From 2e32c0d236efc099ee1f55b12ee7f054d2671497 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 23 Aug 2022 07:00:14 -0400 Subject: [PATCH 1/6] Increment version to 2.3.160 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 70a2b29d7..7401275df 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.150 +2.3.160 From 2128550df22f573e2d92f9dcf68e82ce4a8b093a Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 26 Aug 2022 07:50:08 -0400 Subject: [PATCH 2/6] increment to 2.3.160 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 170bb0039..cfb90fe85 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.150 +## Security Onion 2.3.160 -Security Onion 2.3.150 is here! +Security Onion 2.3.160 is here! ## Screenshots From 30b9868de105135a46462e62673ebebedb0e191b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 29 Aug 2022 09:32:46 -0400 Subject: [PATCH 3/6] Update soup --- salt/common/tools/sbin/soup | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 51eaafa52..b78816e87 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -544,6 +544,8 @@ preupgrade_changes() { [[ "$INSTALLEDVERSION" == 2.3.110 ]] && up_to_2.3.120 [[ "$INSTALLEDVERSION" == 2.3.120 ]] && up_to_2.3.130 [[ "$INSTALLEDVERSION" == 2.3.130 ]] && up_to_2.3.140 + [[ "$INSTALLEDVERSION" == 2.3.140 ]] && up_to_2.3.150 + [[ "$INSTALLEDVERSION" == 2.3.150 ]] && up_to_2.3.160 true } @@ -560,6 +562,8 @@ postupgrade_changes() { [[ "$POSTVERSION" == 2.3.110 ]] && post_to_2.3.120 [[ "$POSTVERSION" == 2.3.120 ]] && post_to_2.3.130 [[ "$POSTVERSION" == 2.3.130 ]] && post_to_2.3.140 + [[ "$POSTVERSION" == 2.3.140 ]] && post_to_2.3.150 + [[ "$POSTVERSION" == 2.3.150 ]] $$ post_to_2.3.160 true @@ -644,7 +648,13 @@ post_to_2.3.140() { POSTVERSION=2.3.140 } +post_to_2.3.150() { + echo "Nothing to do for .150" +} +post_to_2.3.160() { + echo "Nothing to do for .160" +} stop_salt_master() { # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts @@ -920,6 +930,16 @@ up_to_2.3.140() { INSTALLEDVERSION=2.3.140 } +up_to_2.3.150() { + echo "Upgrading to 2.3.150" + INSTALLEDVERSION=2.3.150 +} + +up_to_2.3.160() { + echo "Upgrading to 2.3.160" + INSTALLEDVERSION=2.3.160 +} + verify_upgradespace() { CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') if [ "$CURRENTSPACE" -lt "10" ]; then From 8a0e92cc6f63e8121f98d99447d3f15524b77a86 Mon Sep 17 00:00:00 2001 From: weslambert Date: Mon, 29 Aug 2022 09:37:29 -0400 Subject: [PATCH 4/6] Add 'gen_webshells.yar' and re-arrange to put ignored rules in alphabetical order --- salt/strelka/defaults.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/salt/strelka/defaults.yaml b/salt/strelka/defaults.yaml index 2a3805283..2ac90ede3 100644 --- a/salt/strelka/defaults.yaml +++ b/salt/strelka/defaults.yaml @@ -1,9 +1,10 @@ strelka: ignore: + - apt_flame2_orchestrator.yar + - apt_tetris.yar + - gen_susp_js_obfuscatorio.yar + - gen_webshells.yar - generic_anomalies.yar - general_cloaking.yar - thor_inverse_matches.yar - yara_mixed_ext_vars.yar - - gen_susp_js_obfuscatorio.yar - - apt_flame2_orchestrator.yar - - apt_tetris.yar From e62bebeafe74e94151a5328ee05de127cf99d05a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 29 Aug 2022 09:39:41 -0400 Subject: [PATCH 5/6] Update soup --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index b78816e87..ba0d6a778 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -563,7 +563,7 @@ postupgrade_changes() { [[ "$POSTVERSION" == 2.3.120 ]] && post_to_2.3.130 [[ "$POSTVERSION" == 2.3.130 ]] && post_to_2.3.140 [[ "$POSTVERSION" == 2.3.140 ]] && post_to_2.3.150 - [[ "$POSTVERSION" == 2.3.150 ]] $$ post_to_2.3.160 + [[ "$POSTVERSION" == 2.3.150 ]] && post_to_2.3.160 true From 33cb771780fa10665ba72691892fa58ec41da7ba Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 29 Aug 2022 14:56:43 -0400 Subject: [PATCH 6/6] 2.3.160 --- VERIFY_ISO.md | 22 ++++++++++---------- sigs/securityonion-2.3.160-20220829.iso.sig | Bin 0 -> 543 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.3.160-20220829.iso.sig diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 0ff07c6e3..fb05d5c30 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.150-20220820 ISO image built on 2022/08/20 +### 2.3.160-20220829 ISO image built on 2022/08/29 ### Download and Verify -2.3.150-20220820 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.150-20220820.iso +2.3.160-20220829 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.160-20220829.iso -MD5: D2C0B67F19C18F0AB6FD1EC9B1E4034A -SHA1: F14BF42C6C634BDECA654B169FE6815BB6798F70 -SHA256: 9E37E5CCCBD209486EB79E8F991DE83F64E2208D32E5B56F8E0A6C3933EB42AC +MD5: CED26ED960F4F778DB59FB9A4AEC88A7 +SHA1: FF4934B4C76277A88366129FB5F1373A5CF27009 +SHA256: 5648846866676F7C92DA0BDBB0503EF9C73E2C58A3C11FE87F041C100A22F795 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.150-20220820.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.160-20220829.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.150-20220820.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.160-20220829.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.150-20220820.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.160-20220829.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.150-20220820.iso.sig securityonion-2.3.150-20220820.iso +gpg --verify securityonion-2.3.160-20220829.iso.sig securityonion-2.3.160-20220829.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Sat 20 Aug 2022 08:07:10 PM EDT using RSA key ID FE507013 +gpg: Signature made Mon 29 Aug 2022 12:03:30 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.160-20220829.iso.sig b/sigs/securityonion-2.3.160-20220829.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..56e08f1cd7c2b4138e880bb5abca668b278a72b9 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;FX<5B<$2@re`V7LBIa1-885C2Rt!}2`ZHcre#^!Tf*1go#VG)}<# z4hPWBYcjVnHCVA+W`_2w3h1ngv9yjS?U%i`>ln*Hm&5h9iiE{C__a(v6G=T71;&+~ zNY*PbcgK#5hABiBynHW6vpRJ2oA$+tpQCOph@ImY8CVcb0YmS4P{?QA9;rj*^^Sbu z%)}R0ZFG5~ExItX;_(4O3bAq3q!O2PPV!y^!;X9ijBV$kI}Gct3?v@o9dEB$BzhYU zd^bT23dpk`sYr!Cgwg(81CgNXkANulJMKyB-ug&Q%eNvz)u8dX!GtZAsl@|~nNs8$ zi0mt<_&pfG6cDUi$I*;ex31GoC^H4sT0TW2E0q0^CD-gH2qh}#2