mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into dev
This commit is contained in:
m0duspwnens
@@ -1,16 +1,16 @@
|
|||||||
### 2.3.10 ISO image built on 2020/11/19
|
### 2.3.20 ISO image built on 2020/12/20
|
||||||
|
|
||||||
### Download and Verify
|
### Download and Verify
|
||||||
|
|
||||||
2.3.10 ISO image:
|
2.3.20 ISO image:
|
||||||
https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso
|
https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso
|
||||||
|
|
||||||
MD5: 55E10BAE3D90DF47CA4D5DCCDCB67A96
|
MD5: E348FA65A46FD3FBA0D574D9C1A0582D
|
||||||
SHA1: 01361123F35CEACE077803BC8074594D57EE653A
|
SHA1: 4A6E6D4E0B31ECA1B72E642E3DB2C186B59009D6
|
||||||
SHA256: 772EA4EFFFF12F026593F5D1CC93DB538CC17B9BA5F60308F1976B6ED7032A8D
|
SHA256: 25DE77097903640771533FA13094D0720A032B70223875F8C77A92F5C44CA687
|
||||||
|
|
||||||
Signature for ISO image:
|
Signature for ISO image:
|
||||||
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig
|
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig
|
||||||
|
|
||||||
Signing key:
|
Signing key:
|
||||||
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
|
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
|
||||||
@@ -24,22 +24,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
|
|||||||
|
|
||||||
Download the signature file for the ISO:
|
Download the signature file for the ISO:
|
||||||
```
|
```
|
||||||
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig
|
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig
|
||||||
```
|
```
|
||||||
|
|
||||||
Download the ISO image:
|
Download the ISO image:
|
||||||
```
|
```
|
||||||
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso
|
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso
|
||||||
```
|
```
|
||||||
|
|
||||||
Verify the downloaded ISO image using the signature file:
|
Verify the downloaded ISO image using the signature file:
|
||||||
```
|
```
|
||||||
gpg --verify securityonion-2.3.10.iso.sig securityonion-2.3.10.iso
|
gpg --verify securityonion-2.3.20.iso.sig securityonion-2.3.20.iso
|
||||||
```
|
```
|
||||||
|
|
||||||
The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
|
The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
|
||||||
```
|
```
|
||||||
gpg: Signature made Thu 19 Nov 2020 03:38:54 PM EST using RSA key ID FE507013
|
gpg: Signature made Sun 20 Dec 2020 11:11:28 AM EST using RSA key ID FE507013
|
||||||
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
|
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
|
||||||
gpg: WARNING: This key is not certified with a trusted signature!
|
gpg: WARNING: This key is not certified with a trusted signature!
|
||||||
gpg: There is no indication that the signature belongs to the owner.
|
gpg: There is no indication that the signature belongs to the owner.
|
||||||
|
|||||||
@@ -95,6 +95,7 @@ enable_docker_user_established:
|
|||||||
- match: conntrack
|
- match: conntrack
|
||||||
- ctstate: 'RELATED,ESTABLISHED'
|
- ctstate: 'RELATED,ESTABLISHED'
|
||||||
|
|
||||||
|
{% set count = namespace(value=0) %}
|
||||||
{% for chain, hg in assigned_hostgroups.chain.items() %}
|
{% for chain, hg in assigned_hostgroups.chain.items() %}
|
||||||
{% for hostgroup, portgroups in assigned_hostgroups.chain[chain].hostgroups.items() %}
|
{% for hostgroup, portgroups in assigned_hostgroups.chain[chain].hostgroups.items() %}
|
||||||
{% for action in ['insert', 'delete' ] %}
|
{% for action in ['insert', 'delete' ] %}
|
||||||
@@ -103,8 +104,9 @@ enable_docker_user_established:
|
|||||||
{% for portgroup in portgroups.portgroups %}
|
{% for portgroup in portgroups.portgroups %}
|
||||||
{% for proto, ports in portgroup.items() %}
|
{% for proto, ports in portgroup.items() %}
|
||||||
{% for port in ports %}
|
{% for port in ports %}
|
||||||
|
{% set count.value = count.value + 1 %}
|
||||||
|
|
||||||
{{action}}_{{chain}}_{{hostgroup}}_{{ip}}_{{port}}_{{proto}}:
|
{{action}}_{{chain}}_{{hostgroup}}_{{ip}}_{{port}}_{{proto}}_{{count.value}}:
|
||||||
iptables.{{action}}:
|
iptables.{{action}}:
|
||||||
- table: filter
|
- table: filter
|
||||||
- chain: {{ chain }}
|
- chain: {{ chain }}
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ throughput:
|
|||||||
delay: 0s
|
delay: 0s
|
||||||
files:
|
files:
|
||||||
patterns:
|
patterns:
|
||||||
- '/nsm/strelka/*'
|
- '/nsm/strelka/unprocessed/*'
|
||||||
delete: false
|
delete: false
|
||||||
gatekeeper: true
|
gatekeeper: true
|
||||||
response:
|
response:
|
||||||
|
|||||||
@@ -72,13 +72,20 @@ strelkalogdir:
|
|||||||
- group: 939
|
- group: 939
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
|
|
||||||
strelkastagedir:
|
strelkaprocessed:
|
||||||
file.directory:
|
file.directory:
|
||||||
- name: /nsm/strelka/processed
|
- name: /nsm/strelka/processed
|
||||||
- user: 939
|
- user: 939
|
||||||
- group: 939
|
- group: 939
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
|
|
||||||
|
strelkaunprocessed:
|
||||||
|
file.directory:
|
||||||
|
- name: /nsm/strelka/unprocessed
|
||||||
|
- user: 939
|
||||||
|
- group: 939
|
||||||
|
- makedirs: True
|
||||||
|
|
||||||
strelka_coordinator:
|
strelka_coordinator:
|
||||||
docker_container.running:
|
docker_container.running:
|
||||||
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
|
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
|
||||||
@@ -163,11 +170,18 @@ append_so-strelka-filestream_so-status.conf:
|
|||||||
file.append:
|
file.append:
|
||||||
- name: /opt/so/conf/so-status/so-status.conf
|
- name: /opt/so/conf/so-status/so-status.conf
|
||||||
- text: so-strelka-filestream
|
- text: so-strelka-filestream
|
||||||
|
|
||||||
|
strelka_zeek_extracted_sync_old:
|
||||||
|
cron.absent:
|
||||||
|
- user: root
|
||||||
|
- name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1'
|
||||||
|
- minute: '*'
|
||||||
|
|
||||||
strelka_zeek_extracted_sync:
|
strelka_zeek_extracted_sync:
|
||||||
cron.present:
|
cron.present:
|
||||||
- user: root
|
- user: root
|
||||||
- name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1'
|
- identifier: zeek-extracted-strelka-sync
|
||||||
|
- name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/unprocessed/ > /dev/null 2>&1'
|
||||||
- minute: '*'
|
- minute: '*'
|
||||||
|
|
||||||
{% else %}
|
{% else %}
|
||||||
@@ -176,4 +190,4 @@ strelka_state_not_allowed:
|
|||||||
test.fail_without_changes:
|
test.fail_without_changes:
|
||||||
- name: strelka_state_not_allowed
|
- name: strelka_state_not_allowed
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
BIN
sigs/securityonion-2.3.20.iso.sig
Normal file
BIN
sigs/securityonion-2.3.20.iso.sig
Normal file
Binary file not shown.
Reference in New Issue
Block a user