CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update Stuff Round 2

Browse Source
This commit is contained in:
Mike Reeves
2020-03-19 13:46:19 -04:00
parent 73be1d0927
commit b48612dd3b
3 changed files with 97 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/common/tools/sbin/soup
View File

@@ -30,7 +30,8 @@ clone_to_tmp() {
# Prompt the user that this requires internets # Prompt the user that this requires internets
clone_to_tmp clone_to_tmp
cd /tmp/soup/securityonion-saltstack cd /tmp/soup/securityonion-saltstack/update
chmod +x soup
./soup ./soup

160
upgrade/so-update-functions
View File

@@ -15,10 +15,71 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
# Set the SO Version # Set the new SO Version
VERSION=1.2.1
UPDATEVERSION=1.2.1
BUILD=HH BUILD=HH
#Determine the current install version
if [ -f /etc/soversion ]; then
OLDVERSION=$(cat /etc/soversion) OLDVERSION=$(cat /etc/soversion)
else
OLDVERSION=1.1.4
fi
# Use the hostname
HOSTNAME=$(hostname)
# List all the containers
if [ $MASTERCHECK != 'so-helix' ]; then
TRUSTED_CONTAINERS=( \
"so-acng:$BUILD$UPDATEVERSION" \
"so-auth-api:$BUILD$UPDATEVERSION" \
"so-auth-ui:$BUILD$UPDATEVERSION" \
"so-core:$BUILD$UPDATEVERSION" \
"so-thehive-cortex:$BUILD$UPDATEVERSION" \
"so-curator:$$BUILD$UPDATEVERSION" \
"so-domainstats:$$BUILD$UPDATEVERSION" \
"so-elastalert:$$BUILD$UPDATEVERSION" \
"so-elasticsearch:$$BUILD$UPDATEVERSION" \
"so-filebeat:$$BUILD$UPDATEVERSION" \
"so-fleet:$$BUILD$UPDATEVERSION" \
"so-fleet-launcher:$$BUILD$UPDATEVERSION" \
"so-freqserver:$$BUILD$UPDATEVERSION" \
"so-grafana:$$BUILD$UPDATEVERSION" \
"so-idstools:$$BUILD$UPDATEVERSION" \
"so-influxdb:$$BUILD$UPDATEVERSION" \
"so-kibana:$$BUILD$UPDATEVERSION" \
"so-logstash:$$BUILD$UPDATEVERSION" \
"so-mysql:$$BUILD$UPDATEVERSION" \
"so-navigator:$$BUILD$UPDATEVERSION" \
"so-playbook:$$BUILD$UPDATEVERSION" \
"so-redis:$$BUILD$UPDATEVERSION" \
"so-sensoroni:$$BUILD$UPDATEVERSION" \
"so-soctopus:$$BUILD$UPDATEVERSION" \
"so-steno:$$BUILD$UPDATEVERSION" \
"so-strelka:$$BUILD$UPDATEVERSION" \
"so-suricata:$$BUILD$UPDATEVERSION" \
"so-telegraf:$$BUILD$UPDATEVERSION" \
"so-thehive:$$BUILD$UPDATEVERSION" \
"so-thehive-es:$$BUILD$UPDATEVERSION" \
"so-wazuh:$$BUILD$UPDATEVERSION" \
"so-zeek:$$BUILD$UPDATEVERSION" )
else
TRUSTED_CONTAINERS=( \
"so-core:$$BUILD$UPDATEVERSION" \
"so-filebeat:$$BUILD$UPDATEVERSION" \
"so-idstools:$$BUILD$UPDATEVERSION" \
"so-logstash:$$BUILD$UPDATEVERSION" \
"so-redis:$$BUILD$UPDATEVERSION" \
"so-sensoroni:$$BUILD$UPDATEVERSION" \
"so-steno:$$BUILD$UPDATEVERSION" \
"so-suricata:$$BUILD$UPDATEVERSION" \
"so-telegraf:$$BUILD$UPDATEVERSION" \
"so-zeek:$$BUILD$UPDATEVERSION" )
fi
clone_to_tmp() { clone_to_tmp() {
@@ -28,9 +89,20 @@ clone_to_tmp() {
cd /tmp/sogh cd /tmp/sogh
#git clone -b dev https://github.com/Security-Onion-Solutions/securityonion-saltstack.git #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack.git git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
cd /tmp
} }
copy_new_files() {
# Copy new files over to the salt dir
cd /tmp/sogh/securityonion-saltstack
rsync -a --exclude-from 'exclude-list.txt' salt /opt/so/saltstack/
chown -R socore:socore /opt/so/saltstack/salt
chmod 755 /opt/so/saltstack/pillar/firewall/addfirewall.sh
cd /tmp
}
detect_os() { detect_os() {
# Detect Base OS # Detect Base OS
@@ -58,10 +130,6 @@ detect_os() {
echo "We do not support your current version of Ubuntu" echo "We do not support your current version of Ubuntu"
exit exit
fi fi
# Install network manager so we can do interface stuff
apt install -y network-manager
/bin/systemctl enable network-manager
/bin/systemctl start network-manager
else else
echo "We were unable to determine if you are using a supported OS." >> $UPDATELOG 2>&1 echo "We were unable to determine if you are using a supported OS." >> $UPDATELOG 2>&1
exit exit
@@ -71,6 +139,22 @@ detect_os() {
} }
master_check() {
# Check to see if this is a master
MASTERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
if [ $MASTERCHECK == 'so-eval' OR $MASTERCHECK == 'so-master' OR $MASTERCHECK == 'so-mastersearch' ]; then
echo "This is a master. We can proceed"
else
echo "Please run soup on the master. The master controls all updates."
exit
}
salt_highstate() {
salt-call state.highstate
}
update_held_packages() { update_held_packages() {
if [ $OS == "centos" ] if [ $OS == "centos" ]
@@ -97,55 +181,8 @@ update_all_packages() {
} }
update_docker_containers() { update_docker_containers() {
if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then
TRUSTED_CONTAINERS=( \
"so-acng:$BUILD$VERSION" \
"so-auth-api:$BUILD$VERSION" \
"so-auth-ui:$BUILD$VERSION" \
"so-core:$BUILD$VERSION" \
"so-thehive-cortex:$BUILD$VERSION" \
"so-curator:$BUILD$VERSION" \
"so-domainstats:$BUILD$VERSION" \
"so-elastalert:$BUILD$VERSION" \
"so-elasticsearch:$BUILD$VERSION" \
"so-filebeat:$BUILD$VERSION" \
"so-fleet:$BUILD$VERSION" \
"so-fleet-launcher:$BUILD$VERSION" \
"so-freqserver:$BUILD$VERSION" \
"so-grafana:$BUILD$VERSION" \
"so-idstools:$BUILD$VERSION" \
"so-influxdb:$BUILD$VERSION" \
"so-kibana:$BUILD$VERSION" \
"so-logstash:$BUILD$VERSION" \
"so-mysql:$BUILD$VERSION" \
"so-navigator:$BUILD$VERSION" \
"so-playbook:$BUILD$VERSION" \
"so-redis:$BUILD$VERSION" \
"so-sensoroni:$BUILD$VERSION" \
"so-soctopus:$BUILD$VERSION" \
"so-steno:$BUILD$VERSION" \
#"so-strelka:$BUILD$VERSION" \
"so-suricata:$BUILD$VERSION" \
"so-telegraf:$BUILD$VERSION" \
"so-thehive:$BUILD$VERSION" \
"so-thehive-es:$BUILD$VERSION" \
"so-wazuh:$BUILD$VERSION" \
"so-zeek:$BUILD$VERSION" )
else
TRUSTED_CONTAINERS=( \
"so-core:$BUILD$VERSION" \
"so-filebeat:$BUILD$VERSION" \
"so-idstools:$BUILD$VERSION" \
"so-logstash:$BUILD$VERSION" \
"so-redis:$BUILD$VERSION" \
"so-sensoroni:$BUILD$VERSION" \
"so-steno:$BUILD$VERSION" \
"so-suricata:$BUILD$VERSION" \
"so-telegraf:$BUILD$VERSION" \
"so-zeek:$BUILD$VERSION" )
fi
# Download the container from the interwebs # Download the containers from the interwebs
for i in "${TRUSTED_CONTAINERS[@]}" for i in "${TRUSTED_CONTAINERS[@]}"
do do
# Pull down the trusted docker image # Pull down the trusted docker image
@@ -163,21 +200,8 @@ update_docker_containers() {
done done
} }
update_hh_version() { update_hh_version() {
# Change the version number in the static pillar # Change the version number in the static pillar
} }
# Clone github
mkdir /tmp/sogh
cd /tmp/sogh
#git clone -b dev https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
cd securityonion-saltstack
rsync -a --exclude-from 'exclude-list.txt' salt /opt/so/saltstack/
chown -R socore:socore /opt/so/saltstack/salt
chmod 755 /opt/so/saltstack/pillar/firewall/addfirewall.sh
cd ~
rm -rf /tmp/sogh
# Run so-elastic-download here and call this soup with some magic
salt-call state.highstate

1
upgrade/soup
View File

@@ -19,6 +19,7 @@ SCRIPTDIR=$(dirname "$0")
source $SCRIPTDIR/so-update-functions source $SCRIPTDIR/so-update-functions
# Update Packages # Update Packages
master_check
update_all_packages update_all_packages
update_held_packages update_held_packages