From 2a3951ab36f10f898a0004cc08cbe4af268a6b03 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 19 Nov 2020 15:08:08 -0500
Subject: [PATCH 1/5] change typo on minon to minion

---
 salt/salt/map.jinja             | 8 ++++----
 salt/soc/files/soc/changes.json | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja
index e4c395304..4796b16a2 100644
--- a/salt/salt/map.jinja
+++ b/salt/salt/map.jinja
@@ -12,13 +12,13 @@
 {% if grains.saltversion|string != SALTVERSION|string %}
   {% if grains.os|lower in ['centos', 'redhat'] %}
     {% if ISAIRGAP is sameas true %}
-      {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minon' %}
+      {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %}
     {% else %}
-      {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minon' %}
+      {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %}
     {% endif %}
   {% elif grains.os|lower == 'ubuntu' %}
-    {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && systemctl restart salt-minon' %}
+    {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && systemctl restart salt-minion' %}
   {% endif %}
 {% else %}
-  {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %}
+  {% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %}
 {% endif %}
\ No newline at end of file
diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json
index e18bf1dc9..90f71f940 100644
--- a/salt/soc/files/soc/changes.json
+++ b/salt/soc/files/soc/changes.json
@@ -37,6 +37,6 @@
 		{ "summary": "Winlogbeat download package is now available from the SOC Downloads interface." },
 		{ "summary": "Upgraded Kratos authentication system." },
 		{ "summary": "Added new Reset Defaults button to the SOC Profile Settings interface which allows users to reset all local browser SOC customizations back to their defaults. This includes things like default sort column, sort order, items per page, etc." },
-    { "summary": "Known Issues <ul><li>Following the Salt minion upgrade on remote nodes, the salt-minion service may not restart properly. If this occurs, you can ssh to the minion and run <code>sudo systemctl restart salt-minion</code>. If you do not want to connect to each node and manually restart the salt-minion, the new salt-minon watch process will restart it automatically after 1 hour.</li><li>During soup, you may see the following during the first highstate run, it can be ignored: <code>Rendering SLS '<some_sls_name_here>' failed: Jinja variable 'list object' has no attribute 'values'</code>. The second highstate will complete without that error.</li></ul>" }
+    { "summary": "Known Issues <ul><li>Following the Salt minion upgrade on remote nodes, the salt-minion service may not restart properly. If this occurs, you can ssh to the minion and run <code>sudo systemctl restart salt-minion</code>. If you do not want to connect to each node and manually restart the salt-minion, the new salt-minion watch process will restart it automatically after 1 hour.</li><li>During soup, you may see the following during the first highstate run, it can be ignored: <code>Rendering SLS '<some_sls_name_here>' failed: Jinja variable 'list object' has no attribute 'values'</code>. The second highstate will complete without that error.</li></ul>" }
   ]
 }

From cdc7a5cc7cf8b6b50a6a6c84fb5c356c254d76ed Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 19 Nov 2020 15:17:11 -0500
Subject: [PATCH 2/5] kill salt process with soup and dont restart salt-minion
 service when salt upgrade

---
 salt/common/tools/sbin/soup | 2 ++
 salt/salt/map.jinja         | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 85364594d..40e0232a5 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -448,6 +448,8 @@ fi
 echo ""
 echo "Stopping Salt Minion service."
 systemctl stop salt-minion
+echo "Killing any remaining Salt Minion processes."
+pkill -9 -ef /usr/bin/salt-minion
 echo ""
 echo "Stopping Salt Master service."
 systemctl stop salt-master
diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja
index 4796b16a2..e5fa79a8e 100644
--- a/salt/salt/map.jinja
+++ b/salt/salt/map.jinja
@@ -12,12 +12,12 @@
 {% if grains.saltversion|string != SALTVERSION|string %}
   {% if grains.os|lower in ['centos', 'redhat'] %}
     {% if ISAIRGAP is sameas true %}
-      {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %}
+      {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*"' %}
     {% else %}
-      {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %}
+      {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*"' %}
     {% endif %}
   {% elif grains.os|lower == 'ubuntu' %}
-    {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && systemctl restart salt-minion' %}
+    {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion' %}
   {% endif %}
 {% else %}
   {% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %}

From 316a1c02f16ae19c4690fececaeea115ee14eb35 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 19 Nov 2020 15:19:50 -0500
Subject: [PATCH 3/5] Update soup to display what its doing

---
 salt/common/tools/sbin/soup | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 40e0232a5..27439a137 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -515,7 +515,7 @@ fi
 
 echo ""
 echo "Running a highstate to complete the Security Onion upgrade on this manager. This could take several minutes."
-highstate
+salt-call state.highstate -l info queue=True
 echo ""
 echo "Upgrade from $INSTALLEDVERSION to $NEWVERSION complete."
 
@@ -529,7 +529,7 @@ echo ""
 echo "Starting Salt Master service."
 systemctl start salt-master
 echo "Running a highstate. This could take several minutes."
-highstate
+salt-call state.highstate -l info queue=True
 playbook
 unmount_update
 

From 40511119995abdfcaef6d41f2d327999407f3418 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 19 Nov 2020 16:00:40 -0500
Subject: [PATCH 4/5] Update hashes and keys

---
 VERIFY_ISO.md                     |   8 ++++----
 sigs/securityonion-2.3.10.iso.sig | Bin 543 -> 543 bytes
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md
index 3ee915325..ed450a342 100644
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -5,9 +5,9 @@
 2.3.10 ISO image:  
 https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso
 
-MD5: 2043701FC0FE785A877ECAE74CD73694  
-SHA1: 15AE0B332DAF91C7895FDBEB1FCF900D6ECA8299  
-SHA256: 4CD3FB9335F0AA00339D0F76D03867439BF963169C47C0CF43C82A18C6F32830 
+MD5: 55E10BAE3D90DF47CA4D5DCCDCB67A96  
+SHA1: 01361123F35CEACE077803BC8074594D57EE653A  
+SHA256: 772EA4EFFFF12F026593F5D1CC93DB538CC17B9BA5F60308F1976B6ED7032A8D 
 
 Signature for ISO image:  
 https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig
@@ -39,7 +39,7 @@ gpg --verify securityonion-2.3.10.iso.sig securityonion-2.3.10.iso
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Thu 19 Nov 2020 10:22:55 AM EST using RSA key ID FE507013
+gpg: Signature made Thu 19 Nov 2020 03:38:54 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
diff --git a/sigs/securityonion-2.3.10.iso.sig b/sigs/securityonion-2.3.10.iso.sig
index a9fe2820be84cdad985a04b1d5dbff4dd8d26d3d..f1c9093fd8ffd9b4df1fd0785dbb05d7a4dfdb39 100644
GIT binary patch
literal 543
zcmV+)0^t3L0vrSY0RjL91p;5T*WLgM2@re`V7LBIa1(DU5C45cDj6IjNf3oO?VU4*
zvBkapzwAI+CK$trRDK_DGhQ^C!E5RmoK1;b>H1CI;$hN$@ryY1B8Byp{z8oJrkSeB
zn7*Ni{h1OWCN`oC;5U0oOw(xT{)e}u=uuR9!(0Gqrm8euj@qW^2vbC0yx3vxk&Tfi
zTb;x-A7oQezGoB-WAXzh_7~miu;;rW>!?7UYp~U%mX+DX1bk*-+vKcket;7vZ}dL6
zmCBLT@cv==LPejD%x;IMDQpmn4xyN%u|OR~>YK3OCDYj&*G-7i-HMc!(&!?E8?VPX
z*6<}V8J$JVSmkDBlJjsqfjBV6WkA<9TOJoDj^{4LflbLNuAl}rT6@V1-=$?k4%{M`
zN%`b3*#L9sbmC6f5`^KjN?Ez>Ib#;X$r-(|btiJ(Io=YC^#<fiAxtQ52R_Ce8fdgp
z$g9p++o#YdSDO^Je1KQX#_jS(N61Dfy@Xry`N@<S5u&n=$ye9A<<&c3Tc$-3qWro|
z1Qz&F>2ja)k)`mi^4=fXCA19oGkeBmkqabDfmiSQoFOYSYoy|cR%wZO5%DTx^Uf;J
zWABj6nFu2%5YGJ91@{_zx_a@r*t4lWoWHRbOJ6Lm!yORuDCh5nXX<HK_ftuA4}VU1
hT1^*juL*7-F}-a!J}@71v~2ZOH9lS;nrRibA$H283j_cF

literal 543
zcmV+)0^t3L0vrSY0RjL91p;5Tjn4oI2@re`V7LBIa1#N)5C3&)pXOng&h2iNG)FyR
zGGm>N+S|DSNK|4xB0GBVBQFbNA<Pf7ZP&wyNN5A<=$oWqRQ}Ghw5fCP>_BkSKzti4
z)|YFknl76+810>GN|s(~?PLhy=2gn5dBm5YUeo-%7j9xtKh4zjJ(=Mo<_aOVSB0~q
zK`@e}eo;`*R_xX{Qn5ZV&dXLDW`kwI()t~5mrSiiE`vxP?pYwe1PNP&uzMFpE8_Pf
zdwP0gdGKQydil?iLmaceM010NhRH64j-B=?X=i6Vb+$A41DSXXAu<*I26#o6?cKol
zeTIvA-~Z&DbNMjbjYUUc%r5gr%lI@~N7fH|wqJ*&@`a0`FQ$#op8SG%v{lQNVj?4q
zfVw$AJ0ZMl@<x>Abra=22Jix73ojKy!Hm!EYq8$9_xH+qYwj;vPn8p>WFGLQs>s|O
z#%!Bf=8_G2C1CO-8%PEVClz(t_1pvZ(Ux&I5@e-o7%R7u{CJ@PiqLd|45gqU4Cz>K
z#2lVj8AS4zsrR9sLik^h<!6Y1Jv37sFS%Ef10g*>zKaA}ES#95VyKHPwHBnxzt!9P
z-oSNEWW|l9AgBucj_F#ii2zA!m;zU-9C)5y06QvU51mIrK5~Aw{Q#2t=-J}P7=AJ?
hsQ@JLj60|jveIIQoUAIM8m<nn(A76}59NIxk_!`b1SS9g


From 9fb8a6d48298c607c23dcef9740bb30fad555134 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Thu, 19 Nov 2020 16:53:34 -0500
Subject: [PATCH 5/5] Increment version to 2.3.20

---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index 506c62f67..69484413e 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.3.10
\ No newline at end of file
+2.3.20
\ No newline at end of file