From e8553162a53fa61b55673aaa306ef28cfa09167c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 19 Apr 2021 10:50:42 -0400 Subject: [PATCH 01/56] [refactor] Change how whiptail asks for proxy settings --- salt/manager/init.sls | 6 -- setup/automation/distributed-airgap-manager | 1 - setup/automation/distributed-ami-manager | 1 - setup/automation/distributed-iso-manager | 1 - .../automation/distributed-net-centos-manager | 1 - .../automation/distributed-net-ubuntu-manager | 1 - .../distributed-net-ubuntu-suricata-manager | 1 - setup/automation/eval-airgap | 1 - setup/automation/eval-ami | 1 - setup/automation/eval-iso | 1 - setup/automation/eval-net-centos | 1 - setup/automation/eval-net-ubuntu | 1 - setup/automation/import-airgap | 1 - setup/automation/import-ami | 1 - setup/automation/import-iso | 1 - setup/automation/import-net-centos | 1 - setup/automation/import-net-ubuntu | 1 - setup/automation/standalone-airgap | 1 - setup/automation/standalone-ami | 1 - setup/automation/standalone-iso | 1 - setup/automation/standalone-iso-suricata | 1 - setup/automation/standalone-net-centos | 1 - setup/automation/standalone-net-centos-proxy | 1 - setup/automation/standalone-net-ubuntu | 1 - setup/so-functions | 27 ++++-- setup/so-setup | 11 +-- setup/so-whiptail | 89 ++++++++++++++----- 27 files changed, 89 insertions(+), 67 deletions(-) diff --git a/salt/manager/init.sls b/salt/manager/init.sls index 908ef4502..1d21c95d3 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -18,7 +18,6 @@ {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} -{% set managerproxy = salt['pillar.get']('global:managerupdate', '0') %} {% set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') %} socore_own_saltstack: @@ -35,8 +34,6 @@ socore_own_saltstack: - mode: 750 - replace: False -{% if managerproxy == 1 %} - # Create the directories for apt-cacher-ng aptcacherconfdir: file.directory: @@ -60,7 +57,6 @@ aptcacherlogdir: - makedirs: true # Copy the config - acngcopyconf: file.managed: - name: /opt/so/conf/aptcacher-ng/etc/acng.conf @@ -84,8 +80,6 @@ append_so-aptcacherng_so-status.conf: - name: /opt/so/conf/so-status/so-status.conf - text: so-aptcacherng -{% endif %} - strelka_yara_update_old_1: cron.absent: - user: root diff --git a/setup/automation/distributed-airgap-manager b/setup/automation/distributed-airgap-manager index 3ed1a34f8..ddf44c100 100644 --- a/setup/automation/distributed-airgap-manager +++ b/setup/automation/distributed-airgap-manager @@ -42,7 +42,6 @@ INTERWEBS=AIRGAP # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/distributed-ami-manager b/setup/automation/distributed-ami-manager index 793e07ceb..6f5fb93dc 100644 --- a/setup/automation/distributed-ami-manager +++ b/setup/automation/distributed-ami-manager @@ -41,7 +41,6 @@ install_type=MANAGER # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/distributed-iso-manager b/setup/automation/distributed-iso-manager index 72cedb75e..07a22b588 100644 --- a/setup/automation/distributed-iso-manager +++ b/setup/automation/distributed-iso-manager @@ -41,7 +41,6 @@ install_type=MANAGER # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/distributed-net-centos-manager b/setup/automation/distributed-net-centos-manager index 72cedb75e..07a22b588 100644 --- a/setup/automation/distributed-net-centos-manager +++ b/setup/automation/distributed-net-centos-manager @@ -41,7 +41,6 @@ install_type=MANAGER # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/distributed-net-ubuntu-manager b/setup/automation/distributed-net-ubuntu-manager index 104bf4df4..712db3020 100644 --- a/setup/automation/distributed-net-ubuntu-manager +++ b/setup/automation/distributed-net-ubuntu-manager @@ -41,7 +41,6 @@ install_type=MANAGER # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/distributed-net-ubuntu-suricata-manager b/setup/automation/distributed-net-ubuntu-suricata-manager index d1fdf158d..30aebc122 100644 --- a/setup/automation/distributed-net-ubuntu-suricata-manager +++ b/setup/automation/distributed-net-ubuntu-suricata-manager @@ -41,7 +41,6 @@ install_type=MANAGER # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/eval-airgap b/setup/automation/eval-airgap index 095075a6b..e8deebe69 100644 --- a/setup/automation/eval-airgap +++ b/setup/automation/eval-airgap @@ -42,7 +42,6 @@ INTERWEBS=AIRGAP # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/eval-ami b/setup/automation/eval-ami index 1efab191d..ac8e42728 100644 --- a/setup/automation/eval-ami +++ b/setup/automation/eval-ami @@ -41,7 +41,6 @@ install_type=EVAL # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/eval-iso b/setup/automation/eval-iso index 880b3cc0c..d8a8c800a 100644 --- a/setup/automation/eval-iso +++ b/setup/automation/eval-iso @@ -41,7 +41,6 @@ install_type=EVAL # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/eval-net-centos b/setup/automation/eval-net-centos index 82d2cc9ec..5c0ea36a3 100644 --- a/setup/automation/eval-net-centos +++ b/setup/automation/eval-net-centos @@ -41,7 +41,6 @@ install_type=EVAL # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=0 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/eval-net-ubuntu b/setup/automation/eval-net-ubuntu index 132b8766e..4dc0eceda 100644 --- a/setup/automation/eval-net-ubuntu +++ b/setup/automation/eval-net-ubuntu @@ -41,7 +41,6 @@ install_type=EVAL # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/import-airgap b/setup/automation/import-airgap index 9c394ef2f..dc524e0c3 100644 --- a/setup/automation/import-airgap +++ b/setup/automation/import-airgap @@ -42,7 +42,6 @@ INTERWEBS=AIRGAP # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=0 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/import-ami b/setup/automation/import-ami index 10758be9a..039e9caee 100644 --- a/setup/automation/import-ami +++ b/setup/automation/import-ami @@ -41,7 +41,6 @@ install_type=IMPORT # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=0 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/import-iso b/setup/automation/import-iso index fbfdd364b..6cc3106fd 100644 --- a/setup/automation/import-iso +++ b/setup/automation/import-iso @@ -41,7 +41,6 @@ install_type=IMPORT # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=0 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/import-net-centos b/setup/automation/import-net-centos index f6394bde1..2536c8516 100644 --- a/setup/automation/import-net-centos +++ b/setup/automation/import-net-centos @@ -41,7 +41,6 @@ install_type=IMPORT # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=0 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/import-net-ubuntu b/setup/automation/import-net-ubuntu index ded17d09f..dc72c8184 100644 --- a/setup/automation/import-net-ubuntu +++ b/setup/automation/import-net-ubuntu @@ -41,7 +41,6 @@ install_type=IMPORT # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/standalone-airgap b/setup/automation/standalone-airgap index 649b51e3c..99b003e05 100644 --- a/setup/automation/standalone-airgap +++ b/setup/automation/standalone-airgap @@ -42,7 +42,6 @@ INTERWEBS=AIRGAP # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/standalone-ami b/setup/automation/standalone-ami index 7200d3637..c006b28fb 100644 --- a/setup/automation/standalone-ami +++ b/setup/automation/standalone-ami @@ -41,7 +41,6 @@ install_type=STANDALONE # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/standalone-iso b/setup/automation/standalone-iso index dd0edb67f..ec972b066 100644 --- a/setup/automation/standalone-iso +++ b/setup/automation/standalone-iso @@ -41,7 +41,6 @@ install_type=STANDALONE # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/standalone-iso-suricata b/setup/automation/standalone-iso-suricata index f4697f308..d6dbc73d2 100644 --- a/setup/automation/standalone-iso-suricata +++ b/setup/automation/standalone-iso-suricata @@ -41,7 +41,6 @@ install_type=STANDALONE # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/standalone-net-centos b/setup/automation/standalone-net-centos index 6b7a7ebac..a711ba878 100644 --- a/setup/automation/standalone-net-centos +++ b/setup/automation/standalone-net-centos @@ -41,7 +41,6 @@ install_type=STANDALONE # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/standalone-net-centos-proxy b/setup/automation/standalone-net-centos-proxy index ee2504a98..1fc245cba 100644 --- a/setup/automation/standalone-net-centos-proxy +++ b/setup/automation/standalone-net-centos-proxy @@ -41,7 +41,6 @@ install_type=STANDALONE # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/automation/standalone-net-ubuntu b/setup/automation/standalone-net-ubuntu index fafb98cd4..a30e2a444 100644 --- a/setup/automation/standalone-net-ubuntu +++ b/setup/automation/standalone-net-ubuntu @@ -41,7 +41,6 @@ install_type=STANDALONE # LSPIPELINEBATCH= # LSPIPELINEWORKERS= MANAGERADV=BASIC -MANAGERUPDATES=1 # MDNS= # MGATEWAY= # MIP= diff --git a/setup/so-functions b/setup/so-functions index a37867b5a..7dd5511fb 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -480,6 +480,21 @@ collect_mtu() { done } +collect_net_method() { + whiptail_net_method + + [[ -n $network_traffic ]] && collect_proxy + + if [[ "$network_traffic" == *"_MANAGER" ]]; then + whiptail_manager_updates_warning + MANAGERUPDATES=1 + fi + + if [[ "$network_traffic" == "PROXY"* ]]; then + collect_proxy no_ask + fi +} + collect_node_es_heap() { whiptail_node_es_heap "$ES_HEAP_SIZE" } @@ -582,7 +597,9 @@ collect_patch_schedule_name_import() { collect_proxy() { [[ -n $TESTING ]] && return - collect_proxy_details || return + local ask=${1:-true} + + collect_proxy_details "$ask" || return while ! proxy_validate; do if whiptail_invalid_proxy; then collect_proxy_details no_ask @@ -2671,10 +2688,10 @@ set_redirect() { set_updates() { if [ "$MANAGERUPDATES" = '1' ]; then if [ "$OS" = 'centos' ]; then - if [[ ! $is_airgap ]]; then - if ! grep -q "$MSRV" /etc/yum.conf; then - echo "proxy=http://$MSRV:3142" >> /etc/yum.conf - fi + if [[ ! $is_airgap ]]; then + if ! grep -q "$MSRV" /etc/yum.conf; then + echo "proxy=http://$MSRV:3142" >> /etc/yum.conf + fi fi else # Set it up so the updates roll through the manager diff --git a/setup/so-setup b/setup/so-setup index ad210048a..0667c99db 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -211,7 +211,7 @@ if ! [[ -f $install_opt_file ]]; then set_main_ip >> $setup_log 2>&1 compare_main_nic_ip reset_proxy - collect_proxy + collect_net_method [[ -n "$so_proxy" ]] && set_proxy >> $setup_log 2>&1 whiptail_net_setup_complete else @@ -319,7 +319,7 @@ if ! [[ -f $install_opt_file ]]; then reset_proxy if [[ -z $is_airgap ]]; then - collect_proxy + collect_net_method [[ -n "$so_proxy" ]] && set_proxy >> $setup_log 2>&1 fi @@ -499,13 +499,6 @@ if [[ $is_manager || $is_import ]]; then get_redirect fi -if [[ ! $is_airgap && ( $is_distmanager || ( $is_sensor || $is_node || $is_fleet_standalone ) && ! $is_eval ) ]]; then - whiptail_manager_updates - if [[ $setup_type == 'network' && $MANAGERUPDATES == 1 ]]; then - whiptail_manager_updates_warning - fi -fi - if [[ $is_distmanager ]]; then collect_soremote_inputs fi diff --git a/setup/so-whiptail b/setup/so-whiptail index 6127a174a..06a1afec1 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1027,6 +1027,68 @@ whiptail_management_interface_setup() { whiptail_check_exitstatus $exitstatus } +whiptail_net_method() { + [ -n "$TESTING" ] && return + + [[ $is_airgap ]] && return + + local pkg_mngr + if [[ $OS = 'centos' ]]; then pkg_mngr="yum"; else pkg_mngr='apt'; fi + + read -r -d '' options_msg <<- EOM + "Direct" - Internet requests connect directly to the Internet. + + EOM + local options=( + " Direct" "" + ) + local proxy_desc="proxy the traffic for git, docker client, wget, curl, ${pkg_mngr}, and various other SO components through a separate server in your environment." + + if [[ $is_minion ]]; then + local mngr_article + if [[ $is_distmanager ]]; then mngr_article="this"; else mngr_article="the"; fi + + read -r -d '' options_msg <<- EOM + ${options_msg} + + "Direct + Manager" - all traffic passes to the Internet normally, but ${pkg_mngr} updates will instead be pulled from ${mngr_article} manager. + + "Proxy" - ${proxy_desc} + + "Proxy + Manager" - proxy all traffic from the "Proxy" option except ${pkg_mngr} updates, which will instead pull from the manager. + EOM + + options+=( + " Direct + Manager" "" + " Proxy" "" + " Proxy + Manager" "" + ) + local height=25 + else + read -r -d '' options_msg <<- EOM + ${options_msg} + + "Proxy" - ${proxy_desc} + EOM + options+=( + " Proxy" "" + ) + local height=17 + fi + + local msg + read -r -d '' msg <<- EOM + How would you like to connect to the Internet? + + $options_msg + EOM + + local option_count=$(( ${#options[@]} / 2 )) + + network_traffic=$(whiptail --title "Security Onion Setup" --menu "$msg" $height 75 $option_count "${options[@]}" 3>&1 1>&2 2>&3) + network_traffic=$(echo "${network_traffic^^}" | tr -d ' ' | tr '+' '_') +} + whiptail_net_setup_complete() { [ -n "$TESTING" ] && return @@ -1161,29 +1223,6 @@ whiptail_manager_error() { whiptail --title "Security Onion Setup" --yesno "$msg" 13 75 || whiptail_check_exitstatus 1 } -whiptail_manager_updates() { - - [ -n "$TESTING" ] && return - - local update_string - update_string=$(whiptail --title "Security Onion Setup" --radiolist \ - "How would you like to download OS package updates for your grid?" 20 75 4 \ - "MANAGER" "Manager node is proxy for updates" ON \ - "OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - - case "$update_string" in - 'MANAGER') - export MANAGERUPDATES='1' - ;; - *) - export MANAGERUPDATES='0' - ;; - esac - -} - whiptail_manager_updates_warning() { [ -n "$TESTING" ] && return @@ -1485,7 +1524,9 @@ whiptail_patch_schedule_select_hours() { whiptail_proxy_ask() { [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --yesno "Do you want to set a proxy server for this installation?" 7 60 --defaultno + local pkg_mngr + if [[ $OS = 'centos' ]]; then pkg_mngr="yum"; else pkg_mngr='apt'; fi + whiptail --title "Security Onion Setup" --yesno "Do you want to proxy the traffic for git, docker client, wget, curl, ${pkg_mngr}, and various other SO components through a separate server in your environment?" 9 65 --defaultno } whiptail_proxy_addr() { From c907d416dfd623601dc27b80625d774f8907ad5c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 19 Apr 2021 11:27:17 -0400 Subject: [PATCH 02/56] Set proxy for apt cacher too --- salt/manager/files/acng/acng.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/manager/files/acng/acng.conf b/salt/manager/files/acng/acng.conf index 3492cf111..df934643b 100644 --- a/salt/manager/files/acng/acng.conf +++ b/salt/manager/files/acng/acng.conf @@ -90,3 +90,7 @@ PassThroughPattern: (repo\.securityonion\.net:443|download\.docker\.com:443|mirr # MaxDlSpeed: 500 # MaxInresponsiveDlSize: 64000 # BadRedirDetectMime: text/html +{% set proxy = salt['pillar.get']('manager:proxy') -%} +{{ if proxy }} +Proxy: {{ proxy }} +{{ endif }} From 59247b4579db88a914a274060a0e259fb42df9f8 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 19 Apr 2021 13:45:01 -0400 Subject: [PATCH 03/56] Add exit check to new menu --- setup/so-whiptail | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/setup/so-whiptail b/setup/so-whiptail index 06a1afec1..35c9f53ab 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1086,6 +1086,10 @@ whiptail_net_method() { local option_count=$(( ${#options[@]} / 2 )) network_traffic=$(whiptail --title "Security Onion Setup" --menu "$msg" $height 75 $option_count "${options[@]}" 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + network_traffic=$(echo "${network_traffic^^}" | tr -d ' ' | tr '+' '_') } From 002fa990559f75f2ed6eb86036c2d3b0052daa24 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 19 Apr 2021 13:47:50 -0400 Subject: [PATCH 04/56] Fix whiptail order --- setup/so-setup | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 0667c99db..6353cb996 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -302,6 +302,10 @@ if ! [[ -f $install_opt_file ]]; then source "$net_init_file" fi + if [[ $is_minion ]]; then + collect_mngr_hostname + fi + if [[ $is_minion ]] || [[ $reinit_networking ]] || [[ $is_iso ]] && ! [[ -f $net_init_file ]]; then whiptail_management_interface_setup fi @@ -313,10 +317,6 @@ if ! [[ -f $install_opt_file ]]; then set_main_ip >> $setup_log 2>&1 compare_main_nic_ip - if [[ $is_minion ]]; then - collect_mngr_hostname - fi - reset_proxy if [[ -z $is_airgap ]]; then collect_net_method From 07e0ce563da0e154d7e439f3555d2f2a1e1fd800 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 19 Apr 2021 13:50:30 -0400 Subject: [PATCH 05/56] Symmetrical spaces + remove useless logic --- setup/so-whiptail | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 35c9f53ab..b5cf52a68 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1040,14 +1040,11 @@ whiptail_net_method() { EOM local options=( - " Direct" "" + " Direct " "" ) local proxy_desc="proxy the traffic for git, docker client, wget, curl, ${pkg_mngr}, and various other SO components through a separate server in your environment." if [[ $is_minion ]]; then - local mngr_article - if [[ $is_distmanager ]]; then mngr_article="this"; else mngr_article="the"; fi - read -r -d '' options_msg <<- EOM ${options_msg} @@ -1059,9 +1056,9 @@ whiptail_net_method() { EOM options+=( - " Direct + Manager" "" - " Proxy" "" - " Proxy + Manager" "" + " Direct + Manager " "" + " Proxy " "" + " Proxy + Manager " "" ) local height=25 else @@ -1071,7 +1068,7 @@ whiptail_net_method() { "Proxy" - ${proxy_desc} EOM options+=( - " Proxy" "" + " Proxy " "" ) local height=17 fi From ba9a45bd0f4e663f349ae2b857fd95ed42d4bfa8 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 19 Apr 2021 14:02:00 -0400 Subject: [PATCH 06/56] Split network init + ssh copy notices --- setup/so-setup | 18 ++++++------- setup/so-whiptail | 68 +++++++++++++++++++---------------------------- 2 files changed, 37 insertions(+), 49 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 6353cb996..f75e195b8 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -203,7 +203,7 @@ if ! [[ -f $install_opt_file ]]; then if [[ $option == "CONFIGURENETWORK" ]]; then collect_hostname network_init_whiptail - whiptail_management_interface_setup + whiptail_network_init_notice network_init printf '%s\n' \ "MNIC=$MNIC" \ @@ -302,15 +302,8 @@ if ! [[ -f $install_opt_file ]]; then source "$net_init_file" fi - if [[ $is_minion ]]; then - collect_mngr_hostname - fi - - if [[ $is_minion ]] || [[ $reinit_networking ]] || [[ $is_iso ]] && ! [[ -f $net_init_file ]]; then - whiptail_management_interface_setup - fi - if [[ $reinit_networking ]] || ! [[ -f $net_init_file ]]; then + whiptail_network_init_notice network_init fi @@ -323,14 +316,21 @@ if ! [[ -f $install_opt_file ]]; then [[ -n "$so_proxy" ]] && set_proxy >> $setup_log 2>&1 fi + if [[ $is_minion ]]; then + collect_mngr_hostname + fi + if [[ $is_minion ]]; then add_mngr_ip_to_hosts fi if [[ $is_minion ]]; then + whiptail_ssh_key_copy_notice copy_ssh_key >> $setup_log 2>&1 fi + + if [[ $is_minion ]] && ! (compare_versions); then info "Installer version mismatch, downloading correct version from manager" printf '%s\n' \ diff --git a/setup/so-whiptail b/setup/so-whiptail index b5cf52a68..392d46078 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -987,46 +987,6 @@ whiptail_management_nic() { } -whiptail_management_interface_setup() { - [ -n "$TESTING" ] && return - - local minion_msg - local msg - local line_count - - if [[ $is_minion ]]; then - line_count=11 - minion_msg="copy the ssh key for soremote to the manager. This will bring you to the command line temporarily to accept the manager's ECDSA certificate and enter the password for soremote" - else - line_count=9 - minion_msg="" - fi - - if [[ $is_iso ]]; then - if [[ $minion_msg != "" ]]; then - if [[ -f $net_init_file ]]; then - msg=$minion_msg - else - msg="initialize networking and $minion_msg" - fi - else - msg="initialize networking" - fi - else - msg=$minion_msg - fi - - read -r -d '' message <<- EOM - Setup will now $msg. - - Select OK to continue. - EOM - - whiptail --title "Security Onion Setup" --msgbox "$message" $line_count 75 - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - whiptail_net_method() { [ -n "$TESTING" ] && return @@ -1098,6 +1058,20 @@ whiptail_net_setup_complete() { exit 0 } +whiptail_network_init_notice() { + [ -n "$TESTING" ] && return + + read -r -d '' message <<- EOM + Setup will now initialize networking. + + Select OK to continue. + EOM + + whiptail --title "Security Onion Setup" --msgbox "$message" 9 75 + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + whiptail_management_server() { [ -n "$TESTING" ] && return @@ -1760,6 +1734,20 @@ whiptail_so_allow() { whiptail_check_exitstatus $exitstatus } +whiptail_ssh_key_copy_notice() { + [ -n "$TESTING" ] && return + + read -r -d '' message <<- EOM + Setup will now copy the ssh key for soremote to the manager. This will bring you to the command line temporarily to accept the manager's ECDSA certificate and enter the password for soremote. + + Select OK to continue. + EOM + + whiptail --title "Security Onion Setup" --msgbox "$message" 11 75 + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + whitpail_ssh_warning() { [ -n "$TESTING" ] && return From 7948906f51486a04d693e0f726f1cb348b7decba Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 19 Apr 2021 14:04:01 -0400 Subject: [PATCH 07/56] Fix minion airgap logic --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index f75e195b8..4cb9c98a2 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -264,7 +264,7 @@ elif [ "$install_type" = 'ANALYST' ]; then fi # Check if this is an airgap install -if [[ $is_iso || $is_minion ]]; then +if [[ ( $is_manager || $is_import || $is_minion ) && $is_iso ]]; then whiptail_airgap if [[ "$INTERWEBS" == 'AIRGAP' ]]; then is_airgap=true From d8457255cb357c6dac80eeaeb71c95cfa7df656f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 19 Apr 2021 14:06:10 -0400 Subject: [PATCH 08/56] n -> z --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 7dd5511fb..73eef96c2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -483,7 +483,7 @@ collect_mtu() { collect_net_method() { whiptail_net_method - [[ -n $network_traffic ]] && collect_proxy + [[ -z $network_traffic ]] && collect_proxy if [[ "$network_traffic" == *"_MANAGER" ]]; then whiptail_manager_updates_warning From b37da027fd4c0d480110ec6e919bf5e34e94055c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 19 Apr 2021 14:08:25 -0400 Subject: [PATCH 09/56] ECDSA to ED25519 --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 392d46078..ce6f0c112 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1738,7 +1738,7 @@ whiptail_ssh_key_copy_notice() { [ -n "$TESTING" ] && return read -r -d '' message <<- EOM - Setup will now copy the ssh key for soremote to the manager. This will bring you to the command line temporarily to accept the manager's ECDSA certificate and enter the password for soremote. + Setup will now copy the ssh key for soremote to the manager. This will bring you to the command line temporarily to accept the manager's ED25519 certificate and enter the password for soremote. Select OK to continue. EOM From d2067a42bdccc8b2f85bc2d55a45a516abe13f6f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 19 Apr 2021 14:12:53 -0400 Subject: [PATCH 10/56] Don't skip new menu on airgap minions --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index ce6f0c112..a04636f6a 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -990,7 +990,7 @@ whiptail_management_nic() { whiptail_net_method() { [ -n "$TESTING" ] && return - [[ $is_airgap ]] && return + [[ $is_airgap && ! $is_minion ]] && return local pkg_mngr if [[ $OS = 'centos' ]]; then pkg_mngr="yum"; else pkg_mngr='apt'; fi From b4499557115ccca8f80f41dc707e1493b83b0cb1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 19 Apr 2021 16:26:53 -0400 Subject: [PATCH 11/56] Proxy whiptail fixes * Don't try to set up proxy/manager proxy during network only flow * Fix logic to never show new menu on airgap, set MANAGERUPDATES to 1 on airgap minions --- setup/so-functions | 2 -- setup/so-setup | 5 +---- setup/so-whiptail | 2 -- 3 files changed, 1 insertion(+), 8 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 73eef96c2..198178d03 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -483,8 +483,6 @@ collect_mtu() { collect_net_method() { whiptail_net_method - [[ -z $network_traffic ]] && collect_proxy - if [[ "$network_traffic" == *"_MANAGER" ]]; then whiptail_manager_updates_warning MANAGERUPDATES=1 diff --git a/setup/so-setup b/setup/so-setup index 4cb9c98a2..aa6ce489e 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -210,9 +210,6 @@ if ! [[ -f $install_opt_file ]]; then "HOSTNAME=$HOSTNAME" > "$net_init_file" set_main_ip >> $setup_log 2>&1 compare_main_nic_ip - reset_proxy - collect_net_method - [[ -n "$so_proxy" ]] && set_proxy >> $setup_log 2>&1 whiptail_net_setup_complete else true @@ -428,7 +425,7 @@ fi if [[ $is_airgap ]]; then PATCHSCHEDULENAME=${PATCHSCHEDULENAME:-manual} - MANAGERUPDATES=${MANAGERUPDATES:-0} + [[ ! $is_minion ]] && MANAGERUPDATES=${MANAGERUPDATES:-0} || MANAGERUPDATES=${MANAGERUPDATES:-1} fi # Start user prompts diff --git a/setup/so-whiptail b/setup/so-whiptail index a04636f6a..03011e7c6 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -990,8 +990,6 @@ whiptail_management_nic() { whiptail_net_method() { [ -n "$TESTING" ] && return - [[ $is_airgap && ! $is_minion ]] && return - local pkg_mngr if [[ $OS = 'centos' ]]; then pkg_mngr="yum"; else pkg_mngr='apt'; fi From bbf16d0f11b5da8b39ac1243dc68553ec3993245 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 20 Apr 2021 11:34:17 -0400 Subject: [PATCH 12/56] Show airgap prompt within if statement + persist variable for node installs --- setup/so-setup | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index aa6ce489e..08d67d2da 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -260,19 +260,19 @@ elif [ "$install_type" = 'ANALYST' ]; then is_analyst=true fi -# Check if this is an airgap install -if [[ ( $is_manager || $is_import || $is_minion ) && $is_iso ]]; then - whiptail_airgap - if [[ "$INTERWEBS" == 'AIRGAP' ]]; then - is_airgap=true - fi -fi - if [[ $is_manager || $is_import ]]; then check_elastic_license fi if ! [[ -f $install_opt_file ]]; then + # Check if this is an airgap install + if [[ ( $is_manager || $is_import || $is_minion ) && $is_iso ]]; then + whiptail_airgap + if [[ "$INTERWEBS" == 'AIRGAP' ]]; then + is_airgap=true + fi + fi + if [[ $is_manager && $is_sensor ]]; then check_requirements "standalone" elif [[ $is_fleet_standalone ]]; then @@ -326,8 +326,6 @@ if ! [[ -f $install_opt_file ]]; then copy_ssh_key >> $setup_log 2>&1 fi - - if [[ $is_minion ]] && ! (compare_versions); then info "Installer version mismatch, downloading correct version from manager" printf '%s\n' \ @@ -336,6 +334,7 @@ if ! [[ -f $install_opt_file ]]; then "HOSTNAME=$HOSTNAME" \ "MSRV=$MSRV" \ "MSRVIP=$MSRVIP" \ + "is_airgap=$is_airgap" \ "NODE_DESCRIPTION=\"$NODE_DESCRIPTION\"" > "$install_opt_file" [[ -n $so_proxy ]] && echo "so_proxy=$so_proxy" >> "$install_opt_file" download_repo_tarball From cd0a115ac71b9f7b9a2fd56221c11c30f12a2dd2 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 20 Apr 2021 12:55:00 -0400 Subject: [PATCH 13/56] Fix acng config and don't show changes when proxy string can exist in file --- salt/manager/files/acng/acng.conf | 4 ++-- salt/manager/init.sls | 2 ++ salt/repo/client/init.sls | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/salt/manager/files/acng/acng.conf b/salt/manager/files/acng/acng.conf index df934643b..55a46e616 100644 --- a/salt/manager/files/acng/acng.conf +++ b/salt/manager/files/acng/acng.conf @@ -91,6 +91,6 @@ PassThroughPattern: (repo\.securityonion\.net:443|download\.docker\.com:443|mirr # MaxInresponsiveDlSize: 64000 # BadRedirDetectMime: text/html {% set proxy = salt['pillar.get']('manager:proxy') -%} -{{ if proxy }} +{% if proxy %} Proxy: {{ proxy }} -{{ endif }} +{% endif %} diff --git a/salt/manager/init.sls b/salt/manager/init.sls index 1d21c95d3..91635eb59 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -61,6 +61,8 @@ acngcopyconf: file.managed: - name: /opt/so/conf/aptcacher-ng/etc/acng.conf - source: salt://manager/files/acng/acng.conf + - template: jinja + - show_changes: False # Install the apt-cacher-ng container so-aptcacherng: diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index 5567caac2..cff28fb4a 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -63,6 +63,7 @@ yumconf: - source: salt://repo/client/files/centos/yum.conf.jinja - mode: 644 - template: jinja + - show_changes: False {% endif %} cleanyum: From 369c0b43f57766435c7184d18817978efeee27b3 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 20 Apr 2021 12:55:23 -0400 Subject: [PATCH 14/56] Further jinja fixes --- salt/manager/files/acng/acng.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/manager/files/acng/acng.conf b/salt/manager/files/acng/acng.conf index 55a46e616..993452b57 100644 --- a/salt/manager/files/acng/acng.conf +++ b/salt/manager/files/acng/acng.conf @@ -91,6 +91,6 @@ PassThroughPattern: (repo\.securityonion\.net:443|download\.docker\.com:443|mirr # MaxInresponsiveDlSize: 64000 # BadRedirDetectMime: text/html {% set proxy = salt['pillar.get']('manager:proxy') -%} -{% if proxy %} +{% if proxy -%} Proxy: {{ proxy }} -{% endif %} +{% endif -%} From 95bb757b033220ffcf3ebe662cb13675cdefdd9d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 20 Apr 2021 13:12:55 -0400 Subject: [PATCH 15/56] Fix salt-master check --- setup/so-functions | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 198178d03..fcdb66c15 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -175,10 +175,8 @@ __check_so_status() { } __check_salt_master() { - local salt_master_status - salt_master_status=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" systemctl is-active --quiet salt-master) - [[ -z $salt_master_status ]] && salt_master_status=1 - return $salt_master_status + $sshcmd -i /root/.ssh/so.key soremote@"$MSRV" systemctl is-active --quiet salt-master + return $? } check_network_manager_conf() { From ca9ac46cd2957f6fe309cad27ab47bd27ce8a150 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 20 Apr 2021 13:27:52 -0400 Subject: [PATCH 16/56] Add keypress instruction at end of summary --- setup/so-whiptail | 3 +++ 1 file changed, 3 insertions(+) diff --git a/setup/so-whiptail b/setup/so-whiptail index 03011e7c6..926487f5b 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -616,6 +616,9 @@ whiptail_end_settings() { fi fi + __append_end_msg "" + __append_end_msg "Press TAB to select yes or no." + whiptail --title "The following options have been set, would you like to proceed?" --yesno "$end_msg" 24 75 --scrolltext local exitstatus=$? From 113e558a0538b62ae44fc1ef99f06b8707feef4f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 20 Apr 2021 14:32:17 -0400 Subject: [PATCH 17/56] Set manager early for proxy config --- setup/so-setup | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 08d67d2da..e75bfd8c8 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -307,20 +307,17 @@ if ! [[ -f $install_opt_file ]]; then set_main_ip >> $setup_log 2>&1 compare_main_nic_ip + if [[ $is_minion ]]; then + collect_mngr_hostname + add_mngr_ip_to_hosts + fi + reset_proxy if [[ -z $is_airgap ]]; then collect_net_method [[ -n "$so_proxy" ]] && set_proxy >> $setup_log 2>&1 fi - if [[ $is_minion ]]; then - collect_mngr_hostname - fi - - if [[ $is_minion ]]; then - add_mngr_ip_to_hosts - fi - if [[ $is_minion ]]; then whiptail_ssh_key_copy_notice copy_ssh_key >> $setup_log 2>&1 From 3d9042349561613ca8efdb46cc18ce08f5700f9d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 20 Apr 2021 14:44:58 -0400 Subject: [PATCH 18/56] Fix summary message to preserve empty line --- setup/so-whiptail | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 926487f5b..09346828f 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -616,10 +616,14 @@ whiptail_end_settings() { fi fi - __append_end_msg "" - __append_end_msg "Press TAB to select yes or no." + local msg + read -r -d '' msg <<-EOM + $end_msg - whiptail --title "The following options have been set, would you like to proceed?" --yesno "$end_msg" 24 75 --scrolltext + Press TAB to select yes or no. + EOM + + whiptail --title "The following options have been set, would you like to proceed?" --yesno "$msg" 24 75 --scrolltext local exitstatus=$? whiptail_check_exitstatus $exitstatus From 3f007f102686f7036a274bc8b1480a059cb55526 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 20 Apr 2021 15:18:06 -0400 Subject: [PATCH 19/56] Disable fastestmirror during setup + soup --- salt/common/tools/sbin/so-common | 4 ++++ salt/common/tools/sbin/soup | 3 ++- setup/so-functions | 22 +++++++++++----------- setup/so-setup | 2 ++ 4 files changed, 19 insertions(+), 12 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 97e61e6e2..a425bf7bd 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -122,6 +122,10 @@ check_elastic_license() { fi } +disable_fastestmirror() { + sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf +} + elastic_license() { read -r -d '' message <<- EOM diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 2a1ddab1c..f17c180b8 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -425,8 +425,9 @@ up_2.3.3X_to_2.3.50_repo() { if [[ "$OS" == "centos" ]]; then # Import GPG Keys gpg_rpm_import - if [ $is_airgap -eq 1 ]; then + echo "Disabling fastestmirror." + disable_fastestmirror echo "Deleting unneeded repo files." DELREPOS=('CentOS-Base' 'CentOS-CR' 'CentOS-Debuginfo' 'docker-ce' 'CentOS-fasttrack' 'CentOS-Media' 'CentOS-Sources' 'CentOS-Vault' 'CentOS-x86_64-kernel' 'epel' 'epel-testing' 'saltstack' 'wazuh') diff --git a/setup/so-functions b/setup/so-functions index fcdb66c15..c6925b778 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2321,24 +2321,24 @@ secrets_pillar(){ securityonion_repo() { # Remove all the current repos if [[ "$OS" == "centos" ]]; then - if [[ "$INTERWEBS" == "AIRGAP" ]]; then - echo "This is airgap I don't need to add this repo" + if [[ "$INTERWEBS" == "AIRGAP" ]]; then + echo "This is airgap I don't need to add this repo" else - mkdir -p /root/oldrepos - mv -v /etc/yum.repos.d/* /root/oldrepos/ + mkdir -p /root/oldrepos + mv -v /etc/yum.repos.d/* /root/oldrepos/ ls -la /etc/yum.repos.d/ - rm -rf /etc/yum.repos.d + rm -rf /etc/yum.repos.d yum clean all yum repolist all mkdir -p /etc/yum.repos.d - if [[ ! $is_manager && "$MANAGERUPDATES" == "1" ]]; then - cp -f ../salt/repo/client/files/centos/securityonioncache.repo /etc/yum.repos.d/ - else - cp -f ../salt/repo/client/files/centos/securityonion.repo /etc/yum.repos.d/ - fi + if [[ ! $is_manager && "$MANAGERUPDATES" == "1" ]]; then + cp -f ../salt/repo/client/files/centos/securityonioncache.repo /etc/yum.repos.d/ + else + cp -f ../salt/repo/client/files/centos/securityonion.repo /etc/yum.repos.d/ + fi fi else - echo "This is Ubuntu" + echo "This is Ubuntu" fi } diff --git a/setup/so-setup b/setup/so-setup index e75bfd8c8..d7dd3b660 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -634,6 +634,8 @@ echo "1" > /root/accept_changes set_progress_str 2 'Updating packages' # Import the gpg keys gpg_rpm_import >> $setup_log 2>&1 + info "Disabling fastestmirror" + [[ $OS == 'centos' ]] && disable_fastestmirror if [[ ! $is_airgap ]]; then securityonion_repo >> $setup_log 2>&1 update_packages >> $setup_log 2>&1 From f3d663f0906f86e5b752cfbfcd2c21f924e4aaa6 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 21 Apr 2021 15:59:37 -0400 Subject: [PATCH 20/56] Don't set yum/apt proxy if updating through manager --- setup/so-functions | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index c6925b778..f8c78238d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2410,13 +2410,15 @@ set_proxy() { "}" > /root/.docker/config.json # Set proxy for package manager - if [ "$OS" = 'centos' ]; then - echo "proxy=$so_proxy" >> /etc/yum.conf - else - # Set it up so the updates roll through the manager - printf '%s\n'\ - "Acquire::http::Proxy \"$so_proxy\";"\ - "Acquire::https::Proxy \"$so_proxy\";" > /etc/apt/apt.conf.d/00-proxy.conf + if [[ $MANAGERUPDATES != 1 ]]; then + if [ "$OS" = 'centos' ]; then + echo "proxy=$so_proxy" >> /etc/yum.conf + else + # Set it up so the updates roll through the manager + printf '%s\n'\ + "Acquire::http::Proxy \"$so_proxy\";"\ + "Acquire::https::Proxy \"$so_proxy\";" > /etc/apt/apt.conf.d/00-proxy.conf + fi fi # Set global git proxy @@ -2684,10 +2686,8 @@ set_redirect() { set_updates() { if [ "$MANAGERUPDATES" = '1' ]; then if [ "$OS" = 'centos' ]; then - if [[ ! $is_airgap ]]; then - if ! grep -q "$MSRV" /etc/yum.conf; then - echo "proxy=http://$MSRV:3142" >> /etc/yum.conf - fi + if [[ ! $is_airgap ]] && ! ( grep -q "$MSRV" /etc/yum.conf); then + echo "proxy=http://$MSRV:3142" >> /etc/yum.conf fi else # Set it up so the updates roll through the manager From c1ae7ff3b65376a27289134e1ba04e9b7d00f290 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 21 Apr 2021 16:18:20 -0400 Subject: [PATCH 21/56] Set proxy, replace when setting up yum for manager proxy --- setup/so-functions | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index f8c78238d..86ef60203 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2410,15 +2410,13 @@ set_proxy() { "}" > /root/.docker/config.json # Set proxy for package manager - if [[ $MANAGERUPDATES != 1 ]]; then - if [ "$OS" = 'centos' ]; then - echo "proxy=$so_proxy" >> /etc/yum.conf - else - # Set it up so the updates roll through the manager - printf '%s\n'\ - "Acquire::http::Proxy \"$so_proxy\";"\ - "Acquire::https::Proxy \"$so_proxy\";" > /etc/apt/apt.conf.d/00-proxy.conf - fi + if [ "$OS" = 'centos' ]; then + echo "proxy=$so_proxy" >> /etc/yum.conf + else + # Set it up so the updates roll through the manager + printf '%s\n'\ + "Acquire::http::Proxy \"$so_proxy\";"\ + "Acquire::https::Proxy \"$so_proxy\";" > /etc/apt/apt.conf.d/00-proxy.conf fi # Set global git proxy @@ -2687,7 +2685,11 @@ set_updates() { if [ "$MANAGERUPDATES" = '1' ]; then if [ "$OS" = 'centos' ]; then if [[ ! $is_airgap ]] && ! ( grep -q "$MSRV" /etc/yum.conf); then - echo "proxy=http://$MSRV:3142" >> /etc/yum.conf + if grep -q "proxy="; then + sed -i "s/proxy=.*/proxy=http:\/\/$MSRV:3142/" + else + echo "proxy=http://$MSRV:3142" >> /etc/yum.conf + fi fi else # Set it up so the updates roll through the manager From 261e7f7fd978a1243b051d419b877d61ec22dcec Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 21 Apr 2021 16:29:24 -0400 Subject: [PATCH 22/56] sed and grep need input files --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 86ef60203..e1467191e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2685,8 +2685,8 @@ set_updates() { if [ "$MANAGERUPDATES" = '1' ]; then if [ "$OS" = 'centos' ]; then if [[ ! $is_airgap ]] && ! ( grep -q "$MSRV" /etc/yum.conf); then - if grep -q "proxy="; then - sed -i "s/proxy=.*/proxy=http:\/\/$MSRV:3142/" + if grep -q "proxy=" /etc/yum.conf; then + sed -i "s/proxy=.*/proxy=http:\/\/$MSRV:3142/" /etc/yum.conf else echo "proxy=http://$MSRV:3142" >> /etc/yum.conf fi From 071e5166b40c894a78c5063ba2a335dbc22168f5 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 21 Apr 2021 17:57:02 -0400 Subject: [PATCH 23/56] Set package manager source in patch pillar for yum.conf --- salt/repo/client/files/centos/yum.conf.jinja | 2 +- setup/so-functions | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/salt/repo/client/files/centos/yum.conf.jinja b/salt/repo/client/files/centos/yum.conf.jinja index 506036421..d8cb32de1 100644 --- a/salt/repo/client/files/centos/yum.conf.jinja +++ b/salt/repo/client/files/centos/yum.conf.jinja @@ -12,7 +12,7 @@ installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }} bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum distroverpkg=centos-release clean_requirements_on_remove=1 -{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('global:managerupdate', '0') -%} +{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('global:managerupdate', 'direct') == 'manager' -%} proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142 {% elif proxy -%} proxy={{ proxy }} diff --git a/setup/so-functions b/setup/so-functions index e1467191e..217f9f360 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1669,7 +1669,6 @@ manager_global() { " fleet_ip: 'N/A'"\ " sensoronikey: '$SENSORONIKEY'"\ " wazuh: $WAZUH"\ - " managerupdate: $MANAGERUPDATES"\ " imagerepo: '$IMAGEREPO'"\ " pipeline: 'redis'"\ "sensoroni:"\ @@ -1865,9 +1864,16 @@ patch_pillar() { local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls + if [[ $MANAGERUPDATES == 1 ]]; then + local source="manager" + else + local source="direct" + fi + printf '%s\n'\ "patch:"\ " os:"\ + " source: $source"\ " schedule_name: '$PATCHSCHEDULENAME'"\ " enabled: True"\ " splay: 300"\ From c297031f6b2d438a9a035dbbf07a3086a92f27cc Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 21 Apr 2021 17:58:13 -0400 Subject: [PATCH 24/56] Surround scalar in single quotes --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 217f9f360..d9309f098 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1873,7 +1873,7 @@ patch_pillar() { printf '%s\n'\ "patch:"\ " os:"\ - " source: $source"\ + " source: '$source'"\ " schedule_name: '$PATCHSCHEDULENAME'"\ " enabled: True"\ " splay: 300"\ From fae72aa243689c9ce91c3b330e371a9ce690471f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 22 Apr 2021 08:25:01 -0400 Subject: [PATCH 25/56] Roll back cluster changes --- salt/telegraf/etc/telegraf.conf | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index a7be4d8a2..af3474913 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -615,29 +615,18 @@ # ## Use TLS but skip chain & host verification # # insecure_skip_verify = false -{% if TRUE_CLUSTER %} - {% if grains.role == 'so-manager' %} -[[inputs.elasticsearch]] - servers = ["https://{{ MANAGER }}:9200"] - insecure_skip_verify = true - local = false - cluster_health = true - cluster_stats = true - {% endif %} - -{% else %} # # Read stats from one or more Elasticsearch servers or clusters - {% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %} +{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %} [[inputs.elasticsearch]] servers = ["https://{{ MANAGER }}:9200"] insecure_skip_verify = true - {% elif grains['role'] in ['so-node', 'so-hotnode', 'so-warmnode', 'so-heavynode'] %} +{% elif grains['role'] in ['so-node', 'so-hotnode', 'so-warmnode', 'so-heavynode'] %} [[inputs.elasticsearch]] servers = ["https://{{ NODEIP }}:9200"] insecure_skip_verify = true - {% endif %} {% endif %} + # # ## Timeout for HTTP requests to the elastic search server(s) # http_timeout = "5s" From 1d8e06590225bfaceb097ecc96641e30f5aea2b4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Apr 2021 08:35:50 -0400 Subject: [PATCH 26/56] fix salt retries - https://github.com/Security-Onion-Solutions/securityonion/issues/3948 --- salt/ca/init.sls | 5 +- salt/ssl/init.sls | 120 +++++++++++++++++++++++++++------------------- 2 files changed, 75 insertions(+), 50 deletions(-) diff --git a/salt/ca/init.sls b/salt/ca/init.sls index 0d35c10c1..485b01d3e 100644 --- a/salt/ca/init.sls +++ b/salt/ca/init.sls @@ -43,8 +43,9 @@ pki_private_key: - require: - file: /etc/pki - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 x509_pem_entries: module.run: diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index 8d6c65bea..861d08fcd 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -68,8 +68,9 @@ removeesp12dir: - x509: /etc/pki/influxdb.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 # Create a cert for the talking to influxdb /etc/pki/influxdb.crt: @@ -86,8 +87,9 @@ removeesp12dir: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/influxdb.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 influxkeyperms: file.managed: @@ -111,8 +113,9 @@ influxkeyperms: - x509: /etc/pki/redis.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 /etc/pki/redis.crt: x509.certificate_managed: @@ -128,8 +131,9 @@ influxkeyperms: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/redis.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 rediskeyperms: file.managed: @@ -153,8 +157,9 @@ rediskeyperms: - x509: /etc/pki/filebeat.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 # Request a cert and drop it where it needs to go to be distributed /etc/pki/filebeat.crt: @@ -175,8 +180,9 @@ rediskeyperms: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 cmd.run: - name: "/usr/bin/openssl pkcs8 -in /etc/pki/filebeat.key -topk8 -out /etc/pki/filebeat.p8 -nocrypt" - onchanges: @@ -232,8 +238,9 @@ fbcrtlink: - x509: /etc/pki/registry.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 # Create a cert for the docker registry /etc/pki/registry.crt: @@ -250,8 +257,9 @@ fbcrtlink: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/registry.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 regkeyperms: file.managed: @@ -273,8 +281,9 @@ regkeyperms: - x509: /etc/pki/minio.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 # Create a cert for minio /etc/pki/minio.crt: @@ -291,8 +300,9 @@ regkeyperms: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/minio.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 miniokeyperms: file.managed: @@ -315,8 +325,9 @@ miniokeyperms: - x509: /etc/pki/elasticsearch.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 /etc/pki/elasticsearch.crt: x509.certificate_managed: @@ -332,8 +343,9 @@ miniokeyperms: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticsearch.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 cmd.run: - name: "/usr/bin/openssl pkcs12 -inkey /etc/pki/elasticsearch.key -in /etc/pki/elasticsearch.crt -export -out /etc/pki/elasticsearch.p12 -nodes -passout pass:" - onchanges: @@ -366,8 +378,9 @@ elasticp12perms: - x509: /etc/pki/managerssl.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 # Create a cert for the reverse proxy /etc/pki/managerssl.crt: @@ -385,8 +398,9 @@ elasticp12perms: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/managerssl.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 msslkeyperms: file.managed: @@ -409,8 +423,9 @@ msslkeyperms: - x509: /etc/pki/fleet.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 /etc/pki/fleet.crt: x509.certificate_managed: @@ -425,8 +440,9 @@ msslkeyperms: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/fleet.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 fleetkeyperms: file.managed: @@ -456,8 +472,9 @@ fbcertdir: - x509: /opt/so/conf/filebeat/etc/pki/filebeat.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 # Request a cert and drop it where it needs to go to be distributed /opt/so/conf/filebeat/etc/pki/filebeat.crt: @@ -478,8 +495,9 @@ fbcertdir: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /opt/so/conf/filebeat/etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 # Convert the key to pkcs#8 so logstash will work correctly. filebeatpkcs: @@ -520,8 +538,9 @@ chownfilebeatp8: - x509: /etc/pki/managerssl.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 # Create a cert for the reverse proxy /etc/pki/managerssl.crt: @@ -539,8 +558,9 @@ chownfilebeatp8: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/managerssl.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 msslkeyperms: file.managed: @@ -563,8 +583,9 @@ msslkeyperms: - x509: /etc/pki/fleet.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 /etc/pki/fleet.crt: x509.certificate_managed: @@ -579,8 +600,9 @@ msslkeyperms: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/fleet.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 fleetkeyperms: file.managed: @@ -606,8 +628,9 @@ fleetkeyperms: - x509: /etc/pki/elasticsearch.crt {%- endif %} - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 /etc/pki/elasticsearch.crt: x509.certificate_managed: @@ -623,8 +646,9 @@ fleetkeyperms: # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticsearch.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' - timeout: 30 - - retry: 5 - - interval: 30 + - retry: + attempts: 5 + interval: 30 cmd.run: - name: "/usr/bin/openssl pkcs12 -inkey /etc/pki/elasticsearch.key -in /etc/pki/elasticsearch.crt -export -out /etc/pki/elasticsearch.p12 -nodes -passout pass:" - onchanges: From 1519936e4427b5298e68dc9ed55fd2b8757056a5 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 22 Apr 2021 08:37:49 -0400 Subject: [PATCH 27/56] Use correct pillar value in yum.conf template --- salt/repo/client/files/centos/yum.conf.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/repo/client/files/centos/yum.conf.jinja b/salt/repo/client/files/centos/yum.conf.jinja index d8cb32de1..aed183ff0 100644 --- a/salt/repo/client/files/centos/yum.conf.jinja +++ b/salt/repo/client/files/centos/yum.conf.jinja @@ -12,7 +12,7 @@ installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }} bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum distroverpkg=centos-release clean_requirements_on_remove=1 -{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('global:managerupdate', 'direct') == 'manager' -%} +{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('patch:os:source', 'direct') == 'manager' -%} proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142 {% elif proxy -%} proxy={{ proxy }} From 8f37b6b73be81139766ce0e57844ed23990d193a Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 22 Apr 2021 09:35:42 -0400 Subject: [PATCH 28/56] Make sure VIM is installed with correct settings --- salt/common/files/vimrc | 6 ++++++ salt/common/init.sls | 10 ++++++++++ 2 files changed, 16 insertions(+) create mode 100644 salt/common/files/vimrc diff --git a/salt/common/files/vimrc b/salt/common/files/vimrc new file mode 100644 index 000000000..4234cf772 --- /dev/null +++ b/salt/common/files/vimrc @@ -0,0 +1,6 @@ +" Activates filetype detection +filetype plugin indent on + +" Sets .sls files to use YAML syntax highlighting +autocmd BufNewFile,BufRead *.sls set syntax=yaml +set number \ No newline at end of file diff --git a/salt/common/init.sls b/salt/common/init.sls index 6ef841ea4..012fcdc9b 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -69,6 +69,13 @@ salttmp: - group: 939 - makedirs: True +# VIM config +vimconfig: + file.managed: + - name: /root/.vimrc + - source: salt://common/files/vimrc + - replace: False + # Install common packages {% if grains['os'] != 'CentOS' %} commonpkgs: @@ -95,6 +102,8 @@ commonpkgs: - python3-mysqldb - python3-packaging - git + - vim + heldpackages: pkg.installed: - pkgs: @@ -133,6 +142,7 @@ commonpkgs: - lvm2 - openssl - git + - vim-enhanced heldpackages: pkg.installed: From 7176a4214bd1b4ee965393d3efecc14041a45111 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 22 Apr 2021 09:42:39 -0400 Subject: [PATCH 29/56] Add support for legacy grids --- salt/repo/client/files/centos/yum.conf.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/repo/client/files/centos/yum.conf.jinja b/salt/repo/client/files/centos/yum.conf.jinja index aed183ff0..e89e365ab 100644 --- a/salt/repo/client/files/centos/yum.conf.jinja +++ b/salt/repo/client/files/centos/yum.conf.jinja @@ -12,7 +12,7 @@ installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }} bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum distroverpkg=centos-release clean_requirements_on_remove=1 -{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('patch:os:source', 'direct') == 'manager' -%} +{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and ( salt['pillar.get']('global:managerupdate', '0') or salt['pillar.get']('patch:os:source', 'direct') == 'manager') ) -%} proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142 {% elif proxy -%} proxy={{ proxy }} From a41c40ccbbe7ae2ad1ebbf9d96485d3f6fafce85 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 22 Apr 2021 10:53:59 -0400 Subject: [PATCH 30/56] Fix Zeek Setting for close-delete --- salt/common/tools/sbin/soup | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 8c184e3d1..d6fb62822 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -475,6 +475,34 @@ up_2.3.3X_to_2.3.50_repo() { } up_2.3.3X_to_2.3.50() { + + cat < /tmp/supersed.txt +/so-zeek:/ { + p; + n; + /shards:/ { + p; + n; + /warm:/ { + p; + n; + /close:/ { + s/close: 365/close: 45/; + p; + n; + /delete:/ { + s/delete: 45/delete: 365/; + p; + d; + } + } + } + } +} +p; +EOF + sed -n -i -f /tmp/supersed.txt /opt/so/saltstack/local/global.sls + rm /tmp/supersed.txt INSTALLEDVERSION=2.3.50 } From 41a5818bb7ee5dbd58f0a672a5043fb5234dea1f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 22 Apr 2021 11:26:15 -0400 Subject: [PATCH 31/56] Remove extra paren --- salt/repo/client/files/centos/yum.conf.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/repo/client/files/centos/yum.conf.jinja b/salt/repo/client/files/centos/yum.conf.jinja index e89e365ab..b3731d7d7 100644 --- a/salt/repo/client/files/centos/yum.conf.jinja +++ b/salt/repo/client/files/centos/yum.conf.jinja @@ -12,7 +12,7 @@ installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }} bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum distroverpkg=centos-release clean_requirements_on_remove=1 -{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and ( salt['pillar.get']('global:managerupdate', '0') or salt['pillar.get']('patch:os:source', 'direct') == 'manager') ) -%} +{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and ( salt['pillar.get']('global:managerupdate', '0') or salt['pillar.get']('patch:os:source', 'direct') == 'manager' ) -%} proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142 {% elif proxy -%} proxy={{ proxy }} From 440c546bb4332a83c7a05dea39d4089df2c9ef80 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Apr 2021 11:41:14 -0400 Subject: [PATCH 32/56] remove docker-ce.repo --- salt/repo/client/map.jinja | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/repo/client/map.jinja b/salt/repo/client/map.jinja index ccfa1eae2..dedb96783 100644 --- a/salt/repo/client/map.jinja +++ b/salt/repo/client/map.jinja @@ -10,6 +10,7 @@ 'CentOS-Sources.repo', 'CentOS-Vault.repo', 'CentOS-x86_64-kernel.repo', + 'docker-ce.repo', 'epel.repo', 'epel-testing.repo', 'saltstack.repo', From a49d6a8d5c6624e4373a3b63985ed83b452c80cd Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Apr 2021 11:47:53 -0400 Subject: [PATCH 33/56] apply highstate to minions instead of just salt.minion for soup if salt needs upgraded --- salt/common/tools/sbin/soup | 2 +- salt/salt/map.jinja | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index d6fb62822..94621d6f3 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -823,7 +823,7 @@ if [ "$UPGRADESALT" == "1" ]; then if [ $is_airgap -eq 0 ]; then salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone' cmd.run "yum clean all" fi - salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone' -b $BATCHSIZE state.apply salt.minion queue=True + salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone' -b $BATCHSIZE state.highstate queue=True echo "" fi diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 5d6d980be..1ff13f040 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -13,9 +13,9 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} - {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*"' %} + {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion' %} + {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %} From 781ac0293c8af58f0b2d03f274c063b50c6a8b74 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Apr 2021 13:22:08 -0400 Subject: [PATCH 34/56] fix SALTNOTHELD for salt.minion --- salt/salt/map.jinja | 4 ++-- salt/salt/minion.sls | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 1ff13f040..cb24cc85e 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -3,10 +3,10 @@ {% if grains.os == 'Ubuntu' %} {% set SPLITCHAR = '+' %} - {% set SALTNOTHELD = salt['cmd.run']('apt-mark showhold | grep salt-* ; echo $?', python_shell=True) %} + {% set SALTNOTHELD = salt['cmd.run']('apt-mark showhold | grep -q salt ; echo $?', python_shell=True) %} {% else %} {% set SPLITCHAR = '-' %} - {% set SALTNOTHELD = salt['cmd.run']('yum versionlock list | grep salt-* ; echo $?', python_shell=True) %} + {% set SALTNOTHELD = salt['cmd.run']('yum versionlock list | grep -q salt ; echo $?', python_shell=True) %} {% endif %} {% set INSTALLEDSALTVERSION = salt['pkg.version']('salt-minion').split(SPLITCHAR)[0] %} diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 5145da34b..633e1496d 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -11,7 +11,7 @@ include: {% if INSTALLEDSALTVERSION|string != SALTVERSION|string %} -{% if SALTNOTHELD == 0 %} +{% if SALTNOTHELD | int == 0 %} unhold_salt_packages: module.run: - pkg.unhold: @@ -29,7 +29,7 @@ install_salt_minion: {% if INSTALLEDSALTVERSION|string == SALTVERSION|string %} -{% if SALTNOTHELD == 1 %} +{% if SALTNOTHELD | int == 1 %} hold_salt_packages: module.run: - pkg.hold: From 94352c212f0611a0e5b945a2f47289df0e6382e1 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 22 Apr 2021 13:26:41 -0400 Subject: [PATCH 35/56] Fix so-playbook-sync --- salt/common/tools/sbin/so-playbook-sync | 2 +- salt/common/tools/sbin/so-sensor-clean | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-playbook-sync b/salt/common/tools/sbin/so-playbook-sync index a76d398cb..333dff58c 100755 --- a/salt/common/tools/sbin/so-playbook-sync +++ b/salt/common/tools/sbin/so-playbook-sync @@ -19,6 +19,6 @@ # Check to see if we are already running IS_RUNNING=$(ps aux | pgrep -f "so-playbook-sync" | wc -l) -[ "$IS_RUNNING" -gt 2 ] && echo "$(date) - Multiple Playbook Sync processes already running...exiting." && exit 0 +[ "$IS_RUNNING" -gt 3 ] && echo "$(date) - Multiple Playbook Sync processes already running...exiting." && exit 0 docker exec so-soctopus python3 playbook_play-sync.py diff --git a/salt/common/tools/sbin/so-sensor-clean b/salt/common/tools/sbin/so-sensor-clean index e62c3c4da..c1dd7d37d 100755 --- a/salt/common/tools/sbin/so-sensor-clean +++ b/salt/common/tools/sbin/so-sensor-clean @@ -116,7 +116,7 @@ clean() { # Check to see if we are already running IS_RUNNING=$(ps aux | pgrep -f "so-sensor-clean" | wc -l) -[ "$IS_RUNNING" -gt 2 ] && echo "$(date) - $IS_RUNNING sensor clean script processes running...exiting." >>$LOG && exit 0 +[ "$IS_RUNNING" -gt 3 ] && echo "$(date) - $IS_RUNNING sensor clean script processes running...exiting." >>$LOG && exit 0 if [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ]; then while [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ]; do From 016837df289ada9dcf69e4f1d1abe4c99899962d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 22 Apr 2021 13:36:52 -0400 Subject: [PATCH 36/56] sync soversion --- salt/common/files/soversion | 2 ++ salt/common/init.sls | 8 ++++++++ 2 files changed, 10 insertions(+) create mode 100644 salt/common/files/soversion diff --git a/salt/common/files/soversion b/salt/common/files/soversion new file mode 100644 index 000000000..15cd06b7a --- /dev/null +++ b/salt/common/files/soversion @@ -0,0 +1,2 @@ +{%- set VERSION = salt['pillar.get']('global:soversion') -%} +{{ VERSION }} \ No newline at end of file diff --git a/salt/common/init.sls b/salt/common/init.sls index 012fcdc9b..d8d5f5a77 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -278,6 +278,14 @@ backupdir: - daymonth: '*' - month: '*' - dayweek: '*' +{% else %} +sostatus_log: + file.managed: + - name: /etc/soversion + - source: salt://common/files/soversion + - mode: 644 + - template: jinja + {% endif %} # Manager daemon.json From 93148e4adcb74124819a413595bdbf6c5e8d6943 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 22 Apr 2021 13:39:33 -0400 Subject: [PATCH 37/56] sync soversion --- salt/common/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index d8d5f5a77..33a8b9984 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -279,7 +279,7 @@ backupdir: - month: '*' - dayweek: '*' {% else %} -sostatus_log: +soversionfile: file.managed: - name: /etc/soversion - source: salt://common/files/soversion From b7c6110e574c8d416be8ee335b8951ef5e36d94c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 22 Apr 2021 13:41:58 -0400 Subject: [PATCH 38/56] sync soversion --- salt/common/files/soversion | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/files/soversion b/salt/common/files/soversion index 15cd06b7a..194749710 100644 --- a/salt/common/files/soversion +++ b/salt/common/files/soversion @@ -1,2 +1,2 @@ {%- set VERSION = salt['pillar.get']('global:soversion') -%} -{{ VERSION }} \ No newline at end of file +{{ VERSION }} From e7d3369cef009192876bea061b340ed3fff29a82 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 22 Apr 2021 14:17:38 -0400 Subject: [PATCH 39/56] Update soup --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 94621d6f3..81bf0c8ff 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -501,7 +501,7 @@ up_2.3.3X_to_2.3.50() { } p; EOF - sed -n -i -f /tmp/supersed.txt /opt/so/saltstack/local/global.sls + sed -n -i -f /tmp/supersed.txt /opt/so/saltstack/local/pillar/global.sls rm /tmp/supersed.txt INSTALLEDVERSION=2.3.50 } From 36bc4f4aa8f543537b13b4553737052d3ba2ae39 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Apr 2021 15:21:36 -0400 Subject: [PATCH 40/56] remove by package name not wildcard --- salt/salt/map.jinja | 2 ++ salt/salt/minion.sls | 11 +++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index cb24cc85e..7b32b9841 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -4,9 +4,11 @@ {% if grains.os == 'Ubuntu' %} {% set SPLITCHAR = '+' %} {% set SALTNOTHELD = salt['cmd.run']('apt-mark showhold | grep -q salt ; echo $?', python_shell=True) %} + {% set SALTPACKAGES = ['salt-common', 'salt-master', 'salt-minion'] %} {% else %} {% set SPLITCHAR = '-' %} {% set SALTNOTHELD = salt['cmd.run']('yum versionlock list | grep -q salt ; echo $?', python_shell=True) %} + {% set SALTPACKAGES = ['salt', 'salt-master', 'salt-minion'] %} {% endif %} {% set INSTALLEDSALTVERSION = salt['pkg.version']('salt-minion').split(SPLITCHAR)[0] %} diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 633e1496d..1a172d851 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -2,6 +2,7 @@ {% from 'salt/map.jinja' import SALTVERSION %} {% from 'salt/map.jinja' import INSTALLEDSALTVERSION %} {% from 'salt/map.jinja' import SALTNOTHELD %} +{% from 'salt/map.jinja' import SALTPACKAGES %} {% import_yaml 'salt/minion.defaults.yaml' as SALTMINION %} {% set service_start_delay = SALTMINION.salt.minion.service_start_delay %} @@ -15,7 +16,10 @@ include: unhold_salt_packages: module.run: - pkg.unhold: - - name: 'salt-*' + - pkgs: +{% for package in SALTPACKAGES %} + - {{ package }} +{% endfor %} {% endif %} install_salt_minion: @@ -33,7 +37,10 @@ install_salt_minion: hold_salt_packages: module.run: - pkg.hold: - - name: 'salt-*' + - pkgs: +{% for package in SALTPACKAGES %} + - {{ package }} +{% endfor %} {% endif %} set_log_levels: From 90683a7e04ae7b32bb598d483ae28410f92ea4cf Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Apr 2021 15:22:55 -0400 Subject: [PATCH 41/56] fix UPDATE_DIR var --- salt/common/tools/sbin/so-common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index a425bf7bd..c099f33af 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -171,7 +171,7 @@ gpg_rpm_import() { if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then local RPMKEYSLOC="../salt/repo/client/files/centos/keys" else - local RPMKEYSLOC="$UPDATEDIR/salt/repo/client/files/centos/keys" + local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/centos/keys" fi RPMKEYS=('RPM-GPG-KEY-EPEL-7' 'GPG-KEY-WAZUH' 'docker.pub' 'SALTSTACK-GPG-KEY.pub' 'securityonion.pub') From 4f545eefc2813e565bd8004c4350ebb189b4666b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Apr 2021 15:27:57 -0400 Subject: [PATCH 42/56] update preflight --- setup/so-preflight | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup/so-preflight b/setup/so-preflight index 1ef840284..e58feebd2 100644 --- a/setup/so-preflight +++ b/setup/so-preflight @@ -46,8 +46,7 @@ check_new_repos() { if [[ $OS == 'centos' ]]; then local repo_arr=( "https://download.docker.com/linux/centos/docker-ce.repo" - "https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3003/SALTSTACK-GPG-KEY.pub" - "https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3003/SALTSTACK-GPG-KEY.pub" + "https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub" "https://download.docker.com/linux/ubuntu/gpg" "https://packages.wazuh.com/key/GPG-KEY-WAZUH" "https://packages.wazuh.com/3.x/yum/" From 7c7624c87eca4fec205525bdab38f40c5a33244a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 22 Apr 2021 16:32:58 -0400 Subject: [PATCH 43/56] let remote nodes upgrade on their own time --- salt/common/tools/sbin/soup | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 81bf0c8ff..34e970bea 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -818,13 +818,12 @@ unmount_update thehive_maint if [ "$UPGRADESALT" == "1" ]; then - echo "" - echo "Upgrading Salt on the remaining Security Onion nodes from $INSTALLEDSALTVERSION to $NEWSALTVERSION." if [ $is_airgap -eq 0 ]; then - salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone' cmd.run "yum clean all" + echo "" + echo "Cleaning repos on remote Security Onion nodes." + salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone and G@os:CentOS' cmd.run "yum clean all" + echo "" fi - salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone' -b $BATCHSIZE state.highstate queue=True - echo "" fi check_sudoers From f4606828c7aec1f0fdfa9c94e50f7d3424c46da6 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 23 Apr 2021 10:42:14 -0400 Subject: [PATCH 44/56] Update MOTD with training link and simply customization commands --- salt/soc/files/soc/motd.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/salt/soc/files/soc/motd.md b/salt/soc/files/soc/motd.md index 295329f39..ab9d6b843 100644 --- a/salt/soc/files/soc/motd.md +++ b/salt/soc/files/soc/motd.md @@ -1,6 +1,6 @@ ## Getting Started -New to Security Onion 2? Check out the [Online Help](/docs/) and [Cheatsheet](/docs/cheatsheet.pdf) to learn how to best utilize Security Onion to hunt for evil! Find them in the upper-right menu. +New to Security Onion 2? Check out the [Online Help](/docs/) and [Cheatsheet](/docs/cheatsheet.pdf) to learn how to best utilize Security Onion to hunt for evil! Find them in the upper-right menu. Also, watch our free Security Onion 2 Essentials online course, available on our [Training](https://securityonionsolutions.com/training) website. If you're ready to dive-in, take a look at the [Alerts](/#/alerts) interface to see what Security Onion has detected so far. Or navigate to the [Hunt](/#/hunt) interface to hunt for evil that the alerts might have missed! @@ -10,16 +10,18 @@ The release notes have moved to the upper-right menu. Click on the [What's New]( ## Customize This Space -Make this area your own by customizing the content. The content is stored in the `motd.md` file, which uses the common Markdown (.md) format. Visit [mardownguide.org](https://www.markdownguide.org/) to learn more about the simple Markdown format. +Make this area your own by customizing the content. The content is stored in the `motd.md` file, which uses the common Markdown (.md) format. Visit [markdownguide.org](https://www.markdownguide.org/) to learn more about the simple Markdown format. To customize this content, login to the manager via SSH and execute the following command: ```bash -cp -f /opt/so/saltstack/default/salt/soc/files/soc/motd.md /opt/so/saltstack/local/salt/soc/files/soc/motd.md +sudo cp /opt/so/saltstack/default/salt/soc/files/soc/motd.md /opt/so/saltstack/local/salt/soc/files/soc/ ``` -Now, edit the new file as desired. Finally, run this command: +and edit the new file as desired. + +Finally, run this command: ```bash -salt-call state.apply soc queue=True +sudo so-soc-restart ``` From fff12b423a8ca97b24f888af3fe031ffe688f918 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 23 Apr 2021 11:56:27 -0400 Subject: [PATCH 45/56] remove eps graph from manager and update to consumptioneps for standalone and managersearch --- salt/grafana/dashboards/manager/manager.json | 133 ------------------ .../managersearch/managersearch.json | 2 +- .../dashboards/standalone/standalone.json | 2 +- 3 files changed, 2 insertions(+), 135 deletions(-) diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json index 2ce913155..2af54c136 100644 --- a/salt/grafana/dashboards/manager/manager.json +++ b/salt/grafana/dashboards/manager/manager.json @@ -4322,139 +4322,6 @@ "align": false, "alignLevel": null } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 31 - }, - "hiddenSeries": false, - "id": 76, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.3.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "EPS", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "esteps", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "eps" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "{{ SERVERNAME }}" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "{{ SERVERNAME }} - Estimated EPS", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "EPS", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } } ], "refresh": false, diff --git a/salt/grafana/dashboards/managersearch/managersearch.json b/salt/grafana/dashboards/managersearch/managersearch.json index 15bf3cc73..b46cdcc76 100644 --- a/salt/grafana/dashboards/managersearch/managersearch.json +++ b/salt/grafana/dashboards/managersearch/managersearch.json @@ -5157,7 +5157,7 @@ "type": "fill" } ], - "measurement": "esteps", + "measurement": "consumptioneps", "orderByTime": "ASC", "policy": "default", "queryType": "randomWalk", diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json index 60a5c6c6c..701e6c9f2 100644 --- a/salt/grafana/dashboards/standalone/standalone.json +++ b/salt/grafana/dashboards/standalone/standalone.json @@ -5562,7 +5562,7 @@ "type": "fill" } ], - "measurement": "esteps", + "measurement": "consumptioneps", "orderByTime": "ASC", "policy": "default", "queryType": "randomWalk", From f2628f2e5b7ed1aa800526ac88c0ad24a26dbc2d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Apr 2021 12:09:41 -0400 Subject: [PATCH 46/56] Prime the CentOS Repos --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index d9309f098..ecf7a153d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2342,6 +2342,7 @@ securityonion_repo() { else cp -f ../salt/repo/client/files/centos/securityonion.repo /etc/yum.repos.d/ fi + yum repolist all fi else echo "This is Ubuntu" From 4d0b06dfc777f972b1a933bbdac5729dd072b340 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sun, 25 Apr 2021 11:01:21 -0400 Subject: [PATCH 47/56] Fix updates for airgap --- salt/common/tools/sbin/soup | 6 ++---- salt/repo/client/init.sls | 3 ++- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 34e970bea..89cc38c83 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -716,6 +716,8 @@ echo "" echo "Updating dockers to $NEWVERSION." if [ $is_airgap -eq 0 ]; then airgap_update_dockers + update_centos_repo + yum clean all else update_registry update_docker_containers "soup" @@ -737,10 +739,6 @@ preupgrade_changes_2.3.50_repo if [ "$UPGRADESALT" == "1" ]; then echo "Upgrading Salt" # Update the repo files so it can actually upgrade - if [ $is_airgap -eq 0 ]; then - update_centos_repo - yum clean all - fi upgrade_salt fi diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index cff28fb4a..f5d94e241 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -16,8 +16,9 @@ airgap_repo: pkgrepo.managed: - humanname: Airgap Repo - baseurl: https://{{ MANAGER }}/repo - - gpgcheck: 1 + - gpgcheck: 0 - sslverify: 0 + {% endif %} # from airgap and common From 6135d89721947278d188368008482b931c644f8a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sun, 25 Apr 2021 12:19:34 -0400 Subject: [PATCH 48/56] Prompt airgap to update --- salt/common/tools/sbin/soup | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 89cc38c83..a5a0501bc 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -718,6 +718,7 @@ if [ $is_airgap -eq 0 ]; then airgap_update_dockers update_centos_repo yum clean all + check_os_updates else update_registry update_docker_containers "soup" From bbe2f81cb622b48ba3412b34a74936c8199a09a3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Apr 2021 08:53:58 -0400 Subject: [PATCH 49/56] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index caae65cfd..353e51866 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.40 +## Security Onion 2.3.50 -Security Onion 2.3.40 is here! +Security Onion 2.3.50 is here! ## Screenshots From 0499b141ede284858b1266aaee156f3d7de56735 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Apr 2021 09:20:03 -0400 Subject: [PATCH 50/56] 2.3.50 sig files --- VERIFY_ISO.md | 22 +++++++++++----------- sigs/securityonion-2.3.50.iso.sig | Bin 0 -> 543 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.3.50.iso.sig diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 774116411..bd29a864e 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,16 +1,16 @@ -### 2.3.40 ISO image built on 2021/03/22 +### 2.3.50 ISO image built on 2021/04/25 ### Download and Verify -2.3.40 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.40.iso +2.3.50 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.50.iso -MD5: FB72C0675F262A714B287BB33CE82504 -SHA1: E8F5A9AA23990DF794611F9A178D88414F5DA81C -SHA256: DB125D6E770F75C3FD35ABE3F8A8B21454B7A7618C2B446D11B6AC8574601070 +MD5: 8B74AF6F29DB156E3D467B25E1D46449 +SHA1: 99A0A96C5F206471E4F1D26A8A2D577A8ECDAED5 +SHA256: CA0EE3793FC1356FB5C50D36107FA3BB39DE6C40EBE6C7C90075D5C189BB3083 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.40.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.50.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -24,22 +24,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.40.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.50.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.40.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.50.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.40.iso.sig securityonion-2.3.40.iso +gpg --verify securityonion-2.3.50.iso.sig securityonion-2.3.50.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Mon 22 Mar 2021 09:35:50 AM EDT using RSA key ID FE507013 +gpg: Signature made Sun 25 Apr 2021 01:01:35 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.50.iso.sig b/sigs/securityonion-2.3.50.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..05d0d01628f4cc4ce32b0d49cb57937d6a64747f GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;7&pl<*Q2@re`V7LBIa1(075B(nuX|)-z2+BYNjp#JV zwG*X@!I*qu0;DHkt_(+G{1bx~=74ROQ|+^>iQ=eq30|oU$B|6zn7a;l6~_#8TWrFJ z#pv%-j>;urN7F1K>I?1*A3h$x+uX&u~; zR;Iz2peomHkFY@}XLP`^$fPQi7yfGmF#8Ut$kQ?DI!8UCUJSCv5%OeWD~!UF=RMOU zCyBZDsV1-9LZWO5u!M|T7|rLeiUNMIp?-aKzdvLfh5I_$j6nBM_jzszPS0A@mbQ-! z0&AK6zt_clEB5r5%p?#=7<^TH!vbk%Rmxak4^j?UR#<+G6rLq|_bMP$uupz){3HLK z1ziwXGXcyc$d*M;BgRN*+64@Kz6x;NpvxH^AeUiRFC2!>CjzZ363vg*q5pHIVn^h9 zq}nOvd;OV?mVma6M{!Eh{FV_g8jI}(?;WTg*3KlPQGS+4-IO#W;jD!mE2okD=jS|# zd@eLnP!+GyJteB893Q(0)}X}u;!nRY81Wpc!2CP2_ZD+%*zl-Ctm;*PE(C-QThdOj hcQvOU(|8|fj`^ZuqH_3q3de7e;9z+|B+g|eSJ)6+1Kj`s literal 0 HcmV?d00001 From df22269fc979ccdae7b484913ec36036463cf8c0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Apr 2021 14:49:44 -0400 Subject: [PATCH 51/56] Repo Fix --- salt/common/tools/sbin/soup | 23 +++++++++++------------ salt/repo/client/init.sls | 2 +- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index a5a0501bc..d6f0c4fa7 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -453,19 +453,18 @@ up_2.3.3X_to_2.3.50_repo() { if [[ "$OS" == "centos" ]]; then # Import GPG Keys gpg_rpm_import + echo "Disabling fastestmirror." + disable_fastestmirror + echo "Deleting unneeded repo files." + DELREPOS=('CentOS-Base' 'CentOS-CR' 'CentOS-Debuginfo' 'docker-ce' 'CentOS-fasttrack' 'CentOS-Media' 'CentOS-Sources' 'CentOS-Vault' 'CentOS-x86_64-kernel' 'epel' 'epel-testing' 'saltstack' 'wazuh') + + for DELREPO in "${DELREPOS[@]}"; do + if [[ -f "/etc/yum.repos.d/$DELREPO.repo" ]]; then + echo "Deleting $DELREPO.repo" + rm -f "/etc/yum.repos.d/$DELREPO.repo" + fi + done if [ $is_airgap -eq 1 ]; then - echo "Disabling fastestmirror." - disable_fastestmirror - echo "Deleting unneeded repo files." - DELREPOS=('CentOS-Base' 'CentOS-CR' 'CentOS-Debuginfo' 'docker-ce' 'CentOS-fasttrack' 'CentOS-Media' 'CentOS-Sources' 'CentOS-Vault' 'CentOS-x86_64-kernel' 'epel' 'epel-testing' 'saltstack' 'wazuh') - - for DELREPO in "${DELREPOS[@]}"; do - if [[ -f "/etc/yum.repos.d/$DELREPO.repo" ]]; then - echo "Deleting $DELREPO.repo" - rm -f "/etc/yum.repos.d/$DELREPO.repo" - fi - done - # Copy the new repo file if not airgap cp $UPDATE_DIR/salt/repo/client/files/centos/securityonion.repo /etc/yum.repos.d/ yum clean all diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index f5d94e241..105789eb9 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -16,7 +16,7 @@ airgap_repo: pkgrepo.managed: - humanname: Airgap Repo - baseurl: https://{{ MANAGER }}/repo - - gpgcheck: 0 + - gpgcheck: 1 - sslverify: 0 {% endif %} From 939414aef6e78af230de94346a2f8fa3bc6975cf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Apr 2021 15:36:56 -0400 Subject: [PATCH 52/56] Prompt airgap to update --- salt/repo/client/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index 105789eb9..f5d94e241 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -16,7 +16,7 @@ airgap_repo: pkgrepo.managed: - humanname: Airgap Repo - baseurl: https://{{ MANAGER }}/repo - - gpgcheck: 1 + - gpgcheck: 0 - sslverify: 0 {% endif %} From 167e656abb227a2bd1709ff9a5b519470b2a26c1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Apr 2021 16:38:12 -0400 Subject: [PATCH 53/56] Repo Fix --- VERIFY_ISO.md | 10 +++++----- sigs/securityonion-2.3.50.iso.sig | Bin 543 -> 543 bytes 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index bd29a864e..faeb908a2 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,13 +1,13 @@ -### 2.3.50 ISO image built on 2021/04/25 +### 2.3.50 ISO image built on 2021/04/26 ### Download and Verify 2.3.50 ISO image: https://download.securityonion.net/file/securityonion/securityonion-2.3.50.iso -MD5: 8B74AF6F29DB156E3D467B25E1D46449 -SHA1: 99A0A96C5F206471E4F1D26A8A2D577A8ECDAED5 -SHA256: CA0EE3793FC1356FB5C50D36107FA3BB39DE6C40EBE6C7C90075D5C189BB3083 +MD5: 1FF774520D3B1323D83BBF90BD9EFACE +SHA1: 0F323335459A11850B68BB82E062F581225303EE +SHA256: 2AACD535E0EACE17E8DC7B560353D43111A287C59C23827612B720D742DFD994 Signature for ISO image: https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.50.iso.sig @@ -39,7 +39,7 @@ gpg --verify securityonion-2.3.50.iso.sig securityonion-2.3.50.iso The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Sun 25 Apr 2021 01:01:35 PM EDT using RSA key ID FE507013 +gpg: Signature made Mon 26 Apr 2021 03:54:51 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.50.iso.sig b/sigs/securityonion-2.3.50.iso.sig index 05d0d01628f4cc4ce32b0d49cb57937d6a64747f..892dae61b593fea495d38eac1fec974f9c513e6c 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;7)8jAo52@re`V7LBIa1&pv5C2S`i3JZF9-dZ`PcwCD z#HNUa|IL^Ly9ExkARnVhampob>u`G#z|ZsSEsm)Lb15v{6Ngzj@=KfzIf4{`LhmtU zBv_ZqjJN=1JiN7ZTlI&u-sxx4nwg?LsM@%0Ll|7HaAJ^443&ppy8Oh9K$J<$9INunYW0kos0a%}`>BJKAiBSU%N}_@3>l zx2xRsAs8HI8lZrXoP7~XSEUI#gHa7_cK;saqZ986KTjE}JQZ##^B%u4cPEjj6zJT| z_{YF^89(mgJ{ZG#|aY-jHNj&9cQTJbv7t*rIvP*DLRfTOM%{F8iw=Ngqi(wxh<_jvR9T1E~V z7|AjNJjz}(qD3%8qavZMC9yEH!!gZh;&Jt(t;n3LRUvxiU*n0%iaJ literal 543 zcmV+)0^t3L0vrSY0RjL91p;7&pl<*Q2@re`V7LBIa1(075B(nuX|)-z2+BYNjp#JV zwG*X@!I*qu0;DHkt_(+G{1bx~=74ROQ|+^>iQ=eq30|oU$B|6zn7a;l6~_#8TWrFJ z#pv%-j>;urN7F1K>I?1*A3h$x+uX&u~; zR;Iz2peomHkFY@}XLP`^$fPQi7yfGmF#8Ut$kQ?DI!8UCUJSCv5%OeWD~!UF=RMOU zCyBZDsV1-9LZWO5u!M|T7|rLeiUNMIp?-aKzdvLfh5I_$j6nBM_jzszPS0A@mbQ-! z0&AK6zt_clEB5r5%p?#=7<^TH!vbk%Rmxak4^j?UR#<+G6rLq|_bMP$uupz){3HLK z1ziwXGXcyc$d*M;BgRN*+64@Kz6x;NpvxH^AeUiRFC2!>CjzZ363vg*q5pHIVn^h9 zq}nOvd;OV?mVma6M{!Eh{FV_g8jI}(?;WTg*3KlPQGS+4-IO#W;jD!mE2okD=jS|# zd@eLnP!+GyJteB893Q(0)}X}u;!nRY81Wpc!2CP2_ZD+%*zl-Ctm;*PE(C-QThdOj hcQvOU(|8|fj`^ZuqH_3q3de7e;9z+|B+g|eSJ)6+1Kj`s From 458c3863777d9b33f17de454f5a71d4c61e6837e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Apr 2021 13:37:37 -0400 Subject: [PATCH 54/56] Update import install --- salt/repo/client/files/centos/yum.conf.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/repo/client/files/centos/yum.conf.jinja b/salt/repo/client/files/centos/yum.conf.jinja index b3731d7d7..8af48e99d 100644 --- a/salt/repo/client/files/centos/yum.conf.jinja +++ b/salt/repo/client/files/centos/yum.conf.jinja @@ -12,7 +12,7 @@ installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }} bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum distroverpkg=centos-release clean_requirements_on_remove=1 -{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and ( salt['pillar.get']('global:managerupdate', '0') or salt['pillar.get']('patch:os:source', 'direct') == 'manager' ) -%} +{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import']) and ( salt['pillar.get']('global:managerupdate', '0') or salt['pillar.get']('patch:os:source', 'direct') == 'manager' ) -%} proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142 {% elif proxy -%} proxy={{ proxy }} From 03774e627046d0be031a3dafbab68862bee5448b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Apr 2021 15:46:45 -0400 Subject: [PATCH 55/56] Repo Fix --- sigs/securityonion-2.3.50.iso.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/securityonion-2.3.50.iso.sig b/sigs/securityonion-2.3.50.iso.sig index 892dae61b593fea495d38eac1fec974f9c513e6c..d8405a0421e494f77a03bee88e5207e9f73c1e29 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;7*RW$$#2@re`V7LBIa1$Um5CESxa#R+gq=PYL1RQjp zIUjoz5JIvAI&fTWU%o>h~+eB02ca8Fb5cDUR*+^E@ z`nMVQYSe6b-cVv-tuz_HMkKDGT76lmx(uDa5)|)sD?MLv{R* z1E#5Ie<@~K-Zay`EJ1)0fqS55MnW%AwIRWoN&_XyX$rPwU}^qQ1m*+fU}lY}1jLZC h24TfxOI&zaA^x(3X|swT8BU^s0u`G#z|ZsSEsm)Lb15v{6Ngzj@=KfzIf4{`LhmtU zBv_ZqjJN=1JiN7ZTlI&u-sxx4nwg?LsM@%0Ll|7HaAJ^443&ppy8Oh9K$J<$9INunYW0kos0a%}`>BJKAiBSU%N}_@3>l zx2xRsAs8HI8lZrXoP7~XSEUI#gHa7_cK;saqZ986KTjE}JQZ##^B%u4cPEjj6zJT| z_{YF^89(mgJ{ZG#|aY-jHNj&9cQTJbv7t*rIvP*DLRfTOM%{F8iw=Ngqi(wxh<_jvR9T1E~V z7|AjNJjz}(qD3%8qavZMC9yEH!!gZh;&Jt(t;n3LRUvxiU*n0%iaJ From b6792f73e0d645fd67fde0a105b194ab301a9c00 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Apr 2021 15:51:30 -0400 Subject: [PATCH 56/56] Repo Fix --- VERIFY_ISO.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index faeb908a2..2b97521dd 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,13 +1,14 @@ -### 2.3.50 ISO image built on 2021/04/26 +### 2.3.50 ISO image built on 2021/04/27 + ### Download and Verify 2.3.50 ISO image: https://download.securityonion.net/file/securityonion/securityonion-2.3.50.iso -MD5: 1FF774520D3B1323D83BBF90BD9EFACE -SHA1: 0F323335459A11850B68BB82E062F581225303EE -SHA256: 2AACD535E0EACE17E8DC7B560353D43111A287C59C23827612B720D742DFD994 +MD5: C39CEA68B5A8AFC5CFFB2481797C0374 +SHA1: 00AD9F29ABE3AB495136989E62EBB8FA00DA82C6 +SHA256: D77AE370D7863837A989F6735413D1DD46B866D8D135A4C363B0633E3990387E Signature for ISO image: https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.50.iso.sig @@ -39,7 +40,7 @@ gpg --verify securityonion-2.3.50.iso.sig securityonion-2.3.50.iso The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Mon 26 Apr 2021 03:54:51 PM EDT using RSA key ID FE507013 +gpg: Signature made Tue 27 Apr 2021 02:17:25 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.