CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into issue/6469

Browse Source
This commit is contained in:
m0duspwnens
2021-12-07 10:57:12 -05:00
parent ba30c59ec7 892899b7f9
commit 7549e34881
8 changed files with 50 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
HOTFIX
View File

@@ -1 +0,0 @@

4
README.md
View File

@@ -1,6 +1,6 @@
## Security Onion 2.3.90-WAZUH ## Security Onion 2.3.90-20211206
Security Onion 2.3.90-AIRGAPFIX is here! Security Onion 2.3.90-20211206 is here!
## Screenshots ## Screenshots

22
VERIFY_ISO.md
View File

@@ -1,18 +1,18 @@
### 2.3.90-AIRGAPFIX ISO image built on 2021/12/01 ### 2.3.90-20211206 ISO image built on 2021/12/06
### Download and Verify ### Download and Verify
2.3.90-AIRGAPFIX ISO image: 2.3.90-20211206 ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.90-AIRGAPFIX.iso https://download.securityonion.net/file/securityonion/securityonion-2.3.90-20211206.iso
MD5: A87EEF66FEB2ED6E20ABD4ADDA4899C6 MD5: 8A5FDF731D548E27D123E5B711890AEC
SHA1: D1AD74D1481E9FF6F1A79D27DC569DA6749EC54B SHA1: B4AF33FE1D64592D46C780AF0C5E7FBD21A22BDE
SHA256: E4FC40340357B098E881F13BC4960AA8CB5F5AC73C05E077C993078ED7F46D59 SHA256: 091DA2D06C82447639D324EE32DBC385AE407078B3A55F4E0704B22DB6B29A7E
Signature for ISO image: Signature for ISO image:
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-AIRGAPFIX.iso.sig https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-20211206.iso.sig
Signing key: Signing key:
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
Download the signature file for the ISO: Download the signature file for the ISO:
``` ```
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-AIRGAPFIX.iso.sig wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-20211206.iso.sig
``` ```
Download the ISO image: Download the ISO image:
``` ```
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90-AIRGAPFIX.iso wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90-20211206.iso
``` ```
Verify the downloaded ISO image using the signature file: Verify the downloaded ISO image using the signature file:
``` ```
gpg --verify securityonion-2.3.90-AIRGAPFIX.iso.sig securityonion-2.3.90-AIRGAPFIX.iso gpg --verify securityonion-2.3.90-20211206.iso.sig securityonion-2.3.90-20211206.iso
``` ```
The output should show "Good signature" and the Primary key fingerprint should match what's shown below: The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
``` ```
gpg: Signature made Wed 01 Dec 2021 11:07:16 AM EST using RSA key ID FE507013 gpg: Signature made Mon 06 Dec 2021 10:14:29 AM EST using RSA key ID FE507013
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>" gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.

32
salt/common/tools/sbin/soup
View File

@@ -16,6 +16,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
. /usr/sbin/so-common . /usr/sbin/so-common
export LC_CTYPE="en_US.UTF-8"
UPDATE_DIR=/tmp/sogh/securityonion UPDATE_DIR=/tmp/sogh/securityonion
DEFAULT_SALT_DIR=/opt/so/saltstack/default DEFAULT_SALT_DIR=/opt/so/saltstack/default
@@ -599,18 +600,33 @@ up_to_2.3.80() {
up_to_2.3.90() { up_to_2.3.90() {
for i in manager managersearch eval standalone; do for i in manager managersearch eval standalone; do
echo "Checking for compgen match of /opt/so/saltstack/local/pillar/minions/*_$i.sls"
if compgen -G "/opt/so/saltstack/local/pillar/minions/*_$i.sls"; then if compgen -G "/opt/so/saltstack/local/pillar/minions/*_$i.sls"; then
echo "soc:" >> /opt/so/saltstack/local/pillar/minions/*_$i.sls echo "Found compgen match for /opt/so/saltstack/local/pillar/minions/*_$i.sls"
sed -i "/^soc:/a \\ es_index_patterns: '*:so-*,*:endgame-*'" /opt/so/saltstack/local/pillar/minions/*_$i.sls for f in $(compgen -G "/opt/so/saltstack/local/pillar/minions/*_$i.sls"); do
if grep -qozP "^soc:\n.*es_index_patterns: '\*:so-\*,\*:endgame-\*'" "$f"; then
echo "soc:es_index_patterns already present in $f"
else
echo "Appending soc pillar data to $f"
echo "soc:" >> "$f"
sed -i "/^soc:/a \\ es_index_patterns: '*:so-*,*:endgame-*'" "$f"
fi
done
fi fi
done done
# Create Endgame Hostgroup # Create Endgame Hostgroup
so-firewall addhostgroup endgame echo "Adding endgame hostgroup with so-firewall"
if so-firewall addhostgroup endgame 2>&1 | grep -q 'Already exists'; then
echo 'endgame hostgroup already exists'
else
echo 'endgame hostgroup added'
fi
# Force influx to generate a new cert # Force influx to generate a new cert
mv /etc/pki/influxdb.crt /etc/pki/influxdb.crt.2390upgrade echo "Moving influxdb.crt and influxdb.key to generate new certs"
mv /etc/pki/influxdb.key /etc/pki/influxdb.key.2390upgrade mv -vf /etc/pki/influxdb.crt /etc/pki/influxdb.crt.2390upgrade
mv -vf /etc/pki/influxdb.key /etc/pki/influxdb.key.2390upgrade
# remove old common ingest pipeline in default # remove old common ingest pipeline in default
rm -vf /opt/so/saltstack/default/salt/elasticsearch/files/ingest/common rm -vf /opt/so/saltstack/default/salt/elasticsearch/files/ingest/common
@@ -838,7 +854,7 @@ verify_latest_update_script() {
} }
apply_hotfix() { apply_hotfix() {
if [[ "$INSTALLEDVERSION" == "2.3.90" && "$HOTFIXVERSION" == "WAZUH" ]] ; then if [[ "$INSTALLEDVERSION" == "2.3.90" ]] ; then
FILE="/nsm/wazuh/etc/ossec.conf" FILE="/nsm/wazuh/etc/ossec.conf"
echo "Detecting if ossec.conf needs corrected..." echo "Detecting if ossec.conf needs corrected..."
if head -1 $FILE | grep -q "xml version"; then if head -1 $FILE | grep -q "xml version"; then
@@ -849,7 +865,7 @@ apply_hotfix() {
echo "$FILE does not have an XML header, so no changes are necessary." echo "$FILE does not have an XML header, so no changes are necessary."
fi fi
else else
echo "Skipping ossec.conf check ($INSTALLEDVERSION/$HOTFIXVERSION)" echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
fi fi
} }
@@ -857,6 +873,7 @@ apply_hotfix() {
main() { main() {
trap 'check_err $?' EXIT trap 'check_err $?' EXIT
echo "### Preparing soup at $(date) ###"
check_pillar_items check_pillar_items
echo "Checking to see if this is an airgap install." echo "Checking to see if this is an airgap install."
@@ -1168,5 +1185,4 @@ EOF
read -r input read -r input
fi fi
echo "### Preparing soup at $(date) ###"
main "$@" | tee -a $SOUP_LOG main "$@" | tee -a $SOUP_LOG

2
salt/elasticsearch/init.sls
View File

@@ -327,7 +327,7 @@ so-elasticsearch-pipelines-file:
so-elasticsearch-pipelines: so-elasticsearch-pipelines:
cmd.run: cmd.run:
- name: /opt/so/conf/elasticsearch/so-elasticsearch-pipelines {{ esclustername }} - name: /opt/so/conf/elasticsearch/so-elasticsearch-pipelines {{ grains.host }}
- onchanges: - onchanges:
- file: esingestconf - file: esingestconf
- file: esingestdynamicconf - file: esingestdynamicconf

11
salt/kibana/files/saved_objects.ndjson
View File

File diff suppressed because one or more lines are too long

4
setup/so-functions
View File

@@ -2016,10 +2016,10 @@ reinstall_init() {
{ {
if command -v salt-call &> /dev/null && grep -q "master:" /etc/salt/minion 2> /dev/null; then if command -v salt-call &> /dev/null && grep -q "master:" /etc/salt/minion 2> /dev/null; then
# Disable schedule so highstate doesn't start running during the install # Disable schedule so highstate doesn't start running during the install
salt-call -l info schedule.disable salt-call -l info schedule.disable --local
# Kill any currently running salt jobs, also to prevent issues with highstate. # Kill any currently running salt jobs, also to prevent issues with highstate.
salt-call -l info saltutil.kill_all_jobs salt-call -l info saltutil.kill_all_jobs --local
fi fi
# Kill any salt processes (safely) # Kill any salt processes (safely)

BIN
sigs/securityonion-2.3.90-20211206.iso.sig Normal file
View File

Binary file not shown.