CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11879 from Security-Onion-Solutions/dev

Browse Source 
2.3.280
This commit is contained in:
Mike Reeves
2023-11-28 15:21:56 -05:00
committed by GitHub
parent 3839e52401 84d6fcb752
commit d5d2b5fbc7
11 changed files with 59 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@@ -2,6 +2,20 @@
Security Onion 2.3 is here! Security Onion 2.3 is here!
## End Of Life Warning
Security Onion 2.3 reaches End Of Life (EOL) on April 6, 2024:
https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html
For new installations, please see the 2.4 branch of this repo:
https://github.com/Security-Onion-Solutions/securityonion/tree/2.4/main
If you have an existing 2.3 installation and would like to migrate to 2.4, please see:
https://docs.securityonion.net/en/2.4/appendix.html
## Screenshots ## Screenshots
Alerts Alerts

22
VERIFY_ISO.md
View File

@@ -1,18 +1,18 @@
### 2.3.270-20231006 ISO image built on 2023/10/06 ### 2.3.280-20231128 ISO image built on 2023/11/28
### Download and Verify ### Download and Verify
2.3.270-20231006 ISO image: 2.3.280-20231128 ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.270-20231006.iso https://download.securityonion.net/file/securityonion/securityonion-2.3.280-20231128.iso
MD5: 3FC7A37EA402A5F0C6609D7431387575 MD5: 0BC68BD73547B7E2FBA6F53BEC174590
SHA1: 979851603E431EE9670A1576E5DCCD838CEDA294 SHA1: 1D33C565D37772FE7A3C3FE3ECB05FC1AC1EBFF1
SHA256: 34F72EDEA9A62E1545347A31DEDEDD099D824466EC52B8674ACC7DB6D7E8B943 SHA256: ADBD9DC9E1B266B18E0FDBDF084073EF926C565041858060D283CDAEF021EE11
Signature for ISO image: Signature for ISO image:
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.270-20231006.iso.sig https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.280-20231128.iso.sig
Signing key: Signing key:
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
Download the signature file for the ISO: Download the signature file for the ISO:
``` ```
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.270-20231006.iso.sig wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.280-20231128.iso.sig
``` ```
Download the ISO image: Download the ISO image:
``` ```
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.270-20231006.iso wget https://download.securityonion.net/file/securityonion/securityonion-2.3.280-20231128.iso
``` ```
Verify the downloaded ISO image using the signature file: Verify the downloaded ISO image using the signature file:
``` ```
gpg --verify securityonion-2.3.270-20231006.iso.sig securityonion-2.3.270-20231006.iso gpg --verify securityonion-2.3.280-20231128.iso.sig securityonion-2.3.280-20231128.iso
``` ```
The output should show "Good signature" and the Primary key fingerprint should match what's shown below: The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
``` ```
gpg: Signature made Thu 21 Sep 2023 10:43:13 AM EDT using RSA key ID FE507013 gpg: Signature made Mon 27 Nov 2023 05:09:34 PM EST using RSA key ID FE507013
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>" gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.

2
VERSION
View File

@@ -1 +1 @@
2.3.270 2.3.280

3
pillar/zeek/init.sls
View File

@@ -42,12 +42,13 @@ zeek:
- frameworks/files/hash-all-files - frameworks/files/hash-all-files
- frameworks/files/detect-MHR - frameworks/files/detect-MHR
- policy/frameworks/notice/extend-email/hostnames - policy/frameworks/notice/extend-email/hostnames
- policy/frameworks/notice/community-id
- policy/protocols/conn/community-id-logging
- ja3 - ja3
- hassh - hassh
- intel - intel
- cve-2020-0601 - cve-2020-0601
- securityonion/bpfconf - securityonion/bpfconf
- securityonion/communityid
- securityonion/file-extraction - securityonion/file-extraction
- oui-logging - oui-logging
- icsnpp-modbus - icsnpp-modbus

2
salt/ca/files/signing_policies.conf
View File

@@ -37,7 +37,7 @@ x509_signing_policies:
- ST: Utah - ST: Utah
- L: Salt Lake City - L: Salt Lake City
- basicConstraints: "critical CA:false" - basicConstraints: "critical CA:false"
- keyUsage: "critical keyEncipherment" - keyUsage: "critical keyEncipherment, digitalSignature"
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- extendedKeyUsage: serverAuth - extendedKeyUsage: serverAuth

24
salt/common/tools/sbin/soup
View File

@@ -580,6 +580,7 @@ preupgrade_changes() {
[[ "$INSTALLEDVERSION" == 2.3.240 ]] && up_to_2.3.250 [[ "$INSTALLEDVERSION" == 2.3.240 ]] && up_to_2.3.250
[[ "$INSTALLEDVERSION" == 2.3.250 ]] && up_to_2.3.260 [[ "$INSTALLEDVERSION" == 2.3.250 ]] && up_to_2.3.260
[[ "$INSTALLEDVERSION" == 2.3.260 ]] && up_to_2.3.270 [[ "$INSTALLEDVERSION" == 2.3.260 ]] && up_to_2.3.270
[[ "$INSTALLEDVERSION" == 2.3.270 ]] && up_to_2.3.280
true true
} }
@@ -612,6 +613,7 @@ postupgrade_changes() {
[[ "$POSTVERSION" == 2.3.240 ]] && post_to_2.3.250 [[ "$POSTVERSION" == 2.3.240 ]] && post_to_2.3.250
[[ "$POSTVERSION" == 2.3.250 ]] && post_to_2.3.260 [[ "$POSTVERSION" == 2.3.250 ]] && post_to_2.3.260
[[ "$POSTVERSION" == 2.3.260 ]] && post_to_2.3.270 [[ "$POSTVERSION" == 2.3.260 ]] && post_to_2.3.270
[[ "$POSTVERSION" == 2.3.270 ]] && post_to_2.3.280
true true
} }
@@ -772,6 +774,17 @@ post_to_2.3.270() {
POSTVERSION=2.3.270 POSTVERSION=2.3.270
} }
post_to_2.3.280() {
salt-call state.apply ca queue=True
stop_salt_minion
mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
systemctl_func "start" "salt-minion"
enable_highstate
POSTVERSION=2.3.280
}
stop_salt_master() { stop_salt_master() {
# kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
set +e set +e
@@ -1137,6 +1150,11 @@ up_to_2.3.270() {
INSTALLEDVERSION=2.3.270 INSTALLEDVERSION=2.3.270
} }
up_to_2.3.280() {
echo "Upgrading to 2.3.280"
INSTALLEDVERSION=2.3.280
}
verify_upgradespace() { verify_upgradespace() {
CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
if [ "$CURRENTSPACE" -lt "10" ]; then if [ "$CURRENTSPACE" -lt "10" ]; then
@@ -1720,8 +1738,12 @@ if [[ -z $UNATTENDED ]]; then
SOUP - Security Onion UPdater SOUP - Security Onion UPdater
**WARNING** Security Onion 2.3 reaches End Of Life (EOL) on April 6, 2024.
Please make plans to migrate to Security Onion 2.4:
https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html
Please review the following for more information about the update process and recent updates: Please review the following for more information about the update process and recent updates:
https://docs.securityonion.net/soup https://docs.securityonion.net/en/2.3/soup.html
https://blog.securityonion.net https://blog.securityonion.net
EOF EOF

2
salt/kibana/bin/so-kibana-config-load
View File

@@ -59,7 +59,7 @@ update() {
IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))' IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))'
for i in "${LINES[@]}"; do for i in "${LINES[@]}"; do
RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.8.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.10.4" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
done done

2
salt/kibana/files/config_saved_objects.ndjson
View File

@@ -1 +1 @@
{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.8.2","id": "8.8.2","references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} {"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.10.4","id": "8.10.4","references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}

4
salt/nginx/init.sls
View File

@@ -118,6 +118,10 @@ so-nginx:
- watch: - watch:
- file: nginxconf - file: nginxconf
- file: nginxconfdir - file: nginxconfdir
{% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %}
- x509: managerssl_key
- x509: managerssl_crt
{% endif %}
- require: - require:
- file: nginxconf - file: nginxconf
{% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %} {% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %}

6
salt/suricata/afpacket.map.jinja
View File

@@ -1,6 +1,6 @@
{% load_yaml as afpacket %} {% load_yaml as afpacket %}
af-packet: af-packet:
- interface: {{ salt['pillar.get']('sensor:interface', 'bond0') }} - interface: {{ None if grains.role == 'so-import' else salt['pillar.get']('sensor:interface', 'bond0') }}
cluster-id: 59 cluster-id: 59
cluster-type: cluster_flow cluster-type: cluster_flow
defrag: yes defrag: yes
@@ -8,8 +8,4 @@ af-packet:
threads: {{ salt['pillar.get']('sensor:suriprocs', salt['pillar.get']('sensor:suripins') | length) }} threads: {{ salt['pillar.get']('sensor:suriprocs', salt['pillar.get']('sensor:suripins') | length) }}
tpacket-v3: yes tpacket-v3: yes
ring-size: {{ salt['pillar.get']('sensor:suriringsize', '5000') }} ring-size: {{ salt['pillar.get']('sensor:suriringsize', '5000') }}
- interface: default
#threads: auto
#use-mmap: no
#tpacket-v3: yes
{% endload %} {% endload %}

BIN
sigs/securityonion-2.3.280-20231128.iso.sig Normal file
View File

Binary file not shown.