diff --git a/DOWNLOAD_AND_VERIFY_ISO.md b/DOWNLOAD_AND_VERIFY_ISO.md index 9466c9bba..c1594b954 100644 --- a/DOWNLOAD_AND_VERIFY_ISO.md +++ b/DOWNLOAD_AND_VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.4.3-20230711 ISO image built on 2023/07/11 +### 2.4.4-20230728 ISO image built on 2023/07/28 ### Download and Verify -2.4.3-20230711 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso +2.4.4-20230728 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso -MD5: F481ED39E02A5AF05EB50D319D97A6C7 -SHA1: 20F9BAA8F73A44C21A8DFE81F36247BCF33CEDA6 -SHA256: D805522E02CD4941641385F6FF86FAAC240DA6C5FD98F78460348632C7C631B0 +MD5: F63E76245F3E745B5BDE9E6E647A7CB6 +SHA1: 6CE4E4A3399CD282D4F8592FB19D510388AB3EEA +SHA256: BF8FEB91B1D94B67C3D4A79D209B068F4A46FEC7C15EEF65B0FCE9851D7E6C9F Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS @@ -26,17 +26,17 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2. Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.4.3-20230711.iso.sig securityonion-2.4.3-20230711.iso +gpg --verify securityonion-2.4.4-20230728.iso.sig securityonion-2.4.4-20230728.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: diff --git a/README.md b/README.md index 3ab976bb5..aa3aa6ddf 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.4 Release Candidate 1 (RC1) +## Security Onion 2.4 Release Candidate 2 (RC2) -Security Onion 2.4 Release Candidate 1 (RC1) is here! +Security Onion 2.4 Release Candidate 2 (RC2) is here! ## Screenshots diff --git a/VERSION b/VERSION index 7f2e97617..247af78a9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4.0-kilo +2.4.0-kilo \ No newline at end of file diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index 57446a5c2..20b966e48 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -866,6 +866,14 @@ firewall: portgroups: - elasticsearch_node - elasticsearch_rest + managersearch: + portgroups: + - elasticsearch_node + - elasticsearch_rest + standalone: + portgroups: + - elasticsearch_node + - elasticsearch_rest dockernet: portgroups: - elasticsearch_node diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index 5ab028989..cf7ae01a6 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -1,15 +1,29 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} +{% from 'firewall/ipt.map.jinja' import iptmap %} + +install_iptables: + pkg.installed: + - name: {{ iptmap.iptpkg }} + +iptables_persist: + pkg.installed: + - name: {{ iptmap.persistpkg }} + +iptables_service: + service.running: + - name: {{ iptmap.service }} + - enable: True create_sysconfig_iptables: file.touch: - - name: /etc/sysconfig/iptables + - name: {{ iptmap.configfile }} - makedirs: True - - unless: 'ls /etc/sysconfig/iptables' + - unless: 'ls {{ iptmap.configfile }}' iptables_config: file.managed: - - name: /etc/sysconfig/iptables + - name: {{ iptmap.configfile }} - source: salt://firewall/iptables.jinja - template: jinja @@ -24,11 +38,11 @@ disable_firewalld: iptables_restore: cmd.run: - - name: iptables-restore < /etc/sysconfig/iptables + - name: iptables-restore < {{ iptmap.configfile }} - require: - file: iptables_config - onlyif: - - iptables-restore --test /etc/sysconfig/iptables + - iptables-restore --test {{ iptmap.configfile }} {% if grains.os_family == 'RedHat' %} enable_firewalld: diff --git a/salt/firewall/ipt.map.jinja b/salt/firewall/ipt.map.jinja new file mode 100644 index 000000000..629c1bdd8 --- /dev/null +++ b/salt/firewall/ipt.map.jinja @@ -0,0 +1,14 @@ +{% set iptmap = salt['grains.filter_by']({ + 'Debian': { + 'service': 'netfilter-persistent', + 'iptpkg': 'iptables', + 'persistpkg': 'iptables-persistent', + 'configfile': '/etc/iptables/rules.v4' + }, + 'RedHat': { + 'service': 'iptables', + 'iptpkg': 'iptables-nft', + 'persistpkg': 'iptables-nft-services', + 'configfile': '/etc/sysconfig/iptables' + }, +}) %} diff --git a/salt/idh/enabled.sls b/salt/idh/enabled.sls index 480e7eedc..7ef0ebb46 100644 --- a/salt/idh/enabled.sls +++ b/salt/idh/enabled.sls @@ -6,6 +6,7 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls.split('.')[0] in allowed_states %} {% from 'vars/globals.map.jinja' import GLOBALS %} +{% from 'docker/docker.map.jinja' import DOCKER %} include: - idh.config diff --git a/salt/idstools/tools/sbin_jinja/so-rule-update b/salt/idstools/tools/sbin_jinja/so-rule-update index 6a5976a1c..3e4b382e6 100755 --- a/salt/idstools/tools/sbin_jinja/so-rule-update +++ b/salt/idstools/tools/sbin_jinja/so-rule-update @@ -12,7 +12,7 @@ chown -R socore:socore /nsm/rules/suricata {%- if proxy %} export http_proxy={{ proxy }} export https_proxy={{ proxy }} -export no_proxy= salt['pillar.get']('manager:no_proxy') +export no_proxy=salt['pillar.get']('manager:no_proxy') {%- endif %} {%- if IDSTOOLSMERGED.config.ruleset == 'ETOPEN' %} docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 4f113fab7..31f1d0fea 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -346,7 +346,7 @@ clone_to_tmp() { # Make a temp location for the files mkdir -p /tmp/sogh cd /tmp/sogh - SOUP_BRANCH="" + SOUP_BRANCH="-b 2.4/main" if [ -n "$BRANCH" ]; then SOUP_BRANCH="-b $BRANCH" fi @@ -391,6 +391,8 @@ preupgrade_changes() { echo "Checking to see if changes are needed." [[ "$INSTALLEDVERSION" == 2.4.2 ]] && up_to_2.4.3 + [[ "$INSTALLEDVERSION" == 2.4.3 ]] && up_to_2.4.4 + [[ "$INSTALLEDVERSION" == 2.4.4 ]] && up_to_2.4.5 true } @@ -399,6 +401,8 @@ postupgrade_changes() { echo "Running post upgrade processes." [[ "$POSTVERSION" == 2.4.2 ]] && post_to_2.4.3 + [[ "$POSTVERSION" == 2.4.3 ]] && post_to_2.4.4 + [[ "$POSTVERSION" == 2.4.4 ]] && post_to_2.4.5 true @@ -409,6 +413,15 @@ post_to_2.4.3() { POSTVERSION=2.4.3 } +post_to_2.4.4() { + echo "Nothing to apply" + POSTVERSION=2.4.4 +} + +post_to_2.4.5() { + echo "Nothing to apply" + POSTVERSION=2.4.5 +} stop_salt_master() { # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts @@ -455,7 +468,19 @@ stop_salt_minion() { up_to_2.4.3() { echo "Nothing to do for 2.4.3" ## - INSTALLEDVERSION=2.3.140 + INSTALLEDVERSION=2.4.3 +} + +up_to_2.4.4() { + echo "Nothing to do for 2.4.4" + ## + INSTALLEDVERSION=2.4.4 +} + +up_to_2.4.5() { + echo "Nothing to do for 2.4.5" + ## + INSTALLEDVERSION=2.4.5 } verify_upgradespace() { diff --git a/salt/manager/tools/sbin_jinja/so-yara-download b/salt/manager/tools/sbin_jinja/so-yara-download index adfb8c529..e9b991b6c 100644 --- a/salt/manager/tools/sbin_jinja/so-yara-download +++ b/salt/manager/tools/sbin_jinja/so-yara-download @@ -8,7 +8,7 @@ NOROOT=1 {%- if proxy %} export http_proxy={{ proxy }} export https_proxy={{ proxy }} -export no_proxy= salt['pillar.get']('manager:no_proxy') +export no_proxy=salt['pillar.get']('manager:no_proxy') {%- endif %} repos="/opt/so/conf/strelka/repos.txt" diff --git a/salt/sensor/soc_sensor.yaml b/salt/sensor/soc_sensor.yaml index 61466b2b1..0774e9bcf 100644 --- a/salt/sensor/soc_sensor.yaml +++ b/salt/sensor/soc_sensor.yaml @@ -1,7 +1,9 @@ sensor: interface: description: Main sensor monitoring interface. - helpLink: sensor.html + helpLink: sensor.html + readonly: True mtu: description: Main IP address of the grid host. - helpLink: host.html \ No newline at end of file + helpLink: host.html + readonly: True diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index a8e1a0bb4..53db2c838 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -10,6 +10,14 @@ soc: target: links: - '/#/hunt?q="{value|escape}" | groupby event.module* event.dataset' + - name: actionAddToCase + description: actionAddToCaseHelp + icon: fa-briefcase + jsCall: openAddToCaseDialog + categories: + - hunt + - alerts + - dashboards - name: actionCorrelate description: actionCorrelateHelp icon: fab fa-searchengin diff --git a/salt/strelka/tools/sbin_jinja/so-yara-download b/salt/strelka/tools/sbin_jinja/so-yara-download index 9ec6fa41f..a8087173c 100644 --- a/salt/strelka/tools/sbin_jinja/so-yara-download +++ b/salt/strelka/tools/sbin_jinja/so-yara-download @@ -8,7 +8,7 @@ NOROOT=1 {%- if proxy %} export http_proxy={{ proxy }} export https_proxy={{ proxy }} -export no_proxy= salt['pillar.get']('manager:no_proxy') +export no_proxy=salt['pillar.get']('manager:no_proxy') {%- endif %} mkdir -p /tmp/yara diff --git a/setup/so-verify b/setup/so-verify index 918610732..07d24d114 100755 --- a/setup/so-verify +++ b/setup/so-verify @@ -51,6 +51,7 @@ log_has_errors() { grep -vE "/nsm/rules/sigma*" | \ grep -vE "/nsm/rules/yara*" | \ grep -vE "Failed to restart snapd" | \ + grep -vE "Login Failed Details" | \ grep -vE "Running scope as unit" &> "$error_log" if [[ $? -eq 0 ]]; then diff --git a/sigs b/sigs index 34c6a9eee..75a14e1a1 100644 Binary files a/sigs and b/sigs differ