Merge pull request #6793 from Security-Onion-Solutions/23100soup_jpp

23100soup

salt/common/tools/sbin/soup

@@ -399,6 +399,7 @@ preupgrade_changes() {
     [[ "$INSTALLEDVERSION" == 2.3.30 || "$INSTALLEDVERSION" == 2.3.40 ]] && up_to_2.3.50
     [[ "$INSTALLEDVERSION" == 2.3.50 || "$INSTALLEDVERSION" == 2.3.51 || "$INSTALLEDVERSION" == 2.3.52 || "$INSTALLEDVERSION" == 2.3.60 || "$INSTALLEDVERSION" == 2.3.61 || "$INSTALLEDVERSION" == 2.3.70 ]] && up_to_2.3.80
     [[ "$INSTALLEDVERSION" == 2.3.80 ]] && up_to_2.3.90
+    [[ "$INSTALLEDVERSION" == 2.3.90 || "$INSTALLEDVERSION" == 2.3.91 ]] && up_to_2.3.100
     true
 }
 
@@ -410,6 +411,7 @@ postupgrade_changes() {
     [[ "$POSTVERSION" == 2.3.21 || "$POSTVERSION" == 2.3.30 ]] && post_to_2.3.40
     [[ "$POSTVERSION" == 2.3.40 || "$POSTVERSION" == 2.3.50 || "$POSTVERSION" == 2.3.51 || "$POSTVERSION" == 2.3.52 ]] && post_to_2.3.60
     [[ "$POSTVERSION" == 2.3.60 || "$POSTVERSION" == 2.3.61 || "$POSTVERSION" == 2.3.70 || "$POSTVERSION" == 2.3.80 ]] && post_to_2.3.90
+    [[ "$POSTVERSION" == 2.3.90 || "$POSTVERSION" == 2.3.91 ]] && post_to_2.3.100
     true
 }
 
@@ -459,11 +461,12 @@ post_to_2.3.90() {
       fi
     fi
 
-  
-
   POSTVERSION=2.3.90
 }
 
+post_to_2.3.100() {
+  echo "Post Processing for .100"
+}
 
 up_to_2.3.20(){
   DOCKERSTUFFBIP=$(echo $DOCKERSTUFF | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24
@@ -615,6 +618,9 @@ up_to_2.3.90() {
     fi
   done
   
+  # There was a bug in 2.3.0 so-firewall addhostgroup that was resolved in 2.3.1 - commit 32294eb2ed30ac74b15bb4bfab687084a928daf2
+  echo "Verify so-firewall is up to date"
+  verify_latest_so-firewall_script
   # Create Endgame Hostgroup
   echo "Adding endgame hostgroup with so-firewall"
   if so-firewall addhostgroup endgame 2>&1 | grep -q 'Already exists'; then
@@ -657,6 +663,14 @@ up_to_2.3.90() {
   INSTALLEDVERSION=2.3.90
 }
 
+up_to_2.3.100() {
+  echo "Updating to Security Onion to 2.3.100"
+  echo "Populating the mine with network.ip_addrs pillar.host.mainint for each host."
+  set +e
+  salt \* cmd.run cmd='MAININT=$(salt-call pillar.get host:mainint --out=newline_values_only) && salt-call mine.send name=network.ip_addrs interface="$MAININT"'
+  set -e
+  fix_wazuh
+}
 
 verify_upgradespace() {
   CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
@@ -853,10 +867,34 @@ verify_latest_update_script() {
   fi
 }
 
+verify_latest_so-firewall_script() {
+  # Check to see if the so-firewall script matches. If not run the new one.
+  CURRENTSOFIREWALL=$(md5sum /usr/sbin/so-firewall | awk '{print $1}')
+  GITSOFIREWALL=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-firewall | awk '{print $1}')
+
+  if [[ "$CURRENTSOFIREWALL" == "$GITSOFIREWALL" ]]; then
+    echo "This version of the so-firewall script is up to date. Proceeding."
+  else
+    echo "You are not running the latest version of so-firewall. Updating so-firewall."
+    cp $UPDATE_DIR/salt/common/tools/sbin/so-firewall $DEFAULT_SALT_DIR/salt/common/tools/sbin/
+    cp $UPDATE_DIR/salt/common/tools/sbin/so-firewall /usr/sbin/
+    echo ""
+    echo "so-firewall has been updated."
+  fi
+}
+
 apply_hotfix() {
   if [[ "$INSTALLEDVERSION" == "2.3.90" ]] ; then
-    FILE="/nsm/wazuh/etc/ossec.conf"
+    fix_wazuh
-    echo "Detecting if ossec.conf needs corrected..."
+  else
+    echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
+  fi
+}
+
+fix_wazuh() {
+  FILE="/nsm/wazuh/etc/ossec.conf"
+  echo "Detecting if $FILE needs corrected..."
+  if [ -f "$FILE" ]; then
     if head -1 $FILE | grep -q "xml version"; then
       echo "$FILE has an XML header; removing"
       sed -i 1d $FILE
@@ -865,11 +903,10 @@ apply_hotfix() {
       echo "$FILE does not have an XML header, so no changes are necessary."
     fi
   else
-    echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
+    echo "$FILE does not exist, so no changes are necessary."
   fi
 }
 
-
 main() {
   trap 'check_err $?' EXIT