diff --git a/HOTFIX b/HOTFIX index e63769900..d3f5a12fa 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ -20230301 + diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 633b1513c..b13c645e4 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.220-20230301 ISO image built on 2023/03/01 +### 2.3.230-20230417 ISO image built on 2023/04/17 ### Download and Verify -2.3.220-20230301 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230301.iso +2.3.230-20230417 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.230-20230417.iso -MD5: 76870CF09FF27893574FC104F9AC6642 -SHA1: CBF5B407C5982CA40C7660FE5CD9E3C6C551D280 -SHA256: 0719D441DF8B77266CE16F5FA182BF0680567BE7AD0AE36979D4FE8E0953F094 +MD5: EBE7E5407AF9AF6F1ADCB9A8E011729B +SHA1: EC101F5C633D368205F5B756F063308A0BE0466E +SHA256: CBB9BE490AB44BCC2C8CAB8AAE65288BE130B43927DFA4DFBDD9D95B3564D65F Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230301.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.230-20230417.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230301.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.230-20230417.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230301.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.230-20230417.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.220-20230301.iso.sig securityonion-2.3.220-20230301.iso +gpg --verify securityonion-2.3.230-20230417.iso.sig securityonion-2.3.230-20230417.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Wed 01 Mar 2023 03:50:25 PM EST using RSA key ID FE507013 +gpg: Signature made Fri 14 Apr 2023 11:12:57 AM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/VERSION b/VERSION index 108d96ff2..02eba2fcf 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.220 +2.3.230 diff --git a/pillar/zeek/init.sls b/pillar/zeek/init.sls index b4bce17fd..01023fb60 100644 --- a/pillar/zeek/init.sls +++ b/pillar/zeek/init.sls @@ -15,6 +15,7 @@ zeek: SpoolDir: /nsm/zeek/spool CfgDir: /opt/zeek/etc CompressLogs: 1 + ZeekPort: 27760 local: '@load': - misc/loaded-scripts diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index d7074619f..254ea6580 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -554,6 +554,8 @@ preupgrade_changes() { [[ "$INSTALLEDVERSION" == 2.3.190 ]] && up_to_2.3.200 [[ "$INSTALLEDVERSION" == 2.3.200 ]] && up_to_2.3.210 [[ "$INSTALLEDVERSION" == 2.3.210 ]] && up_to_2.3.220 + [[ "$INSTALLEDVERSION" == 2.3.220 ]] && up_to_2.3.230 + true } @@ -580,6 +582,7 @@ postupgrade_changes() { [[ "$POSTVERSION" == 2.3.190 ]] && post_to_2.3.200 [[ "$POSTVERSION" == 2.3.200 ]] && post_to_2.3.210 [[ "$POSTVERSION" == 2.3.210 ]] && post_to_2.3.220 + [[ "$POSTVERSION" == 2.3.220 ]] && post_to_2.3.230 true } @@ -713,6 +716,11 @@ post_to_2.3.220() { POSTVERSION=2.3.220 } +post_to_2.3.230() { + echo "Nothing to do for .230" + POSTVERSION=2.3.230 +} + stop_salt_master() { # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts set +e @@ -1053,6 +1061,11 @@ up_to_2.3.220() { INSTALLEDVERSION=2.3.220 } +up_to_2.3.230() { + echo "Upgrading to 2.3.230" + INSTALLEDVERSION=2.3.230 +} + verify_upgradespace() { CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') if [ "$CURRENTSPACE" -lt "10" ]; then diff --git a/salt/elasticsearch/files/ingest/suricata.dns b/salt/elasticsearch/files/ingest/suricata.dns index 2f5958e2e..3ef68f28b 100644 --- a/salt/elasticsearch/files/ingest/suricata.dns +++ b/salt/elasticsearch/files/ingest/suricata.dns @@ -1,21 +1,21 @@ { "description" : "suricata.dns", "processors" : [ - { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, - { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.type", "target_field": "dns.query.type", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.tx_id", "target_field": "dns.id", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.version", "target_field": "dns.version", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.rrname", "target_field": "dns.query.name", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.rrtype", "target_field": "dns.query.type_name", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.flags", "target_field": "dns.flags", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.qr", "target_field": "dns.qr", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.rd", "target_field": "dns.recursion.desired", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.ra", "target_field": "dns.recursion.available", "ignore_missing": true } }, - { "rename": { "field": "message2.dns.rcode", "target_field": "dns.response.code_name", "ignore_missing": true } }, - { "rename": { "field": "message2.grouped.A", "target_field": "dns.answers.data", "ignore_missing": true } }, - { "rename": { "field": "message2.grouped.CNAME", "target_field": "dns.answers.name", "ignore_missing": true } }, - { "pipeline": { "if": "ctx.dns.query?.name != null && ctx.dns.query.name.contains('.')", "name": "dns.tld" } }, - { "pipeline": { "name": "common" } } + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.type", "target_field": "dns.query.type", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.tx_id", "target_field": "dns.id", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.version", "target_field": "dns.version", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.rrname", "target_field": "dns.query.name", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.rrtype", "target_field": "dns.query.type_name", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.flags", "target_field": "dns.flags", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.qr", "target_field": "dns.qr", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.rd", "target_field": "dns.recursion.desired", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.ra", "target_field": "dns.recursion.available", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.rcode", "target_field": "dns.response.code_name", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.grouped.A", "target_field": "dns.answers.data", "ignore_missing": true } }, + { "rename": { "field": "message2.dns.grouped.CNAME", "target_field": "dns.answers.name", "ignore_missing": true } }, + { "pipeline": { "if": "ctx.dns.query?.name != null && ctx.dns.query.name.contains('.')", "name": "dns.tld" } }, + { "pipeline": { "name": "common" } } ] } diff --git a/sigs/securityonion-2.3.230-20230417.iso.sig b/sigs/securityonion-2.3.230-20230417.iso.sig new file mode 100644 index 000000000..b321509f6 Binary files /dev/null and b/sigs/securityonion-2.3.230-20230417.iso.sig differ