From 77ca922f6247629722bd4a182a2b2a0f3fb76e86 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 30 Jun 2021 12:37:30 -0400 Subject: [PATCH 1/4] 2.3.60 --- README.md | 4 ++-- VERIFY_ISO.md | 22 +++++++++++----------- sigs/securityonion-2.3.60.iso.sig | Bin 0 -> 543 bytes 3 files changed, 13 insertions(+), 13 deletions(-) create mode 100644 sigs/securityonion-2.3.60.iso.sig diff --git a/README.md b/README.md index bc784dd22..4bff52b20 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.52 +## Security Onion 2.3.60 -Security Onion 2.3.52 is here! +Security Onion 2.3.60 is here! ## Screenshots diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 760df9329..d5664d3a3 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,17 +1,17 @@ -### 2.3.52 ISO image built on 2021/04/27 +### 2.3.60 ISO image built on 2021/04/27 ### Download and Verify -2.3.52 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.52.iso +2.3.60 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.60.iso -MD5: DF0CCCB0331780F472CC167AEAB55652 -SHA1: 71FAE87E6C0AD99FCC27C50A5E5767D3F2332260 -SHA256: 30E7C4206CC86E94D1657CBE420D2F41C28BC4CC63C51F27C448109EBAF09121 +MD5: 77AF432E46B6DE97C17827EB0E6B1ECD +SHA1: 0098C0383D9CA5FCC35F0320F22C3A7F2A171A3E +SHA256: 10869C21A47A162F347069F52DC203C843672A561C2AC303776525FE8A1F28C7 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.52.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.52.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.52.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.60.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.52.iso.sig securityonion-2.3.52.iso +gpg --verify securityonion-2.3.60.iso.sig securityonion-2.3.60.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Sat 05 Jun 2021 06:56:04 PM EDT using RSA key ID FE507013 +gpg: Signature made Wed 30 Jun 2021 10:00:50 AM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.60.iso.sig b/sigs/securityonion-2.3.60.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..e78b79c9ee202d5094116e6dccc1de90bf33ca3a GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;8)c@h8$2@re`V7LBIa1$`c5C3yjE$f@y;U`0PeVXs& z?V=GHs?wVAw^Dw-J~FqmwS>ds4PiZj_|^#wNy}l}H<-Zz5yKLMis&4WEAekO3G%aF zKxv!!En>8Bxj-!E-hNf??Wx+-A$gCx=9ff!mI(jidXQ8GJt!R)rjA&&rl5ZI4nWm? z98#6?dB6WeyUBnHRRU_nGVN(#4C#!o)Uf)33|*4Z$aUN^KQmhq<#!o{if`awzFMDj z+Kv>cec+u`x!$aK?GW>4k-zyvrzCPS^f$xHuRW9P393gzHd{bmSij77HMtpcnG}q5 z;ySXNoUedf=|8xo|ms@FqH}uC90)T0J!?!^FhE5 z$wlqwzEH$@!0rDO3>!6Nu`d20-4$DI#h07d(Ahv7+u7e$N`KzXeuahiA$$!U=}2Wl zzkIt1U?8dK3nLJMV8AJ>mvgDY+Th#b5`Ir?XHmZ52-y^ix`36ntdDqf7Ju$1W)iEW ztr~5dTbt`HYEKk6+s;|&MVrI953swLC literal 0 HcmV?d00001 From 4109cdec5303fea082db2b3435cfd37b391bb7e1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 30 Jun 2021 15:35:01 -0400 Subject: [PATCH 2/4] Refactor so-docker-prune to prevent exceptions when removing images * Prune containers at beginning of script so stopped containers using old images are removed * Add force=True arg to remove() call to ensure an image is still deleted on the off chance a container is still using that image * Add exception handling to continue removing containers instead of exiting if the script fails to remove a container --- salt/common/tools/sbin/so-docker-prune | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-docker-prune b/salt/common/tools/sbin/so-docker-prune index b1c359b58..3ec2a31a9 100755 --- a/salt/common/tools/sbin/so-docker-prune +++ b/salt/common/tools/sbin/so-docker-prune @@ -47,6 +47,10 @@ def get_image_version(string) -> str: def main(quiet): client = docker.from_env() + # Prune old/stopped containers + if not quiet: print('Pruning old containers') + client.container.prune() + image_list = client.images.list(filters={ 'dangling': False }) # Map list of image objects to flattened list of tags (format: "name:version") @@ -74,7 +78,10 @@ def main(quiet): for group in grouped_t_list[2:]: for tag in group: if not quiet: print(f'Removing image {tag}') - client.images.remove(tag) + try: + client.images.remove(tag, force=True) + except docker.errors.ClientError as e: + print(f'Could not remove image {tag}, continuing...') except (docker.errors.APIError, InvalidVersion) as e: print(f'so-{get_so_image_basename(t_list[0])}: {e}', file=sys.stderr) exit(1) From f3041a8d7edfec067fccd4e825c5da907f05fe37 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 30 Jun 2021 16:09:08 -0400 Subject: [PATCH 3/4] Ensure all curl's to Kibana are properly sessioned and/or authenticated depending on elastic auth toggle --- salt/common/tools/sbin/so-kibana-config-export | 4 +++- salt/common/tools/sbin/so-kibana-space-defaults | 4 ++-- salt/kibana/bin/so-kibana-config-load | 4 +++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-kibana-config-export b/salt/common/tools/sbin/so-kibana-config-export index 636c52229..05454cd76 100755 --- a/salt/common/tools/sbin/so-kibana-config-export +++ b/salt/common/tools/sbin/so-kibana-config-export @@ -23,7 +23,9 @@ KIBANA_HOST={{ MANAGER }} KSO_PORT=5601 OUTFILE="saved_objects.ndjson" -curl -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST -L $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE + +SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://$KIBANA_HOST:$KSO_PORT/ | grep sid | awk '{print $7}') +{{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST -L $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE # Clean up using PLACEHOLDER sed -i "s/$KIBANA_HOST/PLACEHOLDER/g" $OUTFILE diff --git a/salt/common/tools/sbin/so-kibana-space-defaults b/salt/common/tools/sbin/so-kibana-space-defaults index 48225e2f4..d90cf0c11 100755 --- a/salt/common/tools/sbin/so-kibana-space-defaults +++ b/salt/common/tools/sbin/so-kibana-space-defaults @@ -4,10 +4,10 @@ wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELAST ## This hackery will be removed if using Elastic Auth ## # Let's snag a cookie from Kibana -THECOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') +SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') # Disable certain Features from showing up in the Kibana UI echo echo "Setting up default Space:" -{{ ELASTICCURL }} -b "sid=$THECOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","siem","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","fleet"]} ' >> /opt/so/log/kibana/misc.log +{{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","siem","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","fleet"]} ' >> /opt/so/log/kibana/misc.log echo diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load index 0bbcba375..d42596287 100644 --- a/salt/kibana/bin/so-kibana-config-load +++ b/salt/kibana/bin/so-kibana-config-load @@ -11,5 +11,7 @@ sed -i "s/PLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}" +SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') + # Load saved objects -{{ ELASTICCURL }} -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@/opt/so/conf/kibana/saved_objects.ndjson >> /opt/so/log/kibana/misc.log +{{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@/opt/so/conf/kibana/saved_objects.ndjson >> /opt/so/log/kibana/misc.log From 4dbb869952bd2ae2a69147f340f44b04c34fd52d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 30 Jun 2021 16:21:09 -0400 Subject: [PATCH 4/4] Fix typo --- salt/common/tools/sbin/so-docker-prune | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-docker-prune b/salt/common/tools/sbin/so-docker-prune index 3ec2a31a9..a845c4549 100755 --- a/salt/common/tools/sbin/so-docker-prune +++ b/salt/common/tools/sbin/so-docker-prune @@ -49,7 +49,7 @@ def main(quiet): # Prune old/stopped containers if not quiet: print('Pruning old containers') - client.container.prune() + client.containers.prune() image_list = client.images.list(filters={ 'dangling': False })