CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-05 04:15:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9384 from Security-Onion-Solutions/2.4/streamline-setup

Browse Source 
miscellaneous improvements for 2.4
This commit is contained in:
Doug Burks
2022-12-13 13:43:31 -05:00
committed by GitHub
parent 09b012ad4e 07df9ad0e0
commit 61c976f8a6
8 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/common/tools/sbin/so-analyst-install
View File

@@ -6,7 +6,7 @@
# Elastic License 2.0.
doc_workstation_url="https://docs.securityonion.net/en/2.3/analyst-vm.html"
doc_workstation_url="https://docs.securityonion.net/en/2.4/analyst-vm.html"
{# we only want the script to install the workstation if it is CentOS -#}
{% if grains.os == 'CentOS' -%}
{# if this is a manager -#}

4
salt/common/tools/sbin/so-common
View File

@@ -155,11 +155,11 @@ elastic_license() {
read -r -d '' message <<- EOM
\n
Elastic Stack binaries and Security Onion components are only available under the Elastic License version 2 (ELv2):
https://www.elastic.co/licensing/elastic-license
https://securityonion.net/license/
Do you agree to the terms of ELv2?
If so, type AGREE to accept ELv2 and continue. Otherwise, press Enter to exit this program without making any changes.
If so, type AGREE to accept ELv2 and continue. Otherwise, press Enter to exit this program without making any changes.
EOM
AGREED=$(whiptail --title "$whiptail_title" --inputbox \

2
salt/common/tools/sbin/so-import-evtx
View File

@@ -158,7 +158,7 @@ cat << EOF
Import complete!
You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
https://{{ URLBASE }}/#/dashboards?q=import.id:${RUNID}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
https://{{ URLBASE }}/#/dashboards?q=import.id:${RUNID}%20%7C%20groupby%20-sankey%20event.dataset%20event.category%2a%20%7C%20groupby%20-pie%20event.category%20%7C%20groupby%20-bar%20event.module%20%7C%20groupby%20event.dataset%20%7C%20groupby%20event.module%20%7C%20groupby%20event.category%20%7C%20groupby%20observer.name%20%7C%20groupby%20source.ip%20%7C%20groupby%20destination.ip%20%7C%20groupby%20destination.port&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
or you can manually set your Time Range to be (in UTC):
From: $START_OLDEST_FORMATTED To: $END_NEWEST

2
salt/common/tools/sbin/so-import-pcap
View File

@@ -206,7 +206,7 @@ cat << EOF
Import complete!
You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
https://{{ URLBASE }}/#/dashboards?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
https://{{ URLBASE }}/#/dashboards?q=import.id:${HASH}%20%7C%20groupby%20-sankey%20event.dataset%20event.category%2a%20%7C%20groupby%20-pie%20event.category%20%7C%20groupby%20-bar%20event.module%20%7C%20groupby%20event.dataset%20%7C%20groupby%20event.module%20%7C%20groupby%20event.category%20%7C%20groupby%20observer.name%20%7C%20groupby%20source.ip%20%7C%20groupby%20destination.ip%20%7C%20groupby%20destination.port&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
or you can manually set your Time Range to be (in UTC):
From: $START_OLDEST To: $END_NEWEST

12
salt/common/tools/sbin/soup
View File

@@ -47,7 +47,7 @@ check_err() {
;;
28)
echo 'No space left on device'
echo 'Likely ran out of space on disk, please review hardware requirements for Security Onion: https://docs.securityonion.net/en/2.3/hardware.html'
echo 'Likely ran out of space on disk, please review hardware requirements for Security Onion: https://docs.securityonion.net/en/2.4/hardware.html'
;;
30)
echo 'Read-only file system'
@@ -357,7 +357,7 @@ clone_to_tmp() {
git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git
cd /tmp
if [ ! -f $UPDATE_DIR/VERSION ]; then
echo "Update was unable to pull from github. Please check your internet."
echo "Update was unable to pull from Github. Please check your Internet access."
exit 0
fi
}
@@ -458,7 +458,7 @@ es_indices_check() {
if [ -z "$UNSUPPORTED_INDICES" ]; then
echo "No unsupported indices found."
else
echo "The following indices were created with Elasticsearch 6, and are not supported when upgrading to Elasticsearch 8. These indices may need to be deleted, migrated, or re-indexed before proceeding with the upgrade. Please see https://docs.securityonion.net/en/2.3/soup.html#elastic-8 for more details."
echo "The following indices were created with Elasticsearch 6, and are not supported when upgrading to Elasticsearch 8. These indices may need to be deleted, migrated, or re-indexed before proceeding with the upgrade. Please see https://docs.securityonion.net/en/2.4/soup.html#elastic-8 for more details."
echo
echo "$UNSUPPORTED_INDICES"
exit 1
@@ -1411,7 +1411,7 @@ Each minion is on a random 15 minute check-in period and things like network ban
If it looks like youre missing data after the upgrade, please avoid restarting services and instead make sure at least one search node has completed its upgrade. The best way to do this is to run 'sudo salt-call state.highstate' from a search node and make sure there are no errors. Typically if it works on one node it will work on the rest. Forward nodes are less complex and will update as they check in so you can monitor those from the Grid section of SOC.
For more information, please see https://docs.securityonion.net/en/2.3/soup.html#distributed-deployments.
For more information, please see https://docs.securityonion.net/en/2.4/soup.html#distributed-deployments.
EOF
@@ -1425,7 +1425,7 @@ EOF
A custom Elasticsearch configuration has been found at /opt/so/saltstack/local/elasticsearch/files/elasticsearch.yml. This file is no longer referenced in Security Onion versions >= 2.3.80.
If you still need those customizations, you'll need to manually migrate them to the new Elasticsearch config as shown at https://docs.securityonion.net/en/2.3/elasticsearch.html.
If you still need those customizations, you'll need to manually migrate them to the new Elasticsearch config as shown at https://docs.securityonion.net/en/2.4/elasticsearch.html.
EOF
@@ -1472,7 +1472,7 @@ if [[ -z $UNATTENDED ]]; then
SOUP - Security Onion UPdater
Please review the following for more information about the update process and recent updates:
https://docs.securityonion.net/soup
https://docs.securityonion.net/en/2.4/soup.html
https://blog.securityonion.net
EOF