diff --git a/HOTFIX b/HOTFIX index aa8e22a9c..e2deb48db 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ -20220202 20220203 +20220202 20220203 20220301 diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 376d4328f..ec72e3d13 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.100-20220203 ISO image built on 2022/02/03 +### 2.3.100-20220301 ISO image built on 2022/03/01 ### Download and Verify -2.3.100-20220203 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220203.iso +2.3.100-20220301 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220301.iso -MD5: 14705B2F2F9C973D944A4545449799C5 -SHA1: D73405BE3DE404DE19979B58DEA6F22F434E622D -SHA256: 3DD54ACBFDE0047A5EA238415F025ADB6D6AAFF53BEE084A602327CB3242B580 +MD5: 53A992D6321B7C33440219BAD9157769 +SHA1: D730157F4847EB91393CF0C1A22410708312F605 +SHA256: F6C0E55968ED1F0AA35CB9E1F7FF5BEB27673638A4F2223302B301360BC401A1 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220203.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220301.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220203.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220301.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220203.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220301.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.100-20220203.iso.sig securityonion-2.3.100-20220203.iso +gpg --verify securityonion-2.3.100-20220301.iso.sig securityonion-2.3.100-20220301.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 03 Feb 2022 03:35:03 PM EST using RSA key ID FE507013 +gpg: Signature made Tue 01 Mar 2022 03:14:02 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/salt/curator/files/action/delete.yml b/salt/curator/files/action/delete.yml index fb3945c1d..6e31b03b6 100644 --- a/salt/curator/files/action/delete.yml +++ b/salt/curator/files/action/delete.yml @@ -18,6 +18,10 @@ actions: - filtertype: pattern kind: regex value: '^(logstash-.*|so-.*)$' + - filtertype: pattern + kind: regex + value: '^(so-case.*)$' + exclude: True - filtertype: space source: creation_date use_age: True diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index eb38c73dc..b872a7aeb 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -34,9 +34,13 @@ overlimit() { closedindices() { - INDICES=$({{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed 2> /dev/null) + # If we can't query Elasticsearch, then immediately return false. + {{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed >/dev/null 2>&1 [ $? -eq 1 ] && return false - echo ${INDICES} | grep -q -E "(logstash-|so-)" + # First, get the list of closed indices using _cat/indices?h=index\&expand_wildcards=closed. + # Next, filter out any so-case indices. + # Finally, use grep's -q option to return true if there are any remaining logstash- or so- indices. + {{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | grep -v "so-case" | grep -q -E "(logstash-|so-)" } # Check for 2 conditions: @@ -47,9 +51,10 @@ while overlimit && closedindices; do # We need to determine OLDEST_INDEX: # First, get the list of closed indices using _cat/indices?h=index\&expand_wildcards=closed. - # Then, sort by date by telling sort to use hyphen as delimiter and then sort on the third field. + # Next, filter out any so-case indices and only select the remaining logstash- or so- indices. + # Then, sort by date by telling sort to use hyphen as delimiter and sort on the third field. # Finally, select the first entry in that sorted list. - OLDEST_INDEX=$({{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | grep -E "(logstash-|so-)" | sort -t- -k3 | head -1) + OLDEST_INDEX=$({{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | grep -v "so-case" | grep -E "(logstash-|so-)" | sort -t- -k3 | head -1) # Now that we've determined OLDEST_INDEX, ask Elasticsearch to delete it. {{ ELASTICCURL }} -XDELETE -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX} diff --git a/sigs/securityonion-2.3.100-20220301.iso.sig b/sigs/securityonion-2.3.100-20220301.iso.sig new file mode 100644 index 000000000..d4f6b021c Binary files /dev/null and b/sigs/securityonion-2.3.100-20220301.iso.sig differ