diff --git a/HOTFIX b/HOTFIX index 1688be8df..8b1378917 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ -WAZUH AIRGAPFIX 20211206 20211210 20211213 + diff --git a/README.md b/README.md index d67e8b20b..9706e9d73 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.90-20211213 +## Security Onion 2.3.91 -Security Onion 2.3.90-20211213 is here! +Security Onion 2.3.91 is here! ## Screenshots diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index cbc3f85ea..ae2141c79 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.90-20211213 ISO image built on 2021/12/13 +### 2.3.91 ISO image built on 2021/12/20 ### Download and Verify -2.3.90-20211213 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.90-20211213.iso +2.3.91 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.91.iso -MD5: D7E90433B416627347DD54B7C3C07F18 -SHA1: 11E212B2237162749F5E3BD959C84D6C4720D213 -SHA256: 01DD0AF3CF5BBFD4AF7463F8897935A885E3D9CC8B9B3B5E9A01E0A2EF37ED95 +MD5: CD979038EC60318B7C7F8BA278A12D04 +SHA1: 9FB2AC07FCD24A4993B3F61FC2B2863510650520 +SHA256: BAA8BEF574ECCB9ADC326D736A00C00AAF940FC6AD68CF491FF1F0AB6C5BAA64 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-20211213.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.91.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-20211213.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.91.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90-20211213.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.91.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.90-20211213.iso.sig securityonion-2.3.90-20211213.iso +gpg --verify securityonion-2.3.91.iso.sig securityonion-2.3.91.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Mon 13 Dec 2021 11:46:27 AM EST using RSA key ID FE507013 +gpg: Signature made Mon 20 Dec 2021 12:37:42 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/VERSION b/VERSION index 6c91a811d..6b6b254c6 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.90 +2.3.91 diff --git a/salt/elasticsearch/files/scripts/so-catrust b/salt/elasticsearch/files/scripts/so-catrust index c157d9691..405f0c085 100644 --- a/salt/elasticsearch/files/scripts/so-catrust +++ b/salt/elasticsearch/files/scripts/so-catrust @@ -24,9 +24,9 @@ set -e # Check to see if we have extracted the ca cert. if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then - docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt - docker cp so-elasticsearchca:/etc/pki/ca-trust/extracted/java/cacerts /opt/so/saltstack/local/salt/common/cacerts - docker cp so-elasticsearchca:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /opt/so/saltstack/local/salt/common/tls-ca-bundle.pem + docker run -v /etc/pki/ca.crt:/etc/ssl/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} -keystore /usr/share/elasticsearch/jdk/lib/security/cacerts -alias SOSCA -import -file /etc/ssl/ca.crt -storepass changeit -noprompt + docker cp so-elasticsearchca:/usr/share/elasticsearch/jdk/lib/security/cacerts /opt/so/saltstack/local/salt/common/cacerts + docker cp so-elasticsearchca:/etc/ssl/certs/ca-certificates.crt /opt/so/saltstack/local/salt/common/tls-ca-bundle.pem docker rm so-elasticsearchca echo "" >> /opt/so/saltstack/local/salt/common/tls-ca-bundle.pem echo "sosca" >> /opt/so/saltstack/local/salt/common/tls-ca-bundle.pem diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index f3cd8f0ca..fdedc065d 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -132,12 +132,9 @@ esrolesdir: - makedirs: True eslibdir: - file.directory: + file.absent: - name: /opt/so/conf/elasticsearch/lib - - user: 930 - - group: 939 - - makedirs: True - + esingestdynamicconf: file.recurse: - name: /opt/so/conf/elasticsearch/ingest @@ -186,14 +183,6 @@ es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}: - group: 939 {% endfor %} -eslibsync: - file.managed: - - name: /opt/so/conf/elasticsearch/lib/log4j-core-2.11.1-patched.jar - - source: salt://elasticsearch/lib/log4j-core-2.11.1-patched.jar - - user: 930 - - group: 939 - - mode: 644 - esroles: file.recurse: - source: salt://elasticsearch/roles/ @@ -282,12 +271,11 @@ so-elasticsearch: - 0.0.0.0:9200:9200 - 0.0.0.0:9300:9300 - binds: - - /opt/so/conf/elasticsearch/lib/log4j-core-2.11.1-patched.jar:/usr/share/elasticsearch/lib/log4j-core-2.11.1.jar:ro - /opt/so/conf/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro - /opt/so/conf/elasticsearch/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw - - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro + - /opt/so/conf/ca/cacerts:/usr/share/elasticsearch/jdk/lib/security/cacerts:ro {% if ismanager %} - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro {% else %} diff --git a/salt/elasticsearch/lib/log4j-core-2.11.1-patched.jar b/salt/elasticsearch/lib/log4j-core-2.11.1-patched.jar deleted file mode 100644 index 4b0c51263..000000000 Binary files a/salt/elasticsearch/lib/log4j-core-2.11.1-patched.jar and /dev/null differ diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load index a2ab743da..628d42305 100644 --- a/salt/kibana/bin/so-kibana-config-load +++ b/salt/kibana/bin/so-kibana-config-load @@ -35,7 +35,7 @@ update() { wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}" IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))' for i in "${LINES[@]}"; do - {{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/7.15.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i " + {{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/7.16.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i " done } diff --git a/salt/kibana/files/config_saved_objects.ndjson b/salt/kibana/files/config_saved_objects.ndjson index a05374ebf..001cdd7df 100644 --- a/salt/kibana/files/config_saved_objects.ndjson +++ b/salt/kibana/files/config_saved_objects.ndjson @@ -1 +1 @@ -{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "7.15.2","id": "7.15.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} +{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "7.16.2","id": "7.16.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index 329a5f4ee..2ad5a78e0 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -62,12 +62,9 @@ logstash: - home: /opt/so/conf/logstash lslibdir: - file.directory: + file.absent: - name: /opt/so/conf/logstash/lib - - user: 931 - - group: 939 - - makedirs: True - + lsetcdir: file.directory: - name: /opt/so/conf/logstash/etc @@ -130,14 +127,6 @@ lsetcsync: - clean: True - exclude_pat: pipelines* -lslibsync: - file.managed: - - name: /opt/so/conf/logstash/lib/log4j-core-2.14.0-patched.jar - - source: salt://logstash/lib/log4j-core-2.14.0-patched.jar - - user: 931 - - group: 939 - - mode: 644 - # Create the import directory importdir: file.directory: @@ -177,7 +166,6 @@ so-logstash: - {{ BINDING }} {% endfor %} - binds: - - /opt/so/conf/logstash/lib/log4j-core-2.14.0-patched.jar:/usr/share/logstash/logstash-core/lib/jars/log4j-core-2.14.0.jar:ro - /opt/so/conf/elasticsearch/templates/:/templates/:ro - /opt/so/conf/logstash/etc/:/usr/share/logstash/config/:ro - /opt/so/conf/logstash/pipelines:/usr/share/logstash/pipelines:ro diff --git a/salt/logstash/lib/log4j-core-2.14.0-patched.jar b/salt/logstash/lib/log4j-core-2.14.0-patched.jar deleted file mode 100644 index 1fcd1bbf5..000000000 Binary files a/salt/logstash/lib/log4j-core-2.14.0-patched.jar and /dev/null differ diff --git a/sigs/securityonion-2.3.91.iso.sig b/sigs/securityonion-2.3.91.iso.sig new file mode 100644 index 000000000..de428774a Binary files /dev/null and b/sigs/securityonion-2.3.91.iso.sig differ