Merge pull request #7748 from Security-Onion-Solutions/bravo

Bravo
2025-12-06 17:22:49 +01:00 · 2022-04-08 14:48:54 -04:00
parent 8757ca0dfb 13c9af5a5a
commit 7805311ea2
13 changed files with 229 additions and 144 deletions
--- a/1
+++ b/1
@@ -0,0 +1 @@
+
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.110-20220309 ISO image built on 2022/03/09
+### 2.3.110-20220407 ISO image built on 2022/04/07



 ### Download and Verify

-2.3.110-20220309 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220309.iso
+2.3.110-20220407 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220407.iso

-MD5: 537564F8B56633E2D46E5E7C4E2BF18A  
-SHA1: 1E1B42EDB711AC8B5963B3460056770B91AE6BFC  
-SHA256: 4D73E5BE578DA43DCFD3C1B5F9AF07A7980D8DF90ACDDFEF6CEA177F872EECA0 
+MD5: 928D589709731EFE9942CA134A6F4C6B  
+SHA1: CA588A684586CC0D5BDE5E0E41C935FFB939B6C7  
+SHA256: CBF8743838AF2C7323E629FB6B28D5DD00AE6658B0E29E4D0916411D2D526BD2 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220309.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220407.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220309.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220407.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220309.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220407.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.110-20220309.iso.sig securityonion-2.3.110-20220309.iso
+gpg --verify securityonion-2.3.110-20220407.iso.sig securityonion-2.3.110-20220407.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 09 Mar 2022 10:20:47 AM EST using RSA key ID FE507013
+gpg: Signature made Thu 07 Apr 2022 03:30:03 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -93,8 +93,7 @@ check_err() {
    fi
    set +e
    systemctl_func "start" "$cron_service_name"
-    echo "Ensuring highstate is enabled."
-    salt-call state.enable highstate --local
+    enable_highstate
    exit $exit_code
  fi

@@ -366,6 +365,12 @@ clone_to_tmp() {
  fi
 }

+enable_highstate() {
+    echo "Enabling highstate."
+    salt-call state.enable highstate -l info --local
+    echo ""
+}
+
 generate_and_clean_tarballs() {
  local new_version
  new_version=$(cat $UPDATE_DIR/VERSION)
@@ -492,10 +497,10 @@ stop_salt_master() {
    set +e
    echo ""
    echo "Killing all Salt jobs across the grid."
-    salt \* saltutil.kill_all_jobs
+    salt \* saltutil.kill_all_jobs >> $SOUP_LOG 2>&1
    echo ""
    echo "Killing any queued Salt jobs on the manager."
-    pkill -9 -ef "/usr/bin/python3 /bin/salt"
+    pkill -9 -ef "/usr/bin/python3 /bin/salt" >> $SOUP_LOG 2>&1
    set -e

    echo ""
@@ -857,7 +862,7 @@ upgrade_salt() {
    echo ""
    set +e
    run_check_net_err \
-    "sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -F -M -x python3 stable \"$NEWSALTVERSION\"" \
+    "sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -r -F -M -x python3 stable \"$NEWSALTVERSION\"" \
    "Could not update salt, please check $SOUP_LOG for details."
    set -e
    echo "Applying apt hold for Salt."
@@ -866,11 +871,27 @@ upgrade_salt() {
    apt-mark hold "salt-master"
    apt-mark hold "salt-minion"
  fi
+
+  echo "Checking if Salt was upgraded."
+  echo ""
+  # Check that Salt was upgraded
+  SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
+  if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
+    echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
+    echo "Once the issue is resolved, run soup again."
+    echo "Exiting."
+    echo ""
+    exit 0
+  else
+    echo "Salt upgrade success."
+    echo ""
+  fi
+
 }

 update_repo() {
-  echo "Performing repo changes."
  if [[ "$OS" == "centos" ]]; then
+    echo "Performing repo changes."
    # Import GPG Keys
    gpg_rpm_import
    echo "Disabling fastestmirror."
@@ -890,6 +911,21 @@ update_repo() {
      yum clean all
      yum repolist
    fi
+  elif [[ "$OS" == "ubuntu" ]]; then
+    ubuntu_version=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}')
+
+    if grep -q "UBUNTU_CODENAME=bionic" /etc/os-release; then
+      OSVER=bionic
+    elif grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then
+      OSVER=focal
+    else
+      echo "We do not support your current version of Ubuntu."
+      exit 1
+    fi
+
+    rm -f /etc/apt/sources.list.d/salt.list
+    echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt $OSVER main" > /etc/apt/sources.list.d/saltstack.list
+    apt-get update
  fi
 }

@@ -922,6 +958,8 @@ verify_latest_update_script() {
 apply_hotfix() {
  if [[ "$INSTALLEDVERSION" == "2.3.90" ]] ; then
    fix_wazuh
+  elif [[ "$INSTALLEDVERSION" == "2.3.110" ]] ; then
+    2_3_10_hotfix_1
  else
    echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
  fi
@@ -943,6 +981,28 @@ fix_wazuh() {
  fi
 }

+#upgrade salt to 3004.1
+2_3_10_hotfix_1() {
+    systemctl_func "stop" "$cron_service_name"
+    # update mine items prior to stopping salt-minion and salt-master
+    update_salt_mine
+    stop_salt_minion
+    stop_salt_master
+    update_repo
+    # Does salt need upgraded. If so update it.
+    if [[ $UPGRADESALT -eq 1 ]]; then
+      echo "Upgrading Salt"
+      # Update the repo files so it can actually upgrade
+      upgrade_salt
+    fi
+    rm -f /opt/so/state/influxdb_continuous_query.py.patched /opt/so/state/influxdbmod.py.patched /opt/so/state/influxdb_retention_policy.py.patched
+    systemctl_func "start" "salt-master"
+    salt-call state.apply salt.python3-influxdb -l info
+    systemctl_func "start" "salt-minion"
+    systemctl_func "start" "$cron_service_name"
+
+}
+
 main() {
  trap 'check_err $?' EXIT
  
@@ -1012,12 +1072,19 @@ main() {
  upgrade_check_salt
  set -e

+  if [[ $is_airgap -eq 0 ]]; then
+    update_centos_repo
+    yum clean all
+    check_os_updates
+  fi
+
  if [ "$is_hotfix" == "true" ]; then
    echo "Applying $HOTFIXVERSION hotfix"
    copy_new_files
    apply_hotfix
    echo "Hotfix applied"
    update_version
+    enable_highstate
    salt-call state.highstate -l info queue=True
  else
    echo ""
@@ -1032,9 +1099,6 @@ main() {
    echo "Updating dockers to $NEWVERSION."
    if [[ $is_airgap -eq 0 ]]; then
      airgap_update_dockers
-      update_centos_repo
-      yum clean all
-      check_os_updates
    # if not airgap but -f was used
    elif [[ ! -z "$ISOLOC" ]]; then
      airgap_update_dockers
@@ -1057,21 +1121,6 @@ main() {
      echo "Upgrading Salt"
      # Update the repo files so it can actually upgrade
      upgrade_salt
-    
-      echo "Checking if Salt was upgraded."
-      echo ""
-      # Check that Salt was upgraded
-      SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
-      if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
-        echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
-        echo "Once the issue is resolved, run soup again."
-        echo "Exiting."
-        echo ""
-        exit 0
-      else
-        echo "Salt upgrade success."
-        echo ""
-      fi
    fi

    preupgrade_changes
@@ -1127,9 +1176,7 @@ main() {
      echo ""
    fi

-    echo "Enabling highstate."
-    salt-call state.enable highstate -l info --local
-    echo ""
+    enable_highstate

    echo ""
    echo "Running a highstate. This could take several minutes."
--- a/salt/repo/client/centos.sls
+++ b/salt/repo/client/centos.sls
@@ -0,0 +1,98 @@
+{% from 'repo/client/map.jinja' import ABSENTFILES with context %}
+{% from 'repo/client/map.jinja' import REPOPATH with context %}
+{% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %}
+{% set managerupdates = salt['pillar.get']('global:managerupdate', 0) %}
+{% set role = grains.id.split('_') | last %}
+
+# from airgap state
+{% if ISAIRGAP and grains.os == 'CentOS' %}
+{% set MANAGER = salt['grains.get']('master') %}
+airgapyum:
+  file.managed:
+    - name: /etc/yum/yum.conf
+    - source: salt://repo/client/files/centos/airgap/yum.conf
+
+airgap_repo:
+  pkgrepo.managed:
+    - humanname: Airgap Repo
+    - baseurl: https://{{ MANAGER }}/repo
+    - gpgcheck: 0
+    - sslverify: 0
+
+{% endif %}
+
+# from airgap and common
+{% if ABSENTFILES|length > 0%}
+  {% for file in ABSENTFILES  %}
+{{ file }}:
+  file.absent:
+    - name: {{ REPOPATH }}{{ file }}
+    - onchanges_in:
+      - cmd: cleanyum
+  {% endfor %}
+{% endif %}
+
+# from common state
+# Remove default Repos
+{% if grains['os'] == 'CentOS' %}
+repair_yumdb:
+  cmd.run:
+    - name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all'
+    - onlyif:
+      - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"'
+
+crsynckeys:
+  file.recurse:
+    - name: /etc/pki/rpm_gpg
+    - source: salt://repo/client/files/centos/keys/
+
+{% if not ISAIRGAP %}
+    {% if role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] or managerupdates == 0 %}
+remove_securityonionrepocache:
+  file.absent:
+    - name: /etc/yum.repos.d/securityonioncache.repo
+    {% endif %}
+
+    {% if role not in ['eval', 'standalone', 'import', 'manager', 'managersearch'] and managerupdates == 1 %}
+remove_securityonionrepo:
+  file.absent:
+    - name: /etc/yum.repos.d/securityonion.repo
+    {% endif %}
+
+crsecurityonionrepo:
+  file.managed:
+    {% if role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] or managerupdates == 0 %}
+    - name: /etc/yum.repos.d/securityonion.repo
+    - source: salt://repo/client/files/centos/securityonion.repo
+    {% else %}
+    - name: /etc/yum.repos.d/securityonioncache.repo
+    - source: salt://repo/client/files/centos/securityonioncache.repo
+    {% endif %}
+    - mode: 644
+
+yumconf:
+  file.managed:
+    - name: /etc/yum.conf
+    - source: salt://repo/client/files/centos/yum.conf.jinja
+    - mode: 644
+    - template: jinja
+    - show_changes: False
+
+cleanairgap:
+  file.absent:
+    - name: /etc/yum.repos.d/airgap_repo.repo
+{% endif %}
+
+cleanyum:
+  cmd.run:
+    - name: 'yum clean metadata'
+    - onchanges:
+{% if ISAIRGAP %}
+      - file: airgapyum
+      - pkgrepo: airgap_repo
+{% else %}
+      - file: crsecurityonionrepo
+      - file: yumconf
+{% endif %}
+
+{% endif %}
--- a/salt/repo/client/init.sls
+++ b/salt/repo/client/init.sls
@@ -1,98 +1,2 @@
-{% from 'repo/client/map.jinja' import ABSENTFILES with context %}
-{% from 'repo/client/map.jinja' import REPOPATH with context %}
-{% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %}
-{% set managerupdates = salt['pillar.get']('global:managerupdate', 0) %}
-{% set role = grains.id.split('_') | last %}
-
-# from airgap state
-{% if ISAIRGAP and grains.os == 'CentOS' %}
-{% set MANAGER = salt['grains.get']('master') %}
-airgapyum:
-  file.managed:
-    - name: /etc/yum/yum.conf
-    - source: salt://repo/client/files/centos/airgap/yum.conf
-
-airgap_repo:
-  pkgrepo.managed:
-    - humanname: Airgap Repo
-    - baseurl: https://{{ MANAGER }}/repo
-    - gpgcheck: 0
-    - sslverify: 0
-
-{% endif %}
-
-# from airgap and common
-{% if ABSENTFILES|length > 0%}
-  {% for file in ABSENTFILES  %}
-{{ file }}:
-  file.absent:
-    - name: {{ REPOPATH }}{{ file }}
-    - onchanges_in:
-      - cmd: cleanyum
-  {% endfor %}
-{% endif %}
-
-# from common state
-# Remove default Repos
-{% if grains['os'] == 'CentOS' %}
-repair_yumdb:
-  cmd.run:
-    - name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all'
-    - onlyif:
-      - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"'
-
-crsynckeys:
-  file.recurse:
-    - name: /etc/pki/rpm-gpg
-    - source: salt://repo/client/files/centos/keys/
-
-{% if not ISAIRGAP %}
-    {% if role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] or managerupdates == 0 %}
-remove_securityonionrepocache:
-  file.absent:
-    - name: /etc/yum.repos.d/securityonioncache.repo
-    {% endif %}
-
-    {% if role not in ['eval', 'standalone', 'import', 'manager', 'managersearch'] and managerupdates == 1 %}
-remove_securityonionrepo:
-  file.absent:
-    - name: /etc/yum.repos.d/securityonion.repo
-    {% endif %}
-
-crsecurityonionrepo:
-  file.managed:
-    {% if role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] or managerupdates == 0 %}
-    - name: /etc/yum.repos.d/securityonion.repo
-    - source: salt://repo/client/files/centos/securityonion.repo
-    {% else %}
-    - name: /etc/yum.repos.d/securityonioncache.repo
-    - source: salt://repo/client/files/centos/securityonioncache.repo
-    {% endif %}
-    - mode: 644
-
-yumconf:
-  file.managed:
-    - name: /etc/yum.conf
-    - source: salt://repo/client/files/centos/yum.conf.jinja
-    - mode: 644
-    - template: jinja
-    - show_changes: False
-
-cleanairgap:
-  file.absent:
-    - name: /etc/yum.repos.d/airgap_repo.repo
-{% endif %}
-
-cleanyum:
-  cmd.run:
-    - name: 'yum clean metadata'
-    - onchanges:
-{% if ISAIRGAP %}
-      - file: airgapyum
-      - pkgrepo: airgap_repo
-{% else %}
-      - file: crsecurityonionrepo
-      - file: yumconf
-{% endif %}
-
-{% endif %}
+include:
+  - repo.client.{{grains.os | lower}}
--- a/salt/repo/client/ubuntu.sls
+++ b/salt/repo/client/ubuntu.sls
@@ -0,0 +1,20 @@
+# this removes the repo file left by bootstrap-salt.sh without -r
+remove_salt.list:
+  file.absent:
+    - name: /etc/apt/sources.list.d/salt.list
+
+saltstack.list:
+  file.managed:
+    - name: /etc/apt/sources.list.d/saltstack.list
+    - contents:
+      - deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/{{grains.osrelease}}/amd64/salt/ {{grains.oscodename}} main
+
+apt_update:
+  cmd.run:
+    - name: apt-get update
+    - onchanges:
+      - file: saltstack.list
+    - timeout: 30
+    - retry:
+        attempts: 5
+        interval: 30
--- a/salt/salt/map.jinja
+++ b/salt/salt/map.jinja
@@ -31,7 +31,7 @@
  {% if grains.os|lower in ['centos', 'redhat'] %}
      {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
  {% elif grains.os|lower == 'ubuntu' %}
-    {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION %}
+    {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
  {% endif %}
 {% else %}
  {% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %}
--- a/salt/salt/minion.sls
+++ b/salt/salt/minion.sls
@@ -32,6 +32,22 @@ install_salt_minion:
        exec 1>&- # close stdout
        exec 2>&- # close stderr
        nohup /bin/sh -c '{{ UPGRADECOMMAND }}' &
+
+  {# if we are the salt master #}
+  {% if grains.id.split('_')|first == grains.master %}
+remove_influxdb_continuous_query_state_file:
+  file.absent:
+    - name: /opt/so/state/influxdb_continuous_query.py.patched
+
+remove_influxdbmod_state_file:
+  file.absent:
+    - name: /opt/so/state/influxdbmod.py.patched
+
+remove_influxdb_retention_policy_state_file:
+  file.absent:
+    - name: /opt/so/state/influxdb_retention_policy.py.patched
+  {% endif %}
+
 {% endif %}

 {% if INSTALLEDSALTVERSION|string == SALTVERSION|string %}
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -20,16 +20,15 @@ base:

  '*':
    - cron.running
+    - repo.client

  'not G@saltversion:{{saltversion}}':
    - match: compound
    - salt.minion-state-apply-test
-    - repo.client
    - salt.minion

  'G@os:CentOS and G@saltversion:{{saltversion}}':
    - match: compound
-    - repo.client
    - yum.packages

  '* and G@saltversion:{{saltversion}}':
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -2273,7 +2273,7 @@ saltify() {
 					# Download Ubuntu Keys in case manager updates = 1
 					logCmd "mkdir -vp /opt/so/gpg"
 					if [[ ! $is_airgap ]]; then
-					  logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3004.1/SALTSTACK-GPG-KEY.pub"
+					  logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt/SALTSTACK-GPG-KEY.pub"
 					  logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg"
 					  logCmd "wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH"
 					fi
@@ -2331,8 +2331,8 @@ saltify() {
 			'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT' | 'HELIXSENSOR')

 				# Add saltstack repo(s)
-				wget -q --inet4-only -O - https://repo.saltstack.com/py3/ubuntu/"$ubuntu_version"/amd64/archive/3004.1/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
-				echo "deb http://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/archive/3004.1 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
+				wget -q --inet4-only -O - https://repo.securityonion.net/file/securityonion-repo/ubuntu/"$ubuntu_version"/amd64/salt/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
+				echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"

 				# Add Docker repo
 				curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1
@@ -2340,7 +2340,7 @@ saltify() {

 				# Get gpg keys
 				mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
-				wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/"$ubuntu_version"/amd64/archive/3004.1/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
+				wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/"$ubuntu_version"/amd64/salt/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
 				wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
 				wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1

@@ -2364,7 +2364,7 @@ saltify() {
 				echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1
 				apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
 				apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1
-				echo "deb http://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/archive/3004.1/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
+				echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
 				echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log"
 				;;
 		esac
--- a/sigs/securityonion-2.3.110-20220404.iso.sig
+++ b/sigs/securityonion-2.3.110-20220404.iso.sig
--- a/sigs/securityonion-2.3.110-20220405.iso.sig
+++ b/sigs/securityonion-2.3.110-20220405.iso.sig
--- a/sigs/securityonion-2.3.110-20220407.iso.sig
+++ b/sigs/securityonion-2.3.110-20220407.iso.sig