diff --git a/DOWNLOAD_AND_VERIFY_ISO.md b/DOWNLOAD_AND_VERIFY_ISO.md index a0ea874fa..bae49c4ac 100644 --- a/DOWNLOAD_AND_VERIFY_ISO.md +++ b/DOWNLOAD_AND_VERIFY_ISO.md @@ -1,17 +1,17 @@ -### 3.1.0-20260521 ISO image released on 2026/05/21 +### 3.1.0-20260528 ISO image released on 2026/05/28 ### Download and Verify -3.1.0-20260521 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-3.1.0-20260521.iso +3.1.0-20260528 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-3.1.0-20260528.iso -MD5: A853BC118639ABCE1795D6E313BFFBDE -SHA1: FCA615AD6E31710B33AE5870FEF447861FDB3B8F -SHA256: CE2A5947274D9ED2C5068A1FD46B64C4FEF70445EA9B61A98DD3621781329F2C +MD5: 9D6FF58DEEE24089D722C73169765B3E +SHA1: 2B8B816B6CEC3B7F96B3C5E040EBF502DD2C412F +SHA256: 62FAB57E247C843D6A04F0796D8162C732B65D82FC3E4A59D087135B9FD32912 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/3/main/sigs/securityonion-3.1.0-20260521.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/3/main/sigs/securityonion-3.1.0-20260528.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/3/main/KEYS @@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/3/ Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/3/main/sigs/securityonion-3.1.0-20260521.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/3/main/sigs/securityonion-3.1.0-20260528.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-3.1.0-20260521.iso +wget https://download.securityonion.net/file/securityonion/securityonion-3.1.0-20260528.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-3.1.0-20260521.iso.sig securityonion-3.1.0-20260521.iso +gpg --verify securityonion-3.1.0-20260528.iso.sig securityonion-3.1.0-20260528.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 21 May 2026 11:10:01 AM EDT using RSA key ID FE507013 +gpg: Signature made Wed 27 May 2026 03:03:59 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/HOTFIX b/HOTFIX index e69de29bb..8b1378917 100644 --- a/HOTFIX +++ b/HOTFIX @@ -0,0 +1 @@ + diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index c31891f1d..135c51276 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -535,6 +535,23 @@ elasticfleet_set_agent_logging_level_warn() { done <<< "$policies_to_update" } +update_logstash_pipeline_name() { + local original_pipeline_name="$1" + local new_pipeline_name="$2" + + echo "Checking for conflicting logstash defined_pipelines pillar value." + local LOGSTASH_FILE=/opt/so/saltstack/local/pillar/logstash/soc_logstash.sls + local MINIONDIR=/opt/so/saltstack/local/pillar/minions + for pillar_file in "$LOGSTASH_FILE" "$MINIONDIR"/*.sls; do + [[ -f "$pillar_file" ]] || continue + if grep -q "$original_pipeline_name$" "$pillar_file"; then + echo "Found conflicting defined_pipeline pillar value in $pillar_file. Updating to use the new logstash pipeline name." + sed -i "s#$original_pipeline_name\$#$new_pipeline_name#g" "$pillar_file" + chown socore:socore "$pillar_file" + fi + done +} + check_transform_health_and_reauthorize() { . /usr/sbin/so-elastic-fleet-common @@ -678,6 +695,10 @@ rename_strelka_scan_lnk() { rm -f "$TMP_VALUE_FILE" } +fix_logstash_0013_lumberjack_pipeline_name() { + update_logstash_pipeline_name "so/0013_input_lumberjack_fleet.conf" "so/0013_input_lumberjack_fleet.conf.jinja" +} + up_to_3.1.0() { ensure_postgres_local_pillar ensure_postgres_secret @@ -686,6 +707,7 @@ up_to_3.1.0() { # Clear existing component template state file. rm -f /opt/so/state/esfleet_component_templates.json rename_strelka_scan_lnk + fix_logstash_0013_lumberjack_pipeline_name INSTALLEDVERSION=3.1.0 } @@ -1177,7 +1199,7 @@ verify_es_version_compatibility() { while IFS= read -r heavynode_minion; do [[ -z "$heavynode_minion" ]] && continue - if ! echo "$HEAVYNODE_ES_VERSIONS" | jq -e --arg minion "$heavynode_minion" 'has($minion)' > /dev/null; then + if ! echo "$HEAVYNODE_ES_VERSIONS" | jq -se --arg minion "$heavynode_minion" 'add | has($minion)' > /dev/null; then echo "Heavynode $heavynode_minion did not report an Elasticsearch version. It may be offline or still upgrading." all_heavynodes_compatible=false fi @@ -1544,7 +1566,13 @@ EOF # Keeping this block in case we need to do a hotfix that requires salt update apply_hotfix() { - echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)" + if [[ "$INSTALLEDVERSION" == "3.1.0" ]] ; then + # Do not remove this fix_logstash_0013_lumberjack_pipeline_name in future hotfixes without first validating older + # installs referencing "so/0013_input_lumberjack_fleet.conf" via pillar are upgradable + fix_logstash_0013_lumberjack_pipeline_name + else + echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)" + fi } failed_soup_restore_items() { diff --git a/sigs/securityonion-3.1.0-20260528.iso.sig b/sigs/securityonion-3.1.0-20260528.iso.sig new file mode 100644 index 000000000..e4bead44d Binary files /dev/null and b/sigs/securityonion-3.1.0-20260528.iso.sig differ