Merge pull request #10406 from Security-Onion-Solutions/dev

2.3.250
2025-12-06 09:12:45 +01:00 · 2023-05-22 15:14:23 -04:00
parent 0baf8e9471 7c1f19b91f
commit c949101d0f
10 changed files with 42 additions and 27 deletions
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.240-20230426 ISO image built on 2023/04/26
+### 2.3.250-20230519 ISO image built on 2023/05/19



 ### Download and Verify

-2.3.240-20230426 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.240-20230426.iso
+2.3.250-20230519 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.250-20230519.iso

-MD5: 1935B559A9181522E83DA64C0A095A7A  
-SHA1: 84A865A8F880036A5F04990CAAC36093744E8CF7  
-SHA256: 1CC1173A403EE0CEA05EFB4708E7A4AEA70CEAAF1E3B51B861410F7634A776AF 
+MD5: EBECF635FB8CFDDD5C0559D01C14E215  
+SHA1: 1C2BD45D080D6D99FD84C120827EA39817FCB078  
+SHA256: 748E9740077BCCAFDC67D15BA2D6A4B0539A29E4527715973E5BDDE5DCF565AD 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.240-20230426.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.250-20230519.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.240-20230426.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.250-20230519.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.240-20230426.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.250-20230519.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.240-20230426.iso.sig securityonion-2.3.240-20230426.iso
+gpg --verify securityonion-2.3.250-20230519.iso.sig securityonion-2.3.250-20230519.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 26 Apr 2023 08:55:32 AM EDT using RSA key ID FE507013
+gpg: Signature made Sat 20 May 2023 09:16:02 AM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/2
+++ b/2
@@ -1 +1 @@
-2.3.240
+2.3.250
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -212,7 +212,7 @@ check_local_mods() {
    if [[ -f $default_file ]]; then
      file_diff=$(diff "$default_file" "$local_file" )
      if [[ ! " ${local_ignore_arr[*]} " =~ " ${local_file} " ]]; then
-        if [[ $(echo "$file_diff" | grep -c "^<") -gt 0 ]]; then
+        if [[ $(echo "$file_diff" | grep -Ec "^[<>]") -gt 0 ]]; then
          local_mod_arr+=( "$local_file" )
        fi
      fi
@@ -556,6 +556,7 @@ preupgrade_changes() {
    [[ "$INSTALLEDVERSION" == 2.3.210 ]] && up_to_2.3.220
    [[ "$INSTALLEDVERSION" == 2.3.220 ]] && up_to_2.3.230
    [[ "$INSTALLEDVERSION" == 2.3.230 ]] && up_to_2.3.240
+    [[ "$INSTALLEDVERSION" == 2.3.240 ]] && up_to_2.3.250
    
    true
 }
@@ -585,6 +586,7 @@ postupgrade_changes() {
    [[ "$POSTVERSION" == 2.3.210 ]] && post_to_2.3.220
    [[ "$POSTVERSION" == 2.3.220 ]] && post_to_2.3.230
    [[ "$POSTVERSION" == 2.3.230 ]] && post_to_2.3.240
+    [[ "$POSTVERSION" == 2.3.240 ]] && post_to_2.3.250

    true
 }
@@ -728,6 +730,11 @@ post_to_2.3.240() {
  POSTVERSION=2.3.240
 }

+post_to_2.3.250() {
+  echo "Nothing to do for .250"
+  POSTVERSION=2.3.250
+}
+
 stop_salt_master() {
    # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
    set +e
@@ -1078,6 +1085,11 @@ up_to_2.3.240() {
  INSTALLEDVERSION=2.3.240
 }

+up_to_2.3.250() {
+  echo "Upgrading to 2.3.250"
+  INSTALLEDVERSION=2.3.250
+}
+
 verify_upgradespace() {
  CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
  if [ "$CURRENTSPACE" -lt "10" ]; then
--- a/salt/kibana/bin/so-kibana-config-load
+++ b/salt/kibana/bin/so-kibana-config-load
@@ -59,7 +59,7 @@ update() {

    IFS=$'\r\n' GLOBIGNORE='*' command eval  'LINES=($(cat $1))'
    for i in "${LINES[@]}"; do
-      RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.6.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
+      RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.7.1" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
      echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
    done
 
--- a/salt/kibana/files/config_saved_objects.ndjson
+++ b/salt/kibana/files/config_saved_objects.ndjson
@@ -1 +1 @@
-{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.2","id": "8.6.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}
+{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion": "8.7.1","id": "8.7.1","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}
--- a/salt/kibana/files/saved_objects.ndjson
+++ b/salt/kibana/files/saved_objects.ndjson
--- a/salt/sensoroni/files/analyzers/whoislookup/requirements.txt
+++ b/salt/sensoroni/files/analyzers/whoislookup/requirements.txt
@@ -1 +1,2 @@
+requests==2.27.1
 whoisit>=2.5.3
--- a/salt/strelka/defaults.yaml
+++ b/salt/strelka/defaults.yaml
@@ -17,3 +17,5 @@ strelka:
    - gen_susp_xor.yar
    - gen_webshells_ext_vars.yar
    - configured_vulns_ext_vars.yar
+    - expl_outlook_cve_2023_23397.yar
+    - gen_mal_3cx_compromise_mar23.yar
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1124,9 +1124,9 @@ create_repo() {

 detect_cloud() {
 	echo "Testing if setup is running on a cloud instance..." | tee -a "$setup_log"
-  if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || \
-     ( curl --fail -s -m 5 -H "X-aws-ec2-metadata-token: $(curl -s -X PUT -m 5 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 30')" http://169.254.169.254/latest/meta-data/instance-id > /dev/null) || \
-     (dmidecode -s bios-vendor | grep -q Google > /dev/null) || \
+	if dmidecode -s bios-version | grep -q amazon || \
+		dmidecode -s bios-vendor | grep -q Amazon || \
+		dmidecode -s bios-vendor | grep -q Google || \
 		[ -f /var/log/waagent.log ]; then 

 		echo "Detected a cloud installation." | tee -a "$setup_log"
--- a/sigs/securityonion-2.3.250-20230519.iso.sig
+++ b/sigs/securityonion-2.3.250-20230519.iso.sig
@@ -1 +1 @@
 .3.240
 .3.250