diff --git a/README.md b/README.md index 1c0a31212..d2efc98cf 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,20 @@ Security Onion 2.3 is here! +## End Of Life Warning + +Security Onion 2.3 reaches End Of Life (EOL) on April 6, 2024: + +https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html + +For new installations, please see the 2.4 branch of this repo: + +https://github.com/Security-Onion-Solutions/securityonion/tree/2.4/main + +If you have an existing 2.3 installation and would like to migrate to 2.4, please see: + +https://docs.securityonion.net/en/2.4/appendix.html + ## Screenshots Alerts diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 947595175..eac8bf648 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.270-20231006 ISO image built on 2023/10/06 +### 2.3.280-20231128 ISO image built on 2023/11/28 ### Download and Verify -2.3.270-20231006 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.270-20231006.iso +2.3.280-20231128 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.280-20231128.iso -MD5: 3FC7A37EA402A5F0C6609D7431387575 -SHA1: 979851603E431EE9670A1576E5DCCD838CEDA294 -SHA256: 34F72EDEA9A62E1545347A31DEDEDD099D824466EC52B8674ACC7DB6D7E8B943 +MD5: 0BC68BD73547B7E2FBA6F53BEC174590 +SHA1: 1D33C565D37772FE7A3C3FE3ECB05FC1AC1EBFF1 +SHA256: ADBD9DC9E1B266B18E0FDBDF084073EF926C565041858060D283CDAEF021EE11 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.270-20231006.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.280-20231128.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.270-20231006.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.280-20231128.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.270-20231006.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.280-20231128.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.270-20231006.iso.sig securityonion-2.3.270-20231006.iso +gpg --verify securityonion-2.3.280-20231128.iso.sig securityonion-2.3.280-20231128.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 21 Sep 2023 10:43:13 AM EDT using RSA key ID FE507013 +gpg: Signature made Mon 27 Nov 2023 05:09:34 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/VERSION b/VERSION index 415d027e4..a62523bfc 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.270 +2.3.280 diff --git a/pillar/zeek/init.sls b/pillar/zeek/init.sls index 01023fb60..64316838f 100644 --- a/pillar/zeek/init.sls +++ b/pillar/zeek/init.sls @@ -42,12 +42,13 @@ zeek: - frameworks/files/hash-all-files - frameworks/files/detect-MHR - policy/frameworks/notice/extend-email/hostnames + - policy/frameworks/notice/community-id + - policy/protocols/conn/community-id-logging - ja3 - hassh - intel - cve-2020-0601 - securityonion/bpfconf - - securityonion/communityid - securityonion/file-extraction - oui-logging - icsnpp-modbus diff --git a/salt/ca/files/signing_policies.conf b/salt/ca/files/signing_policies.conf index 1e05be006..206e8e998 100644 --- a/salt/ca/files/signing_policies.conf +++ b/salt/ca/files/signing_policies.conf @@ -37,7 +37,7 @@ x509_signing_policies: - ST: Utah - L: Salt Lake City - basicConstraints: "critical CA:false" - - keyUsage: "critical keyEncipherment" + - keyUsage: "critical keyEncipherment, digitalSignature" - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - extendedKeyUsage: serverAuth diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 993ca4c8c..31ac8c36b 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -580,6 +580,7 @@ preupgrade_changes() { [[ "$INSTALLEDVERSION" == 2.3.240 ]] && up_to_2.3.250 [[ "$INSTALLEDVERSION" == 2.3.250 ]] && up_to_2.3.260 [[ "$INSTALLEDVERSION" == 2.3.260 ]] && up_to_2.3.270 + [[ "$INSTALLEDVERSION" == 2.3.270 ]] && up_to_2.3.280 true } @@ -612,6 +613,7 @@ postupgrade_changes() { [[ "$POSTVERSION" == 2.3.240 ]] && post_to_2.3.250 [[ "$POSTVERSION" == 2.3.250 ]] && post_to_2.3.260 [[ "$POSTVERSION" == 2.3.260 ]] && post_to_2.3.270 + [[ "$POSTVERSION" == 2.3.270 ]] && post_to_2.3.280 true } @@ -772,6 +774,17 @@ post_to_2.3.270() { POSTVERSION=2.3.270 } +post_to_2.3.280() { + salt-call state.apply ca queue=True + stop_salt_minion + mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old + mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old + systemctl_func "start" "salt-minion" + enable_highstate + POSTVERSION=2.3.280 +} + + stop_salt_master() { # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts set +e @@ -1137,6 +1150,11 @@ up_to_2.3.270() { INSTALLEDVERSION=2.3.270 } +up_to_2.3.280() { + echo "Upgrading to 2.3.280" + INSTALLEDVERSION=2.3.280 +} + verify_upgradespace() { CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') if [ "$CURRENTSPACE" -lt "10" ]; then @@ -1720,8 +1738,12 @@ if [[ -z $UNATTENDED ]]; then SOUP - Security Onion UPdater +**WARNING** Security Onion 2.3 reaches End Of Life (EOL) on April 6, 2024. +Please make plans to migrate to Security Onion 2.4: +https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html + Please review the following for more information about the update process and recent updates: -https://docs.securityonion.net/soup +https://docs.securityonion.net/en/2.3/soup.html https://blog.securityonion.net EOF diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load index 5bfba8bd0..0f7edb0a1 100644 --- a/salt/kibana/bin/so-kibana-config-load +++ b/salt/kibana/bin/so-kibana-config-load @@ -59,7 +59,7 @@ update() { IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))' for i in "${LINES[@]}"; do - RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.8.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") + RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.10.4" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi done diff --git a/salt/kibana/files/config_saved_objects.ndjson b/salt/kibana/files/config_saved_objects.ndjson index 67554a49f..5b3a0f15e 100644 --- a/salt/kibana/files/config_saved_objects.ndjson +++ b/salt/kibana/files/config_saved_objects.ndjson @@ -1 +1 @@ -{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.8.2","id": "8.8.2","references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} +{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.10.4","id": "8.10.4","references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls index cad20996e..f633077bf 100644 --- a/salt/nginx/init.sls +++ b/salt/nginx/init.sls @@ -118,6 +118,10 @@ so-nginx: - watch: - file: nginxconf - file: nginxconfdir + {% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %} + - x509: managerssl_key + - x509: managerssl_crt + {% endif %} - require: - file: nginxconf {% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %} diff --git a/salt/suricata/afpacket.map.jinja b/salt/suricata/afpacket.map.jinja index a6c390abb..7f2f121ab 100644 --- a/salt/suricata/afpacket.map.jinja +++ b/salt/suricata/afpacket.map.jinja @@ -1,6 +1,6 @@ {% load_yaml as afpacket %} af-packet: - - interface: {{ salt['pillar.get']('sensor:interface', 'bond0') }} + - interface: {{ None if grains.role == 'so-import' else salt['pillar.get']('sensor:interface', 'bond0') }} cluster-id: 59 cluster-type: cluster_flow defrag: yes @@ -8,8 +8,4 @@ af-packet: threads: {{ salt['pillar.get']('sensor:suriprocs', salt['pillar.get']('sensor:suripins') | length) }} tpacket-v3: yes ring-size: {{ salt['pillar.get']('sensor:suriringsize', '5000') }} - - interface: default - #threads: auto - #use-mmap: no - #tpacket-v3: yes {% endload %} diff --git a/sigs/securityonion-2.3.280-20231128.iso.sig b/sigs/securityonion-2.3.280-20231128.iso.sig new file mode 100644 index 000000000..53aed1043 Binary files /dev/null and b/sigs/securityonion-2.3.280-20231128.iso.sig differ