Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into issue/5809

2026-02-20 06:05:01 +01:00 · 2021-11-12 15:02:22 -05:00
parent 7f3379e034 8c46a2d1db
commit cc1dea446c
6 changed files with 69 additions and 37 deletions
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -390,20 +390,30 @@ has_uppercase() {
 }

 valid_cidr() {
-	# Verify there is a backslash in the string
-	echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1
-	
-	local cidr
-	local ip
+	local cidr=$1

-	cidr=$(echo "$1" | sed 's/.*\///')
-	ip=$(echo "$1" | sed 's/\/.*//' )
-	
-	if valid_ip4 "$ip"; then
-		[[ $cidr =~ ([0-9]|[1-2][0-9]|3[0-2]) ]] && return 0 || return 1
-	else
-		return 1
-	fi
+	read -r -d '' cidr_python <<- EOM
+	import ipaddress
+	import sys
+
+	def validate_cidr(cidr: str) -> bool:
+	  # We want the string to be a cidr block and not a single ip
+	  if '/' not in cidr:
+	  	return False
+	  try:
+	    ipaddress.ip_network(cidr)
+	  except ValueError:
+	    return False
+	  return True
+
+	if validate_cidr('$cidr'):
+	  sys.exit(0)
+	else:
+	  sys.exit(1)
+	EOM
+
+	python3 -c "$cidr_python"
+	return $?
 }

 valid_cidr_list() {
@@ -447,7 +457,26 @@ valid_hostname() {
 valid_ip4() {
 	local ip=$1

-	echo "$ip" | grep -qP '^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$' && return 0 || return 1
+	local ip_python
+	read -r -d '' ip_python <<- EOM
+	import ipaddress
+	import sys
+
+	def validate_ip(ip: str) -> bool:
+	  try:
+	    ipaddress.ip_address(ip)
+	  except ValueError:
+	    return False
+	  return True
+
+	if validate_ip('$ip'):
+	  sys.exit(0)
+	else:
+	  sys.exit(1)
+	EOM
+
+	python3 -c "$ip_python"
+	return $?
 }

 valid_int() {
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -690,9 +690,12 @@ up_2.3.5X_to_2.3.80() {
 }

 up_2.3.80_to_2.3.90() {
-
+  for i in manager eval standalone; do
+        echo "soc:" >> /opt/so/saltstack/local/pillar/minions/*$i*.sls
+        sed -i "/^soc:/a \\  es_index_patterns: '*:so-*,*:endgame-*'" /opt/so/saltstack/local/pillar/minions/*$i*.sls
+  done
+  
  INSTALLEDVERSION=2.3.90
-
 }

 verify_upgradespace() {
--- a/salt/soc/files/soc/menu.actions.json
+++ b/salt/soc/files/soc/menu.actions.json
@@ -1,4 +1,4 @@
-{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
+{%- set ENDGAMEHOST = salt['pillar.get']('soc:endgamehost', False) %}
 [
  { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "", 
            "links": [
@@ -31,11 +31,10 @@
            "links": [
              "https://www.virustotal.com/gui/search/{value}"
 	    ]}
- {%- if HIGHLANDER %}
-   {%- set EGHOST = salt['pillar.get']('soc:endgamehost', 'EGHOSTNOTPOPULATED') %}
+ {%- if ENDGAMEGHOST %}
   ,{ "name": "Endgame", "description": "Endgame Endpoint Investigation and Response", "icon": "fa-external-link-alt", "target": "_blank",
            "links": [
-              "https://{{ EGHOST }}/endpoints/{:agent.id}"
+              "https://{{ ENDGAMEHOST }}/endpoints/{:agent.id}"
            ]}
 {% endif %}
 ]