Merge pull request #7134 from Security-Onion-Solutions/mastermerger

Mastermerger
2025-12-06 09:12:45 +01:00 · 2022-02-07 08:38:27 -05:00
parent d0b54a3a34 abd121733f
commit 77fc9df448
9 changed files with 20 additions and 18 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-
+20220202 20220203
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.100-20220131 ISO image built on 2022/01/31
+### 2.3.100-20220203 ISO image built on 2022/02/03



 ### Download and Verify

-2.3.100-20220131 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220131.iso
+2.3.100-20220203 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220203.iso

-MD5: 9B50774532B77A10E2F52A3F0492A780  
-SHA1: 3C50D2EF4AFFFA8929492C2FC3842FF3EEE0EA5F  
-SHA256: CDCBEE6B1FDFB4CAF6C9F80CCADC161366EC337746E8394BF4454FAA2FC11AA1 
+MD5: 14705B2F2F9C973D944A4545449799C5  
+SHA1: D73405BE3DE404DE19979B58DEA6F22F434E622D  
+SHA256: 3DD54ACBFDE0047A5EA238415F025ADB6D6AAFF53BEE084A602327CB3242B580 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220131.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220203.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220131.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220203.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220131.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220203.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.100-20220131.iso.sig securityonion-2.3.100-20220131.iso
+gpg --verify securityonion-2.3.100-20220203.iso.sig securityonion-2.3.100-20220203.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Mon 31 Jan 2022 11:41:30 AM EST using RSA key ID FE507013
+gpg: Signature made Thu 03 Feb 2022 03:35:03 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/pillar/logstash/nodes.sls
+++ b/pillar/logstash/nodes.sls
@@ -1,11 +1,13 @@
 {% set node_types = {} %}
+{% set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %}
 {% for minionid, ip in salt.saltutil.runner(
    'mine.get',
    tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-node or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ',
    fun='network.ip_addrs',
    tgt_type='compound') | dictsort()
 %}
-{%   set hostname = minionid.split('_')[0] %}
+
+{%   set hostname = cached_grains[minionid]['host'] %}
 {%   set node_type = minionid.split('_')[1] %}
 {%   if node_type not in node_types.keys() %}
 {%     do node_types.update({node_type: {hostname: ip[0]}}) %}
--- a/salt/manager/files/acng/acng.conf
+++ b/salt/manager/files/acng/acng.conf
@@ -80,7 +80,7 @@ RedirMax: 6
 VfileUseRangeOps: -1
 # PassThroughPattern: private-ppa\.launchpad\.net:443$
 # PassThroughPattern: .* # this would allow CONNECT to everything
-PassThroughPattern: (repo\.securityonion\.net:443|download\.docker\.com:443|mirrors\.fedoraproject\.org:443|packages\.wazuh\.com:443|repo\.saltstack\.com:443|yum\.dockerproject\.org:443|download\.docker\.com:443|registry\.npmjs\.org:443|registry\.yarnpkg\.com:443)$ # yarn/npm pkg, cant to http :/
+PassThroughPattern: (repo\.securityonion\.net:443|download\.docker\.com:443|mirrors\.fedoraproject\.org:443|packages\.wazuh\.com:443|repo\.saltstack\.com:443|repo\.saltproject\.io:443|yum\.dockerproject\.org:443|download\.docker\.com:443|registry\.npmjs\.org:443|registry\.yarnpkg\.com:443)$ # yarn/npm pkg, cant to http :/
 # ResponseFreezeDetectTime: 500
 # ReuseConnections: 1
 # PipelineDepth: 255
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -23,7 +23,7 @@ include:
 {% else %}
 include:
  - ca.dirs
-    {% set x509dict = salt['mine.get'](manager~'*', 'x509.get_pem_entries') %}
+    {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
    {% for host in x509dict %}
      {% if 'manager' in host.split('_')|last or host.split('_')|last == 'standalone' %}
        {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
--- a/setup/automation/distributed-airgap-manager
+++ b/setup/automation/distributed-airgap-manager
@@ -34,7 +34,7 @@ GRAFANA=1
 # HELIXAPIKEY=
 HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
 HNSENSOR=inherit
-HOSTNAME=distributed-manager
+HOSTNAME=Distributed-manager
 install_type=MANAGER
 INTERWEBS=AIRGAP
 # LSINPUTBATCHCOUNT=
--- a/setup/automation/distributed-airgap-sensor
+++ b/setup/automation/distributed-airgap-sensor
@@ -34,7 +34,7 @@ ZEEKVERSION=ZEEK
 # HELIXAPIKEY=
 HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
 HNSENSOR=inherit
-HOSTNAME=distributed-sensor
+HOSTNAME=Distributed-sensor
 install_type=SENSOR
 # LSINPUTBATCHCOUNT=
 # LSINPUTTHREADS=
--- a/sigs/securityonion-2.3.100-20220202.iso.sig
+++ b/sigs/securityonion-2.3.100-20220202.iso.sig
--- a/sigs/securityonion-2.3.100-20220203.iso.sig
+++ b/sigs/securityonion-2.3.100-20220203.iso.sig