From eaeed07fd4818d5b379404b8794b48296d2f6702 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Feb 2022 09:12:29 -0500 Subject: [PATCH 01/11] Update acng.conf --- salt/manager/files/acng/acng.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/manager/files/acng/acng.conf b/salt/manager/files/acng/acng.conf index 1b7f05e04..1f1f53754 100644 --- a/salt/manager/files/acng/acng.conf +++ b/salt/manager/files/acng/acng.conf @@ -80,7 +80,7 @@ RedirMax: 6 VfileUseRangeOps: -1 # PassThroughPattern: private-ppa\.launchpad\.net:443$ # PassThroughPattern: .* # this would allow CONNECT to everything -PassThroughPattern: (repo\.securityonion\.net:443|download\.docker\.com:443|mirrors\.fedoraproject\.org:443|packages\.wazuh\.com:443|repo\.saltstack\.com:443|yum\.dockerproject\.org:443|download\.docker\.com:443|registry\.npmjs\.org:443|registry\.yarnpkg\.com:443)$ # yarn/npm pkg, cant to http :/ +PassThroughPattern: (repo\.securityonion\.net:443|download\.docker\.com:443|mirrors\.fedoraproject\.org:443|packages\.wazuh\.com:443|repo\.saltstack\.com:443|repo\.saltproject\.io:443|yum\.dockerproject\.org:443|download\.docker\.com:443|registry\.npmjs\.org:443|registry\.yarnpkg\.com:443)$ # yarn/npm pkg, cant to http :/ # ResponseFreezeDetectTime: 500 # ReuseConnections: 1 # PipelineDepth: 255 From a02fb37493f786e8d821e85d2bc78335392c52c5 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Wed, 2 Feb 2022 09:18:02 -0500 Subject: [PATCH 02/11] Update init.sls --- salt/ssl/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index 0958c0db1..7ac6687e1 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -23,7 +23,7 @@ include: {% else %} include: - ca.dirs - {% set x509dict = salt['mine.get'](manager~'*', 'x509.get_pem_entries') %} + {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %} {% for host in x509dict %} {% if 'manager' in host.split('_')|last or host.split('_')|last == 'standalone' %} {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %} From 8152aec22eac22fb573d9a1d8f05d2160f1a1d72 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Feb 2022 09:49:19 -0500 Subject: [PATCH 03/11] Update HOTFIX --- HOTFIX | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HOTFIX b/HOTFIX index 8b1378917..1ff12871f 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ - +20220202 From fc0824ceb03f56faf2a03c1e21e754a27e7e087c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Feb 2022 16:20:49 -0500 Subject: [PATCH 04/11] 2.3.100 Hotfix --- sigs/securityonion-2.3.100-20220202.iso.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/securityonion-2.3.100-20220202.iso.sig diff --git a/sigs/securityonion-2.3.100-20220202.iso.sig b/sigs/securityonion-2.3.100-20220202.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..228dafb16e078c5f5f9f7e830e1eafd31d515612 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;CEyN3V@2@re`V7LBIa1&lZ5BdVKp==x#DeGNSDm|%D z!egqN7oXL%XpVw3w)!zMKeT(y1-q)4!84At<9^L^>}H{85b8&jQAC>z4Oa^W+>B~J z;<2Q%M>lrTrE|;uq6-W!j9DjBVBCR&7rh(2X%_;qNzMq#VAZ;m=r!=(vRj3SHuHZz@%MwjBf5a}*Te1QoyChK^H8Y(%M+F{ zWP$xXxY79F*Nb@Tf3=y9ort>hUVouVbW^TFGW2;qGudc z%Rv$@=i#S6O6~~=uKGv@w%sv%KfO;`B3DZ5+BI~SHNBqtf~}EP0(7;XGel6${&6LS hi6?&h2PJ6De;|tEHwE3@K`9?vOz?JQ-qfvt-dO$I0Hgo_ literal 0 HcmV?d00001 From b94cae01767d84f63a2a006ca2022f798861a7a5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Feb 2022 16:22:44 -0500 Subject: [PATCH 05/11] 2.3.100 Hotfix --- VERIFY_ISO.md | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index b52c8c740..4f9d05bbd 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.100-20220131 ISO image built on 2022/01/31 +### 2.3.100-20220202 ISO image built on 2022/02/02 ### Download and Verify -2.3.100-20220131 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220131.iso +2.3.100-20220202 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220202.iso -MD5: 9B50774532B77A10E2F52A3F0492A780 -SHA1: 3C50D2EF4AFFFA8929492C2FC3842FF3EEE0EA5F -SHA256: CDCBEE6B1FDFB4CAF6C9F80CCADC161366EC337746E8394BF4454FAA2FC11AA1 +MD5: 170337342118DC32F8C2F687F332CA25 +SHA1: 202235BFE37F1F2E129F5D5DE13173A27A9D8CC0 +SHA256: F902C561D35F5B9DFB2D65BDAE97D30FD9E46F6822AFA36CA9C4043C50864484 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220131.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220202.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,26 +26,25 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220131.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220202.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220131.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220202.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.100-20220131.iso.sig securityonion-2.3.100-20220131.iso +gpg --verify securityonion-2.3.100-20220202.iso.sig securityonion-2.3.100-20220202.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Mon 31 Jan 2022 11:41:30 AM EST using RSA key ID FE507013 +gpg: Signature made Wed 02 Feb 2022 12:12:39 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. -Primary key fingerprint: C804 A93D 36BE 0C73 3EA1 9644 7C10 60B7 FE50 7013 ``` Once you've verified the ISO image, you're ready to proceed to our Installation guide: From 83683ec27eeadf7c16db715f4f3247a5ba81d5c4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Feb 2022 16:23:51 -0500 Subject: [PATCH 06/11] 2.3.100 Hotfix --- VERIFY_ISO.md | 1 + 1 file changed, 1 insertion(+) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 4f9d05bbd..6e1c7f9ed 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -45,6 +45,7 @@ gpg: Signature made Wed 02 Feb 2022 12:12:39 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. +Primary key fingerprint: C804 A93D 36BE 0C73 3EA1 9644 7C10 60B7 FE50 7013 ``` Once you've verified the ISO image, you're ready to proceed to our Installation guide: From d8a43015339625f470b60a2afc3c6683c90901c6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 3 Feb 2022 10:34:12 -0500 Subject: [PATCH 07/11] Update distributed-airgap-manager --- setup/automation/distributed-airgap-manager | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/automation/distributed-airgap-manager b/setup/automation/distributed-airgap-manager index 2c416fd2c..66765c38a 100644 --- a/setup/automation/distributed-airgap-manager +++ b/setup/automation/distributed-airgap-manager @@ -34,7 +34,7 @@ GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit -HOSTNAME=distributed-manager +HOSTNAME=Distributed-manager install_type=MANAGER INTERWEBS=AIRGAP # LSINPUTBATCHCOUNT= From 5c39162aefcf1ecf18d86aed7681ef2b8a5159d1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 3 Feb 2022 10:34:55 -0500 Subject: [PATCH 08/11] Update distributed-airgap-sensor --- setup/automation/distributed-airgap-sensor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/automation/distributed-airgap-sensor b/setup/automation/distributed-airgap-sensor index dea80f8e0..597cbd1d5 100644 --- a/setup/automation/distributed-airgap-sensor +++ b/setup/automation/distributed-airgap-sensor @@ -34,7 +34,7 @@ ZEEKVERSION=ZEEK # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit -HOSTNAME=distributed-sensor +HOSTNAME=Distributed-sensor install_type=SENSOR # LSINPUTBATCHCOUNT= # LSINPUTTHREADS= From 797d76966178ab5ed439b14d2e4b62b1d4b640d9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 3 Feb 2022 10:36:18 -0500 Subject: [PATCH 09/11] use actual hostname in logstash:nodes pillar --- pillar/logstash/nodes.sls | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pillar/logstash/nodes.sls b/pillar/logstash/nodes.sls index 3658065cb..18c4b39bf 100644 --- a/pillar/logstash/nodes.sls +++ b/pillar/logstash/nodes.sls @@ -1,11 +1,13 @@ {% set node_types = {} %} +{% set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %} {% for minionid, ip in salt.saltutil.runner( 'mine.get', tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-node or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ', fun='network.ip_addrs', - tgt_type='compound') | dictsort() + tgt_type='compound') | dictsort() %} -{% set hostname = minionid.split('_')[0] %} + +{% set hostname = cached_grains[minionid]['host'] %} {% set node_type = minionid.split('_')[1] %} {% if node_type not in node_types.keys() %} {% do node_types.update({node_type: {hostname: ip[0]}}) %} From 4f2952105e7efc4291f10fc39cd308ed23437e27 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 3 Feb 2022 15:06:18 -0500 Subject: [PATCH 10/11] Update HOTFIX --- HOTFIX | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HOTFIX b/HOTFIX index 1ff12871f..aa8e22a9c 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ -20220202 +20220202 20220203 From b7732fb14a627fbc330754edcf27ad0f3d7e99a3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 3 Feb 2022 15:58:26 -0500 Subject: [PATCH 11/11] 2.3.100 Hotfix 2 --- VERIFY_ISO.md | 22 ++++++++++---------- sigs/securityonion-2.3.100-20220203.iso.sig | Bin 0 -> 543 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.3.100-20220203.iso.sig diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 6e1c7f9ed..376d4328f 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.100-20220202 ISO image built on 2022/02/02 +### 2.3.100-20220203 ISO image built on 2022/02/03 ### Download and Verify -2.3.100-20220202 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220202.iso +2.3.100-20220203 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220203.iso -MD5: 170337342118DC32F8C2F687F332CA25 -SHA1: 202235BFE37F1F2E129F5D5DE13173A27A9D8CC0 -SHA256: F902C561D35F5B9DFB2D65BDAE97D30FD9E46F6822AFA36CA9C4043C50864484 +MD5: 14705B2F2F9C973D944A4545449799C5 +SHA1: D73405BE3DE404DE19979B58DEA6F22F434E622D +SHA256: 3DD54ACBFDE0047A5EA238415F025ADB6D6AAFF53BEE084A602327CB3242B580 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220202.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220203.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220202.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220203.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220202.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220203.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.100-20220202.iso.sig securityonion-2.3.100-20220202.iso +gpg --verify securityonion-2.3.100-20220203.iso.sig securityonion-2.3.100-20220203.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Wed 02 Feb 2022 12:12:39 PM EST using RSA key ID FE507013 +gpg: Signature made Thu 03 Feb 2022 03:35:03 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.100-20220203.iso.sig b/sigs/securityonion-2.3.100-20220203.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..296efd987e1fa38527e412cd9bde35e593469e45 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;CGJa+&J2@re`V7LBIa1+Tu5C2xyGf|yAh9R5+*84q@ zC#AG@TCn?PH<-4JvujiRi&(KNh5)KCPT`0jOC4PIbl1HJH+d;9$3<+Zp|;^{dPH>%s@~R8Vet(zISIt z9uNyqEepPMyq@;7b*SPgKzs3QE0xVa$-}0GqYVn~KW%;#Gq&8sRPLJ{~6J zJmVF42DVZCn4+SA8;sQ@2d8MsTA*C46L_)5vsP;eY~j;@{nB1_S3SBsb;VR#8?oPAPE z%8B}i8POr!pN(|%c*%6_A?+ud<)-_lfLvs7UrpAf!iWs)o4B{c%DfXlz5%(55M)L} h>M#(5>etjDHOmbhioa6L*-?T-1go*V1?ZWvP*OaI1MUC- literal 0 HcmV?d00001