From 85e059a76658e5b78452121db4469b49e65e2266 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 1 Mar 2021 12:16:46 -0500 Subject: [PATCH 1/4] Update VERSION file to 2.3.40 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index ad0b729ff..0f1c3e555 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.30 +2.3.40 From 3983e08fe538c9ebccfa51d54bb0db55556b23e0 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 1 Mar 2021 13:31:05 -0500 Subject: [PATCH 2/4] exclude zeekcaptureloss when suricata metadata selected https://github.com/Security-Onion-Solutions/securityonion/issues/3206 --- salt/telegraf/etc/telegraf.conf | 10 ++++++++++ salt/telegraf/init.sls | 3 +++ 2 files changed, 13 insertions(+) diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index 31be621a0..0c447172f 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -684,8 +684,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", + {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", + {% endif %} "/scripts/oldpcap.sh", "/scripts/raid.sh" ] @@ -697,8 +699,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", + {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", + {% endif %} "/scripts/oldpcap.sh", "/scripts/eps.sh", "/scripts/raid.sh" @@ -713,8 +717,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", + {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", + {% endif %} "/scripts/oldpcap.sh", "/scripts/eps.sh", "/scripts/raid.sh" @@ -728,8 +734,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", + {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", + {% endif %} "/scripts/oldpcap.sh", "/scripts/influxdbsize.sh", "/scripts/raid.sh" @@ -742,8 +750,10 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", + {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %} "/scripts/zeekloss.sh", "/scripts/zeekcaptureloss.sh", + {% endif %} "/scripts/oldpcap.sh", "/scripts/helixeps.sh" ] diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index 81513eee2..2814eb159 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -29,6 +29,9 @@ tgrafsyncscripts: - file_mode: 700 - template: jinja - source: salt://telegraf/scripts +{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'SURICATA' %} + - exclude_pat: zeekcaptureloss.sh +{% endif %} tgrafconf: file.managed: From a197d5addfacd1bf0a6f733d7e6a25858483f831 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 1 Mar 2021 13:58:04 -0500 Subject: [PATCH 3/4] revert version to 2.3.30 https://github.com/Security-Onion-Solutions/securityonion/issues/3206 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 0f1c3e555..ad0b729ff 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.40 +2.3.30 From 64b37cedc75b4f2a585c0e25779bd751a0d4f650 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 1 Mar 2021 14:45:51 -0500 Subject: [PATCH 4/4] Update Signatures --- VERIFY_ISO.md | 8 ++++---- sigs/securityonion-2.3.30.iso.sig | Bin 543 -> 543 bytes 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 0b2a3aab6..bc8793798 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -5,9 +5,9 @@ 2.3.30 ISO image: https://download.securityonion.net/file/securityonion/securityonion-2.3.30.iso -MD5: 7716A56E0F46FA29422B07B30235417B -SHA1: D01C26E4391C80FF690384C1DB77550EA4C1E239 -SHA256: 3BB0CE7F3F84A0D26B00EAF30F7AEB42A3B5C7E9D8E3BA7E160577B1FA3830F6 +MD5: 65202BA0F7661A5E27087F097B8E571E +SHA1: 14E842E39EDBB55A104263281CF25BF88A2E9D67 +SHA256: 210B37B9E3DFC827AFE2940E2C87B175ADA968EDD04298A5926F63D9269847B7 Signature for ISO image: https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.30.iso.sig @@ -39,7 +39,7 @@ gpg --verify securityonion-2.3.30.iso.sig securityonion-2.3.30.iso The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Mon 01 Mar 2021 10:23:05 AM EST using RSA key ID FE507013 +gpg: Signature made Mon 01 Mar 2021 02:15:28 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.30.iso.sig b/sigs/securityonion-2.3.30.iso.sig index b8c8e0734d1966a34ea0a9613a1002d135f7130d..b89b2364a5380530639a3a52ca29c360d7ccf9cf 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;6_Jx~A&2@re`V7LBIa1#`|5C3}SY0h7lG>C5B+6vX3-0w6Ep585QWujv^j0PV9{N=A1@t+NBaKQ={>Hba6>LK_iS<|#2NQ|K>( z&~3dKcX&Jt1>=N=JZ4Y4D-w~g{SZ#2v&Mr;qR;nakoqKi0(9H1*#ulM(kUAcaRDcDK>NxFI4`gT(&Q@@?~&BbDOiPU0YCxI zHJQkfKlOvTuGFLf4z?AbK8;x==&UD*Pjq3YpFYVCiKA_u|_Tl z+3PzEzfm8^Mfm@;d6O;RV84#p)1!3s4Y6ws@I?|vMz=Mu;<^EUu*36QnBmeGHB9)f zq^6N&7wN{Z-*wS=2S~@(L+p)u=Dj>e?xN5%rJ~C+P6A}y>JEUO3 hhBhLBoAoYWc8)1D<6hv__^>KbSk{m&8KPAJTGKgu0zd!& literal 543 zcmV+)0^t3L0vrSY0RjL91p;6_2H5}#2@re`V7LBIa1%~`5C2%hKP>eFBLTo&$6Mm! zfz!M*GmT+zUC==+<`~Bla!PHQu)l!j5}2n!V#XMN#r#)oUMCC_-js|u#MY{PouY{# z^#=;;J2CBL8;*@ z;lFylYpt^0x!XG%&U$0}jJGL=skK{cji*ny=tfdK&MVM<1N`%p3+^LNCH?;pe9DFD zi~)#3(9&sco4RIB-=|CEVZM5R-9D~%6>1#^CyA`@RvaLOe!s(wFG)ofZ@dK){bc4) zD8&F>Rl#NRjgCk`D!UsNet{q7-8;Z!RnliH?&B-59U)qDcTZgtvw3_*4QX7np=b-@ z#uE-ff6kpRK0`jwY(fR)k5)#Ur_7;%R3l@VI$X@7c9k9(?yiLU_^t(GOB}VCzJMDx z{B)KO6H!VJzPG}|3gtYg)2h{+@{sF|FN;|%@`c60)P467_|{ILC$ZP_r}@}_Ez hGGl6b