CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-05 02:48:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11374 from Security-Onion-Solutions/dev

Browse Source 
2.3.270
This commit is contained in:
Mike Reeves
2023-10-06 16:40:28 -04:00
committed by GitHub
parent 3e5f354d8b b005a10a8e
commit 3839e52401
9 changed files with 63 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
VERIFY_ISO.md
+11 -11
View File
@@ -1,18 +1,18 @@
### 2.3.260-20230620 ISO image built on 2023/06/20 ### 2.3.270-20231006 ISO image built on 2023/10/06
### Download and Verify ### Download and Verify
2.3.260-20230620 ISO image: 2.3.270-20231006 ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.260-20230620.iso https://download.securityonion.net/file/securityonion/securityonion-2.3.270-20231006.iso
MD5: E09BB9800BAE84E84511516952264F33 MD5: 3FC7A37EA402A5F0C6609D7431387575
SHA1: DBDDFCE58B87F61F40BCE03840A749D8054B7AF1 SHA1: 979851603E431EE9670A1576E5DCCD838CEDA294
SHA256: 06ED74278587B09167FBAC1E5796B666FC24AD15D06EA3CC36419D07967E06DD SHA256: 34F72EDEA9A62E1545347A31DEDEDD099D824466EC52B8674ACC7DB6D7E8B943
Signature for ISO image: Signature for ISO image:
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.260-20230620.iso.sig https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.270-20231006.iso.sig
Signing key: Signing key:
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
Download the signature file for the ISO: Download the signature file for the ISO:
``` ```
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.260-20230620.iso.sig wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.270-20231006.iso.sig
``` ```
Download the ISO image: Download the ISO image:
``` ```
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.260-20230620.iso wget https://download.securityonion.net/file/securityonion/securityonion-2.3.270-20231006.iso
``` ```
Verify the downloaded ISO image using the signature file: Verify the downloaded ISO image using the signature file:
``` ```
gpg --verify securityonion-2.3.260-20230620.iso.sig securityonion-2.3.260-20230620.iso gpg --verify securityonion-2.3.270-20231006.iso.sig securityonion-2.3.270-20231006.iso
``` ```
The output should show "Good signature" and the Primary key fingerprint should match what's shown below: The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
``` ```
gpg: Signature made Fri 16 Jun 2023 02:58:22 PM EDT using RSA key ID FE507013 gpg: Signature made Thu 21 Sep 2023 10:43:13 AM EDT using RSA key ID FE507013
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>" gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.
VERSION
+1 -1
View File
@@ -1 +1 @@
2.3.260 2.3.270
salt/common/tools/sbin/soup
+14
View File
@@ -579,6 +579,7 @@ preupgrade_changes() {
[[ "$INSTALLEDVERSION" == 2.3.230 ]] && up_to_2.3.240 [[ "$INSTALLEDVERSION" == 2.3.230 ]] && up_to_2.3.240
[[ "$INSTALLEDVERSION" == 2.3.240 ]] && up_to_2.3.250 [[ "$INSTALLEDVERSION" == 2.3.240 ]] && up_to_2.3.250
[[ "$INSTALLEDVERSION" == 2.3.250 ]] && up_to_2.3.260 [[ "$INSTALLEDVERSION" == 2.3.250 ]] && up_to_2.3.260
[[ "$INSTALLEDVERSION" == 2.3.260 ]] && up_to_2.3.270
true true
} }
@@ -610,6 +611,7 @@ postupgrade_changes() {
[[ "$POSTVERSION" == 2.3.230 ]] && post_to_2.3.240 [[ "$POSTVERSION" == 2.3.230 ]] && post_to_2.3.240
[[ "$POSTVERSION" == 2.3.240 ]] && post_to_2.3.250 [[ "$POSTVERSION" == 2.3.240 ]] && post_to_2.3.250
[[ "$POSTVERSION" == 2.3.250 ]] && post_to_2.3.260 [[ "$POSTVERSION" == 2.3.250 ]] && post_to_2.3.260
[[ "$POSTVERSION" == 2.3.260 ]] && post_to_2.3.270
true true
} }
@@ -763,6 +765,13 @@ post_to_2.3.260() {
POSTVERSION=2.3.260 POSTVERSION=2.3.260
} }
post_to_2.3.270() {
echo "Pruning unused docker volumes on all nodes - This process will run in the background."
salt --async \* cmd.run "docker volume prune -f"
POSTVERSION=2.3.270
}
stop_salt_master() { stop_salt_master() {
# kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
set +e set +e
@@ -1123,6 +1132,11 @@ up_to_2.3.260() {
INSTALLEDVERSION=2.3.260 INSTALLEDVERSION=2.3.260
} }
up_to_2.3.270() {
echo "Upgrading to 2.3.270"
INSTALLEDVERSION=2.3.270
}
verify_upgradespace() { verify_upgradespace() {
CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
if [ "$CURRENTSPACE" -lt "10" ]; then if [ "$CURRENTSPACE" -lt "10" ]; then
salt/kibana/bin/so-kibana-config-load
+1 -1
View File
@@ -59,7 +59,7 @@ update() {
IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))' IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))'
for i in "${LINES[@]}"; do for i in "${LINES[@]}"; do
RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.7.1" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.8.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
done done
salt/kibana/files/config_saved_objects.ndjson
+1 -1
View File
@@ -1 +1 @@
{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.7.1","id": "8.7.1","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} {"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.8.2","id": "8.8.2","references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}
salt/playbook/init.sls
+9
View File
@@ -84,6 +84,14 @@ playbook_password_none:
{% else %} {% else %}
playbookfilesdir:
file.directory:
- name: /opt/so/conf/playbook/redmine-files
- dir_mode: 775
- user: 939
- group: 939
- makedirs: True
so-playbook: so-playbook:
docker_container.running: docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-playbook:{{ VERSION }} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-playbook:{{ VERSION }}
@@ -91,6 +99,7 @@ so-playbook:
- name: so-playbook - name: so-playbook
- binds: - binds:
- /opt/so/log/playbook:/playbook/log:rw - /opt/so/log/playbook:/playbook/log:rw
- /opt/so/conf/playbook/redmine-files:/usr/src/redmine/files:rw
- environment: - environment:
- REDMINE_DB_MYSQL={{ MANAGERIP }} - REDMINE_DB_MYSQL={{ MANAGERIP }}
- REDMINE_DB_DATABASE=playbook - REDMINE_DB_DATABASE=playbook
salt/redis/init.sls
+8
View File
@@ -52,6 +52,13 @@ redisconf:
- group: 939 - group: 939
- template: jinja - template: jinja
redisdatadir:
file.directory:
- name: /nsm/redis/data
- user: 939
- group: 939
- makedirs: True
so-redis: so-redis:
docker_container.running: docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
@@ -64,6 +71,7 @@ so-redis:
- /opt/so/log/redis:/var/log/redis:rw - /opt/so/log/redis:/var/log/redis:rw
- /opt/so/conf/redis/etc/redis.conf:/usr/local/etc/redis/redis.conf:ro - /opt/so/conf/redis/etc/redis.conf:/usr/local/etc/redis/redis.conf:ro
- /opt/so/conf/redis/working:/redis:rw - /opt/so/conf/redis/working:/redis:rw
- /nsm/redis/data:/data:rw
- /etc/pki/redis.crt:/certs/redis.crt:ro - /etc/pki/redis.crt:/certs/redis.crt:ro
- /etc/pki/redis.key:/certs/redis.key:ro - /etc/pki/redis.key:/certs/redis.key:ro
{% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %} {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
salt/strelka/init.sls
+18
View File
@@ -194,9 +194,25 @@ filcheck_history_clean:
- minute: '33' - minute: '33'
# End Filecheck Section # End Filecheck Section
strelkagkredisdatadir:
file.directory:
- name: /nsm/strelka/gk-redis-data
- user: 939
- group: 939
- makedirs: True
strelkacoordredisdatadir:
file.directory:
- name: /nsm/strelka/coord-redis-data
- user: 939
- group: 939
- makedirs: True
strelka_coordinator: strelka_coordinator:
docker_container.running: docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
- binds:
- /nsm/strelka/coord-redis-data:/data:rw
- name: so-strelka-coordinator - name: so-strelka-coordinator
- entrypoint: redis-server --save "" --appendonly no - entrypoint: redis-server --save "" --appendonly no
- port_bindings: - port_bindings:
@@ -210,6 +226,8 @@ append_so-strelka-coordinator_so-status.conf:
strelka_gatekeeper: strelka_gatekeeper:
docker_container.running: docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
- binds:
- /nsm/strelka/gk-redis-data:/data:rw
- name: so-strelka-gatekeeper - name: so-strelka-gatekeeper
- entrypoint: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru - entrypoint: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru
- port_bindings: - port_bindings:
sigs/securityonion-2.3.270-20231006.iso.sig
BIN
View File
Binary file not shown.