From e7d8df499c0e946a4a38816930f09bff2937f2d7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 28 May 2021 12:55:57 -0400 Subject: [PATCH 1/9] Update HOTFIX --- HOTFIX | 1 + 1 file changed, 1 insertion(+) diff --git a/HOTFIX b/HOTFIX index e69de29bb..c71108e4c 100644 --- a/HOTFIX +++ b/HOTFIX @@ -0,0 +1 @@ +ZEEKCORE From eac5c604bd778c00e3b64c4578390c7b64e775c6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 28 May 2021 12:57:35 -0400 Subject: [PATCH 2/9] Update packetloss.sh --- salt/zeek/cron/packetloss.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/zeek/cron/packetloss.sh b/salt/zeek/cron/packetloss.sh index 0a3df7a18..e30c802d9 100755 --- a/salt/zeek/cron/packetloss.sh +++ b/salt/zeek/cron/packetloss.sh @@ -1,2 +1,2 @@ #!/bin/bash -/usr/bin/docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin runuser -l zeek -c '/opt/zeek/bin/zeekctl netstats' | awk '{print $(NF-2),$(NF-1),$NF}' | awk -F '[ =]' '{RCVD += $2;DRP += $4;TTL += $6} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/zeek/logs/packetloss.log 2>&1 +/usr/bin/docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin /opt/zeek/bin/zeekctl netstats | awk '{print $(NF-2),$(NF-1),$NF}' | awk -F '[ =]' '{RCVD += $2;DRP += $4;TTL += $6} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/zeek/logs/packetloss.log 2>&1 From 91c8a7c65bc6766633b9a9fe21d618ea5d625302 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 1 Jun 2021 12:06:02 -0400 Subject: [PATCH 3/9] Use correct syntax for tar to drop directory structure --- salt/common/tools/sbin/soup | 2 +- setup/so-functions | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 8e7f70517..a3c8e5105 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -217,7 +217,7 @@ generate_and_clean_tarballs() { local new_version new_version=$(cat $UPDATE_DIR/VERSION) [ -d /opt/so/repo ] || mkdir -p /opt/so/repo - tar -czf "/opt/so/repo/$new_version.tar.gz" "$UPDATE_DIR" + tar -czf "/opt/so/repo/$new_version.tar.gz" -C "$UPDATE_DIR" . find "/opt/so/repo" -type f -not -name "$new_version.tar.gz" -exec rm -rf {} \; } diff --git a/setup/so-functions b/setup/so-functions index ecf7a153d..2c256adbf 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1425,7 +1425,7 @@ generate_passwords(){ generate_repo_tarball() { mkdir /opt/so/repo - tar -czf /opt/so/repo/"$SOVERSION".tar.gz ../. + tar -czf /opt/so/repo/"$SOVERSION".tar.gz -C "$(pwd)/.." . } generate_sensor_vars() { From ff10432124ca67e31bb8f5ceae86b42e1e84ba25 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 3 Jun 2021 10:57:20 -0400 Subject: [PATCH 4/9] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index a986af08b..b71263f08 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.51 +2.3.52 From 2f34e7eeedcb239ef9880552af55ece73fc10128 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 3 Jun 2021 11:04:10 -0400 Subject: [PATCH 5/9] Update HOTFIX --- HOTFIX | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HOTFIX b/HOTFIX index c71108e4c..d3f5a12fa 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ -ZEEKCORE + From 31365b266a8cffd8c8639d5fef78083d46abb89d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 3 Jun 2021 13:53:11 -0400 Subject: [PATCH 6/9] Update so-zeek-stats --- salt/common/tools/sbin/so-zeek-stats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-zeek-stats b/salt/common/tools/sbin/so-zeek-stats index d3e9b40a6..d5bcf3ca9 100755 --- a/salt/common/tools/sbin/so-zeek-stats +++ b/salt/common/tools/sbin/so-zeek-stats @@ -24,11 +24,11 @@ show_stats() { echo echo "Average throughput:" echo - docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin runuser -l zeek -c '/opt/zeek/bin/zeekctl capstats' + docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin /opt/zeek/bin/zeekctl capstats echo echo "Average packet loss:" echo - docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin runuser -l zeek -c '/opt/zeek/bin/zeekctl netstats' + docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin /opt/zeek/bin/zeekctl netstats echo } From 9f98b8ad2f3e4e1536a72cdd6181138a5ce2d70f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 4 Jun 2021 10:59:18 -0400 Subject: [PATCH 7/9] 2.3.52 --- README.md | 4 ++-- VERIFY_ISO.md | 16 ++++++++-------- sigs/securityonion-2.3.52.iso.sig | Bin 0 -> 543 bytes 3 files changed, 10 insertions(+), 10 deletions(-) create mode 100644 sigs/securityonion-2.3.52.iso.sig diff --git a/README.md b/README.md index d71e83575..2bf903fa2 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.51 +## Security Onion 2.3.52 -Security Onion 2.3.51 is here! +Security Onion 2.3.52 is here! ## Screenshots diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 018d9e916..a5ddcf2ff 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,17 +1,17 @@ -### 2.3.51 ISO image built on 2021/04/27 +### 2.3.52 ISO image built on 2021/04/27 ### Download and Verify -2.3.51 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.51.iso +2.3.52 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.52.iso MD5: 7CFB525BEFC0A9F2ED148F5831E387FA SHA1: 8CC34FCCC36822B309B8168AA706B3D1EC7F3BFD SHA256: 9892C2546C9AE5A48015160F379B070F0BE30C89693B97F3F1E1592DDCE1DEE0 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.51.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.52.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.51.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.52.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.51.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.52.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.51.iso.sig securityonion-2.3.51.iso +gpg --verify securityonion-2.3.52.iso.sig securityonion-2.3.52.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 20 May 2021 07:49:57 AM EDT using RSA key ID FE507013 +gpg: Signature made Thu 03 Jun 2021 03:28:42 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.52.iso.sig b/sigs/securityonion-2.3.52.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..f011e4354d6d303b2227b4b772d2a1342825bc2c GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;8XEouM?2@re`V7LBIa1%{{5CEVcft%={l*p?m?%(I9 zPz~*uWF;i5EjKw9Q}DxaxqAzFej-5_b_C{lw1DpW#?UdRN7N)5gUsySq$&!a!9BJ| zHzCDq9aKa!&yO`B6g|Bbv+E#@|2Z}TqWj{ZV2!J19!P~bjoPi%YHQgBm2N3TEtQf) zlq}lW4Z8nmX+EbqG6Pf!x{*j$vkuJlbaVC&Dd?=_pJX==$Imh*VFA}w39w#dGqCfE zA#0l2qHWtSY0N?olqLlQ-8$aotIjemds>74l1PZ!wUu+(eqin!{mD8zVaSZyMASp6 zJ=g*Fm~3XxHPpm>C_z#PMFc$c9U)l`{yQ_u|+#^m> z!CMCk#P`{>^9c!Ls|oj~#Vrg>8iQrNJoNHR({Gm>226^jeYcgVb`YNU8-hgECW*C= z#|W-gU)h%$)%rrXpuvf0%fE>mlgpg4ccFlg*hZc#a6JEjcj5QF zCv}oVf$)E$iKeeC`I;BxNBh`ZukonShMZ-G&7LwlJc+7b& h Date: Fri, 4 Jun 2021 11:03:08 -0400 Subject: [PATCH 8/9] 2.3.52 --- VERIFY_ISO.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index a5ddcf2ff..d44854ba0 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -6,9 +6,9 @@ 2.3.52 ISO image: https://download.securityonion.net/file/securityonion/securityonion-2.3.52.iso -MD5: 7CFB525BEFC0A9F2ED148F5831E387FA -SHA1: 8CC34FCCC36822B309B8168AA706B3D1EC7F3BFD -SHA256: 9892C2546C9AE5A48015160F379B070F0BE30C89693B97F3F1E1592DDCE1DEE0 +MD5: 93E5E0D4BBDCEC970695F3BD7B4E063A +SHA1: 5A8D5EB4163639BCBEC6312CCE9DEAC24118154E +SHA256: 963054DCB251598591CF9367BA21BFB8EB2AECFBEDE81FCFB6DDACCD25B5BC6B Signature for ISO image: https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.52.iso.sig From e3c16147cea706212ec85ec08e4ae011d5cecc52 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 7 Jun 2021 09:34:22 -0400 Subject: [PATCH 9/9] 2.3.52 --- VERIFY_ISO.md | 8 ++++---- sigs/securityonion-2.3.52.iso.sig | Bin 543 -> 543 bytes 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index d44854ba0..760df9329 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -6,9 +6,9 @@ 2.3.52 ISO image: https://download.securityonion.net/file/securityonion/securityonion-2.3.52.iso -MD5: 93E5E0D4BBDCEC970695F3BD7B4E063A -SHA1: 5A8D5EB4163639BCBEC6312CCE9DEAC24118154E -SHA256: 963054DCB251598591CF9367BA21BFB8EB2AECFBEDE81FCFB6DDACCD25B5BC6B +MD5: DF0CCCB0331780F472CC167AEAB55652 +SHA1: 71FAE87E6C0AD99FCC27C50A5E5767D3F2332260 +SHA256: 30E7C4206CC86E94D1657CBE420D2F41C28BC4CC63C51F27C448109EBAF09121 Signature for ISO image: https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.52.iso.sig @@ -40,7 +40,7 @@ gpg --verify securityonion-2.3.52.iso.sig securityonion-2.3.52.iso The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 03 Jun 2021 03:28:42 PM EDT using RSA key ID FE507013 +gpg: Signature made Sat 05 Jun 2021 06:56:04 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.52.iso.sig b/sigs/securityonion-2.3.52.iso.sig index f011e4354d6d303b2227b4b772d2a1342825bc2c..bd18b5eeae1af0506309e705a5080e2b46a57b31 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;8a0R#XF2@re`V7LBIa1-Wj5C1}2Vv&dW;~UU-W(JVS z%6bk+`W4Qxt>kfrQyhhyD4$M%2H+pjddko*lY}9yck`GrG9t~3-hM`MV%6pct#w0V z1nU()^>bNd2xmW9UDTuet-}7=uv)849}eQysBa!XI=f-;pyR@3Pcr<^h2!iicSBP* z5`N8ClZG%qoOUk|D7d&U7$?NI^7 z`!PVvwhO2=8BK%m@KJu5UxO^%l|HwUAyYhGV^l~2#s6wimZMk2x3ZDTvr6qO3&JO@ zJ$@Rvu`XY!o8ii4q{Ra78V#OG*+Hu!U_mJkikZS|b$uID6f45Q+f3 z5-czVLWhjD+eM1;T52>(cIyvZF0A2EhOyy&*knpA@R5K&RKsJxI^HA1`e{%Jf85hg h3G#K4Sr(h7)<`0yrsE@)`v{TK*B09;X7=Q9E#JA^1K74l1PZ!wUu+(eqin!{mD8zVaSZyMASp6 zJ=g*Fm~3XxHPpm>C_z#PMFc$c9U)l`{yQ_u|+#^m> z!CMCk#P`{>^9c!Ls|oj~#Vrg>8iQrNJoNHR({Gm>226^jeYcgVb`YNU8-hgECW*C= z#|W-gU)h%$)%rrXpuvf0%fE>mlgpg4ccFlg*hZc#a6JEjcj5QF zCv}oVf$)E$iKeeC`I;BxNBh`ZukonShMZ-G&7LwlJc+7b& h