Merge pull request #10141 from Security-Onion-Solutions/dev

2.3.230 Release
2025-12-06 09:12:45 +01:00 · 2023-04-17 10:47:32 -04:00
parent b756b8ea32 9d6ed8b9b2
commit 3891548d6d
7 changed files with 43 additions and 29 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-20230301
+
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.220-20230301 ISO image built on 2023/03/01
+### 2.3.230-20230417 ISO image built on 2023/04/17
 ### Download and Verify
-2.3.220-20230301 ISO image:  
+2.3.230-20230417 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230301.iso
+https://download.securityonion.net/file/securityonion/securityonion-2.3.230-20230417.iso
-MD5: 76870CF09FF27893574FC104F9AC6642  
+MD5: EBE7E5407AF9AF6F1ADCB9A8E011729B  
-SHA1: CBF5B407C5982CA40C7660FE5CD9E3C6C551D280  
+SHA1: EC101F5C633D368205F5B756F063308A0BE0466E  
-SHA256: 0719D441DF8B77266CE16F5FA182BF0680567BE7AD0AE36979D4FE8E0953F094 
+SHA256: CBB9BE490AB44BCC2C8CAB8AAE65288BE130B43927DFA4DFBDD9D95B3564D65F 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230301.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.230-20230417.iso.sig
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230301.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.230-20230417.iso.sig
 ```
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230301.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.230-20230417.iso
 ```
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.220-20230301.iso.sig securityonion-2.3.220-20230301.iso
+gpg --verify securityonion-2.3.230-20230417.iso.sig securityonion-2.3.230-20230417.iso
 ```
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 01 Mar 2023 03:50:25 PM EST using RSA key ID FE507013
+gpg: Signature made Fri 14 Apr 2023 11:12:57 AM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/2
+++ b/2
@@ -1 +1 @@
-2.3.220
+2.3.230
--- a/pillar/zeek/init.sls
+++ b/pillar/zeek/init.sls
@@ -15,6 +15,7 @@ zeek:
    SpoolDir: /nsm/zeek/spool
    CfgDir: /opt/zeek/etc
    CompressLogs: 1
    ZeekPort: 27760
  local:
    '@load':
      - misc/loaded-scripts
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -554,6 +554,8 @@ preupgrade_changes() {
    [[ "$INSTALLEDVERSION" == 2.3.190 ]] && up_to_2.3.200
    [[ "$INSTALLEDVERSION" == 2.3.200 ]] && up_to_2.3.210
    [[ "$INSTALLEDVERSION" == 2.3.210 ]] && up_to_2.3.220
    [[ "$INSTALLEDVERSION" == 2.3.220 ]] && up_to_2.3.230
    true
 }
@@ -580,6 +582,7 @@ postupgrade_changes() {
    [[ "$POSTVERSION" == 2.3.190 ]] && post_to_2.3.200
    [[ "$POSTVERSION" == 2.3.200 ]] && post_to_2.3.210
    [[ "$POSTVERSION" == 2.3.210 ]] && post_to_2.3.220
    [[ "$POSTVERSION" == 2.3.220 ]] && post_to_2.3.230
    true
 }
@@ -713,6 +716,11 @@ post_to_2.3.220() {
  POSTVERSION=2.3.220
 }
 post_to_2.3.230() {
  echo "Nothing to do for .230"
  POSTVERSION=2.3.230
 }
 stop_salt_master() {
    # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
    set +e
@@ -1053,6 +1061,11 @@ up_to_2.3.220() {
  INSTALLEDVERSION=2.3.220
 }
 up_to_2.3.230() {
  echo "Upgrading to 2.3.230"
  INSTALLEDVERSION=2.3.230
 }
 verify_upgradespace() {
  CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
  if [ "$CURRENTSPACE" -lt "10" ]; then
--- a/salt/elasticsearch/files/ingest/suricata.dns
+++ b/salt/elasticsearch/files/ingest/suricata.dns
@@ -1,21 +1,21 @@
 {
  "description" : "suricata.dns",
  "processors" : [
-    { "rename": 	{ "field": "message2.proto", 		"target_field": "network.transport",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.proto", 			"target_field": "network.transport",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.app_proto", 	"target_field": "network.protocol",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.app_proto", 		"target_field": "network.protocol",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.type", 	"target_field": "dns.query.type",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.type", 		"target_field": "dns.query.type",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.tx_id",	"target_field": "dns.id",			"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.tx_id",		"target_field": "dns.id",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.version", 	"target_field": "dns.version",			"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.version", 		"target_field": "dns.version",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rrname", 	"target_field": "dns.query.name",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.rrname", 		"target_field": "dns.query.name",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rrtype", 	"target_field": "dns.query.type_name",		"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.rrtype", 		"target_field": "dns.query.type_name",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.flags", 	"target_field": "dns.flags",			"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.flags", 		"target_field": "dns.flags",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.qr", 		"target_field": "dns.qr",			"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.qr", 			"target_field": "dns.qr",			"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rd", 		"target_field": "dns.recursion.desired",	"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.rd", 			"target_field": "dns.recursion.desired",	"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.ra", 		"target_field": "dns.recursion.available",	"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.ra", 			"target_field": "dns.recursion.available",	"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.dns.rcode", 	"target_field": "dns.response.code_name",	"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.dns.rcode", 		"target_field": "dns.response.code_name",	"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.grouped.A", 	"target_field": "dns.answers.data",		"ignore_missing": true 	} },
+    { "rename":		{ "field": "message2.dns.grouped.A", 		"target_field": "dns.answers.data",		"ignore_missing": true 	} },
-    { "rename": 	{ "field": "message2.grouped.CNAME", 	"target_field": "dns.answers.name",		"ignore_missing": true 	} },
+    { "rename":		{ "field": "message2.dns.grouped.CNAME",	"target_field": "dns.answers.name",		"ignore_missing": true 	} },
-    { "pipeline": 	{ "if": "ctx.dns.query?.name != null && ctx.dns.query.name.contains('.')", "name": "dns.tld"			} },
+    { "pipeline":	{ "if": "ctx.dns.query?.name != null && ctx.dns.query.name.contains('.')", "name": "dns.tld"				} },
-    { "pipeline": { "name": "common" } }
+    { "pipeline": 	{ "name": "common"													} }
  ]
 }
--- a/sigs/securityonion-2.3.230-20230417.iso.sig
+++ b/sigs/securityonion-2.3.230-20230417.iso.sig