CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8327 from Security-Onion-Solutions/TOoSmOotH-patch-1

Browse Source 
Update HOTFIX
This commit is contained in:
Mike Reeves
2022-07-19 11:17:13 -04:00
committed by GitHub
parent 497110d6cd 5ceff52796
commit 52a5e743e9
2 changed files with 71 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
HOTFIX
View File

@@ -1 +1 @@
20220719

104
salt/common/tools/sbin/soup
View File

@@ -371,6 +371,74 @@ clone_to_tmp() {
fi
}
elastalert_indices_check() {
# Stop Elastalert to prevent Elastalert indices from being re-created
so-elastalert-stop
# Deleting Elastalert indices to prevent issues with upgrade to Elastic 8 ##
echo "Deleting Elastalert indices to prevent issues with upgrade to Elastic 8..."
# Wait for ElasticSearch to initialize
echo -n "Waiting for ElasticSearch..."
COUNT=0
ELASTICSEARCH_CONNECTED="no"
while [[ "$COUNT" -le 240 ]]; do
so-elasticsearch-query / -k --output /dev/null
if [ $? -eq 0 ]; then
ELASTICSEARCH_CONNECTED="yes"
echo "connected!"
break
else
((COUNT+=1))
sleep 1
echo -n "."
fi
done
# Unable to connect to Elasticsearch
if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
echo
echo -e "Connection attempt timed out. Unable to connect to ElasticSearch. \nPlease try: \n -checking log(s) in /var/log/elasticsearch/\n -running 'sudo docker ps' \n -running 'sudo so-elastic-restart'"
echo
exit 1
fi
# Check Elastalert indices
CHECK_COUNT=0
while [[ "$CHECK_COUNT" -le 2 ]]; do
# Delete Elastalert indices
for i in $(so-elasticsearch-query _cat/indices | grep elastalert | awk '{print $3}'); do
so-elasticsearch-query $i -XDELETE;
done
# Check to ensure Elastalert indices are deleted
COUNT=0
ELASTALERT_INDICES_DELETED="no"
while [[ "$COUNT" -le 240 ]]; do
RESPONSE=$(so-elasticsearch-query elastalert*)
if [[ "$RESPONSE" == "{}" ]]; then
ELASTALERT_INDICES_DELETED="yes"
echo "Elastalert indices successfully deleted."
break
else
((COUNT+=1))
sleep 1
echo -n "."
fi
done
((CHECK_COUNT+=1))
done
# If we were unable to delete the Elastalert indices, exit the script
if [ "$ELASTALERT_INDICES_DELETED" == "no" ]; then
echo
echo -e "Unable to connect to delete Elastalert indices. Exiting."
echo
exit 1
fi
}
enable_highstate() {
echo "Enabling highstate."
salt-call state.enable highstate -l info --local
@@ -825,40 +893,7 @@ up_to_2.3.130() {
}
up_to_2.3.140() {
## Deleting Elastalert indices to prevent issues with upgrade to Elastic 8 ##
echo "Deleting Elastalert indices to prevent issues with upgrade to Elastic 8..."
# Wait for ElasticSearch to initialize
echo -n "Waiting for ElasticSearch..."
COUNT=0
ELASTICSEARCH_CONNECTED="no"
while [[ "$COUNT" -le 240 ]]; do
so-elasticsearch-query / -k --output /dev/null
if [ $? -eq 0 ]; then
ELASTICSEARCH_CONNECTED="yes"
echo "connected!"
break
else
((COUNT+=1))
sleep 1
echo -n "."
fi
done
if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
echo
echo -e "Connection attempt timed out. Unable to connect to ElasticSearch. \nPlease try: \n -checking log(s) in /var/log/elasticsearch/\n -running 'sudo docker ps' \n -running 'sudo so-elastic-restart'"
echo
exit 1
fi
# Delete Elastalert indices
for i in $(so-elasticsearch-query _cat/indices | grep elastalert | awk '{print $3}'); do so-elasticsearch-query $i -XDELETE; done
# Check to ensure Elastalert indices have been deleted
RESPONSE=$(so-elasticsearch-query elastalert*)
if [[ "$RESPONSE" == "{}" ]]; then
echo "Elastalert indices have been deleted."
else
fail "Something went wrong. Could not delete the Elastalert indices. Exiting."
fi
elastalert_indices_check
##
INSTALLEDVERSION=2.3.140
}
@@ -1178,6 +1213,7 @@ main() {
verify_latest_update_script
es_version_check
es_indices_check
elastalert_indices_check
echo ""
set_palette
check_elastic_license