From 801d42ed20698c7fcce30a030028a8f72f062797 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 23 Nov 2021 14:51:06 -0500 Subject: [PATCH 1/9] Correct if check to inline the command instead of checking for emptiness of a variable --- salt/common/tools/sbin/soup | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 2aefc67bb..fc6694ec2 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -841,8 +841,7 @@ apply_hotfix() { if [[ "$INSTALLEDVERSION" == "2.3.90" && "$HOTFIXVERSION" == "WAZUH" ]] ; then FILE="/nsm/wazuh/etc/ossec.conf" echo "Detecting if ossec.conf needs corrected..." - WAZUHHEADER=$(head -1 $FILE | grep "xml version") - if [[ ! -z "$WAZUHHEADER" ]]; then + if head -1 $FILE | grep "xml version"; then echo "$FILE has an XML header; removing" sed -i 1d $FILE so-wazuh-restart From 4f283c2d8660b4649f29b6861872dcbd797a7f8a Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 23 Nov 2021 14:52:40 -0500 Subject: [PATCH 2/9] Suppres grep output --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index fc6694ec2..2244f2735 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -841,7 +841,7 @@ apply_hotfix() { if [[ "$INSTALLEDVERSION" == "2.3.90" && "$HOTFIXVERSION" == "WAZUH" ]] ; then FILE="/nsm/wazuh/etc/ossec.conf" echo "Detecting if ossec.conf needs corrected..." - if head -1 $FILE | grep "xml version"; then + if head -1 $FILE | grep -q "xml version"; then echo "$FILE has an XML header; removing" sed -i 1d $FILE so-wazuh-restart From c536e1138303ce08bfd7ff8345894d9568aa731a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 23 Nov 2021 15:32:41 -0500 Subject: [PATCH 3/9] 2.3.90 hotfix soup --- README.md | 4 ++-- VERIFY_ISO.md | 20 ++++++++++---------- sigs/securityonion-2.3.90-WAZUH.iso.sig | Bin 0 -> 543 bytes 3 files changed, 12 insertions(+), 12 deletions(-) create mode 100644 sigs/securityonion-2.3.90-WAZUH.iso.sig diff --git a/README.md b/README.md index 4956a2e4e..b07bae8ca 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.90 +## Security Onion 2.3.90-WAZUH -Security Onion 2.3.90 is here! +Security Onion 2.3.90-WAZUH is here! ## Screenshots diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 36d8b1e04..0a9044aa3 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.90 ISO image built on 2021/11/19 +### 2.3.90-WAZUH ISO image built on 2021/11/23 ### Download and Verify -2.3.90 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.90.iso +2.3.90-WAZUH ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.90-WAZUH.iso -MD5: F214ECE9F32A6F881D9A735DEAF90E46 -SHA1: 0B04FAA0FEC704CF6AD2030AA7A4AE80D9379AFA -SHA256: BE0E1516D83D7782AEAE9D52449FED45A45D72981515672C761C2A17B7AA613C +MD5: B7141C8627CDB45F4A8741B2ADE4A9F3 +SHA1: 16087B385CA651659EC98F139AFDF90922430FB6 +SHA256: 667AF11BBCFE3248AF59E45043703B55A543E059899AE387FF55EB8077304F04 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-WAZUH.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,17 +26,17 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-WAZUH.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90-WAZUH.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.90.iso.sig securityonion-2.3.90.iso +gpg --verify securityonion-2.3.90-WAZUH.iso.sig securityonion-2.3.90-WAZUH.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: diff --git a/sigs/securityonion-2.3.90-WAZUH.iso.sig b/sigs/securityonion-2.3.90-WAZUH.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..aa9539e05974f00e5d92d210c37375268af6c0c9 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;B6OuPUJ2@re`V7LBIa1$I;5C2J0Ady$S0^;=%|8pG_ z6cQJYi_qok{!Dnx#-XL+O7`M$4X7TAfU}qm<5a|>5_q?>t13xY67X5}$Qm`=aFlG5 z{p-of_6h^&R?wUUhumA6yHKC{(~UgL`GfD%gd?_CRjY|;Qce{pe`T8;-wWIFzfL(! z($(FiKo#-_v3~FQ-K(gPy2_dTw7RYd#4FN$67o|l+TLU1( zLr|={SH;hfG(*QzzK9_M6^4La7f^<){toA-Gq`U1C#dA>BF304mC$lN-%(ev=Hj52q?bNBE{ h&RiSb@$GyC=b8=J!EBg=+7kO|Cg|L2suPVCU&7(^3FQC) literal 0 HcmV?d00001 From 1f9dc0db1f586717f1e06609a0bf1e5ca14f6cf7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 23 Nov 2021 15:40:04 -0500 Subject: [PATCH 4/9] 2.3.90 hotfix soup --- VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 0a9044aa3..502a44a9b 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -41,7 +41,7 @@ gpg --verify securityonion-2.3.90-WAZUH.iso.sig securityonion-2.3.90-WAZUH.iso The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Fri 19 Nov 2021 05:15:29 PM EST using RSA key ID FE507013 +gpg: Signature made Tue 23 Nov 2021 03:19:08 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. From 739efc22d2f37c8c59e37a9772c41b9d1a7fad11 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 30 Nov 2021 15:21:44 -0500 Subject: [PATCH 5/9] Fix airgap check logic --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 1893d252b..159367793 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -318,7 +318,7 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_minion && $is_iso ]]; then $sshcmd -i /root/.ssh/so.key soremote@"$MSRV" [[ -f /etc/yum.repos.d/airgap_repo.repo ]] >> $setup_log 2>&1 airgap_check=$? - [[ $airgap_check ]] && is_airgap=true >> $setup_log 2>&1 + [[ $airgap_check == 0 ]] && is_airgap=true >> $setup_log 2>&1 fi reset_proxy From 8d87fae6a87ada9e3c1b5edc7d0bcf7944efebec Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 30 Nov 2021 15:39:28 -0500 Subject: [PATCH 6/9] Remove airgap repo file if it shouldn't exist --- salt/repo/client/init.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index f6fbdb6f3..a32287332 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -65,6 +65,10 @@ yumconf: - mode: 644 - template: jinja - show_changes: False + +cleanairgap: + file.absent: + - name: /etc/yum.repos.d/airgap_repo.repo {% endif %} cleanyum: From 168f860c871aea656cd4d0660559a3a90f77c9c1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 30 Nov 2021 15:49:41 -0500 Subject: [PATCH 7/9] Add hotfix string to HOTFIX --- HOTFIX | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HOTFIX b/HOTFIX index 0f3ca3c28..8f9b6cfec 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ -WAZUH +WAZUH AIRGAPFIX From 63cb4866987d3340898176f100a5ad8ce75a231b Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Wed, 1 Dec 2021 10:16:04 -0500 Subject: [PATCH 8/9] remove redirect to /dev/null for compgen --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 2244f2735..a4285347b 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -599,7 +599,7 @@ up_to_2.3.80() { up_to_2.3.90() { for i in manager managersearch eval standalone; do - if compgen -G "/opt/so/saltstack/local/pillar/minions/*_$i.sls" > /dev/null; then + if compgen -G "/opt/so/saltstack/local/pillar/minions/*_$i.sls"; then echo "soc:" >> /opt/so/saltstack/local/pillar/minions/*_$i.sls sed -i "/^soc:/a \\ es_index_patterns: '*:so-*,*:endgame-*'" /opt/so/saltstack/local/pillar/minions/*_$i.sls fi From 80c569317f64022b19878771df5c7857b1976972 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 1 Dec 2021 13:16:13 -0500 Subject: [PATCH 9/9] 2.3.90 hotfix airgap --- README.md | 2 +- VERIFY_ISO.md | 22 ++++++++++---------- sigs/securityonion-2.3.90-AIRGAPFIX.iso.sig | Bin 0 -> 543 bytes 3 files changed, 12 insertions(+), 12 deletions(-) create mode 100644 sigs/securityonion-2.3.90-AIRGAPFIX.iso.sig diff --git a/README.md b/README.md index b07bae8ca..0732601d7 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ## Security Onion 2.3.90-WAZUH -Security Onion 2.3.90-WAZUH is here! +Security Onion 2.3.90-AIRGAPFIX is here! ## Screenshots diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 502a44a9b..218a703d6 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.90-WAZUH ISO image built on 2021/11/23 +### 2.3.90-AIRGAPFIX ISO image built on 2021/12/01 ### Download and Verify -2.3.90-WAZUH ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.90-WAZUH.iso +2.3.90-AIRGAPFIX ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.90-AIRGAPFIX.iso -MD5: B7141C8627CDB45F4A8741B2ADE4A9F3 -SHA1: 16087B385CA651659EC98F139AFDF90922430FB6 -SHA256: 667AF11BBCFE3248AF59E45043703B55A543E059899AE387FF55EB8077304F04 +MD5: A87EEF66FEB2ED6E20ABD4ADDA4899C6 +SHA1: D1AD74D1481E9FF6F1A79D27DC569DA6749EC54B +SHA256: E4FC40340357B098E881F13BC4960AA8CB5F5AC73C05E077C993078ED7F46D59 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-WAZUH.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-AIRGAPFIX.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-WAZUH.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-AIRGAPFIX.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90-WAZUH.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90-AIRGAPFIX.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.90-WAZUH.iso.sig securityonion-2.3.90-WAZUH.iso +gpg --verify securityonion-2.3.90-AIRGAPFIX.iso.sig securityonion-2.3.90-AIRGAPFIX.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Tue 23 Nov 2021 03:19:08 PM EST using RSA key ID FE507013 +gpg: Signature made Wed 01 Dec 2021 11:07:16 AM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.90-AIRGAPFIX.iso.sig b/sigs/securityonion-2.3.90-AIRGAPFIX.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..05b411eac98ef770231fbc6fc61c45363d217b9f GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;BGowNW72@re`V7LBIa1$5@5C26HXknWz2%^7b66Fy? z)De4*9itt3EDo->l4*ZMmB)sVSmFsUJc7<7{0Uv~SkgV@h=HFq5?77L46@bd+dKQ= z{raokbs{~6B)~&dyjOZ;#e)}@s@Ov4u2FLH10aB8B)$G&{yHY}M@*Smb`)DhB{PSz zkTf$)I*JC}0t5O4iHo}n#0Zi_?c)BMieBV1lIge}M{Iy~2}l98eztXRAM?|(jfR;7 zh1fWr-VN%n^HOU4L}4>g-=vpTBb6g_sHvHxV_3)x`lD#BzfmoG9!G{iyXjqUs^1Ga zfMHcN%_#7Yj3VFrG8?c32ekMS7!SaV0+@xa_J?Mpf3o33OckM@#oPk7pl!IxC74(- zp~8fb=-X>?5t8^sEF4LL+yDeHK?Yo2@4&c{2mtCz5MPz0rHF%>@pR;aU3uz_od z%28rAiJ$kX2d=BF#nnGMf zC?7=`36wR#?z8Jq4~mrAM3Frxx9*&(uAKJ&&2%&Jo{ccjq#}I#lPz`{RL|HRmh)vs zZz8*F$NI_-<(AFl{0>#9`Da%t?fB(^pb7TU3{`V{=%n-MdO*%o(K(#~z`0l~dbW3% h6c$QR(_M1|qSyccW==aREv++hDYm~70f7Va#7?UH{;B`~ literal 0 HcmV?d00001