CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10406 from Security-Onion-Solutions/dev

Browse Source 
2.3.250
This commit is contained in:
Mike Reeves
2023-05-22 15:14:23 -04:00
committed by GitHub
parent 0baf8e9471 7c1f19b91f
commit c949101d0f
10 changed files with 42 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
VERIFY_ISO.md
View File

@@ -1,18 +1,18 @@
### 2.3.240-20230426 ISO image built on 2023/04/26 ### 2.3.250-20230519 ISO image built on 2023/05/19
### Download and Verify ### Download and Verify
2.3.240-20230426 ISO image: 2.3.250-20230519 ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.240-20230426.iso https://download.securityonion.net/file/securityonion/securityonion-2.3.250-20230519.iso
MD5: 1935B559A9181522E83DA64C0A095A7A MD5: EBECF635FB8CFDDD5C0559D01C14E215
SHA1: 84A865A8F880036A5F04990CAAC36093744E8CF7 SHA1: 1C2BD45D080D6D99FD84C120827EA39817FCB078
SHA256: 1CC1173A403EE0CEA05EFB4708E7A4AEA70CEAAF1E3B51B861410F7634A776AF SHA256: 748E9740077BCCAFDC67D15BA2D6A4B0539A29E4527715973E5BDDE5DCF565AD
Signature for ISO image: Signature for ISO image:
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.240-20230426.iso.sig https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.250-20230519.iso.sig
Signing key: Signing key:
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
Download the signature file for the ISO: Download the signature file for the ISO:
``` ```
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.240-20230426.iso.sig wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.250-20230519.iso.sig
``` ```
Download the ISO image: Download the ISO image:
``` ```
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.240-20230426.iso wget https://download.securityonion.net/file/securityonion/securityonion-2.3.250-20230519.iso
``` ```
Verify the downloaded ISO image using the signature file: Verify the downloaded ISO image using the signature file:
``` ```
gpg --verify securityonion-2.3.240-20230426.iso.sig securityonion-2.3.240-20230426.iso gpg --verify securityonion-2.3.250-20230519.iso.sig securityonion-2.3.250-20230519.iso
``` ```
The output should show "Good signature" and the Primary key fingerprint should match what's shown below: The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
``` ```
gpg: Signature made Wed 26 Apr 2023 08:55:32 AM EDT using RSA key ID FE507013 gpg: Signature made Sat 20 May 2023 09:16:02 AM EDT using RSA key ID FE507013
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>" gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.

2
VERSION
View File

@@ -1 +1 @@
2.3.240 2.3.250

14
salt/common/tools/sbin/soup
View File

@@ -212,7 +212,7 @@ check_local_mods() {
if [[ -f $default_file ]]; then if [[ -f $default_file ]]; then
file_diff=$(diff "$default_file" "$local_file" ) file_diff=$(diff "$default_file" "$local_file" )
if [[ ! " ${local_ignore_arr[*]} " =~ " ${local_file} " ]]; then if [[ ! " ${local_ignore_arr[*]} " =~ " ${local_file} " ]]; then
if [[ $(echo "$file_diff" | grep -c "^<") -gt 0 ]]; then if [[ $(echo "$file_diff" | grep -Ec "^[<>]") -gt 0 ]]; then
local_mod_arr+=( "$local_file" ) local_mod_arr+=( "$local_file" )
fi fi
fi fi
@@ -556,6 +556,7 @@ preupgrade_changes() {
[[ "$INSTALLEDVERSION" == 2.3.210 ]] && up_to_2.3.220 [[ "$INSTALLEDVERSION" == 2.3.210 ]] && up_to_2.3.220
[[ "$INSTALLEDVERSION" == 2.3.220 ]] && up_to_2.3.230 [[ "$INSTALLEDVERSION" == 2.3.220 ]] && up_to_2.3.230
[[ "$INSTALLEDVERSION" == 2.3.230 ]] && up_to_2.3.240 [[ "$INSTALLEDVERSION" == 2.3.230 ]] && up_to_2.3.240
[[ "$INSTALLEDVERSION" == 2.3.240 ]] && up_to_2.3.250
true true
} }
@@ -585,6 +586,7 @@ postupgrade_changes() {
[[ "$POSTVERSION" == 2.3.210 ]] && post_to_2.3.220 [[ "$POSTVERSION" == 2.3.210 ]] && post_to_2.3.220
[[ "$POSTVERSION" == 2.3.220 ]] && post_to_2.3.230 [[ "$POSTVERSION" == 2.3.220 ]] && post_to_2.3.230
[[ "$POSTVERSION" == 2.3.230 ]] && post_to_2.3.240 [[ "$POSTVERSION" == 2.3.230 ]] && post_to_2.3.240
[[ "$POSTVERSION" == 2.3.240 ]] && post_to_2.3.250
true true
} }
@@ -728,6 +730,11 @@ post_to_2.3.240() {
POSTVERSION=2.3.240 POSTVERSION=2.3.240
} }
post_to_2.3.250() {
echo "Nothing to do for .250"
POSTVERSION=2.3.250
}
stop_salt_master() { stop_salt_master() {
# kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
set +e set +e
@@ -1078,6 +1085,11 @@ up_to_2.3.240() {
INSTALLEDVERSION=2.3.240 INSTALLEDVERSION=2.3.240
} }
up_to_2.3.250() {
echo "Upgrading to 2.3.250"
INSTALLEDVERSION=2.3.250
}
verify_upgradespace() { verify_upgradespace() {
CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
if [ "$CURRENTSPACE" -lt "10" ]; then if [ "$CURRENTSPACE" -lt "10" ]; then

2
salt/kibana/bin/so-kibana-config-load
View File

@@ -59,7 +59,7 @@ update() {
IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))' IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))'
for i in "${LINES[@]}"; do for i in "${LINES[@]}"; do
RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.6.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.7.1" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
done done

2
salt/kibana/files/config_saved_objects.ndjson
View File

@@ -1 +1 @@
{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.2","id": "8.6.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} {"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.7.1","id": "8.7.1","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}

4
salt/kibana/files/saved_objects.ndjson
View File

File diff suppressed because one or more lines are too long

1
salt/sensoroni/files/analyzers/whoislookup/requirements.txt
View File

@@ -1 +1,2 @@
requests==2.27.1
whoisit>=2.5.3 whoisit>=2.5.3

2
salt/strelka/defaults.yaml
View File

@@ -17,3 +17,5 @@ strelka:
- gen_susp_xor.yar - gen_susp_xor.yar
- gen_webshells_ext_vars.yar - gen_webshells_ext_vars.yar
- configured_vulns_ext_vars.yar - configured_vulns_ext_vars.yar
- expl_outlook_cve_2023_23397.yar
- gen_mal_3cx_compromise_mar23.yar

20
setup/so-functions
View File

@@ -1123,17 +1123,17 @@ create_repo() {
} }
detect_cloud() { detect_cloud() {
echo "Testing if setup is running on a cloud instance..." | tee -a "$setup_log" echo "Testing if setup is running on a cloud instance..." | tee -a "$setup_log"
if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || \ if dmidecode -s bios-version | grep -q amazon || \
( curl --fail -s -m 5 -H "X-aws-ec2-metadata-token: $(curl -s -X PUT -m 5 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 30')" http://169.254.169.254/latest/meta-data/instance-id > /dev/null) || \ dmidecode -s bios-vendor | grep -q Amazon || \
(dmidecode -s bios-vendor | grep -q Google > /dev/null) || \ dmidecode -s bios-vendor | grep -q Google || \
[ -f /var/log/waagent.log ]; then [ -f /var/log/waagent.log ]; then
echo "Detected a cloud installation." | tee -a "$setup_log" echo "Detected a cloud installation." | tee -a "$setup_log"
export is_cloud="true" export is_cloud="true"
else else
echo "This does not appear to be a cloud installation." | tee -a "$setup_log" echo "This does not appear to be a cloud installation." | tee -a "$setup_log"
fi fi
} }
detect_os() { detect_os() {

BIN
sigs/securityonion-2.3.250-20230519.iso.sig Normal file
View File

Binary file not shown.