Merge pull request #3121 from Security-Onion-Solutions/strelkainstall

Fix Strelka Rule updates, repo fix

salt/common/tools/sbin/soup

@@ -406,7 +406,12 @@ up_2.3.2X_to_2.3.30() {
   for pillar in "${minion_pillars[@]}"; do
     sed -i -r "s/ (\{\{.*}})$/ '\1'/g" "$pillar"
   done
-  # Strelka rule repo pillar addition
+
+# Change the IMAGEREPO
+  sed -i "/  imagerepo: 'securityonion'/c\  imagerepo: 'security-onion-solutions'" /opt/so/saltstack/local/pillar/global.sls
+  sed -i "/  imagerepo: securityonion/c\  imagerepo: 'security-onion-solutions'" /opt/so/saltstack/local/pillar/global.sls 
+
+# Strelka rule repo pillar addition
   if [ $is_airgap -eq 0 ]; then
       # Add manager as default Strelka YARA rule repo
       sed -i "/^strelka:/a \\  repos: \n    - https://$HOSTNAME/repo/rules/strelka" /opt/so/saltstack/local/pillar/global.sls;

salt/docker_clean/init.sls

@@ -45,6 +45,41 @@ remove_images_{{ VERSION }}:
       - '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-thehive-es:{{ VERSION }}'
       - '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-wazuh:{{ VERSION }}'
       - '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-acng:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-thehive-cortex:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-curator:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-domainstats:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-elastalert:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-elasticsearch:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-filebeat:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-fleet:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-fleet-launcher:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-freqserver:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-grafana:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-idstools:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-influxdb:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-kibana:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-kratos:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-logstash:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-minio:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-mysql:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-nginx:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-pcaptools:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-playbook:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-redis:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-soc:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-soctopus:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-steno:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-strelka-frontend:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-strelka-manager:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-strelka-backend:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-strelka-filestream:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-suricata:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-telegraf:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-thehive:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-thehive-es:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-wazuh:{{ VERSION }}'
+      - '{{ MANAGER }}:5000/securityonion/so-zeek:{{ VERSION }}'
 {% endfor %}
 
 {% else %}

salt/registry/bin/so-buildregistry

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-VERSION=HH1.1.4
-TARBALL=/nsm/docker-registry/docker/so-dockers-$VERSION.tar
-
-# See if the tarball is there. If so do soemthing otherwise peace out.
-if [ -f "$TARBALL" ]; then
-  cd /nsm/docker-registry/docker
-  tar xvf so-dockers-$VERSION.tar
-fi
-
-exit 0

salt/registry/init.sls

@@ -29,17 +29,6 @@ dockerregistryconf:
     - name: /opt/so/conf/docker-registry/etc/config.yml
     - source: salt://registry/etc/config.yml
 
-# Copy the registry script
-#dockerregistrybuild:
-#  file.managed:
-#    - name: /opt/so/conf/docker-registry/so-buildregistry
-#    - source: salt://registry/bin/so-buildregistry
-#    - mode: 755
-
-#dockerexpandregistry:
-# cmd.run:
-#   - name: /opt/so/conf/docker-registry/so-buildregistry
-
 # Install the registry container
 so-dockerregistry:
   docker_container.running:

setup/so-functions

@@ -1558,9 +1558,17 @@ manager_global() {
 		"  node_checkin_interval_ms: $NODE_CHECKIN_INTERVAL_MS"\
 		"strelka:"\
 		"  enabled: $STRELKA"\
-		"  rules: 1"\
+		"  rules: 1" >> "$global_pillar"
-		"  repos:"\
+		if [[ $is_airgap ]]; then
-		"    - https://github.com/Neo23x0/signature-base"\
+		    printf '%s\n'\
+			    "  repos:"\
+			    "    - 'https://$HOSTNAME/repo/rules/strelka'" >> "$global_pillar"
+	    else 
+		    printf '%s\n'\
+		        "  repos:"\
+			    "    - 'https://github.com/Neo23x0/signature-base'" >> "$global_pillar"
+	    fi
+	printf '%s\n'\
 		"curator:"\
 		"  hot_warm: False"\
 		"elastic:"\