diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index 93b13ec44..cbc0bd4e5 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -51,115 +51,3 @@ check_password() {
echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1
return $?
}
-
-container_list() {
- MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
- if [ $MANAGERCHECK == 'so-import' ]; then
- TRUSTED_CONTAINERS=( \
- "so-idstools" \
- "so-nginx" \
- "so-filebeat" \
- "so-suricata" \
- "so-soc" \
- "so-elasticsearch" \
- "so-kibana" \
- "so-kratos" \
- "so-suricata" \
- "so-registry" \
- "so-pcaptools" \
- "so-zeek" )
- elif [ $MANAGERCHECK != 'so-helix' ]; then
- TRUSTED_CONTAINERS=( \
- "so-acng" \
- "so-thehive-cortex" \
- "so-curator" \
- "so-domainstats" \
- "so-elastalert" \
- "so-elasticsearch" \
- "so-filebeat" \
- "so-fleet" \
- "so-fleet-launcher" \
- "so-freqserver" \
- "so-grafana" \
- "so-idstools" \
- "so-influxdb" \
- "so-kibana" \
- "so-kratos" \
- "so-logstash" \
- "so-minio" \
- "so-mysql" \
- "so-nginx" \
- "so-pcaptools" \
- "so-playbook" \
- "so-redis" \
- "so-soc" \
- "so-soctopus" \
- "so-steno" \
- "so-strelka-frontend" \
- "so-strelka-manager" \
- "so-strelka-backend" \
- "so-strelka-filestream" \
- "so-suricata" \
- "so-telegraf" \
- "so-thehive" \
- "so-thehive-es" \
- "so-wazuh" \
- "so-zeek" )
- else
- TRUSTED_CONTAINERS=( \
- "so-filebeat" \
- "so-idstools" \
- "so-logstash" \
- "so-nginx" \
- "so-redis" \
- "so-steno" \
- "so-suricata" \
- "so-telegraf" \
- "so-zeek" )
- fi
-}
-
-update_docker_containers() {
- # Let's make sure we have the public key
- curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import -
-
- CONTAINER_REGISTRY=quay.io
- SIGNPATH=/root/sosigs
- rm -rf $SIGNPATH
- mkdir -p $SIGNPATH
- if [ -z "$BRANCH" ]; then
- BRANCH="master"
- fi
- # Download the containers from the interwebs
- for i in "${TRUSTED_CONTAINERS[@]}"
- do
- # Pull down the trusted docker image
- echo "Downloading $i"
- docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i
-
- # Get signature
- curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$i.gpg --output $SIGNPATH/$i.gpg
- if [[ $? -ne 0 ]]; then
- echo "Unable to pull signature file for $i"
- exit 1
- fi
- # Dump our hash values
- docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i | jq '.[0].Created, .[0].Id, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt
- if [[ $? -ne 0 ]]; then
- echo "Unable to inspect $i"
- exit 1
- fi
- GPGTEST=$(gpg --verify $SIGNPATH/$i.gpg $SIGNPATH/$i.txt 2>&1)
- if [[ $? -eq 0 ]]; then
- # Tag it with the new registry destination
- docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i
- docker push $HOSTNAME:5000/$IMAGEREPO/$i
- else
- echo "There is a problem downloading the $i image. Details: "
- echo ""
- echo $GPGTEST
- exit 1
- fi
- done
-
-}
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh
index 37908fffc..b39513990 100755
--- a/salt/common/tools/sbin/so-docker-refresh
+++ b/salt/common/tools/sbin/so-docker-refresh
@@ -16,6 +16,7 @@
# along with this program. If not, see .
. /usr/sbin/so-common
+. /usr/sbin/so-image-common
manager_check() {
# Check to see if this is a manager
diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common
new file mode 100755
index 000000000..a739ec889
--- /dev/null
+++ b/salt/common/tools/sbin/so-image-common
@@ -0,0 +1,128 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+container_list() {
+ MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
+ if [ $MANAGERCHECK == 'so-import' ]; then
+ TRUSTED_CONTAINERS=( \
+ "so-idstools" \
+ "so-nginx" \
+ "so-filebeat" \
+ "so-suricata" \
+ "so-soc" \
+ "so-elasticsearch" \
+ "so-kibana" \
+ "so-kratos" \
+ "so-suricata" \
+ "so-registry" \
+ "so-pcaptools" \
+ "so-zeek" )
+ elif [ $MANAGERCHECK != 'so-helix' ]; then
+ TRUSTED_CONTAINERS=( \
+ "so-acng" \
+ "so-thehive-cortex" \
+ "so-curator" \
+ "so-domainstats" \
+ "so-elastalert" \
+ "so-elasticsearch" \
+ "so-filebeat" \
+ "so-fleet" \
+ "so-fleet-launcher" \
+ "so-freqserver" \
+ "so-grafana" \
+ "so-idstools" \
+ "so-influxdb" \
+ "so-kibana" \
+ "so-kratos" \
+ "so-logstash" \
+ "so-minio" \
+ "so-mysql" \
+ "so-nginx" \
+ "so-pcaptools" \
+ "so-playbook" \
+ "so-redis" \
+ "so-soc" \
+ "so-soctopus" \
+ "so-steno" \
+ "so-strelka-frontend" \
+ "so-strelka-manager" \
+ "so-strelka-backend" \
+ "so-strelka-filestream" \
+ "so-suricata" \
+ "so-telegraf" \
+ "so-thehive" \
+ "so-thehive-es" \
+ "so-wazuh" \
+ "so-zeek" )
+ else
+ TRUSTED_CONTAINERS=( \
+ "so-filebeat" \
+ "so-idstools" \
+ "so-logstash" \
+ "so-nginx" \
+ "so-redis" \
+ "so-steno" \
+ "so-suricata" \
+ "so-telegraf" \
+ "so-zeek" )
+ fi
+}
+
+update_docker_containers() {
+ # Let's make sure we have the public key
+ curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import -
+
+ CONTAINER_REGISTRY=quay.io
+ SIGNPATH=/root/sosigs
+ rm -rf $SIGNPATH
+ mkdir -p $SIGNPATH
+ if [ -z "$BRANCH" ]; then
+ BRANCH="master"
+ fi
+ # Download the containers from the interwebs
+ for i in "${TRUSTED_CONTAINERS[@]}"
+ do
+ # Pull down the trusted docker image
+ echo "Downloading $i"
+ docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i
+
+ # Get signature
+ curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$i.gpg --output $SIGNPATH/$i.gpg
+ if [[ $? -ne 0 ]]; then
+ echo "Unable to pull signature file for $i"
+ exit 1
+ fi
+ # Dump our hash values
+ docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i | jq '.[0].Created, .[0].Id, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt
+ if [[ $? -ne 0 ]]; then
+ echo "Unable to inspect $i"
+ exit 1
+ fi
+ GPGTEST=$(gpg --verify $SIGNPATH/$i.gpg $SIGNPATH/$i.txt 2>&1)
+ if [[ $? -eq 0 ]]; then
+ # Tag it with the new registry destination
+ docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i
+ docker push $HOSTNAME:5000/$IMAGEREPO/$i
+ else
+ echo "There is a problem downloading the $i image. Details: "
+ echo ""
+ echo $GPGTEST
+ exit 1
+ fi
+ done
+
+}
\ No newline at end of file
diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index ab90653d1..538ac1c56 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -16,6 +16,7 @@
# along with this program. If not, see .
. /usr/sbin/so-common
+. /usr/sbin/so-image-common
UPDATE_DIR=/tmp/sogh/securityonion
INSTALLEDVERSION=$(cat /etc/soversion)
INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'})