Merge remote-tracking branch 'origin/2.4/dev' into iptables

2025-12-06 17:22:49 +01:00 · 2023-07-28 15:12:08 -04:00
parent 4c8373452d ed21b94c28
commit ecbb353d68
4 changed files with 98 additions and 63 deletions
--- a/DOWNLOAD_AND_VERIFY_ISO.md
+++ b/DOWNLOAD_AND_VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.4.3-20230711 ISO image built on 2023/07/11
+### 2.4.4-20230728 ISO image built on 2023/07/28



 ### Download and Verify

-2.4.3-20230711 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso
+2.4.4-20230728 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso

-MD5: F481ED39E02A5AF05EB50D319D97A6C7  
-SHA1: 20F9BAA8F73A44C21A8DFE81F36247BCF33CEDA6  
-SHA256: D805522E02CD4941641385F6FF86FAAC240DA6C5FD98F78460348632C7C631B0 
+MD5: F63E76245F3E745B5BDE9E6E647A7CB6  
+SHA1: 6CE4E4A3399CD282D4F8592FB19D510388AB3EEA  
+SHA256: BF8FEB91B1D94B67C3D4A79D209B068F4A46FEC7C15EEF65B0FCE9851D7E6C9F 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -26,17 +26,17 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.3-20230711.iso.sig securityonion-2.4.3-20230711.iso
+gpg --verify securityonion-2.4.4-20230728.iso.sig securityonion-2.4.4-20230728.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1898,14 +1898,42 @@ securityonion_repo() {
 		logCmd "dnf -v clean all"
 		logCmd "mkdir -vp /root/oldrepos"
 		logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
-		if [[ ! $waitforstate ]]; then
+		if [[ $is_desktop_iso ]]; then
+			gpg_rpm_import
+			if [[ ! $is_airgap ]]; then
+				echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /etc/yum/mirror.txt
+				echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /etc/yum/mirror.txt
+				echo "[main]" > /etc/yum.repos.d/securityonion.repo
+				echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
+				echo "installonly_limit=3" >> /etc/yum.repos.d/securityonion.repo
+				echo "clean_requirements_on_remove=True" >> /etc/yum.repos.d/securityonion.repo
+				echo "best=True" >> /etc/yum.repos.d/securityonion.repo
+				echo "skip_if_unavailable=False" >> /etc/yum.repos.d/securityonion.repo
+				echo "cachedir=/opt/so/conf/reposync/cache" >> /etc/yum.repos.d/securityonion.repo
+				echo "keepcache=0" >> /etc/yum.repos.d/securityonion.repo
+				echo "[securityonionsync]" >> /etc/yum.repos.d/securityonion.repo
+				echo "name=Security Onion Repo repo" >> /etc/yum.repos.d/securityonion.repo
+				echo "mirrorlist=file:///etc/yum/mirror.txt" >> /etc/yum.repos.d/securityonion.repo
+				echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo
+				echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
+				logCmd "dnf repolist"
+			else
+				echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo
+				echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo
+				echo "baseurl=https://$MSRV/repo" >> /etc/yum.repos.d/securityonion.repo
+				echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo
+				echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
+				echo "sslverify=0" >> /etc/yum.repos.d/securityonion.repo
+				logCmd "dnf repolist"
+			fi
+		elif [[ ! $waitforstate ]]; then
 			echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo
 			echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo
 			echo "baseurl=https://$MSRV/repo" >> /etc/yum.repos.d/securityonion.repo
 			echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo
 			echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
 			echo "sslverify=0" >> /etc/yum.repos.d/securityonion.repo		
-		else
+		elif [[ $waitforstate ]]; then
 			echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo
 			echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo
 			echo "baseurl=file:///nsm/repo/" >> /etc/yum.repos.d/securityonion.repo
@@ -1969,7 +1997,7 @@ repo_sync_local() {
 				logCmd "dnf -y install https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm"
 			else  
 				logCmd "dnf config-manager --set-enabled crb"
-				logCmd "dnf -y install epel-release epel-next"
+				logCmd "dnf -y install epel-release"
 			fi
 			dnf install -y yum-utils device-mapper-persistent-data lvm2
 			curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -117,52 +117,6 @@ if [[ "$setup_type" == 'iso' ]]; then
 	fi
 fi

-# Check to see if this is an desktop install. If it is let's run things differently
-if [[ $is_desktop ]]; then
-	title "This is a desktop install"
-
-	# Make sure it's CentOS or Rocky Linux
-	if [[ $is_rpm ]]; then
-		info "Security Onion Desktop is supported on this OS."
-	else
-		info "Security Onion Desktop is not supported on this OS."
-		exit 1
-	fi
-
-	if ! whiptail_desktop_install; then
-		if [[ $is_desktop_iso ]]; then
-			if whiptail_desktop_nongrid_iso; then
-				# Remove setup from auto launching
-				parse_install_username
-				sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1
-				info "Enabling graphical interface and setting it to load at boot"
-				systemctl set-default graphical.target
-				startx
-				exit 0
-			else
-				# Abort!
-				exit 0
-			fi
-		else
-			if whiptail_desktop_nongrid_network; then
-				info ""
-				info ""
-				info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection."
-				info ""
-				info ""
-				desktop_salt_local
-			else
-				# Abort!
-				exit 0
-			fi
-		fi
-	fi
-
-	# If you got this far then you want to join the grid
-	is_minion=true
-
-fi
-
 if ! [ -f $install_opt_file ] && [ -d /root/manager_setup/securityonion ] && [[ $(pwd) != /root/manager_setup/securityonion/setup ]]; then
 	exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}"
 fi
@@ -366,6 +320,57 @@ fi
 # Process the install type
 process_installtype

+# Check to see if this is an desktop install. If it is let's run things differently
+if [[ $is_desktop ]]; then
+	title "This is a desktop install"
+
+	# Make sure it's oracle
+	if [[ $is_oracle ]]; then
+		info "Security Onion Desktop is supported on this OS."
+	else
+		info "Security Onion Desktop is not supported on this OS."
+		exit 1
+	fi
+
+#	if ! whiptail_desktop_install; then
+	if [[ $is_desktop_iso ]]; then
+		if whiptail_desktop_nongrid_iso; then
+			# Remove setup from auto launching
+			parse_install_username
+			sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1
+			securityonion_repo
+			info "Enabling graphical interface and setting it to load at boot"
+			systemctl set-default graphical.target
+			echo "Desktop Install Complete!"
+			echo ""
+			echo "Please reboot to start graphical interface."
+			exit 0
+		else
+			# Abort!
+			exit 0
+		fi
+	else
+		if whiptail_desktop_nongrid_network; then
+			info ""
+			info ""
+			info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection."
+			info ""
+			info ""
+			desktop_salt_local
+		else
+			# Abort!
+			exit 0
+		fi
+	fi
+#	fi
+
+	# If you got this far then you want to join the grid
+	is_minion=true
+
+fi
+
+
+
 # If this is not an automated install prompt
 if ! [[ -f $install_opt_file ]]; then
 	# If you are a manager ask ALL the manager things here. I know there is code re-use but this makes it easier to add new roles
@@ -687,12 +692,14 @@ if ! [[ -f $install_opt_file ]]; then
 		if [[ ! $is_airgap ]]; then
 			title "Downloading IDS Rules"
 			logCmd "so-rule-update"
-			title "Restarting Suricata to pick up the new rules"
-			logCmd "so-suricata-restart"
 			title "Downloading YARA rules"
 			logCmd "su socore -c '/usr/sbin/so-yara-download'"
-			title "Restarting Strelka to use new rules"
-			logCmd "so-strelka-restart"
+			if [[ $monints ]]; then
+				title "Restarting Suricata to pick up the new rules"
+				logCmd "so-suricata-restart"
+				title "Restarting Strelka to use new rules"
+				logCmd "so-strelka-restart"
+			fi
 		fi
 		title "Setting up Kibana Default Space"
 		logCmd "so-kibana-space-defaults"
--- a/BIN
+++ b/BIN