From 2e277bf4879f1ee384c0d313ba1dba30f7a2dcf9 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 26 Jul 2021 10:08:59 -0400
Subject: [PATCH 1/4] change container to abesent of pcap is disabled

---
 salt/pcap/init.sls  | 7 +++++--
 salt/pcap/map.jinja | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index 6679215e4..a64b9d90a 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -111,6 +111,7 @@ stenolog:
 
 so-steno:
   docker_container.{{ STENOOPTIONS.status }}:
+  {% if STENOOPTIONS.status == 'running' %}
     - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }}
     - start: {{ STENOOPTIONS.start }}
     - network_mode: host
@@ -126,6 +127,9 @@ so-steno:
       - /opt/so/log/stenographer:/var/log/stenographer:rw
     - watch:
       - file: /opt/so/conf/steno/config
+  {% else %} {# if stenographer isn't enabled, then stop and remove the container #}
+    - force: True
+  {% endif %}
 
 append_so-steno_so-status.conf:
   file.append:
@@ -133,7 +137,6 @@ append_so-steno_so-status.conf:
     - text: so-steno
     - unless: grep -q so-steno /opt/so/conf/so-status/so-status.conf
 
-
   {% if not STENOOPTIONS.start %}
 so-steno_so-status.disabled:
   file.comment:
@@ -152,4 +155,4 @@ delete_so-steno_so-status.disabled:
   test.fail_without_changes:
     - name: {{sls}}_state_not_allowed
 
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/salt/pcap/map.jinja b/salt/pcap/map.jinja
index b3c746bcc..ad23f763b 100644
--- a/salt/pcap/map.jinja
+++ b/salt/pcap/map.jinja
@@ -9,7 +9,7 @@
 {% endif %}
 
 {% if ENABLED is sameas false %}
-  {% do STENOOPTIONS.update({'status': 'stopped'}) %}
+  {% do STENOOPTIONS.update({'status': 'absent'}) %}
 {% else %}
   {% do STENOOPTIONS.update({'status': 'running'}) %}
-{% endif %}
\ No newline at end of file
+{% endif %}

From 7aa5e857edb896d994df809728382f1841104f77 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 26 Jul 2021 10:46:52 -0400
Subject: [PATCH 2/4] update hotfix file

---
 HOTFIX | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/HOTFIX b/HOTFIX
index d3f5a12fa..b1fe67394 100644
--- a/HOTFIX
+++ b/HOTFIX
@@ -1 +1 @@
-
+STENODOCKER

From 26741bdb53da194ae9264f889133f1fee4390c4a Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Mon, 26 Jul 2021 10:55:30 -0400
Subject: [PATCH 3/4] Add wss: to CSP for browsers that enforce wss distinctly
 from other protocols

---
 salt/nginx/etc/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index 4fa5c8435..7ee97b16f 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -149,7 +149,7 @@ http {
 		root         /opt/socore/html;
 		index        index.html;
 
-		add_header 	Content-Security-Policy     "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-ancestors 'self'";
+		add_header 	Content-Security-Policy     "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; frame-ancestors 'self'";
 		add_header 	X-Frame-Options             SAMEORIGIN;
 		add_header 	X-XSS-Protection            "1; mode=block";
 		add_header 	X-Content-Type-Options      nosniff;

From f359dd0cd4d24d36e6e73b1b110f04f1207b2073 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 27 Jul 2021 11:09:25 -0400
Subject: [PATCH 4/4] Steno ISO Details

---
 VERIFY_ISO.md                                 |  22 +++++++++---------
 sigs/securityonion-2.3.61-STENODOCKER.iso.sig | Bin 0 -> 543 bytes
 2 files changed, 11 insertions(+), 11 deletions(-)
 create mode 100644 sigs/securityonion-2.3.61-STENODOCKER.iso.sig

diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md
index f71c088cf..ac6101ad1 100644
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.61 ISO image built on 2021/07/22
+### 2.3.61-STENODOCKER ISO image built on 2021/07/26
 
 
 
 ### Download and Verify
 
-2.3.61 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.61.iso
+2.3.61-STENODOCKER ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.61-STENODOCKER.iso
 
-MD5: 538F29F3AB57087FC879108FFC81447C  
-SHA1: C2239206572CBEB697CFA2A4850A16A54BF5FB0D  
-SHA256: F5035361B63D1EE8D87CE7B0D8333E521A44453274785B62630CAC76C1BEA929 
+MD5: 10815F1F816E75BF15F331B39CB5EBEC  
+SHA1: 2D4F4ACA6FBA35563D76C1296A6A774FF73D67FD  
+SHA256: D9C927C07A2B29C0BD93B1349EB750D4E3CF7F553A14D3EF90593BA660936821 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61-STENODOCKER.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.61-STENODOCKER.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.61.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.61-STENODOCKER.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.61.iso.sig securityonion-2.3.61.iso
+gpg --verify securityonion-2.3.61-STENODOCKER.iso.sig securityonion-2.3.61-STENODOCKER.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Thu 22 Jul 2021 10:28:58 AM EDT using RSA key ID FE507013
+gpg: Signature made Mon 26 Jul 2021 04:34:58 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
diff --git a/sigs/securityonion-2.3.61-STENODOCKER.iso.sig b/sigs/securityonion-2.3.61-STENODOCKER.iso.sig
new file mode 100644
index 0000000000000000000000000000000000000000..aad56a116bacc05e2f3e827b1a3a4552617b59be
GIT binary patch
literal 543
zcmV+)0^t3L0vrSY0RjL91p;9I9C82(2@re`V7LBIa1;Ja5CDb<T+<4;4fF+%1E)WJ
z03cwXcNHL^2~BWecf8Lj&hQP{B)m7iV)9k7Hed}5VKKNL&CksvXhfcbM%O#cAWejw
zw&<;>*OA52SHJr<J2MS5=eG0x|E*`so12Gsh@9~LJ?N3Sc26*Meha}!GDw|&5)oEK
z_^oEIOAn*W)mRL(>&V3ysp(JvMaW0`XS2SS9Zv4+><`?ag#M(!na*P|!Q{=$5F;o0
z2DxmH{iT_8CEtKs&2aJIbdDhN7t_HML&(AJJxjwiAs>A`o%iBd0MbvTeDBjQFgX}`
zhU2HD3`dd(KRzNTAKD5bjQbGUY27qY{wU8!NQ-P>CjIjC+4EF9p?@L;>tr)7nzkP-
zgG2g<W&JT>-<`}JuaLJuT|OE20GrBYP3S-LsF1a3cirRb*R^aMpk=E+pGfnn4U5YZ
z%J%6)v>@MNm-|q?&x7Q;37Jbhh%>`W{>vVw#&VV!Ye|$($Wo6SwHExGT&E-&zZ+EC
z*Q_k)URQiP6C6c~Us@E_#k6uq3Pw&8Za2d|Wawf*%*a)>7AAq!nJ(kq7l7@R!lwt^
zT+?~13_k=nGdnE8<Zq+|ro8<E)~O#WK+3Yjt_E&sEQu1D*cl3F0_bF2_YoRLt7d}{
h&DUu}@3Y*e3Oi*Sp%l91rpHusDj?E2@USxDs6Cvi1n&R<

literal 0
HcmV?d00001