Merge pull request #12693 from Security-Onion-Solutions/dev

2.3.300
2025-12-06 01:02:46 +01:00 · 2024-04-01 11:37:59 -04:00
parent fbbddc2aaf 2f3b92887b
commit 94c7dabd9e
5 changed files with 56 additions and 12 deletions
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.290-20240229 ISO image built on 2024/02/29
+### 2.3.300-20240401 ISO image built on 2024/04/01



 ### Download and Verify

-2.3.290-20240229 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.290-20240229.iso
+2.3.300-20240401 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.300-20240401.iso

-MD5: D2A7BBDA25F311B7944A95655CC439CE  
-SHA1: BAD2A67119C6F73B6472E1A31B9C157A60A074B5  
-SHA256: FD611421C3B41BA267BA7A57B8FAFB29B0B59435D0A796D686C0D3BDD36AFF7D 
+MD5: 5CBDA8012D773C5EC362D21C4EA3B7FB  
+SHA1: 7A34FAA0E11F09F529FF38EC3239211CD87CB1A7  
+SHA256: 123066DAFBF6F2AA0E1924296CFEFE1213002D7760E8797AB74F1FC1D683C6D7 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.290-20240229.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.300-20240401.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.290-20240229.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.300-20240401.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.290-20240229.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.300-20240401.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.290-20240229.iso.sig securityonion-2.3.290-20240229.iso
+gpg --verify securityonion-2.3.300-20240401.iso.sig securityonion-2.3.300-20240401.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 28 Feb 2024 04:11:05 PM EST using RSA key ID FE507013
+gpg: Signature made Wed 27 Mar 2024 05:09:33 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/2
+++ b/2
@@ -1 +1 @@
-2.3.290
+2.3.300
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -582,6 +582,7 @@ preupgrade_changes() {
    [[ "$INSTALLEDVERSION" == 2.3.260 ]] && up_to_2.3.270
    [[ "$INSTALLEDVERSION" == 2.3.270 ]] && up_to_2.3.280
    [[ "$INSTALLEDVERSION" == 2.3.280 ]] && up_to_2.3.290
+    [[ "$INSTALLEDVERSION" == 2.3.290 ]] && up_to_2.3.300
    
    true
 }
@@ -616,6 +617,7 @@ postupgrade_changes() {
    [[ "$POSTVERSION" == 2.3.260 ]] && post_to_2.3.270
    [[ "$POSTVERSION" == 2.3.270 ]] && post_to_2.3.280
    [[ "$POSTVERSION" == 2.3.280 ]] && post_to_2.3.290
+    [[ "$POSTVERSION" == 2.3.290 ]] && post_to_2.3.300

    true
 }
@@ -791,6 +793,11 @@ post_to_2.3.290() {
  POSTVERSION=2.3.290
 }

+post_to_2.3.300() {
+  echo "Nothing to do for .300"
+  POSTVERSION=2.3.300
+}
+
 stop_salt_master() {
    # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
    set +e
@@ -1166,6 +1173,11 @@ up_to_2.3.290() {
  INSTALLEDVERSION=2.3.290
 }

+up_to_2.3.300() {
+  echo "Upgrading to 2.3.300"
+  INSTALLEDVERSION=2.3.300
+}
+
 verify_upgradespace() {
  CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
  if [ "$CURRENTSPACE" -lt "10" ]; then
--- a/salt/strelka/defaults.yaml
+++ b/salt/strelka/defaults.yaml
@@ -1,12 +1,43 @@
 strelka:
  ignore:
    - apt_flame2_orchestrator.yar
+    - apt_apt32.yar
+    - apt_aa19_024a.yar
+    - apt_apt15.yar
+    - apt_barracuda_esg_unc4841_jun23.yar
+    - apt_bluetermite_emdivi.yar
+    - apt_danti_svcmondr.yar
+    - apt_eqgrp.yar
+    - apt_eqgrp_apr17.yar
+    - apt_greenbug.yar
+    - apt_grizzlybear_uscert.yar
+    - apt_lazarus_jun18.yar
+    - apt_mal_gopuram_apr23.yar
+    - apt_moonlightmaze.yar
+    - apt_oilrig.yar
+    - apt_oilrig_oct17.yar
+    - apt_passthehashtoolkit.yar
+    - apt_poisonivy.yar
+    - apt_winnti_burning_umbrella.yar
+    - cn_pentestset_webshells.yar
+    - crime_emotet.yar
+    - gen_fake_amsi_dll.yar
+    - gen_onenote_phish.yar
+    - apt_laudanum_webshells.yar
+    - apt_sandworm_cyclops_blink.yar
+    - cn_pentestset_scripts.yar
+    - expl_connectwise_screenconnect_vuln_feb24.yar
+    - mal_fortinet_coathanger_feb24.yar
+    - thor-hacktools.yar
+    - thor-webshells.yar
    - apt_tetris.yar
    - gen_susp_js_obfuscatorio.yar
    - gen_webshells.yar
+    - gen_vcruntime140_dll_sideloading.yar
    - generic_anomalies.yar
    - general_cloaking.yar
    - thor_inverse_matches.yar
+    - yara-rules_vuln_drivers_strict_renamed.yar
    - yara_mixed_ext_vars.yar
    - apt_apt27_hyperbro.yar
    - apt_turla_gazer.yar
@@ -18,4 +49,5 @@ strelka:
    - gen_webshells_ext_vars.yar
    - configured_vulns_ext_vars.yar
    - expl_outlook_cve_2023_23397.yar
+    - expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar
    - gen_mal_3cx_compromise_mar23.yar
--- a/sigs/securityonion-2.3.300-20240401.iso.sig
+++ b/sigs/securityonion-2.3.300-20240401.iso.sig
@@ -1 +1 @@
 .3.290
 .3.300