avoid rare false positive when dasbhoard load completes during setup

2025-12-06 09:12:45 +01:00 · 2023-07-31 16:09:36 -04:00
parent f4907a5b5c ed7b674fbb
commit 5c7c3fb996
15 changed files with 98 additions and 25 deletions
--- a/DOWNLOAD_AND_VERIFY_ISO.md
+++ b/DOWNLOAD_AND_VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.4.3-20230711 ISO image built on 2023/07/11
+### 2.4.4-20230728 ISO image built on 2023/07/28



 ### Download and Verify

-2.4.3-20230711 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso
+2.4.4-20230728 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso

-MD5: F481ED39E02A5AF05EB50D319D97A6C7  
-SHA1: 20F9BAA8F73A44C21A8DFE81F36247BCF33CEDA6  
-SHA256: D805522E02CD4941641385F6FF86FAAC240DA6C5FD98F78460348632C7C631B0 
+MD5: F63E76245F3E745B5BDE9E6E647A7CB6  
+SHA1: 6CE4E4A3399CD282D4F8592FB19D510388AB3EEA  
+SHA256: BF8FEB91B1D94B67C3D4A79D209B068F4A46FEC7C15EEF65B0FCE9851D7E6C9F 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -26,17 +26,17 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.3-20230711.iso.sig securityonion-2.4.3-20230711.iso
+gpg --verify securityonion-2.4.4-20230728.iso.sig securityonion-2.4.4-20230728.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-## Security Onion 2.4 Release Candidate 1 (RC1)
+## Security Onion 2.4 Release Candidate 2 (RC2)

-Security Onion 2.4 Release Candidate 1 (RC1) is here!
+Security Onion 2.4 Release Candidate 2 (RC2) is here!

 ## Screenshots

--- a/salt/firewall/defaults.yaml
+++ b/salt/firewall/defaults.yaml
@@ -866,6 +866,14 @@ firewall:
              portgroups:
                - elasticsearch_node
                - elasticsearch_rest
+            managersearch:
+              portgroups:
+                - elasticsearch_node
+                - elasticsearch_rest
+            standalone:
+              portgroups:
+                - elasticsearch_node
+                - elasticsearch_rest
            dockernet:
              portgroups:
                - elasticsearch_node
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -1,15 +1,29 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls in allowed_states %}
+{%   from 'firewall/ipt.map.jinja' import iptmap %}
+
+install_iptables:
+  pkg.installed:
+    - name: {{ iptmap.iptpkg }}
+
+iptables_persist:
+  pkg.installed:
+    - name: {{ iptmap.persistpkg }}
+
+iptables_service:
+  service.running:
+    - name: {{ iptmap.service }}
+    - enable: True

 create_sysconfig_iptables:
  file.touch:
-    - name: /etc/sysconfig/iptables
+    - name: {{ iptmap.configfile }}
    - makedirs: True
-    - unless: 'ls /etc/sysconfig/iptables'
+    - unless: 'ls {{ iptmap.configfile }}'

 iptables_config:
  file.managed:
-    - name: /etc/sysconfig/iptables
+    - name: {{ iptmap.configfile }}
    - source: salt://firewall/iptables.jinja
    - template: jinja

@@ -24,11 +38,11 @@ disable_firewalld:

 iptables_restore:
  cmd.run:
-    - name: iptables-restore < /etc/sysconfig/iptables
+    - name: iptables-restore < {{ iptmap.configfile }}
    - require:
      - file: iptables_config
    - onlyif:
-      - iptables-restore --test /etc/sysconfig/iptables
+      - iptables-restore --test {{ iptmap.configfile }}

 {%   if grains.os_family == 'RedHat' %}
 enable_firewalld:
--- a/salt/firewall/ipt.map.jinja
+++ b/salt/firewall/ipt.map.jinja
@@ -0,0 +1,14 @@
+{% set iptmap = salt['grains.filter_by']({
+    'Debian': {
+        'service': 'netfilter-persistent',
+        'iptpkg': 'iptables',
+        'persistpkg': 'iptables-persistent',
+        'configfile': '/etc/iptables/rules.v4'
+    },
+    'RedHat': {
+        'service': 'iptables',
+        'iptpkg': 'iptables-nft',
+        'persistpkg': 'iptables-nft-services',
+        'configfile': '/etc/sysconfig/iptables'
+    },
+}) %}
--- a/salt/idh/enabled.sls
+++ b/salt/idh/enabled.sls
@@ -6,6 +6,7 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls.split('.')[0] in allowed_states %}
 {%   from 'vars/globals.map.jinja' import GLOBALS %}
+{%   from 'docker/docker.map.jinja' import DOCKER %}

 include:
  - idh.config
--- a/salt/idstools/tools/sbin_jinja/so-rule-update
+++ b/salt/idstools/tools/sbin_jinja/so-rule-update
@@ -12,7 +12,7 @@ chown -R socore:socore /nsm/rules/suricata
 {%- if proxy %}
 export http_proxy={{ proxy }} 
 export https_proxy={{ proxy }} 
-export no_proxy= salt['pillar.get']('manager:no_proxy') 
+export no_proxy=salt['pillar.get']('manager:no_proxy') 
 {%- endif %}
 {%-   if IDSTOOLSMERGED.config.ruleset == 'ETOPEN' %}
 docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -346,7 +346,7 @@ clone_to_tmp() {
  # Make a temp location for the files
  mkdir -p /tmp/sogh
  cd /tmp/sogh
-  SOUP_BRANCH=""
+  SOUP_BRANCH="-b 2.4/main"
  if [ -n "$BRANCH" ]; then
    SOUP_BRANCH="-b $BRANCH"
  fi
@@ -391,6 +391,8 @@ preupgrade_changes() {
    echo "Checking to see if changes are needed."

    [[ "$INSTALLEDVERSION" == 2.4.2 ]] && up_to_2.4.3
+    [[ "$INSTALLEDVERSION" == 2.4.3 ]] && up_to_2.4.4
+    [[ "$INSTALLEDVERSION" == 2.4.4 ]] && up_to_2.4.5
    true
 }

@@ -399,6 +401,8 @@ postupgrade_changes() {
    echo "Running post upgrade processes."
    
    [[ "$POSTVERSION" == 2.4.2 ]] && post_to_2.4.3
+    [[ "$POSTVERSION" == 2.4.3 ]] && post_to_2.4.4
+    [[ "$POSTVERSION" == 2.4.4 ]] && post_to_2.4.5
    

    true
@@ -409,6 +413,15 @@ post_to_2.4.3() {
  POSTVERSION=2.4.3
 }

+post_to_2.4.4() {
+  echo "Nothing to apply"
+  POSTVERSION=2.4.4
+}
+
+post_to_2.4.5() {
+  echo "Nothing to apply"
+  POSTVERSION=2.4.5
+}

 stop_salt_master() {
    # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
@@ -455,7 +468,19 @@ stop_salt_minion() {
 up_to_2.4.3() {
   echo "Nothing to do for 2.4.3"
   ##
-   INSTALLEDVERSION=2.3.140
+   INSTALLEDVERSION=2.4.3
+}
+
+up_to_2.4.4() {
+   echo "Nothing to do for 2.4.4"
+   ##
+   INSTALLEDVERSION=2.4.4
+}
+
+up_to_2.4.5() {
+   echo "Nothing to do for 2.4.5"
+   ##
+   INSTALLEDVERSION=2.4.5
 }

 verify_upgradespace() {
--- a/salt/manager/tools/sbin_jinja/so-yara-download
+++ b/salt/manager/tools/sbin_jinja/so-yara-download
@@ -8,7 +8,7 @@ NOROOT=1
 {%- if proxy %}
 export http_proxy={{ proxy }} 
 export https_proxy={{ proxy }} 
-export no_proxy= salt['pillar.get']('manager:no_proxy') 
+export no_proxy=salt['pillar.get']('manager:no_proxy') 
 {%- endif %}

 repos="/opt/so/conf/strelka/repos.txt"
--- a/salt/sensor/soc_sensor.yaml
+++ b/salt/sensor/soc_sensor.yaml
@@ -2,6 +2,8 @@ sensor:
  interface:
    description: Main sensor monitoring interface.
    helpLink: sensor.html
+    readonly: True
  mtu:
    description: Main IP address of the grid host.
    helpLink: host.html
+    readonly: True
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -10,6 +10,14 @@ soc:
        target:
        links:
          - '/#/hunt?q="{value|escape}" | groupby event.module* event.dataset'
+      - name: actionAddToCase
+        description: actionAddToCaseHelp
+        icon: fa-briefcase
+        jsCall: openAddToCaseDialog
+        categories:
+          - hunt
+          - alerts
+          - dashboards
      - name: actionCorrelate
        description: actionCorrelateHelp
        icon: fab fa-searchengin
--- a/salt/strelka/tools/sbin_jinja/so-yara-download
+++ b/salt/strelka/tools/sbin_jinja/so-yara-download
@@ -8,7 +8,7 @@ NOROOT=1
 {%- if proxy %}
 export http_proxy={{ proxy }} 
 export https_proxy={{ proxy }} 
-export no_proxy= salt['pillar.get']('manager:no_proxy') 
+export no_proxy=salt['pillar.get']('manager:no_proxy') 
 {%- endif %}

 mkdir -p /tmp/yara
--- a/setup/so-verify
+++ b/setup/so-verify
@@ -51,6 +51,7 @@ log_has_errors() {
        grep -vE "/nsm/rules/sigma*" | \
        grep -vE "/nsm/rules/yara*" | \
        grep -vE "Failed to restart snapd" | \
+        grep -vE "Login Failed Details" | \
        grep -vE "Running scope as unit" &> "$error_log"
    
    if [[ $? -eq 0 ]]; then
--- a/BIN
+++ b/BIN