From 14b5aa476e4b03dca8fc7c56e3e7f790e58f13b4 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 21 Nov 2023 09:55:44 -0500
Subject: [PATCH 1/6] Update soup

---
 salt/manager/tools/sbin/soup | 35 ++++++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index b073f4a57..5b52b54f0 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -455,6 +455,8 @@ post_to_2.4.30() {
   mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
   mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
   systemctl_func "start" "salt-minion"
+  salt-call state.apply nginx queue=True
+  enable_highstate
   POSTVERSION=2.4.30
 }
 
@@ -751,20 +753,27 @@ apply_hotfix() {
     elastic_fleet_integration_remove endpoints-initial elastic-defend-endpoints
     /usr/sbin/so-elastic-fleet-integration-policy-elastic-defend
   elif [[ "$INSTALLEDVERSION" == "2.4.30" ]] ; then
-    rm -f /opt/so/conf/elastic-fleet/integrations/endpoints-initial/elastic-defend-endpoints.json
-    so-kibana-restart --force
-    so-kibana-api-check
-    . /usr/sbin/so-elastic-fleet-common
+    if [[ -f /etc/pki/managerssl.key.old ]]; then
+      echo "Fixing 20231117 not enabling highstate"
+      enable_highstate
+      salt-call state.highstate queue=True
+    else
+      rm -f /opt/so/conf/elastic-fleet/integrations/endpoints-initial/elastic-defend-endpoints.json
+      so-kibana-restart --force
+      so-kibana-api-check
+      . /usr/sbin/so-elastic-fleet-common
 
-    elastic_fleet_integration_remove endpoints-initial elastic-defend-endpoints
-    rm -f /opt/so/state/eaintegrations.txt
-    salt-call state.apply ca queue=True
-    stop_salt_minion
-    mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
-    mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
-    systemctl_func "start" "salt-minion"
-    echo "Applying Salt Highstate"
-    salt-call state.highstate queue=True  
+      elastic_fleet_integration_remove endpoints-initial elastic-defend-endpoints
+      rm -f /opt/so/state/eaintegrations.txt
+      salt-call state.apply ca queue=True
+      stop_salt_minion
+      mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
+      mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
+      systemctl_func "start" "salt-minion"
+      enable_highstate
+      echo "Applying Salt Highstate"
+      salt-call state.highstate queue=True
+    fi  
   else
    echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
   fi

From c78ea0183f0865d70194480ad44f43ab2e05c6d3 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 21 Nov 2023 09:59:51 -0500
Subject: [PATCH 2/6] Update HOTFIX

---
 HOTFIX | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/HOTFIX b/HOTFIX
index 57030dc85..ac1f7a840 100644
--- a/HOTFIX
+++ b/HOTFIX
@@ -1 +1 @@
-20231117
+20231121

From 9aa193af3bc357ac4f03569d76f4dfd3f0c29501 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 21 Nov 2023 10:18:02 -0500
Subject: [PATCH 3/6] Update soup

---
 salt/manager/tools/sbin/soup | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 5b52b54f0..bab581932 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -755,8 +755,6 @@ apply_hotfix() {
   elif [[ "$INSTALLEDVERSION" == "2.4.30" ]] ; then
     if [[ -f /etc/pki/managerssl.key.old ]]; then
       echo "Fixing 20231117 not enabling highstate"
-      enable_highstate
-      salt-call state.highstate queue=True
     else
       rm -f /opt/so/conf/elastic-fleet/integrations/endpoints-initial/elastic-defend-endpoints.json
       so-kibana-restart --force
@@ -770,9 +768,6 @@ apply_hotfix() {
       mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
       mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
       systemctl_func "start" "salt-minion"
-      enable_highstate
-      echo "Applying Salt Highstate"
-      salt-call state.highstate queue=True
     fi  
   else
    echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"

From 458c6de39d6f80d48db93b3b86282522d3880d0e Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 21 Nov 2023 10:30:21 -0500
Subject: [PATCH 4/6] Update soup

---
 salt/manager/tools/sbin/soup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index bab581932..5b445dae4 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -754,7 +754,7 @@ apply_hotfix() {
     /usr/sbin/so-elastic-fleet-integration-policy-elastic-defend
   elif [[ "$INSTALLEDVERSION" == "2.4.30" ]] ; then
     if [[ -f /etc/pki/managerssl.key.old ]]; then
-      echo "Fixing 20231117 not enabling highstate"
+      echo "Skipping Certificate Generation"
     else
       rm -f /opt/so/conf/elastic-fleet/integrations/endpoints-initial/elastic-defend-endpoints.json
       so-kibana-restart --force

From fa9032b3231918a9e7985adb0766fec17e563682 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 21 Nov 2023 14:28:23 -0500
Subject: [PATCH 5/6] 2.4.30 hotfix

---
 DOWNLOAD_AND_VERIFY_ISO.md                 |  22 ++++++++++-----------
 sigs/securityonion-2.4.30-20231121.iso.sig | Bin 0 -> 566 bytes
 2 files changed, 11 insertions(+), 11 deletions(-)
 create mode 100644 sigs/securityonion-2.4.30-20231121.iso.sig

diff --git a/DOWNLOAD_AND_VERIFY_ISO.md b/DOWNLOAD_AND_VERIFY_ISO.md
index 7f71cd7ac..202e00de1 100644
--- a/DOWNLOAD_AND_VERIFY_ISO.md
+++ b/DOWNLOAD_AND_VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.4.30-20231117 ISO image released on 2023/11/20
+### 2.4.30-20231121 ISO image released on 2023/11/21
 
 
 
 ### Download and Verify
 
-2.4.30-20231117 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231117.iso
+2.4.30-20231121 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231121.iso
  
-MD5: DF7E2540AFF2A233A9B0EEC78B37D0EA  
-SHA1: 93DB33A46C6F9C7D7CB8031C0A4F8738F4F14E89  
-SHA256: 48C7BD1C664F545554490B8F191BCD7808C519488DCC85984760400F4F68E2DA  
+MD5: 09DB0A6B3A75435C855E777272FC03F8  
+SHA1: A68868E67A3F86B77E01F54067950757EFD3BA72  
+SHA256: B3880C0302D9CDED7C974585B14355544FC9C3279F952EC79FC2BA9AEC7CB749  
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231117.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231121.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231117.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231121.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231117.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231121.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.30-20231117.iso.sig securityonion-2.4.30-20231117.iso
+gpg --verify securityonion-2.4.30-20231121.iso.sig securityonion-2.4.30-20231121.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Sun 19 Nov 2023 08:11:53 PM EST using RSA key ID FE507013
+gpg: Signature made Tue 21 Nov 2023 01:21:38 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
diff --git a/sigs/securityonion-2.4.30-20231121.iso.sig b/sigs/securityonion-2.4.30-20231121.iso.sig
new file mode 100644
index 0000000000000000000000000000000000000000..4feba8dad80947b7f51e23f8fefbc42699f9cc48
GIT binary patch
literal 566
zcmV-60?GY}0y6{v0SEvc79j-41gSkXz6^6dp_W8^5Ma0dP;e6k0%ctFG5`t*5PT3|
zxBgIY6HiAE{yQ3|3U6k$$-{iAayb=S>&z>f8bIV;^BHD}m$Ote=EAm}f9DwSO+#&g
zTSjPqYP6Drh#tc4hx=~Kcn8z`kI2eO*S2Mdm!)pUJ*55ac;iF7G4A>{YXpNRNAJ$a
z>PV$ev#*CuH$m1%W@3nH8a3Lm73*>o@*$58aM<6^xut^$zphN6Z))E9n~(#2)k<_T
zSm1ziDL;F5AXP6miVK@x%wHQqJJ87XsrTK0$<G?LiwE9Y<0@Z2RqQiLDo<yZ^#FB`
zg4T(JIh_2~Bt7ZNpSXuzVV|RaVsp%I(E(8`;i{Xh^q7a?HJ_t>+&tik!C+!1r0-9A
z`3dWHdCRR*%m3P2j-4E3dT3eZpEU0l?QSA2G@9m=x7{pM=aV~IEv%;HNSe%U9xd{~
z4gJp_XkZ0#1#0{P?&sgOaqK!DFLBIBr_<XDh!Am*01;VuZ6MxIXE1E^;Zy1ml+qIU
z`);%iy_2FJSpgGAMJ2aJfFtMPIQzhuilf9|Ev(iW;+gyo>3M{}A4mKj9E_dle>ki5
zk$AwRaqUzWJRPx$Eu$QXv?lfxR~xLKZIy|Pyx$FL$X<5M!hf8(@7Ia~4h2qRe|8Gq
z)p?#g1CEgzOE+8n$8==INo>F+^u3P8?@N#H8qwe@Q1>-ju>E03MdeO+*k!Nj9VN>t
ETQ~$3s{jB1

literal 0
HcmV?d00001


From 7d759a99fe94cc821d56c9f5f5413a4db4cb471a Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 21 Nov 2023 16:40:54 -0500
Subject: [PATCH 6/6] remove hotfix

---
 HOTFIX | 1 -
 1 file changed, 1 deletion(-)

diff --git a/HOTFIX b/HOTFIX
index ac1f7a840..e69de29bb 100644
--- a/HOTFIX
+++ b/HOTFIX
@@ -1 +0,0 @@
-20231121