Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into dev

2025-12-06 09:12:45 +01:00 · 2020-12-21 10:21:24 -05:00
parent 7653ad56a9 def8dc0e1e
commit 5d0cef5e3d
5 changed files with 33 additions and 17 deletions
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,16 +1,16 @@
-### 2.3.10 ISO image built on 2020/11/19
+### 2.3.20 ISO image built on 2020/12/20

 ### Download and Verify

-2.3.10 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso
+2.3.20 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso

-MD5: 55E10BAE3D90DF47CA4D5DCCDCB67A96  
-SHA1: 01361123F35CEACE077803BC8074594D57EE653A  
-SHA256: 772EA4EFFFF12F026593F5D1CC93DB538CC17B9BA5F60308F1976B6ED7032A8D 
+MD5: E348FA65A46FD3FBA0D574D9C1A0582D  
+SHA1: 4A6E6D4E0B31ECA1B72E642E3DB2C186B59009D6  
+SHA256: 25DE77097903640771533FA13094D0720A032B70223875F8C77A92F5C44CA687 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -24,22 +24,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.10.iso.sig securityonion-2.3.10.iso
+gpg --verify securityonion-2.3.20.iso.sig securityonion-2.3.20.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Thu 19 Nov 2020 03:38:54 PM EST using RSA key ID FE507013
+gpg: Signature made Sun 20 Dec 2020 11:11:28 AM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -95,6 +95,7 @@ enable_docker_user_established:
    - match: conntrack
    - ctstate: 'RELATED,ESTABLISHED'

+{% set count = namespace(value=0) %}
 {% for chain, hg in assigned_hostgroups.chain.items() %}
  {% for hostgroup, portgroups in assigned_hostgroups.chain[chain].hostgroups.items() %}
    {% for action in ['insert', 'delete' ] %}
@@ -103,8 +104,9 @@ enable_docker_user_established:
          {% for portgroup in portgroups.portgroups %}
            {% for proto, ports in portgroup.items() %}
              {% for port in ports %}
+                {% set count.value = count.value + 1 %}

-{{action}}_{{chain}}_{{hostgroup}}_{{ip}}_{{port}}_{{proto}}:
+{{action}}_{{chain}}_{{hostgroup}}_{{ip}}_{{port}}_{{proto}}_{{count.value}}:
  iptables.{{action}}:
    - table: filter
    - chain: {{ chain }}
--- a/salt/strelka/files/filestream/filestream.yaml
+++ b/salt/strelka/files/filestream/filestream.yaml
@@ -16,7 +16,7 @@ throughput:
  delay: 0s
 files:
  patterns:
-    - '/nsm/strelka/*'
+    - '/nsm/strelka/unprocessed/*'
  delete: false
  gatekeeper: true
 response:
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -72,13 +72,20 @@ strelkalogdir:
    - group: 939
    - makedirs: True

-strelkastagedir:
+strelkaprocessed:
   file.directory:
    - name: /nsm/strelka/processed
    - user: 939
    - group: 939
    - makedirs: True

+strelkaunprocessed:
+   file.directory:
+    - name: /nsm/strelka/unprocessed
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 strelka_coordinator:
  docker_container.running:
    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
@@ -163,11 +170,18 @@ append_so-strelka-filestream_so-status.conf:
  file.append:
    - name: /opt/so/conf/so-status/so-status.conf
    - text: so-strelka-filestream
-    
+
+strelka_zeek_extracted_sync_old:
+  cron.absent:
+    - user: root
+    - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1'
+    - minute: '*'
+
 strelka_zeek_extracted_sync:
  cron.present:
    - user: root
-    - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1'
+    - identifier: zeek-extracted-strelka-sync
+    - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/unprocessed/ > /dev/null 2>&1'
    - minute: '*'

 {% else %}
@@ -176,4 +190,4 @@ strelka_state_not_allowed:
  test.fail_without_changes:
    - name: strelka_state_not_allowed

-{% endif %}
+{% endif %}
--- a/sigs/securityonion-2.3.20.iso.sig
+++ b/sigs/securityonion-2.3.20.iso.sig