": "message2.browse_description_link_id", "target_field": "opcua.description.link_id", "ignore_missing": true } },
{ "rename": { "field": "message2.req_max_ref_nodes", "target_field": "opcua.request.max_ref_nodes", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
]
}

23
salt/elasticsearch/files/ingest/zeek.opcua_get_endpoints_description
View File

@@ -4,17 +4,18 @@
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },
{ "rename": { "field": "message2.endpoint_description_link_id", "target_field": "opcua.endpoint_description_link_id", "ignore_missing": true } },
{ "rename": { "field": "message2.endpoint_uri", "target_field": "opcua.final", "ignore_missing": true } },
{ "rename": { "field": "message2.product_uri", "target_field": "opcua.message_size", "ignore_missing": true } },
{ "rename": { "field": "message2.encoding_mask", "target_field": "opcua.sender.buffer_size", "ignore_missing": true } },
{ "rename": { "field": "message2.locale", "target_field": "opcua.sequence_number", "ignore_missing": true } },
{ "rename": { "field": "message2.text", "target_field": "opcua.secure_channel.id", "ignore_missing": true } },
{ "rename": { "field": "message2.application_type", "target_field": "opcua.sequence_number", "ignore_missing": true } },
{ "rename": { "field": "message2.message_security_mode", "target_field": "opcua.link_id", "ignore_missing": true } },
{ "rename": { "field": "message2.security_policy_uri", "target_field": "opcua.request_id", "ignore_missing": true } },
{ "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.namespace_index", "ignore_missing": true } },
{ "rename": { "field": "message2.transport_profile_uri", "target_field": "opcua.encoding_mask", "ignore_missing": true } },
{ "rename": { "field": "message2.security_level", "target_field": "opcua.identifier", "ignore_missing": true } },
{ "rename": { "field": "message2.application_uri", "target_field": "opcua.application_uri", "ignore_missing": true } },
{ "rename": { "field": "message2.endpoint_uri", "target_field": "opcua.endpoint_uri", "ignore_missing": true } },
{ "rename": { "field": "message2.product_uri", "target_field": "opcua.product_uri", "ignore_missing": true } },
{ "rename": { "field": "message2.encoding_mask", "target_field": "opcua.encoding_mask", "ignore_missing": true } },
{ "rename": { "field": "message2.locale", "target_field": "opcua.locale", "ignore_missing": true } },
{ "rename": { "field": "message2.text", "target_field": "opcua.text", "ignore_missing": true } },
{ "rename": { "field": "message2.application_type", "target_field": "opcua.application_type", "ignore_missing": true } },
{ "rename": { "field": "message2.message_security_mode", "target_field": "opcua.message_security_mode", "ignore_missing": true } },
{ "rename": { "field": "message2.security_policy_uri", "target_field": "opcua.security_policy_uri", "ignore_missing": true } },
{ "rename": { "field": "message2.user_token_link_id", "target_field": "opcua.user_token_link_id", "ignore_missing": true } },
{ "rename": { "field": "message2.transport_profile_uri", "target_field": "transport_profile_uri", "ignore_missing": true } },
{ "rename": { "field": "message2.security_level", "target_field": "opcua.security_level", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
]
}

10
salt/elasticsearch/files/ingest/zeek.opcua_read Normal file
View File

@@ -0,0 +1,10 @@
{
"description" : "zeek.opcua_read",
"processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },
{ "rename": { "field": "message2.opcua_link_id", "target_field": "opcua.link_id", "ignore_missing": true } },
{ "rename": { "field": "message2.read_results_link_id", "target_field": "opcua.read_results.link_id", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
]
}

16
salt/elasticsearch/files/ingest/zeek.opcua_read_nodes_to_read Normal file
View File

@@ -0,0 +1,16 @@
{
"description" : "zeek.opcua_read_nodes_to_read",
"processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },
{ "rename": { "field": "message2.nodes_to_read_link_id", "target_field": "opcua.nodes_to_read.link_id", "ignore_missing": true } },
{ "rename": { "field": "message2.node_id_encoding_mask", "target_field": "opcua.node_id.encoding_mask", "ignore_missing": true } },
{ "rename": { "field": "message2.node_id_namespace_idx", "target_field": "opcua.node_id.namespace_idx", "ignore_missing": true } },
{ "rename": { "field": "message2.node_id_string", "target_field": "opcua.node_id.string", "ignore_missing": true } },
{ "rename": { "field": "message2.attribute_id", "target_field": "opcua.attribute_id", "ignore_missing": true } },
{ "rename": { "field": "message2.attribute_id_str", "target_field": "opcua.attribute_id_str", "ignore_missing": true } },
{ "rename": { "field": "message2.data_encoding_name_idx", "target_field": "opcua.encoding_name_idx", "ignore_missing": true } },
{ "rename": { "field": "message2.data_encoding_name", "target_field": "opcua.encoding_name", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
]
}

12
salt/elasticsearch/files/ingest/zeek.opcua_read_results Normal file
View File

@@ -0,0 +1,12 @@
{
"description" : "zeek.opcua_read_results",
"processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },
{ "rename": { "field": "message2.results_link_id", "target_field": "opcua.results.link_id", "ignore_missing": true } },
{ "rename": { "field": "message2.level", "target_field": "opcua.level", "ignore_missing": true } },
{ "rename": { "field": "message2.data_value_encoding_mask", "target_field": "opcua.data_value_encoding_mask", "ignore_missing": true } },
{ "rename": { "field": "message2.status_code_link_id", "target_field": "opcua.status_code.link_id", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
]
}

10
salt/elasticsearch/files/ingest/zeek.opcua_read_results_link Normal file
View File

@@ -0,0 +1,10 @@
{
"description" : "zeek.opcua_read_results_link",
"processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true} },
{ "rename": { "field": "message2.read_results_link_id", "target_field": "opcua.read_results.link_id", "ignore_missing": true } },
{ "rename": { "field": "message2.results_link_id", "target_field": "opcua.results.link_id", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
]
}

2
salt/sensoroni/files/analyzers/emailrep/emailrep.py
View File

@@ -53,7 +53,7 @@ def analyze(conf, input):
def main():
dir = os.path.dirname(os.path.realpath(__file__))
parser = argparse.ArgumentParser(description='Search Greynoise for a given artifact')
parser = argparse.ArgumentParser(description='Search EmailRep for a given artifact')
parser.add_argument('artifact', help='the artifact represented in JSON format')
parser.add_argument('-c', '--config', metavar="CONFIG_FILE", default=dir + "/emailrep.yaml", help='optional config file to use instead of the default config file')

2
salt/sensoroni/files/analyzers/pulsedive/README.md
View File

@@ -5,7 +5,7 @@ Search Pulsedive for a domain, hash, IP, URI, URL, or User Agent.
## Configuration Requirements
``api_key`` - API key used for communication with the Virustotal API
``api_key`` - API key used for communication with the Pulsedive API
This value should be set in the ``sensoroni`` pillar, like so:

2
salt/sensoroni/files/analyzers/pulsedive/pulsedive.py
View File

@@ -91,7 +91,7 @@ def analyze(conf, input):
def main():
dir = os.path.dirname(os.path.realpath(__file__))
parser = argparse.ArgumentParser(description='Search VirusTotal for a given artifact')
parser = argparse.ArgumentParser(description='Search Pulsedive for a given artifact')
parser.add_argument('artifact', help='the artifact represented in JSON format')
parser.add_argument('-c', '--config', metavar="CONFIG_FILE", default=dir + "/pulsedive.yaml", help='optional config file to use instead of the default config file')

2
salt/sensoroni/files/analyzers/urlscan/README.md
View File

@@ -5,7 +5,7 @@ Submit a URL to Urlscan for analysis.
## Configuration Requirements
``api_key`` - API key used for communication with the Virustotal API
``api_key`` - API key used for communication with the urlscan API
``enabled`` - Determines whether or not the analyzer is enabled. Defaults to ``False``
``visibility`` - Determines whether or not scan results are visibile publicly. Defaults to ``public``
``timeout`` - Time to wait for scan results. Defaults to ``180``s

2
salt/sensoroni/files/analyzers/urlscan/urlscan.py
View File

@@ -77,7 +77,7 @@ def analyze(conf, input):
def main():
dir = os.path.dirname(os.path.realpath(__file__))
parser = argparse.ArgumentParser(description='Search Alienvault OTX for a given artifact')
parser = argparse.ArgumentParser(description='Search urlscan for a given artifact')
parser.add_argument('artifact', help='the artifact represented in JSON format')
parser.add_argument('-c', '--config', metavar="CONFIG_FILE", default=dir + "/urlscan.yaml", help='optional config file to use instead of the default config file')

2
salt/soc/files/soc/motd.md
View File

@@ -6,7 +6,7 @@ If you're ready to dive in, take a look at the [Alerts](/#/alerts) interface to
## What's New
To see all the latest features and fixes in this version of Security Onion, click the upper-right menu and then click the [What's New](/docs/#release-notes) link.
To see all the latest features and fixes in this version of Security Onion, click the upper-right menu and then click the [What's New](/docs/release-notes.html) link.
## Customize This Space

8
salt/soc/files/soc/soc.json
View File

@@ -123,15 +123,9 @@
}
},
"client": {
{%- if ISAIRGAP is sameas true %}
"docsUrl": "/docs/",
"cheatsheetUrl": "/docs/cheatsheet.pdf",
"releaseNotesUrl": "/docs/#release-notes",
{%- else %}
"docsUrl": "https://docs.securityonion.net/en/2.3/",
"cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf",
"releaseNotesUrl": "https://docs.securityonion.net/en/2.3/release-notes",
{%- endif %}
"releaseNotesUrl": "/docs/release-notes.html",
"apiTimeoutMs": {{ API_TIMEOUT }},
"webSocketTimeoutMs": {{ WEBSOCKET_TIMEOUT }},
"tipTimeoutMs": {{ TIP_TIMEOUT }},

4
salt/zeek/policy/securityonion/file-extraction/extract.zeek
View File

@@ -47,7 +47,7 @@ event file_state_remove(f: fa_file)
# Delete the file if it didn't pass our requirements check.
local nuke = fmt("rm %s/%s", FileExtract::prefix, f$info$extracted);
when ( local nukeit = Exec::run([$cmd=nuke]) )
when [nuke] ( local nukeit = Exec::run([$cmd=nuke]) )
{
}
return;
@@ -58,7 +58,7 @@ event file_state_remove(f: fa_file)
local dest = fmt("%scomplete/%s-%s-%s.%s", FileExtract::prefix, f$source, f$id, f$info$md5, extension);
# Copy it to the $prefix/complete folder then delete it. I got some weird results with moving when it came to watchdog in python.
local cmd = fmt("cp %s/%s %s && rm %s/%s", FileExtract::prefix, orig, dest, FileExtract::prefix, orig);
when ( local result = Exec::run([$cmd=cmd]) )
when [cmd] ( local result = Exec::run([$cmd=cmd]) )
{
}
f$info$extracted = dest;

42
setup/so-functions
View File

@@ -1190,17 +1190,17 @@ installer_prereq_packages() {
logCmd "systemctl start NetworkManager"
elif [ "$OS" == ubuntu ]; then
# Print message to stdout so the user knows setup is doing something
retry 50 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
# Install network manager so we can do interface stuff
if ! command -v nmcli > /dev/null 2>&1; then
retry 50 10 "apt-get -y install network-manager" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y install network-manager" >> "$setup_log" 2>&1 || exit 1
{
systemctl enable NetworkManager
systemctl start NetworkManager
} >> "$setup_log" 2<&1
fi
if ! command -v curl > /dev/null 2>&1; then
retry 50 10 "apt-get -y install curl" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y install curl" >> "$setup_log" 2>&1 || exit 1
fi
fi
}
@@ -1247,23 +1247,23 @@ docker_install() {
else
case "$install_type" in
'MANAGER' | 'EVAL' | 'STANDALONE' | 'MANAGERSEARCH' | 'IMPORT')
retry 50 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
;;
*)
retry 50 10 "apt-key add $temp_install_dir/gpg/docker.pub" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-key add $temp_install_dir/gpg/docker.pub" >> "$setup_log" 2>&1 || exit 1
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> "$setup_log" 2>&1
retry 50 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
;;
esac
if [ $OSVER == "bionic" ]; then
service docker stop
apt -y purge docker-ce docker-ce-cli docker-ce-rootless-extras
retry 50 10 "apt-get -y install --allow-downgrades docker-ce=5:20.10.5~3-0~ubuntu-bionic docker-ce-cli=5:20.10.5~3-0~ubuntu-bionic docker-ce-rootless-extras=5:20.10.5~3-0~ubuntu-bionic python3-docker" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y install --allow-downgrades docker-ce=5:20.10.5~3-0~ubuntu-bionic docker-ce-cli=5:20.10.5~3-0~ubuntu-bionic docker-ce-rootless-extras=5:20.10.5~3-0~ubuntu-bionic python3-docker" >> "$setup_log" 2>&1 || exit 1
apt-mark hold docker-ce docker-ce-cli docker-ce-rootless-extras
elif [ $OSVER == "focal" ]; then
service docker stop
apt -y purge docker-ce docker-ce-cli docker-ce-rootless-extras
retry 50 10 "apt-get -y install --allow-downgrades docker-ce=5:20.10.8~3-0~ubuntu-focal docker-ce-cli=5:20.10.8~3-0~ubuntu-focal docker-ce-rootless-extras=5:20.10.8~3-0~ubuntu-focal python3-docker" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y install --allow-downgrades docker-ce=5:20.10.8~3-0~ubuntu-focal docker-ce-cli=5:20.10.8~3-0~ubuntu-focal docker-ce-rootless-extras=5:20.10.8~3-0~ubuntu-focal python3-docker" >> "$setup_log" 2>&1 || exit 1
apt-mark hold docker-ce docker-ce-cli docker-ce-rootless-extras
fi
fi
@@ -2296,7 +2296,7 @@ saltify() {
logCmd "systemctl enable salt-minion"
logCmd "yum versionlock salt*"
else
DEBIAN_FRONTEND=noninteractive retry 50 10 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || exit 1
DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || exit 1
if [ $OSVER == "bionic" ]; then
# Switch to Python 3 as default for bionic
@@ -2316,7 +2316,7 @@ saltify() {
'netcat'
'jq'
)
retry 50 10 "apt-get -y install ${pkg_arr[*]}" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y install ${pkg_arr[*]}" >> "$setup_log" 2>&1 || exit 1
# Grab the version from the os-release file
local ubuntu_version
@@ -2324,7 +2324,7 @@ saltify() {
case "$install_type" in
'FLEET')
retry 50 10 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || exit 1
;;
'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT' | 'HELIXSENSOR')
@@ -2347,12 +2347,12 @@ saltify() {
# Add repo
echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log"
retry 50 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
set_progress_str 6 'Installing various dependencies'
retry 50 10 "apt-get -y install sqlite3 libssl-dev" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y install sqlite3 libssl-dev" >> "$setup_log" 2>&1 || exit 1
set_progress_str 7 'Installing salt-master'
retry 50 10 "apt-get -y install salt-master=3004.2+ds-1" >> "$setup_log" 2>&1 || exit 1
retry 50 10 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y install salt-master=3004.2+ds-1" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || exit 1
;;
*)
# Copy down the gpg keys and install them from the manager
@@ -2367,11 +2367,11 @@ saltify() {
;;
esac
retry 50 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
set_progress_str 8 'Installing salt-minion & python modules'
retry 50 10 "apt-get -y install salt-minion=3004.2+ds-1 salt-common=3004.2+ds-1" >> "$setup_log" 2>&1 || exit 1
retry 50 10 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || exit 1
retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y install salt-minion=3004.2+ds-1 salt-common=3004.2+ds-1" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" >> "$setup_log" 2>&1 || exit 1
fi
}
@@ -2870,8 +2870,8 @@ update_packages() {
logCmd "yum repolist"
logCmd "yum -y update --exclude=salt*,wazuh*,docker*,containerd*"
else
retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1
retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1
retry 150 20 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1
fi
}

4
setup/so-preflight
View File

@@ -65,7 +65,7 @@ check_default_repos() {
printf '%s' 'apt update.' | tee -a "$preflight_log"
fi
echo "" >> "$preflight_log"
retry 50 10 "apt-get -y update" >> $preflight_log 2>&1
retry 150 20 "apt-get -y update" >> $preflight_log 2>&1
ret_code=$?
[[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE'
@@ -174,7 +174,7 @@ preflight_prereqs() {
if [[ $OS == 'centos' ]]; then
: # no-op to match structure of other checks for $OS var
else
retry 50 10 "apt-get -y install curl" >> "$preflight_log" 2>&1 || ret_code=1
retry 150 20 "apt-get -y install curl" >> "$preflight_log" 2>&1 || ret_code=1
fi
return $ret_code