From eaeed07fd4818d5b379404b8794b48296d2f6702 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Feb 2022 09:12:29 -0500 Subject: [PATCH 1/6] Update acng.conf --- salt/manager/files/acng/acng.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/manager/files/acng/acng.conf b/salt/manager/files/acng/acng.conf index 1b7f05e04..1f1f53754 100644 --- a/salt/manager/files/acng/acng.conf +++ b/salt/manager/files/acng/acng.conf @@ -80,7 +80,7 @@ RedirMax: 6 VfileUseRangeOps: -1 # PassThroughPattern: private-ppa\.launchpad\.net:443$ # PassThroughPattern: .* # this would allow CONNECT to everything -PassThroughPattern: (repo\.securityonion\.net:443|download\.docker\.com:443|mirrors\.fedoraproject\.org:443|packages\.wazuh\.com:443|repo\.saltstack\.com:443|yum\.dockerproject\.org:443|download\.docker\.com:443|registry\.npmjs\.org:443|registry\.yarnpkg\.com:443)$ # yarn/npm pkg, cant to http :/ +PassThroughPattern: (repo\.securityonion\.net:443|download\.docker\.com:443|mirrors\.fedoraproject\.org:443|packages\.wazuh\.com:443|repo\.saltstack\.com:443|repo\.saltproject\.io:443|yum\.dockerproject\.org:443|download\.docker\.com:443|registry\.npmjs\.org:443|registry\.yarnpkg\.com:443)$ # yarn/npm pkg, cant to http :/ # ResponseFreezeDetectTime: 500 # ReuseConnections: 1 # PipelineDepth: 255 From a02fb37493f786e8d821e85d2bc78335392c52c5 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Wed, 2 Feb 2022 09:18:02 -0500 Subject: [PATCH 2/6] Update init.sls --- salt/ssl/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index 0958c0db1..7ac6687e1 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -23,7 +23,7 @@ include: {% else %} include: - ca.dirs - {% set x509dict = salt['mine.get'](manager~'*', 'x509.get_pem_entries') %} + {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %} {% for host in x509dict %} {% if 'manager' in host.split('_')|last or host.split('_')|last == 'standalone' %} {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %} From 8152aec22eac22fb573d9a1d8f05d2160f1a1d72 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Feb 2022 09:49:19 -0500 Subject: [PATCH 3/6] Update HOTFIX --- HOTFIX | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HOTFIX b/HOTFIX index 8b1378917..1ff12871f 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ - +20220202 From fc0824ceb03f56faf2a03c1e21e754a27e7e087c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Feb 2022 16:20:49 -0500 Subject: [PATCH 4/6] 2.3.100 Hotfix --- sigs/securityonion-2.3.100-20220202.iso.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/securityonion-2.3.100-20220202.iso.sig diff --git a/sigs/securityonion-2.3.100-20220202.iso.sig b/sigs/securityonion-2.3.100-20220202.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..228dafb16e078c5f5f9f7e830e1eafd31d515612 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;CEyN3V@2@re`V7LBIa1&lZ5BdVKp==x#DeGNSDm|%D z!egqN7oXL%XpVw3w)!zMKeT(y1-q)4!84At<9^L^>}H{85b8&jQAC>z4Oa^W+>B~J z;<2Q%M>lrTrE|;uq6-W!j9DjBVBCR&7rh(2X%_;qNzMq#VAZ;m=r!=(vRj3SHuHZz@%MwjBf5a}*Te1QoyChK^H8Y(%M+F{ zWP$xXxY79F*Nb@Tf3=y9ort>hUVouVbW^TFGW2;qGudc z%Rv$@=i#S6O6~~=uKGv@w%sv%KfO;`B3DZ5+BI~SHNBqtf~}EP0(7;XGel6${&6LS hi6?&h2PJ6De;|tEHwE3@K`9?vOz?JQ-qfvt-dO$I0Hgo_ literal 0 HcmV?d00001 From b94cae01767d84f63a2a006ca2022f798861a7a5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Feb 2022 16:22:44 -0500 Subject: [PATCH 5/6] 2.3.100 Hotfix --- VERIFY_ISO.md | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index b52c8c740..4f9d05bbd 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.100-20220131 ISO image built on 2022/01/31 +### 2.3.100-20220202 ISO image built on 2022/02/02 ### Download and Verify -2.3.100-20220131 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220131.iso +2.3.100-20220202 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220202.iso -MD5: 9B50774532B77A10E2F52A3F0492A780 -SHA1: 3C50D2EF4AFFFA8929492C2FC3842FF3EEE0EA5F -SHA256: CDCBEE6B1FDFB4CAF6C9F80CCADC161366EC337746E8394BF4454FAA2FC11AA1 +MD5: 170337342118DC32F8C2F687F332CA25 +SHA1: 202235BFE37F1F2E129F5D5DE13173A27A9D8CC0 +SHA256: F902C561D35F5B9DFB2D65BDAE97D30FD9E46F6822AFA36CA9C4043C50864484 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220131.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220202.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,26 +26,25 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220131.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220202.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220131.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220202.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.100-20220131.iso.sig securityonion-2.3.100-20220131.iso +gpg --verify securityonion-2.3.100-20220202.iso.sig securityonion-2.3.100-20220202.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Mon 31 Jan 2022 11:41:30 AM EST using RSA key ID FE507013 +gpg: Signature made Wed 02 Feb 2022 12:12:39 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. -Primary key fingerprint: C804 A93D 36BE 0C73 3EA1 9644 7C10 60B7 FE50 7013 ``` Once you've verified the ISO image, you're ready to proceed to our Installation guide: From 83683ec27eeadf7c16db715f4f3247a5ba81d5c4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Feb 2022 16:23:51 -0500 Subject: [PATCH 6/6] 2.3.100 Hotfix --- VERIFY_ISO.md | 1 + 1 file changed, 1 insertion(+) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 4f9d05bbd..6e1c7f9ed 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -45,6 +45,7 @@ gpg: Signature made Wed 02 Feb 2022 12:12:39 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. +Primary key fingerprint: C804 A93D 36BE 0C73 3EA1 9644 7C10 60B7 FE50 7013 ``` Once you've verified the ISO image, you're ready to proceed to our Installation guide: