Merge pull request #6335 from Security-Onion-Solutions/hotfix/2.3.90

Hotfix/2.3.90
2025-12-06 17:22:49 +01:00 · 2021-11-23 16:51:27 -05:00
parent 3bfc3b8943 5062e910e2
commit 4c6786a412
7 changed files with 55 additions and 42 deletions
--- a/1
+++ b/1
@@ -0,0 +1 @@
+WAZUH
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-## Security Onion 2.3.90
+## Security Onion 2.3.90-WAZUH

-Security Onion 2.3.90 is here!
+Security Onion 2.3.90-WAZUH is here!

 ## Screenshots

--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.90 ISO image built on 2021/11/19
+### 2.3.90-WAZUH ISO image built on 2021/11/23



 ### Download and Verify

-2.3.90 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.90.iso
+2.3.90-WAZUH ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.90-WAZUH.iso

-MD5: F214ECE9F32A6F881D9A735DEAF90E46  
-SHA1: 0B04FAA0FEC704CF6AD2030AA7A4AE80D9379AFA  
-SHA256: BE0E1516D83D7782AEAE9D52449FED45A45D72981515672C761C2A17B7AA613C 
+MD5: B7141C8627CDB45F4A8741B2ADE4A9F3  
+SHA1: 16087B385CA651659EC98F139AFDF90922430FB6  
+SHA256: 667AF11BBCFE3248AF59E45043703B55A543E059899AE387FF55EB8077304F04 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-WAZUH.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-WAZUH.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90-WAZUH.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.90.iso.sig securityonion-2.3.90.iso
+gpg --verify securityonion-2.3.90-WAZUH.iso.sig securityonion-2.3.90-WAZUH.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Fri 19 Nov 2021 05:15:29 PM EST using RSA key ID FE507013
+gpg: Signature made Tue 23 Nov 2021 03:19:08 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/salt/common/tools/sbin/so-allow
+++ b/salt/common/tools/sbin/so-allow
@@ -23,7 +23,6 @@ import sys
 import argparse
 import re
 from lxml import etree as ET
-from xml.dom import minidom
 from datetime import datetime as dt
 from datetime import timezone as tz

@@ -79,20 +78,15 @@ def ip_prompt() -> str:


 def wazuh_enabled() -> bool:
-  for file in os.listdir(f'{LOCAL_SALT_DIR}/pillar'):
-    with open(file, 'r') as pillar:
-      if 'wazuh: 1' in pillar.read():
-        return True
+  file = f'{LOCAL_SALT_DIR}/pillar/global.sls'
+  with open(file, 'r') as pillar:
+    if 'wazuh: 1' in pillar.read():
+      return True
  return False


 def root_to_str(root: ET.ElementTree) -> str:
-    xml_str = ET.tostring(root, encoding='unicode', method='xml').replace('\n', '')
-    xml_str = re.sub(r'(?:(?<=>) *)', '', xml_str)
-    xml_str = re.sub(r'       -', '', xml_str)
-    xml_str = re.sub(r'      -->', ' -->', xml_str)
-    dom = minidom.parseString(xml_str)
-    return dom.toprettyxml(indent="  ")
+    return ET.tostring(root, encoding='unicode', method='xml', xml_declaration=False, pretty_print=True)


 def add_wl(ip):
@@ -124,7 +118,7 @@ def apply(role: str, ip: str) -> int:
  else:
    return cmd.returncode
  if cmd.returncode == 0:
-    if wazuh_enabled and role=='analyst':
+    if wazuh_enabled() and role=='analyst':
      try:
        add_wl(ip)
        print(f'Added whitelist entry for {ip} from {WAZUH_CONF}', file=sys.stderr)
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -837,6 +837,23 @@ verify_latest_update_script() {
  fi
 }

+apply_hotfix() {
+  if [[ "$INSTALLEDVERSION" == "2.3.90" && "$HOTFIXVERSION" == "WAZUH" ]] ; then
+    FILE="/nsm/wazuh/etc/ossec.conf"
+    echo "Detecting if ossec.conf needs corrected..."
+    if head -1 $FILE | grep -q "xml version"; then
+      echo "$FILE has an XML header; removing"
+      sed -i 1d $FILE
+      so-wazuh-restart
+    else    
+      echo "$FILE does not have an XML header, so no changes are necessary."
+    fi
+  else
+    echo "Skipping ossec.conf check ($INSTALLEDVERSION/$HOTFIXVERSION)"
+  fi
+}
+
+
 main() {
  trap 'check_err $?' EXIT
  
@@ -891,9 +908,10 @@ main() {
  set -e

  if [ "$is_hotfix" == "true" ]; then
-    echo "Applying $HOTFIXVERSION" 
+    echo "Applying $HOTFIXVERSION hotfix"
    copy_new_files
-    echo ""
+    apply_hotfix
+    echo "Hotfix applied"
    update_version
    salt-call state.highstate -l info queue=True
  else
@@ -933,21 +951,21 @@ main() {
      echo "Upgrading Salt"
      # Update the repo files so it can actually upgrade
      upgrade_salt
-    fi
-
-    echo "Checking if Salt was upgraded."
-    echo ""
-    # Check that Salt was upgraded
-    SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
-    if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
-      echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
-      echo "Once the issue is resolved, run soup again."
-      echo "Exiting."
-      echo ""
-      exit 0
-    else
-      echo "Salt upgrade success."
+    
+      echo "Checking if Salt was upgraded."
      echo ""
+      # Check that Salt was upgraded
+      SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
+      if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
+        echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
+        echo "Once the issue is resolved, run soup again."
+        echo "Exiting."
+        echo ""
+        exit 0
+      else
+        echo "Salt upgrade success."
+        echo ""
+      fi
    fi

    preupgrade_changes
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -753,7 +753,7 @@ whiptail_install_type_dist() {

 	dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \
 		"New Deployment         " "Create a new Security Onion deployment" \
-		"Existing Deployment    " "Join to an exisiting Security Onion deployment " \
+		"Existing Deployment    " "Join to an existing Security Onion deployment " \
 		 3>&1 1>&2 2>&3
 	)
 	local exitstatus=$?
--- a/sigs/securityonion-2.3.90-WAZUH.iso.sig
+++ b/sigs/securityonion-2.3.90-WAZUH.iso.sig