mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-07 17:52:46 +01:00
Merge remote-tracking branch 'origin/2.4/dev' into foxtrot
This commit is contained in:
reyesj2
@@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
"description" : "suricata.alert",
|
"description" : "suricata.alert",
|
||||||
"processors" : [
|
"processors" : [
|
||||||
{ "set": { "field": "_index", "value": "logs-suricata.alerts-so" } },
|
{ "set": { "if": "ctx.event?.imported != true", "field": "_index", "value": "logs-suricata.alerts-so" } },
|
||||||
{ "set": { "field": "tags","value": "alert" }},
|
{ "set": { "field": "tags","value": "alert" }},
|
||||||
{ "rename":{ "field": "message2.alert", "target_field": "rule", "ignore_failure": true } },
|
{ "rename":{ "field": "message2.alert", "target_field": "rule", "ignore_failure": true } },
|
||||||
{ "rename":{ "field": "rule.signature", "target_field": "rule.name", "ignore_failure": true } },
|
{ "rename":{ "field": "rule.signature", "target_field": "rule.name", "ignore_failure": true } },
|
||||||
|
|||||||
@@ -427,7 +427,8 @@ postupgrade_changes() {
|
|||||||
[[ "$POSTVERSION" == 2.4.80 ]] && post_to_2.4.90
|
[[ "$POSTVERSION" == 2.4.80 ]] && post_to_2.4.90
|
||||||
[[ "$POSTVERSION" == 2.4.90 ]] && post_to_2.4.100
|
[[ "$POSTVERSION" == 2.4.90 ]] && post_to_2.4.100
|
||||||
[[ "$POSTVERSION" == 2.4.100 ]] && post_to_2.4.110
|
[[ "$POSTVERSION" == 2.4.100 ]] && post_to_2.4.110
|
||||||
[[ "$POSTVERSION" == 2.4.110 ]] && post_to_2.4.120
|
[[ "$POSTVERSION" == 2.4.110 ]] && post_to_2.4.111
|
||||||
|
[[ "$POSTVERSION" == 2.4.111 ]] && post_to_2.4.120
|
||||||
true
|
true
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -528,6 +529,9 @@ post_to_2.4.111() {
|
|||||||
post_to_2.4.120() {
|
post_to_2.4.120() {
|
||||||
update_elasticsearch_index_settings
|
update_elasticsearch_index_settings
|
||||||
|
|
||||||
|
# Manually rollover suricata alerts index to ensure data_stream.dataset expected mapping is set to 'suricata'
|
||||||
|
rollover_index "logs-suricata.alerts-so"
|
||||||
|
|
||||||
# Sync the newly generated index templates for elasticfleet integrations
|
# Sync the newly generated index templates for elasticfleet integrations
|
||||||
salt-call state.apply elasticsearch queue=True
|
salt-call state.apply elasticsearch queue=True
|
||||||
|
|
||||||
@@ -811,6 +815,22 @@ ASSIST_EOF
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rollover_index() {
|
||||||
|
idx=$1
|
||||||
|
exists=$(so-elasticsearch-query $idx -o /dev/null -w "%{http_code}")
|
||||||
|
if [[ $exists -eq 200 ]]; then
|
||||||
|
rollover=$(so-elasticsearch-query $idx/_rollover -o /dev/null -w "%{http_code}" -XPOST)
|
||||||
|
|
||||||
|
if [[ $rollover -eq 200 ]]; then
|
||||||
|
echo "Successfully triggered rollover for $idx..."
|
||||||
|
else
|
||||||
|
echo "Could not trigger rollover for $idx..."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Could not find index $idx..."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
suricata_idstools_migration() {
|
suricata_idstools_migration() {
|
||||||
#Backup the pillars for idstools
|
#Backup the pillars for idstools
|
||||||
mkdir -p /nsm/backup/detections-migration/idstools
|
mkdir -p /nsm/backup/detections-migration/idstools
|
||||||
|
|||||||
@@ -89,11 +89,18 @@ http {
|
|||||||
server_name _;
|
server_name _;
|
||||||
return 307 https://{{ GLOBALS.url_base }}$request_uri;
|
return 307 https://{{ GLOBALS.url_base }}$request_uri;
|
||||||
|
|
||||||
|
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; frame-ancestors 'self'";
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
|
||||||
|
add_header referrer-Policy no-referrer;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CCM:TLS_RSA_WITH_ARIA_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CCM:TLS_RSA_WITH_ARIA_128_GCM_SHA256;
|
||||||
ssl_ecdh_curve secp521r1:secp384r1;
|
ssl_ecdh_curve secp521r1:secp384r1;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_protocols TLSv1.2;
|
ssl_protocols TLSv1.2;
|
||||||
@@ -123,11 +130,19 @@ http {
|
|||||||
http2 on;
|
http2 on;
|
||||||
server_name {{ GLOBALS.url_base }};
|
server_name {{ GLOBALS.url_base }};
|
||||||
root /surirules;
|
root /surirules;
|
||||||
|
|
||||||
|
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; frame-ancestors 'self'";
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
|
||||||
|
add_header referrer-Policy no-referrer;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CCM:TLS_RSA_WITH_ARIA_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CCM:TLS_RSA_WITH_ARIA_128_GCM_SHA256;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_protocols TLSv1.2;
|
ssl_protocols TLSv1.2;
|
||||||
location / {
|
location / {
|
||||||
@@ -153,13 +168,14 @@ http {
|
|||||||
add_header X-Frame-Options SAMEORIGIN;
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
|
||||||
|
add_header referrer-Policy no-referrer;
|
||||||
|
|
||||||
ssl_certificate "/etc/pki/nginx/server.crt";
|
ssl_certificate "/etc/pki/nginx/server.crt";
|
||||||
ssl_certificate_key "/etc/pki/nginx/server.key";
|
ssl_certificate_key "/etc/pki/nginx/server.key";
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_session_timeout 10m;
|
ssl_session_timeout 10m;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_CCM:TLS_RSA_WITH_ARIA_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_128_CCM:TLS_RSA_WITH_ARIA_128_GCM_SHA256;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_protocols TLSv1.2;
|
ssl_protocols TLSv1.2;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user