From a18c89d804ef2b8640da0ba6d5cf430a6d428759 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 21 Dec 2020 11:42:03 -0500 Subject: [PATCH 01/17] fix typo in so-analyst-install warning --- salt/common/tools/sbin/so-analyst-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-analyst-install b/salt/common/tools/sbin/so-analyst-install index e97aca0df..a76fd4784 100755 --- a/salt/common/tools/sbin/so-analyst-install +++ b/salt/common/tools/sbin/so-analyst-install @@ -84,7 +84,7 @@ while [[ $INSTALL != "yes" ]] && [[ $INSTALL != "no" ]]; do echo "## ##" echo "## Installing the Security Onion ##" echo "## analyst node on this device will ##" - echo "## make permanenet changes to ##" + echo "## make permanent changes to ##" echo "## the system. ##" echo "## ##" echo "###########################################" From f2d8c7f10d0aec869bc73f55142adc614ac7421e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 21 Dec 2020 16:53:30 -0500 Subject: [PATCH 02/17] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 69484413e..3b31fa0ce 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.20 \ No newline at end of file +2.3.21 From aecde2dd54e9d3f830eca4292d2eeeff9b0417cf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 21 Dec 2020 16:54:10 -0500 Subject: [PATCH 03/17] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 87cbefbf6..5f133b5aa 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.20 +## Security Onion 2.3.21 -Security Onion 2.3.20 is here! +Security Onion 2.3.21 is here! ## Screenshots From b49355d3464b2f1fe2e39b629c34676abd2e895d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 21 Dec 2020 16:54:55 -0500 Subject: [PATCH 04/17] Update changes.json --- salt/soc/files/soc/changes.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index 2736e73b8..e986a6953 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -1,5 +1,5 @@ { - "title": "Security Onion 2.3.20 is here!", + "title": "Security Onion 2.3.21 is here!", "changes": [ { "summary": "soup has been refactored. You will need to run it a few times to get all the changes properly. We are working on making this even easier for future releases."}, { "summary": "soup now has awareness of Elastic Features and now downloads the appropriate Docker containers."}, From 7116c2103b6c209992c81551aa3a9790545d1b31 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 21 Dec 2020 17:06:14 -0500 Subject: [PATCH 05/17] Update Docker Clean --- salt/docker_clean/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/docker_clean/init.sls b/salt/docker_clean/init.sls index 9c5ce0d17..c29151664 100644 --- a/salt/docker_clean/init.sls +++ b/salt/docker_clean/init.sls @@ -1,6 +1,6 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} -{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1','2.3.2']%} +{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1','2.3.2','2.3.20']%} {% for VERSION in OLDVERSIONS %} remove_images_{{ VERSION }}: From 88bfe7c49c630af991cf2fd9ca307e8e8ef76edb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 21 Dec 2020 19:52:31 -0500 Subject: [PATCH 06/17] Update VERIFY_ISO.md --- VERIFY_ISO.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index e28513cef..f023a7300 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,16 +1,16 @@ -### 2.3.20 ISO image built on 2020/12/20 +### 2.3.21 ISO image built on 2020/12/21 ### Download and Verify -2.3.20 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso +2.3.21 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.21.iso -MD5: E348FA65A46FD3FBA0D574D9C1A0582D -SHA1: 4A6E6D4E0B31ECA1B72E642E3DB2C186B59009D6 -SHA256: 25DE77097903640771533FA13094D0720A032B70223875F8C77A92F5C44CA687 +MD5: 7B8BC5B241B7220C011215BCE852FF78 +SHA1: 541C9689D8F8E8D3F25E169ED34A3F683851975B +SHA256: 7647FD67BA6AC85CCB1308789FFF7DAB19A841621FDA9AE41B89A0A79618F068 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.21.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -24,22 +24,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.21.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.21.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.20.iso.sig securityonion-2.3.20.iso +gpg --verify securityonion-2.3.21.iso.sig securityonion-2.3.21.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Sun 20 Dec 2020 11:11:28 AM EST using RSA key ID FE507013 +gpg: Signature made Mon 21 Dec 2020 06:27:53 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. From 3a3182a51fcbf16e5f57cec3906e16ac7fefe3c1 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 22 Dec 2020 08:32:58 -0500 Subject: [PATCH 07/17] 2.3.21 ISO sig --- sigs/securityonion-2.3.21.iso.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/securityonion-2.3.21.iso.sig diff --git a/sigs/securityonion-2.3.21.iso.sig b/sigs/securityonion-2.3.21.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..6c49a939152480627ca47d805d574e3d5f1f2d98 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5;FL?k82@re`V7LBIa1)vF5B(dalxN4t5kM7KsTA`5 zP%19=-L{U3i<^)x>XgXS$`EbG|uqt`lL>2)%qr(=PT@_Z?cOgG{oaJ)f9$26h@fNc}y_F#IFDa!u zd60jQ3hur@rJH`pAwW4-_o`Z20VH{d95za62n^%*Di&f{95c)zgS`lx5_sNm1B_SM zO6?VTh&WpF%DEUZK8dc8Ujb;!?H-JCat1x!-U4yGm`_D83QkK_Cy%&9ih4Q*@2R`f z^C+yiCy?sUN=J6xKT4{XZ_cwO8z4tFo|}ho!C|H~A)oO`jRR7=u-`(jbRyC30F>0= zW*y0`reaqIII|U1o>5#nE|!_#%sr2Bgo*!y6SGK=-DLf?kp)@~uLK092Qe!<*88$g za!pHZWs<~OMrYr)?}^w|l(=eONCb!D5wyYA%J)To4dS?B!97bUT$#zx_VcuwA8tUJ z7Fp05)YJIn4sEHwxM7a*Lv}_kI-eBRtDUIO^eQDRzHq|#g*uG@IgZ-5&93K9o3M_q z_iX(RNO_ZF2?YB<%g}IGreI;5#Oy9{z5h+mnY0s10zb@1?)&%$j`M>N;5hLS?%p^q hPAv^$_DZuH&LCJ&T3BSaGxgdG~=BlujVDpk6)|Ih#c literal 0 HcmV?d00001 From def3637bf665b7b6dffb796564bf71953d5ee119 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 1 Mar 2021 09:46:28 -0500 Subject: [PATCH 08/17] Revert "[refactor] Make default route message a warning" This reverts commit be1f641bf0e5dd93178521874568f6904ba86405. --- setup/so-functions | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index fc476aa8d..21602f320 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -744,23 +744,19 @@ compare_main_nic_ip() { if ! [[ $MNIC =~ ^(tun|wg|vpn).*$ ]]; then if [[ "$MAINIP" != "$MNIC_IP" ]]; then read -r -d '' message <<- EOM - The IP being routed by Linux is not the IP address assigned to the management interface ($MNIC). + The IP being routed by Linux is not the IP address assigned to the management interface ($MNIC). - This has been known to cause installs to fail in some scenarios. - - Please select whether to continue the install or exit setup to remediate any potential issues. - EOM - whiptail --title "Security Onion Setup" \ - --yesno "$message" 10 75 \ - --yes-button "Continue" --no-button "Exit" --defaultno - - kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1 - fi + This is not a supported configuration, please remediate and rerun setup. + EOM + whiptail --title "Security Onion Setup" --msgbox "$message" 10 75 + kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1 + fi else # Setup uses MAINIP, but since we ignore the equality condition when using a VPN # just set the variable to the IP of the VPN interface MAINIP=$MNIC_IP fi + } compare_versions() { From 1ae46b82ecbb562ba49d76f388819b545851be24 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 1 Mar 2021 09:58:39 -0500 Subject: [PATCH 09/17] Update changes for 2.3.30 --- salt/soc/files/soc/changes.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index 0d2bc29b6..3e302c0e6 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -5,6 +5,7 @@ { "summary": "CyberChef is now at version 9.27.2." }, { "summary": "Elastic components are now at version 7.10.2. This is the last version that uses the Apache license." }, { "summary": "Suricata is now at version 6.0.1." }, + { "summary": "Salt is now at version 3002.5." }, { "summary": "Suricata metadata parsing is now vastly improved." }, { "summary": "If you choose Suricata for metadata parsing, it will now extract files from the network and send them to Strelka. You can add additional mime types here." }, { "summary": "It is now possible to filter Suricata events from being written to the logs. This is a new Suricata 6 feature. We have included some examples here." }, @@ -12,6 +13,7 @@ { "summary": "Network configuration is now more compatible with manually configured OpenVPN or Wireguard VPN interfaces." }, { "summary": "so-sensor-clean will no longer spawn multiple instances." }, { "summary": "Suricata eve.json logs will now be cleaned up after 7 days. This can be changed via the pillar setting." }, + { "summary": "Fixed a security issue where the backup directory had improper file permissions." }, { "summary": "The automated backup script on the manager now backs up all keys along with the salt configurations. Backup retention is now set to 7 days." }, { "summary": "Strelka logs are now being rotated properly." }, { "summary": "Elastalert can now be customized via a pillar." }, @@ -43,6 +45,8 @@ { "summary": "Changes to the .security analyzer yields more accurate query results when using Playbook." }, { "summary": "Several Hunt queries have been updated." }, { "summary": "The pfSense firewall log parser has been updated to improve compatibility." }, - { "summary": "Kibana dashboard hyperlinks have been updated for faster navigation." } + { "summary": "Kibana dashboard hyperlinks have been updated for faster navigation." }, + { "summary": "Added a new so-rule script to make it easier to disable, enable, and modify SIDs." }, + { "summary": "ISO now gives the option to just configure the network during setup." } ] } From bfa7c85e277ee8bdc24332dbae942f6ebce92a23 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 1 Mar 2021 10:40:41 -0500 Subject: [PATCH 10/17] Release 2.3.30 --- VERIFY_ISO.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index e28513cef..0b2a3aab6 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,16 +1,16 @@ -### 2.3.20 ISO image built on 2020/12/20 +### 2.3.30 ISO image built on 2021/03/01 ### Download and Verify -2.3.20 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso +2.3.30 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.30.iso -MD5: E348FA65A46FD3FBA0D574D9C1A0582D -SHA1: 4A6E6D4E0B31ECA1B72E642E3DB2C186B59009D6 -SHA256: 25DE77097903640771533FA13094D0720A032B70223875F8C77A92F5C44CA687 +MD5: 7716A56E0F46FA29422B07B30235417B +SHA1: D01C26E4391C80FF690384C1DB77550EA4C1E239 +SHA256: 3BB0CE7F3F84A0D26B00EAF30F7AEB42A3B5C7E9D8E3BA7E160577B1FA3830F6 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.30.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -24,22 +24,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.30.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.30.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.20.iso.sig securityonion-2.3.20.iso +gpg --verify securityonion-2.3.30.iso.sig securityonion-2.3.30.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Sun 20 Dec 2020 11:11:28 AM EST using RSA key ID FE507013 +gpg: Signature made Mon 01 Mar 2021 10:23:05 AM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. From 1a1e3caec8fa1e1282770e4d981b8b0f0e0214ca Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 1 Mar 2021 10:48:22 -0500 Subject: [PATCH 11/17] Release 2.3.30 sig --- sigs/securityonion-2.3.30.iso.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/securityonion-2.3.30.iso.sig diff --git a/sigs/securityonion-2.3.30.iso.sig b/sigs/securityonion-2.3.30.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..b8c8e0734d1966a34ea0a9613a1002d135f7130d GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;6_2H5}#2@re`V7LBIa1%~`5C2%hKP>eFBLTo&$6Mm! zfz!M*GmT+zUC==+<`~Bla!PHQu)l!j5}2n!V#XMN#r#)oUMCC_-js|u#MY{PouY{# z^#=;;J2CBL8;*@ z;lFylYpt^0x!XG%&U$0}jJGL=skK{cji*ny=tfdK&MVM<1N`%p3+^LNCH?;pe9DFD zi~)#3(9&sco4RIB-=|CEVZM5R-9D~%6>1#^CyA`@RvaLOe!s(wFG)ofZ@dK){bc4) zD8&F>Rl#NRjgCk`D!UsNet{q7-8;Z!RnliH?&B-59U)qDcTZgtvw3_*4QX7np=b-@ z#uE-ff6kpRK0`jwY(fR)k5)#Ur_7;%R3l@VI$X@7c9k9(?yiLU_^t(GOB}VCzJMDx z{B)KO6H!VJzPG}|3gtYg)2h{+@{sF|FN;|%@`c60)P467_|{ILC$ZP_r}@}_Ez hGGl6b literal 0 HcmV?d00001 From 85e059a76658e5b78452121db4469b49e65e2266 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 1 Mar 2021 12:16:46 -0500 Subject: [PATCH 12/17] Update VERSION file to 2.3.40 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index ad0b729ff..0f1c3e555 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.30 +2.3.40 From 3983e08fe538c9ebccfa51d54bb0db55556b23e0 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 1 Mar 2021 13:31:05 -0500 Subject: [PATCH 13/17] exclude zeekcaptureloss when suricata metadata selected https://github.com/Security-Onion-Solutions/securityonion/issues/3206 --- salt/telegraf/etc/telegraf.conf | 10 ++++++++++ salt/telegraf/init.sls | 3 +++ 2 files changed, 13 insertions(+) diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index 31be621a0..0c447172f 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -684,8 +684,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", + {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", + {% endif %} "/scripts/oldpcap.sh", "/scripts/raid.sh" ] @@ -697,8 +699,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", + {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", + {% endif %} "/scripts/oldpcap.sh", "/scripts/eps.sh", "/scripts/raid.sh" @@ -713,8 +717,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", + {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", + {% endif %} "/scripts/oldpcap.sh", "/scripts/eps.sh", "/scripts/raid.sh" @@ -728,8 +734,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", + {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", + {% endif %} "/scripts/oldpcap.sh", "/scripts/influxdbsize.sh", "/scripts/raid.sh" @@ -742,8 +750,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", + {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", + {% endif %} "/scripts/oldpcap.sh", "/scripts/helixeps.sh" ] diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index 81513eee2..2814eb159 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -29,6 +29,9 @@ tgrafsyncscripts: - file_mode: 700 - template: jinja - source: salt://telegraf/scripts +{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'SURICATA' %} + - exclude_pat: zeekcaptureloss.sh +{% endif %} tgrafconf: file.managed: From a197d5addfacd1bf0a6f733d7e6a25858483f831 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 1 Mar 2021 13:58:04 -0500 Subject: [PATCH 14/17] revert version to 2.3.30 https://github.com/Security-Onion-Solutions/securityonion/issues/3206 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 0f1c3e555..ad0b729ff 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.40 +2.3.30 From 64b37cedc75b4f2a585c0e25779bd751a0d4f650 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 1 Mar 2021 14:45:51 -0500 Subject: [PATCH 15/17] Update Signatures --- VERIFY_ISO.md | 8 ++++---- sigs/securityonion-2.3.30.iso.sig | Bin 543 -> 543 bytes 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 0b2a3aab6..bc8793798 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -5,9 +5,9 @@ 2.3.30 ISO image: https://download.securityonion.net/file/securityonion/securityonion-2.3.30.iso -MD5: 7716A56E0F46FA29422B07B30235417B -SHA1: D01C26E4391C80FF690384C1DB77550EA4C1E239 -SHA256: 3BB0CE7F3F84A0D26B00EAF30F7AEB42A3B5C7E9D8E3BA7E160577B1FA3830F6 +MD5: 65202BA0F7661A5E27087F097B8E571E +SHA1: 14E842E39EDBB55A104263281CF25BF88A2E9D67 +SHA256: 210B37B9E3DFC827AFE2940E2C87B175ADA968EDD04298A5926F63D9269847B7 Signature for ISO image: https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.30.iso.sig @@ -39,7 +39,7 @@ gpg --verify securityonion-2.3.30.iso.sig securityonion-2.3.30.iso The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Mon 01 Mar 2021 10:23:05 AM EST using RSA key ID FE507013 +gpg: Signature made Mon 01 Mar 2021 02:15:28 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.30.iso.sig b/sigs/securityonion-2.3.30.iso.sig index b8c8e0734d1966a34ea0a9613a1002d135f7130d..b89b2364a5380530639a3a52ca29c360d7ccf9cf 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;6_Jx~A&2@re`V7LBIa1#`|5C3}SY0h7lG>C5B+6vX3-0w6Ep585QWujv^j0PV9{N=A1@t+NBaKQ={>Hba6>LK_iS<|#2NQ|K>( z&~3dKcX&Jt1>=N=JZ4Y4D-w~g{SZ#2v&Mr;qR;nakoqKi0(9H1*#ulM(kUAcaRDcDK>NxFI4`gT(&Q@@?~&BbDOiPU0YCxI zHJQkfKlOvTuGFLf4z?AbK8;x==&UD*Pjq3YpFYVCiKA_u|_Tl z+3PzEzfm8^Mfm@;d6O;RV84#p)1!3s4Y6ws@I?|vMz=Mu;<^EUu*36QnBmeGHB9)f zq^6N&7wN{Z-*wS=2S~@(L+p)u=Dj>e?xN5%rJ~C+P6A}y>JEUO3 hhBhLBoAoYWc8)1D<6hv__^>KbSk{m&8KPAJTGKgu0zd!& literal 543 zcmV+)0^t3L0vrSY0RjL91p;6_2H5}#2@re`V7LBIa1%~`5C2%hKP>eFBLTo&$6Mm! zfz!M*GmT+zUC==+<`~Bla!PHQu)l!j5}2n!V#XMN#r#)oUMCC_-js|u#MY{PouY{# z^#=;;J2CBL8;*@ z;lFylYpt^0x!XG%&U$0}jJGL=skK{cji*ny=tfdK&MVM<1N`%p3+^LNCH?;pe9DFD zi~)#3(9&sco4RIB-=|CEVZM5R-9D~%6>1#^CyA`@RvaLOe!s(wFG)ofZ@dK){bc4) zD8&F>Rl#NRjgCk`D!UsNet{q7-8;Z!RnliH?&B-59U)qDcTZgtvw3_*4QX7np=b-@ z#uE-ff6kpRK0`jwY(fR)k5)#Ur_7;%R3l@VI$X@7c9k9(?yiLU_^t(GOB}VCzJMDx z{B)KO6H!VJzPG}|3gtYg)2h{+@{sF|FN;|%@`c60)P467_|{ILC$ZP_r}@}_Ez hGGl6b From 2c75cb74db52a194594a370d28bca9fa15e187d6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 1 Mar 2021 15:17:38 -0500 Subject: [PATCH 16/17] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index ad0b729ff..0f1c3e555 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.30 +2.3.40 From b37d5ae15feed36d0756f91ac1db6ca1b787331c Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 1 Mar 2021 15:54:29 -0500 Subject: [PATCH 17/17] Enable advanced setup for some search/sensor installs --- setup/automation/distributed-iso-search | 2 +- setup/automation/distributed-iso-sensor | 2 +- setup/automation/distributed-net-ubuntu-suricata-search | 2 +- setup/automation/distributed-net-ubuntu-suricata-sensor | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/setup/automation/distributed-iso-search b/setup/automation/distributed-iso-search index d95d7ff44..cb5721055 100644 --- a/setup/automation/distributed-iso-search +++ b/setup/automation/distributed-iso-search @@ -55,7 +55,7 @@ MSRVIP=10.66.166.42 # NODE_ES_HEAP_SIZE= # NODE_LS_HEAP_SIZE= NODESETUP=NODEBASIC -NSMSETUP=BASIC +NSMSETUP=ADVANCED NODEUPDATES=MANAGER # OINKCODE= # OSQUERY=1 diff --git a/setup/automation/distributed-iso-sensor b/setup/automation/distributed-iso-sensor index f932c80b4..5df368336 100644 --- a/setup/automation/distributed-iso-sensor +++ b/setup/automation/distributed-iso-sensor @@ -55,7 +55,7 @@ MSRVIP=10.66.166.42 # NODE_ES_HEAP_SIZE= # NODE_LS_HEAP_SIZE= # NODESETUP=NODEBASIC -NSMSETUP=BASIC +NSMSETUP=ADVANCED NODEUPDATES=MANAGER # OINKCODE= # OSQUERY=1 diff --git a/setup/automation/distributed-net-ubuntu-suricata-search b/setup/automation/distributed-net-ubuntu-suricata-search index 3914a6d1c..010ddcef3 100644 --- a/setup/automation/distributed-net-ubuntu-suricata-search +++ b/setup/automation/distributed-net-ubuntu-suricata-search @@ -55,7 +55,7 @@ MSRVIP=10.66.166.66 # NODE_ES_HEAP_SIZE= # NODE_LS_HEAP_SIZE= NODESETUP=NODEBASIC -NSMSETUP=BASIC +NSMSETUP=ADVANCED NODEUPDATES=MANAGER # OINKCODE= # OSQUERY=1 diff --git a/setup/automation/distributed-net-ubuntu-suricata-sensor b/setup/automation/distributed-net-ubuntu-suricata-sensor index 2d5e15f15..6aa32c03d 100644 --- a/setup/automation/distributed-net-ubuntu-suricata-sensor +++ b/setup/automation/distributed-net-ubuntu-suricata-sensor @@ -27,7 +27,7 @@ BASICZEEK=2 BASICSURI=2 # BLOGS= BNICS=ens19 -ZEEKVERSION=ZEEK +ZEEKVERSION=SURICATA # CURCLOSEDAYS= # EVALADVANCED=BASIC # GRAFANA=1 @@ -55,7 +55,7 @@ MSRVIP=10.66.166.66 # NODE_ES_HEAP_SIZE= # NODE_LS_HEAP_SIZE= # NODESETUP=NODEBASIC -NSMSETUP=BASIC +NSMSETUP=ADVANCED NODEUPDATES=MANAGER # OINKCODE= # OSQUERY=1