From eaa41266a2d14c2ab3378c99a70235e00e5dfee8 Mon Sep 17 00:00:00 2001 From: jtgreen-cse <67059096+jtgreen-cse@users.noreply.github.com> Date: Tue, 20 Oct 2020 13:24:53 -0400 Subject: [PATCH 01/16] fix for rendering error >1 search node Fails rendering if you have more than one search node. --- salt/soc/files/soc/soc.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 61c4ab6bb..d87b00f87 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -33,7 +33,7 @@ {%- if salt['pillar.get']('nodestab', {}) %} "remoteHostUrls": [ {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - "https://{{ SN.split('_')|first }}:9200"{{ "," if not loop.last }} + "https://{{ SN.split('_')|first }}:9200"{{ "," if not loop.last else ""}} {%- endfor %} ], {%- endif %} From 1e14d66f54d7a4d8de1aa15a0a5bcd1ecba0f8c5 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 21 Oct 2020 08:59:26 -0400 Subject: [PATCH 02/16] Add case_template field to Playbook alerts --- salt/elastalert/files/modules/so/playbook-es.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elastalert/files/modules/so/playbook-es.py b/salt/elastalert/files/modules/so/playbook-es.py index 31a58b44b..394ca8534 100644 --- a/salt/elastalert/files/modules/so/playbook-es.py +++ b/salt/elastalert/files/modules/so/playbook-es.py @@ -16,7 +16,7 @@ class PlaybookESAlerter(Alerter): today = strftime("%Y.%m.%d", gmtime()) timestamp = strftime("%Y-%m-%d"'T'"%H:%M:%S", gmtime()) headers = {"Content-Type": "application/json"} - payload = {"rule": { "name": self.rule['play_title'],"uuid": self.rule['play_id'],"category": self.rule['rule.category']},"event":{ "severity": self.rule['event.severity'],"module": self.rule['event.module'],"dataset": self.rule['event.dataset'],"severity_label": self.rule['sigma_level']},"kibana_pivot": self.rule['kibana_pivot'],"soc_pivot": self.rule['soc_pivot'],"play_url": self.rule['play_url'],"sigma_level": self.rule['sigma_level'],"event_data": match, "@timestamp": timestamp} + payload = {"rule": { "name": self.rule['play_title'],"uuid": self.rule['play_id'],"category": self.rule['rule.category']},"event":{ "severity": self.rule['event.severity'],"module": self.rule['event.module'],"dataset": self.rule['event.dataset'],"severity_label": self.rule['sigma_level']},"kibana_pivot": self.rule['kibana_pivot'],"soc_pivot": self.rule['soc_pivot'],"play_url": self.rule['play_url'],"sigma_level": self.rule['sigma_level'],"event_data": match, "case_template": self.rule['play_id'], "@timestamp": timestamp} url = f"http://{self.rule['elasticsearch_host']}/so-playbook-alerts-{today}/_doc/" requests.post(url, data=json.dumps(payload), headers=headers, verify=False) From 844ffe8fdfeef356baae50d458d969a2d79a0258 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 21 Oct 2020 09:58:31 -0400 Subject: [PATCH 03/16] nest case_template --- salt/elastalert/files/modules/so/playbook-es.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elastalert/files/modules/so/playbook-es.py b/salt/elastalert/files/modules/so/playbook-es.py index 394ca8534..cf29c0669 100644 --- a/salt/elastalert/files/modules/so/playbook-es.py +++ b/salt/elastalert/files/modules/so/playbook-es.py @@ -16,7 +16,7 @@ class PlaybookESAlerter(Alerter): today = strftime("%Y.%m.%d", gmtime()) timestamp = strftime("%Y-%m-%d"'T'"%H:%M:%S", gmtime()) headers = {"Content-Type": "application/json"} - payload = {"rule": { "name": self.rule['play_title'],"uuid": self.rule['play_id'],"category": self.rule['rule.category']},"event":{ "severity": self.rule['event.severity'],"module": self.rule['event.module'],"dataset": self.rule['event.dataset'],"severity_label": self.rule['sigma_level']},"kibana_pivot": self.rule['kibana_pivot'],"soc_pivot": self.rule['soc_pivot'],"play_url": self.rule['play_url'],"sigma_level": self.rule['sigma_level'],"event_data": match, "case_template": self.rule['play_id'], "@timestamp": timestamp} + payload = {"rule": { "name": self.rule['play_title'],"case_template": self.rule['play_id'],"uuid": self.rule['play_id'],"category": self.rule['rule.category']},"event":{ "severity": self.rule['event.severity'],"module": self.rule['event.module'],"dataset": self.rule['event.dataset'],"severity_label": self.rule['sigma_level']},"kibana_pivot": self.rule['kibana_pivot'],"soc_pivot": self.rule['soc_pivot'],"play_url": self.rule['play_url'],"sigma_level": self.rule['sigma_level'],"event_data": match, "@timestamp": timestamp} url = f"http://{self.rule['elasticsearch_host']}/so-playbook-alerts-{today}/_doc/" requests.post(url, data=json.dumps(payload), headers=headers, verify=False) From c066cc67dcd05ed31693d923dac0b2dbc1cb0a66 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 10:08:45 -0400 Subject: [PATCH 04/16] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 2bf1c1ccf..f90b1afc0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.1 +2.3.2 From 801f4aae8ef529e2dbadc1c23f360294f22a6fd9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 10:09:07 -0400 Subject: [PATCH 05/16] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 38e1d64dd..6138a2271 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.1 +## Security Onion 2.3.2 -Security Onion 2.3.1 is here! +Security Onion 2.3.2 is here! ### Release Notes From c8a6b232d5843f0fb630c4a2457d1b1986f8ae27 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 15:58:35 -0400 Subject: [PATCH 06/16] Fix which field we return for Elastic index --- salt/curator/files/bin/so-curator-closed-delete-delete | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index 8909512db..f7ab6146d 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -50,7 +50,7 @@ curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " c {% if grains['role'] in ['so-node','so-heavynode'] %} OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $2}' | sort -t- -k3 | head -1) {% else %} - OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $2}' | sort -t- -k3 | head -1) + OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $3}' | sort -t- -k3 | head -1) {% endif %} # Now that we've determined OLDEST_INDEX, ask Elasticsearch to delete it. From 85e0b2cab3eeaf996af8f04be81662fe5b28ecc7 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 23 Oct 2020 16:35:35 -0400 Subject: [PATCH 07/16] Add cheatsheet URL to soc.json --- salt/soc/files/soc/soc.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 61c4ab6bb..f5326597a 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -56,8 +56,10 @@ "client": { {%- if ISAIRGAP is sameas true %} "docsUrl": "/docs/", + "docsUrl": "/docs/cheatsheet.pdf", {%- else %} "docsUrl": "https://docs.securityonion.net/en/2.3/", + "cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf", {%- endif %} "hunt": { "advanced": true, From b6f1cfada6f43216f1f6a73cc847e51391f3ee8a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 16:44:02 -0400 Subject: [PATCH 08/16] Update changes.json --- salt/soc/files/soc/changes.json | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index 5aa9b220b..680dbd54d 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -1,13 +1,9 @@ { - "title": "Security Onion 2.3.1 is here!", + "title": "Security Onion 2.3.2 is here!", "changes": [ - { "summary": "Fixed a SOC issue in airgap mode that was preventing people from logging in." }, - { "summary": "Downloading Elastic features images will now download the correct images." }, - { "summary": "Winlogbeat download no longer requires Internet access." }, - { "summary": "Adjusted Alerts quick action bar to allow searching for a specific value while remaining in Alerts view." }, - { "summary": "/nsm will properly display disk usage on the standalone Grafana dashboard." }, - { "summary": "The manager node now has syslog listener enabled by default (you'll still need to allow syslog traffic through the firewall of course)." }, - { "summary": "Fixed an issue when creating host groups with so-firewall." }, + { "summary": "Elastic components have been upgraded to 7.9.3." }, + { "summary": "Fixed an issue where curator was unable to delete a closed index." }, + { "summary": "Cheat sheet is now available for airgap installs." }, { "summary": "Known Issues
  • It is still possible to update your grid from any release candidate to 2.3. However, if you have a true production deployment, then we recommend a fresh image and install for best results.
  • In 2.3.0 we made some changes to data types in the elastic index templates. This will cause some errors in Kibana around field conflicts. You can address this in 2 ways:
    1. Delete all the data on the ES nodes preserving all of your other settings suchs as BPFs by running sudo so-elastic-clear on all the search nodes
    2. Re-Index the data. This is not a quick process but you can find more information at https://docs.securityonion.net/en/2.3/elasticsearch.html#re-indexing
  • Please be patient as we update our documentation. We have made a concerted effort to update as much as possible but some things still may be incorrect or ommited. If you have questions or feedback, please start a discussion at https://securityonion.net/discuss.
  • Once you update your grid to 2.3.0, any new nodes that join the grid must be 2.3.0. For example, if you try to join a new RC1 node it will fail. For best results, use the latest ISO (or 2.3.0 installer from github) when joining to an 2.3.0 grid.
  • Shipping Windows Eventlogs with Osquery will fail intermittently with utf8 errors logged in the Application log. This is scheduled to be fixed in Osquery 4.5.
  • When running soup to upgrade from RC1/RC2/RC3 to 2.3.0, there is a Salt error that occurs during the final highstate. This error is related to the patch_os_schedule and can be ignored as it will not occur again in subsequent highstates.
  • When Search Nodes are upgraded from RC1 to 2.3.0, there is a chance of a race condition where certificates are missing. This will show errors in the manager log to the remote node. To fix this run the following on the search node that is having the issue:
    1. Stop elasticsearch - sudo so-elasticsearch-stop
    2. Run the SSL state - sudo salt-call state.apply ssl
    3. Restart elasticsearch - sudo so-elasticsearch-restart
  • If you are upgrading from RC1 you might see errors around registry:2 missing. This error does not break the actual upgrade. To fix, run the following on the manager:
    1. Stop the Docker registry - sudo docker stop so-dockerregistry
    2. Remove the container - sudo docker rm so-dockerregistry
    3. Run the registry state - sudo salt-call state.apply registry
" } ] } From da488945e018370b002ed79f1513fe768fe2eaed Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 16:47:43 -0400 Subject: [PATCH 09/16] Update VERIFY_ISO.md --- VERIFY_ISO.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 26b926971..d2fad2fa8 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,16 +1,16 @@ -### 2.3.1 ISO image built on 2020/10/22 +### 2.3.2 ISO image built on 2020/10/23 ### Download and Verify -2.3.1 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.1.iso +2.3.2 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso MD5: EF2DEBCCBAE0B0BCCC906552B5FF918A SHA1: 16AFCACB102BD217A038044D64E7A86DA351640E SHA256: 7125F90B6323179D0D29F5745681BE995BD2615E64FA1E0046D94888A72C539E Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.1.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.2.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -24,17 +24,17 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.1.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.2.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.1.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.1.iso.sig securityonion-2.3.1.iso +gpg --verify securityonion-2.3.2.iso.sig securityonion-2.3.2.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: From 951f6ab3e2b34a17c7206e53be62ebf94ecaf563 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 16:48:05 -0400 Subject: [PATCH 10/16] Update VERIFY_ISO.md --- VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index d2fad2fa8..89f81eecf 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -5,7 +5,7 @@ 2.3.2 ISO image: https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso -MD5: EF2DEBCCBAE0B0BCCC906552B5FF918A +MD5: EF2DEBCCBAE0B0BCCC906552B5FF918A SHA1: 16AFCACB102BD217A038044D64E7A86DA351640E SHA256: 7125F90B6323179D0D29F5745681BE995BD2615E64FA1E0046D94888A72C539E From d9c021e86ac250212df65b91efb722921a76509c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 17:07:16 -0400 Subject: [PATCH 11/16] Update so-curator-closed-delete-delete --- salt/curator/files/bin/so-curator-closed-delete-delete | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index f7ab6146d..b7b29b615 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -48,7 +48,7 @@ curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " c # Then, sort by date by telling sort to use hyphen as delimiter and then sort on the third field. # Finally, select the first entry in that sorted list. {% if grains['role'] in ['so-node','so-heavynode'] %} - OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $2}' | sort -t- -k3 | head -1) + OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $3}' | sort -t- -k3 | head -1) {% else %} OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $3}' | sort -t- -k3 | head -1) {% endif %} From c61199618ac50a2f76cd2d3e4f1326f6d9ee3e2a Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Sat, 24 Oct 2020 07:15:43 -0400 Subject: [PATCH 12/16] Update so-curator-closed-delete-delete --- .../files/bin/so-curator-closed-delete-delete | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index b7b29b615..bf2ea22f1 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -33,24 +33,23 @@ LOG="/opt/so/log/curator/so-curator-closed-delete.log" # Check for 2 conditions: # 1. Are Elasticsearch indices using more disk space than LOG_SIZE_LIMIT? -# 2. Are there any closed logstash- or so- indices that we can delete? +# 2. Are there any closed indices that we can delete? # If both conditions are true, keep on looping until one of the conditions is false. while [[ $(du -hs --block-size=1GB /nsm/elasticsearch/nodes | awk '{print $1}' ) -gt "{{LOG_SIZE_LIMIT}}" ]] && {% if grains['role'] in ['so-node','so-heavynode'] %} -curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" > /dev/null; do +curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed > /dev/null; do {% else %} -curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" > /dev/null; do +curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed > /dev/null; do {% endif %} - # We need to determine OLDEST_INDEX. - # First, get the list of closed indices that are prefixed with "logstash-" or "so-". - # For example: logstash-ids-YYYY.MM.DD + # We need to determine OLDEST_INDEX: + # First, get the list of closed indices using _cat/indices?h=index\&expand_wildcards=closed. # Then, sort by date by telling sort to use hyphen as delimiter and then sort on the third field. # Finally, select the first entry in that sorted list. {% if grains['role'] in ['so-node','so-heavynode'] %} - OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $3}' | sort -t- -k3 | head -1) + OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | sort -t- -k3 | head -1) {% else %} - OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $3}' | sort -t- -k3 | head -1) + OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | sort -t- -k3 | head -1) {% endif %} # Now that we've determined OLDEST_INDEX, ask Elasticsearch to delete it. From f75badf43ae86866a29028fa6ddfcac26f5c63c6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Oct 2020 09:53:26 -0400 Subject: [PATCH 13/16] 2.3.2 ISO info --- sigs/securityonion-2.3.2.iso.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/securityonion-2.3.2.iso.sig diff --git a/sigs/securityonion-2.3.2.iso.sig b/sigs/securityonion-2.3.2.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..53bfe4569823f6e535a467c094a44781246f779e GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;4{k4pdw2@re`V7LBIa1-?D5C3Qjez?&Me z>7X&#c-?K_tDM+dD%0aSFBq*>N$O}b4awK`xrR1tE4FlrWSy9LA24YXxkL6@D-d4O z0%ADZJU3kc#2{W7;ctv&#I*bmNVe+F#p$d9h+)zn!~oBPJf9Xl{CWlp25*HG({~eN zfg3w6svRX8PLpeApdNgvud^{J7qn4orn@J@L;CRR>ryHc$3SJg`VJgIP#qYkbi!_6Ips#dee6vIT)ZM?B{i`J7$BZ-m z6mfzlu2Kkm6bfZb_Qg}j(GO?oKzSfkaA=M%DeN{nGNM+-rbZ`{2fSdFfbkt!ZvmDt zT4Yi-3w-+kJj&0wXcl&v5u(6>p_*ZGLq`FtY%aE=F4aOAj%C)oGrk8t5G1}^aB zK?|IZvLv5Cg`Og1^bPwp80b|XN#jXhwk+^x_vhQp6 Date: Mon, 26 Oct 2020 10:09:25 -0400 Subject: [PATCH 14/16] Update VERIFY_ISO.md --- VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 89f81eecf..96ba20b2c 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,4 +1,4 @@ -### 2.3.2 ISO image built on 2020/10/23 +### 2.3.2 ISO image built on 2020/10/25 ### Download and Verify From 45fd325307fc69cc43c6d04a553297dc4dd1b284 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Oct 2020 10:11:58 -0400 Subject: [PATCH 15/16] Update VERIFY_ISO.md --- VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 96ba20b2c..281821214 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -39,7 +39,7 @@ gpg --verify securityonion-2.3.2.iso.sig securityonion-2.3.2.iso The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 22 Oct 2020 10:34:27 AM EDT using RSA key ID FE507013 +gpg: Signature made Sun 25 Oct 2020 10:44:27 AM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. From 38095739639eeeeb9f3334cbc338b0417f8f3ddb Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 26 Oct 2020 12:16:55 -0400 Subject: [PATCH 16/16] Correct cheatsheet URL for airgap installs --- salt/soc/files/soc/soc.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index f5326597a..c48229a0c 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -56,7 +56,7 @@ "client": { {%- if ISAIRGAP is sameas true %} "docsUrl": "/docs/", - "docsUrl": "/docs/cheatsheet.pdf", + "cheatsheetUrl": "/docs/cheatsheet.pdf", {%- else %} "docsUrl": "https://docs.securityonion.net/en/2.3/", "cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf",