CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6335 from Security-Onion-Solutions/hotfix/2.3.90

Browse Source 
Hotfix/2.3.90
This commit is contained in:
Mike Reeves
2021-11-23 16:51:27 -05:00
committed by GitHub
parent 3bfc3b8943 5062e910e2
commit 4c6786a412
7 changed files with 55 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
HOTFIX
View File

@@ -0,0 +1 @@
WAZUH

4
README.md
View File

@@ -1,6 +1,6 @@
## Security Onion 2.3.90 ## Security Onion 2.3.90-WAZUH
Security Onion 2.3.90 is here! Security Onion 2.3.90-WAZUH is here!
## Screenshots ## Screenshots

22
VERIFY_ISO.md
View File

@@ -1,18 +1,18 @@
### 2.3.90 ISO image built on 2021/11/19 ### 2.3.90-WAZUH ISO image built on 2021/11/23
### Download and Verify ### Download and Verify
2.3.90 ISO image: 2.3.90-WAZUH ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.90.iso https://download.securityonion.net/file/securityonion/securityonion-2.3.90-WAZUH.iso
MD5: F214ECE9F32A6F881D9A735DEAF90E46 MD5: B7141C8627CDB45F4A8741B2ADE4A9F3
SHA1: 0B04FAA0FEC704CF6AD2030AA7A4AE80D9379AFA SHA1: 16087B385CA651659EC98F139AFDF90922430FB6
SHA256: BE0E1516D83D7782AEAE9D52449FED45A45D72981515672C761C2A17B7AA613C SHA256: 667AF11BBCFE3248AF59E45043703B55A543E059899AE387FF55EB8077304F04
Signature for ISO image: Signature for ISO image:
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90.iso.sig https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-WAZUH.iso.sig
Signing key: Signing key:
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
Download the signature file for the ISO: Download the signature file for the ISO:
``` ```
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90.iso.sig wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-WAZUH.iso.sig
``` ```
Download the ISO image: Download the ISO image:
``` ```
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90.iso wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90-WAZUH.iso
``` ```
Verify the downloaded ISO image using the signature file: Verify the downloaded ISO image using the signature file:
``` ```
gpg --verify securityonion-2.3.90.iso.sig securityonion-2.3.90.iso gpg --verify securityonion-2.3.90-WAZUH.iso.sig securityonion-2.3.90-WAZUH.iso
``` ```
The output should show "Good signature" and the Primary key fingerprint should match what's shown below: The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
``` ```
gpg: Signature made Fri 19 Nov 2021 05:15:29 PM EST using RSA key ID FE507013 gpg: Signature made Tue 23 Nov 2021 03:19:08 PM EST using RSA key ID FE507013
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>" gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.

18
salt/common/tools/sbin/so-allow
View File

@@ -23,7 +23,6 @@ import sys
import argparse import argparse
import re import re
from lxml import etree as ET from lxml import etree as ET
from xml.dom import minidom
from datetime import datetime as dt from datetime import datetime as dt
from datetime import timezone as tz from datetime import timezone as tz
@@ -79,20 +78,15 @@ def ip_prompt() -> str:
def wazuh_enabled() -> bool: def wazuh_enabled() -> bool:
for file in os.listdir(f'{LOCAL_SALT_DIR}/pillar'): file = f'{LOCAL_SALT_DIR}/pillar/global.sls'
with open(file, 'r') as pillar: with open(file, 'r') as pillar:
if 'wazuh: 1' in pillar.read(): if 'wazuh: 1' in pillar.read():
return True return True
return False return False
def root_to_str(root: ET.ElementTree) -> str: def root_to_str(root: ET.ElementTree) -> str:
xml_str = ET.tostring(root, encoding='unicode', method='xml').replace('\n', '') return ET.tostring(root, encoding='unicode', method='xml', xml_declaration=False, pretty_print=True)
xml_str = re.sub(r'(?:(?<=>) *)', '', xml_str)
xml_str = re.sub(r' -', '', xml_str)
xml_str = re.sub(r' -->', ' -->', xml_str)
dom = minidom.parseString(xml_str)
return dom.toprettyxml(indent=" ")
def add_wl(ip): def add_wl(ip):
@@ -124,7 +118,7 @@ def apply(role: str, ip: str) -> int:
else: else:
return cmd.returncode return cmd.returncode
if cmd.returncode == 0: if cmd.returncode == 0:
if wazuh_enabled and role=='analyst': if wazuh_enabled() and role=='analyst':
try: try:
add_wl(ip) add_wl(ip)
print(f'Added whitelist entry for {ip} from {WAZUH_CONF}', file=sys.stderr) print(f'Added whitelist entry for {ip} from {WAZUH_CONF}', file=sys.stderr)

50
salt/common/tools/sbin/soup
View File

@@ -837,6 +837,23 @@ verify_latest_update_script() {
fi fi
} }
apply_hotfix() {
if [[ "$INSTALLEDVERSION" == "2.3.90" && "$HOTFIXVERSION" == "WAZUH" ]] ; then
FILE="/nsm/wazuh/etc/ossec.conf"
echo "Detecting if ossec.conf needs corrected..."
if head -1 $FILE | grep -q "xml version"; then
echo "$FILE has an XML header; removing"
sed -i 1d $FILE
so-wazuh-restart
else
echo "$FILE does not have an XML header, so no changes are necessary."
fi
else
echo "Skipping ossec.conf check ($INSTALLEDVERSION/$HOTFIXVERSION)"
fi
}
main() { main() {
trap 'check_err $?' EXIT trap 'check_err $?' EXIT
@@ -891,9 +908,10 @@ main() {
set -e set -e
if [ "$is_hotfix" == "true" ]; then if [ "$is_hotfix" == "true" ]; then
echo "Applying $HOTFIXVERSION" echo "Applying $HOTFIXVERSION hotfix"
copy_new_files copy_new_files
echo "" apply_hotfix
echo "Hotfix applied"
update_version update_version
salt-call state.highstate -l info queue=True salt-call state.highstate -l info queue=True
else else
@@ -933,21 +951,21 @@ main() {
echo "Upgrading Salt" echo "Upgrading Salt"
# Update the repo files so it can actually upgrade # Update the repo files so it can actually upgrade
upgrade_salt upgrade_salt
fi
echo "Checking if Salt was upgraded."
echo "Checking if Salt was upgraded."
echo ""
# Check that Salt was upgraded
SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
echo "Once the issue is resolved, run soup again."
echo "Exiting."
echo ""
exit 0
else
echo "Salt upgrade success."
echo "" echo ""
# Check that Salt was upgraded
SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
echo "Once the issue is resolved, run soup again."
echo "Exiting."
echo ""
exit 0
else
echo "Salt upgrade success."
echo ""
fi
fi fi
preupgrade_changes preupgrade_changes

2
setup/so-whiptail
View File

@@ -753,7 +753,7 @@ whiptail_install_type_dist() {
dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \ dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \
"New Deployment " "Create a new Security Onion deployment" \ "New Deployment " "Create a new Security Onion deployment" \
"Existing Deployment " "Join to an exisiting Security Onion deployment " \ "Existing Deployment " "Join to an existing Security Onion deployment " \
3>&1 1>&2 2>&3 3>&1 1>&2 2>&3
) )
local exitstatus=$? local exitstatus=$?

BIN
sigs/securityonion-2.3.90-WAZUH.iso.sig Normal file
View File

Binary file not shown.