CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into jertel/mergedev

Browse Source
This commit is contained in:
Jason Ertel
2022-12-08 09:14:08 -05:00
parent f7730741c2 ef15de130a
commit e9b9e128c6
5 changed files with 32 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
HOTFIX
View File

@@ -0,0 +1 @@
20221207

22
VERIFY_ISO.md
View File

@@ -1,18 +1,18 @@
### 2.3.190-20221205 ISO image built on 2022/12/05 ### 2.3.190-20221207 ISO image built on 2022/12/07
### Download and Verify ### Download and Verify
2.3.190-20221205 ISO image: 2.3.190-20221207 ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.190-20221205.iso https://download.securityonion.net/file/securityonion/securityonion-2.3.190-20221207.iso
MD5: E8D0BB6F43F67EC64F04AE239781E674 MD5: F7F222325A5C1C880E11B667FEE913CA
SHA1: BC58236BDF8DBD86870182B6F79009406DC04138 SHA1: F7DFE818A0CED391548CDF0DE3B4D2A24E16A532
SHA256: 34A98078538060486C70A934839A271A5AD66CF50D55EEC04DA0B325B13D56AC SHA256: 95E62E0D347A80C8A9CD4979D6F6BE8B302A12424A888410025E9AAB8BD504B2
Signature for ISO image: Signature for ISO image:
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.190-20221205.iso.sig https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.190-20221207.iso.sig
Signing key: Signing key:
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
Download the signature file for the ISO: Download the signature file for the ISO:
``` ```
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.190-20221205.iso.sig wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.190-20221207.iso.sig
``` ```
Download the ISO image: Download the ISO image:
``` ```
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.190-20221205.iso wget https://download.securityonion.net/file/securityonion/securityonion-2.3.190-20221207.iso
``` ```
Verify the downloaded ISO image using the signature file: Verify the downloaded ISO image using the signature file:
``` ```
gpg --verify securityonion-2.3.190-20221205.iso.sig securityonion-2.3.190-20221205.iso gpg --verify securityonion-2.3.190-20221207.iso.sig securityonion-2.3.190-20221207.iso
``` ```
The output should show "Good signature" and the Primary key fingerprint should match what's shown below: The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
``` ```
gpg: Signature made Mon 05 Dec 2022 12:27:49 PM EST using RSA key ID FE507013 gpg: Signature made Wed 07 Dec 2022 02:36:23 PM EST using RSA key ID FE507013
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>" gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.

8
salt/strelka/filecheck/filecheck
View File

@@ -74,17 +74,21 @@ def process(filename, hizash):
class CreatedEventHandler(FileSystemEventHandler): class CreatedEventHandler(FileSystemEventHandler):
def on_created(self, event): def on_created(self, event):
logging.info("File create detected: " + event.src_path)
checksum(event.src_path) checksum(event.src_path)
def on_moved(self, event):
logging.info("File move detected: " + event.src_path + " -> " + event.dest_path)
checksum(event.dest_path)
if __name__ == "__main__": if __name__ == "__main__":
logging.info("Starting filecheck") logging.info("Starting filecheck")
checkexisting()
event_handler =CreatedEventHandler() event_handler =CreatedEventHandler()
shutdown = False shutdown = False
while not shutdown: while not shutdown:
checkexisting()
logging.info("Scheduling observer") logging.info("Scheduling observer")
observer = Observer() observer = Observer()
observer.schedule(event_handler, extract_path, recursive=True) observer.schedule(event_handler, extract_path, recursive=True)

15
salt/strelka/init.sls
View File

@@ -170,9 +170,22 @@ filecheck_script:
- group: 939 - group: 939
- mode: 755 - mode: 755
filecheck_restart:
cmd.run:
- name: pkill -f "python3 /opt/so/conf/strelka/filecheck"
- hide_output: True
- success_retcodes: [0,1]
- onchanges:
- file: filecheck_script
filecheck_oldcronremoval:
cron.absent:
- name: 'ps -ef | grep filecheck | grep -v grep || python3 /opt/so/conf/strelka/filecheck >> /opt/so/log/strelka/filecheck_stdout.log 2>&1 &'
- user: {{ filecheck_runas }}
filecheck_run: filecheck_run:
cron.present: cron.present:
- name: 'ps -ef | grep filecheck | grep -v grep || python3 /opt/so/conf/strelka/filecheck >> /opt/so/log/strelka/filecheck_stdout.log 2>&1 &' - name: 'ps -ef | grep filecheck | grep -v grep > /dev/null 2>&1 || python3 /opt/so/conf/strelka/filecheck >> /opt/so/log/strelka/filecheck_stdout.log 2>&1 &'
- user: {{ filecheck_runas }} - user: {{ filecheck_runas }}
filcheck_history_clean: filcheck_history_clean:

BIN
sigs/securityonion-2.3.190-20221207.iso.sig Normal file
View File

Binary file not shown.