Merge pull request #11879 from Security-Onion-Solutions/dev

2.3.280
2025-12-06 01:02:46 +01:00 · 2023-11-28 15:21:56 -05:00
parent 3839e52401 84d6fcb752
commit d5d2b5fbc7
11 changed files with 59 additions and 22 deletions
--- a/README.md
+++ b/README.md
@@ -2,6 +2,20 @@

 Security Onion 2.3 is here!

+## End Of Life Warning
+
+Security Onion 2.3 reaches End Of Life (EOL) on April 6, 2024:
+
+https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html
+
+For new installations, please see the 2.4 branch of this repo:
+
+https://github.com/Security-Onion-Solutions/securityonion/tree/2.4/main
+
+If you have an existing 2.3 installation and would like to migrate to 2.4, please see:
+
+https://docs.securityonion.net/en/2.4/appendix.html
+
 ## Screenshots

 Alerts
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.270-20231006 ISO image built on 2023/10/06
+### 2.3.280-20231128 ISO image built on 2023/11/28



 ### Download and Verify

-2.3.270-20231006 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.270-20231006.iso
+2.3.280-20231128 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.280-20231128.iso

-MD5: 3FC7A37EA402A5F0C6609D7431387575  
-SHA1: 979851603E431EE9670A1576E5DCCD838CEDA294  
-SHA256: 34F72EDEA9A62E1545347A31DEDEDD099D824466EC52B8674ACC7DB6D7E8B943 
+MD5: 0BC68BD73547B7E2FBA6F53BEC174590  
+SHA1: 1D33C565D37772FE7A3C3FE3ECB05FC1AC1EBFF1  
+SHA256: ADBD9DC9E1B266B18E0FDBDF084073EF926C565041858060D283CDAEF021EE11 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.270-20231006.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.280-20231128.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.270-20231006.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.280-20231128.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.270-20231006.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.280-20231128.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.270-20231006.iso.sig securityonion-2.3.270-20231006.iso
+gpg --verify securityonion-2.3.280-20231128.iso.sig securityonion-2.3.280-20231128.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Thu 21 Sep 2023 10:43:13 AM EDT using RSA key ID FE507013
+gpg: Signature made Mon 27 Nov 2023 05:09:34 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/2
+++ b/2
@@ -1 +1 @@
-2.3.270
+2.3.280
--- a/pillar/zeek/init.sls
+++ b/pillar/zeek/init.sls
@@ -42,12 +42,13 @@ zeek:
      - frameworks/files/hash-all-files
      - frameworks/files/detect-MHR
      - policy/frameworks/notice/extend-email/hostnames
+      - policy/frameworks/notice/community-id
+      - policy/protocols/conn/community-id-logging
      - ja3
      - hassh
      - intel
      - cve-2020-0601
      - securityonion/bpfconf
-      - securityonion/communityid
      - securityonion/file-extraction
      - oui-logging
      - icsnpp-modbus
--- a/salt/ca/files/signing_policies.conf
+++ b/salt/ca/files/signing_policies.conf
@@ -37,7 +37,7 @@ x509_signing_policies:
    - ST: Utah
    - L: Salt Lake City
    - basicConstraints: "critical CA:false"
-    - keyUsage: "critical keyEncipherment"
+    - keyUsage: "critical keyEncipherment, digitalSignature"
    - subjectKeyIdentifier: hash
    - authorityKeyIdentifier: keyid,issuer:always
    - extendedKeyUsage: serverAuth
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -580,6 +580,7 @@ preupgrade_changes() {
    [[ "$INSTALLEDVERSION" == 2.3.240 ]] && up_to_2.3.250
    [[ "$INSTALLEDVERSION" == 2.3.250 ]] && up_to_2.3.260
    [[ "$INSTALLEDVERSION" == 2.3.260 ]] && up_to_2.3.270
+    [[ "$INSTALLEDVERSION" == 2.3.270 ]] && up_to_2.3.280
    
    true
 }
@@ -612,6 +613,7 @@ postupgrade_changes() {
    [[ "$POSTVERSION" == 2.3.240 ]] && post_to_2.3.250
    [[ "$POSTVERSION" == 2.3.250 ]] && post_to_2.3.260
    [[ "$POSTVERSION" == 2.3.260 ]] && post_to_2.3.270
+    [[ "$POSTVERSION" == 2.3.270 ]] && post_to_2.3.280

    true
 }
@@ -772,6 +774,17 @@ post_to_2.3.270() {
  POSTVERSION=2.3.270
 }

+post_to_2.3.280() {
+  salt-call state.apply ca queue=True
+  stop_salt_minion
+  mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
+  mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
+  systemctl_func "start" "salt-minion"
+  enable_highstate
+  POSTVERSION=2.3.280
+}
+
+
 stop_salt_master() {
    # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
    set +e
@@ -1137,6 +1150,11 @@ up_to_2.3.270() {
  INSTALLEDVERSION=2.3.270
 }

+up_to_2.3.280() {
+  echo "Upgrading to 2.3.280"
+  INSTALLEDVERSION=2.3.280
+}
+
 verify_upgradespace() {
  CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
  if [ "$CURRENTSPACE" -lt "10" ]; then
@@ -1720,8 +1738,12 @@ if [[ -z $UNATTENDED ]]; then

 SOUP - Security Onion UPdater

+**WARNING** Security Onion 2.3 reaches End Of Life (EOL) on April 6, 2024.
+Please make plans to migrate to Security Onion 2.4:
+https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html
+
 Please review the following for more information about the update process and recent updates:
-https://docs.securityonion.net/soup
+https://docs.securityonion.net/en/2.3/soup.html
 https://blog.securityonion.net

 EOF
--- a/salt/kibana/bin/so-kibana-config-load
+++ b/salt/kibana/bin/so-kibana-config-load
@@ -59,7 +59,7 @@ update() {

    IFS=$'\r\n' GLOBIGNORE='*' command eval  'LINES=($(cat $1))'
    for i in "${LINES[@]}"; do
-      RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.8.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
+      RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.10.4" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
      echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
    done
 
--- a/salt/kibana/files/config_saved_objects.ndjson
+++ b/salt/kibana/files/config_saved_objects.ndjson
@@ -1 +1 @@
-{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion": "8.8.2","id": "8.8.2","references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}
+{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion": "8.10.4","id": "8.10.4","references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}
--- a/salt/nginx/init.sls
+++ b/salt/nginx/init.sls
@@ -118,6 +118,10 @@ so-nginx:
    - watch:
      - file: nginxconf
      - file: nginxconfdir
+  {% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %}
+      - x509: managerssl_key
+      - x509: managerssl_crt
+  {% endif %}
    - require:
      - file: nginxconf
  {% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %}
--- a/salt/suricata/afpacket.map.jinja
+++ b/salt/suricata/afpacket.map.jinja
@@ -1,6 +1,6 @@
 {% load_yaml as afpacket %}
 af-packet:
-  - interface: {{ salt['pillar.get']('sensor:interface', 'bond0') }}
+  - interface: {{ None if grains.role == 'so-import' else salt['pillar.get']('sensor:interface', 'bond0') }}
    cluster-id: 59
    cluster-type: cluster_flow
    defrag: yes
@@ -8,8 +8,4 @@ af-packet:
    threads: {{ salt['pillar.get']('sensor:suriprocs', salt['pillar.get']('sensor:suripins') | length) }}
    tpacket-v3: yes
    ring-size: {{ salt['pillar.get']('sensor:suriringsize', '5000') }}
-  - interface: default
-    #threads: auto
-    #use-mmap: no
-    #tpacket-v3: yes
 {% endload %}
--- a/sigs/securityonion-2.3.280-20231128.iso.sig
+++ b/sigs/securityonion-2.3.280-20231128.iso.sig
@@ -1 +1 @@
 .3.270
 .3.280