Merge remote-tracking branch 'origin/2.4/dev' into fix/tgrafzeekcloss

2025-12-06 09:12:45 +01:00 · 2023-08-08 09:36:12 -04:00
parent 69553f9017 dad541423d
commit e286b8f2ba
8 changed files with 28 additions and 37 deletions
--- a/DOWNLOAD_AND_VERIFY_ISO.md
+++ b/DOWNLOAD_AND_VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.4.4-20230728 ISO image built on 2023/07/28
+### 2.4.5-20230807 ISO image released on 2023/08/07



 ### Download and Verify

-2.4.4-20230728 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso
+2.4.5-20230807 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.5-20230807.iso
 
-MD5: F63E76245F3E745B5BDE9E6E647A7CB6  
-SHA1: 6CE4E4A3399CD282D4F8592FB19D510388AB3EEA  
-SHA256: BF8FEB91B1D94B67C3D4A79D209B068F4A46FEC7C15EEF65B0FCE9851D7E6C9F 
+MD5: F83FD635025A3A65B380EAFCEB61A92E  
+SHA1: 5864D4CD520617E3328A3D956CAFCC378A8D2D08  
+SHA256: D333BAE0DD198DFD80DF59375456D228A4E18A24EDCDB15852CD4CA3F92B69A7  

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.5-20230807.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.5-20230807.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.5-20230807.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.4-20230728.iso.sig securityonion-2.4.4-20230728.iso
+gpg --verify securityonion-2.4.5-20230807.iso.sig securityonion-2.4.5-20230807.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Tue 11 Jul 2023 06:23:37 PM EDT using RSA key ID FE507013
+gpg: Signature made Sat 05 Aug 2023 10:12:46 AM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-## Security Onion 2.4 Release Candidate 2 (RC2)
+## Security Onion 2.4

-Security Onion 2.4 Release Candidate 2 (RC2) is here!
+Security Onion 2.4 is here!

 ## Screenshots

--- a/2
+++ b/2
@@ -1 +1 @@
-2.4.5
+2.4.10
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update
@@ -43,14 +43,12 @@ fi

 # Query for FQDN entries & add them to the list
 {% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %}
-CUSTOMFQDNLIST=({{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }})
-if [ -n "$CUSTOMFQDNLIST" ]; then
-    readarray -t CUSTOMFQDN <<< $CUSTOMFQDNLIST
-    for CUSTOMNAME in "${CUSTOMFQDN[@]}"
-    do
-    NEW_LIST+=("https://$CUSTOMNAME:8220")
-    done
-fi
+CUSTOMFQDNLIST=('{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }}')
+readarray -t -d ' ' CUSTOMFQDN < <(printf '%s' "$CUSTOMFQDNLIST")
+for CUSTOMNAME in "${CUSTOMFQDN[@]}"
+do
+ NEW_LIST+=("$CUSTOMNAME:5055")
+done
 {% endif %}

 # Query for the current Grid Nodes that are running Logstash
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-urls-update
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-urls-update
@@ -43,14 +43,12 @@ fi

 # Query for FQDN entries & add them to the list
 {% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %}
-CUSTOMFQDNLIST=({{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }})
-if [ -n "$CUSTOMFQDNLIST" ]; then
-    readarray -t CUSTOMFQDN <<< $CUSTOMFQDNLIST
-    for CUSTOMNAME in "${CUSTOMFQDN[@]}"
-    do
-    NEW_LIST+=("https://$CUSTOMNAME:8220")
-    done
-fi
+CUSTOMFQDNLIST=('{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(' ') }}')
+readarray -t -d ' ' CUSTOMFQDN < <(printf '%s' "$CUSTOMFQDNLIST")
+for CUSTOMNAME in "${CUSTOMFQDN[@]}"
+do
+ NEW_LIST+=("https://$CUSTOMNAME:8220")
+done
 {% endif %}

 # Query for the current Grid Nodes that are running Logstash (which includes Fleet Nodes)
--- a/salt/telegraf/scripts/zeekcaptureloss.sh
+++ b/salt/telegraf/scripts/zeekcaptureloss.sh
@@ -8,15 +8,10 @@
 # This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp

 # if this script isn't already running
-{%- from 'zeek/config.map.jinja' import ZEEKMERGED %}
 if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then

    if [ -d "/host/nsm/zeek/spool/logger" ]; then
-{%- if ZEEKMERGED.config.node.pins %}
-      WORKERS={{ ZEEKMERGED.config.node.pins | length }}
-{%- else %}
-      WORKERS={{ ZEEKMERGED.config.node.lb_procs }}
-{%- endif %}
+      WORKERS={{ salt['pillar.get']('sensor:zeek_lbprocs', salt['pillar.get']('sensor:zeek_pins') | length) }}
      ZEEKLOG=/host/nsm/zeek/spool/logger/capture_loss.log
    elif [ -d "/host/nsm/zeek/spool/zeeksa" ]; then
      WORKERS=1
--- a/BIN
+++ b/BIN
--- a/sigs/securityonion-2.4.5-20230807.iso.sig
+++ b/sigs/securityonion-2.4.5-20230807.iso.sig
@@ -1 +1 @@
 .4.5
 .4.10