Merge remote-tracking branch 'origin/2.4/dev' into fix/tgrafzeekcloss

2025-12-06 17:22:49 +01:00 · 2023-08-08 09:36:12 -04:00
parent 69553f9017 dad541423d
commit e286b8f2ba
8 changed files with 28 additions and 37 deletions
--- a/DOWNLOAD_AND_VERIFY_ISO.md
+++ b/DOWNLOAD_AND_VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.4.4-20230728 ISO image built on 2023/07/28
+### 2.4.5-20230807 ISO image released on 2023/08/07
 ### Download and Verify
-2.4.4-20230728 ISO image:  
+2.4.5-20230807 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso
+https://download.securityonion.net/file/securityonion/securityonion-2.4.5-20230807.iso
-
+ 
-MD5: F63E76245F3E745B5BDE9E6E647A7CB6  
+MD5: F83FD635025A3A65B380EAFCEB61A92E  
-SHA1: 6CE4E4A3399CD282D4F8592FB19D510388AB3EEA  
+SHA1: 5864D4CD520617E3328A3D956CAFCC378A8D2D08  
-SHA256: BF8FEB91B1D94B67C3D4A79D209B068F4A46FEC7C15EEF65B0FCE9851D7E6C9F 
+SHA256: D333BAE0DD198DFD80DF59375456D228A4E18A24EDCDB15852CD4CA3F92B69A7  
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.5-20230807.iso.sig
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.5-20230807.iso.sig
 ```
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.5-20230807.iso
 ```
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.4-20230728.iso.sig securityonion-2.4.4-20230728.iso
+gpg --verify securityonion-2.4.5-20230807.iso.sig securityonion-2.4.5-20230807.iso
 ```
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Tue 11 Jul 2023 06:23:37 PM EDT using RSA key ID FE507013
+gpg: Signature made Sat 05 Aug 2023 10:12:46 AM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-## Security Onion 2.4 Release Candidate 2 (RC2)
+## Security Onion 2.4
-Security Onion 2.4 Release Candidate 2 (RC2) is here!
+Security Onion 2.4 is here!
 ## Screenshots
--- a/2
+++ b/2
@@ -1 +1 @@
-2.4.5
+2.4.10
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update
@@ -43,14 +43,12 @@ fi
 # Query for FQDN entries & add them to the list
 {% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %}
-CUSTOMFQDNLIST=({{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }})
+CUSTOMFQDNLIST=('{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }}')
-if [ -n "$CUSTOMFQDNLIST" ]; then
+readarray -t -d ' ' CUSTOMFQDN < <(printf '%s' "$CUSTOMFQDNLIST")
-    readarray -t CUSTOMFQDN <<< $CUSTOMFQDNLIST
+for CUSTOMNAME in "${CUSTOMFQDN[@]}"
-    for CUSTOMNAME in "${CUSTOMFQDN[@]}"
+do
-    do
+ NEW_LIST+=("$CUSTOMNAME:5055")
-    NEW_LIST+=("https://$CUSTOMNAME:8220")
+done
    done
 fi
 {% endif %}
 # Query for the current Grid Nodes that are running Logstash
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-urls-update
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-urls-update
@@ -43,14 +43,12 @@ fi
 # Query for FQDN entries & add them to the list
 {% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %}
-CUSTOMFQDNLIST=({{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }})
+CUSTOMFQDNLIST=('{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }}')
-if [ -n "$CUSTOMFQDNLIST" ]; then
+readarray -t -d ' ' CUSTOMFQDN < <(printf '%s' "$CUSTOMFQDNLIST")
-    readarray -t CUSTOMFQDN <<< $CUSTOMFQDNLIST
+for CUSTOMNAME in "${CUSTOMFQDN[@]}"
-    for CUSTOMNAME in "${CUSTOMFQDN[@]}"
+do
-    do
+ NEW_LIST+=("https://$CUSTOMNAME:8220")
-    NEW_LIST+=("https://$CUSTOMNAME:8220")
+done
    done
 fi
 {% endif %}
 # Query for the current Grid Nodes that are running Logstash (which includes Fleet Nodes)
--- a/salt/telegraf/scripts/zeekcaptureloss.sh
+++ b/salt/telegraf/scripts/zeekcaptureloss.sh
@@ -8,15 +8,10 @@
 # This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp
 # if this script isn't already running
 {%- from 'zeek/config.map.jinja' import ZEEKMERGED %}
 if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
    if [ -d "/host/nsm/zeek/spool/logger" ]; then
-{%- if ZEEKMERGED.config.node.pins %}
+      WORKERS={{ salt['pillar.get']('sensor:zeek_lbprocs', salt['pillar.get']('sensor:zeek_pins') | length) }}
      WORKERS={{ ZEEKMERGED.config.node.pins | length }}
 {%- else %}
      WORKERS={{ ZEEKMERGED.config.node.lb_procs }}
 {%- endif %}
      ZEEKLOG=/host/nsm/zeek/spool/logger/capture_loss.log
    elif [ -d "/host/nsm/zeek/spool/zeeksa" ]; then
      WORKERS=1
--- a/BIN
+++ b/BIN
--- a/sigs/securityonion-2.4.5-20230807.iso.sig
+++ b/sigs/securityonion-2.4.5-20230807.iso.sig