From 0c553633b1f066bfb92e7edd3a66648a61cf355e Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 27 Jul 2023 16:16:46 -0400
Subject: [PATCH 1/9] Don't restart suricata if it doesn't exist

---
 setup/so-setup | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/setup/so-setup b/setup/so-setup
index 47b9416ea..d752bc113 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -687,12 +687,14 @@ if ! [[ -f $install_opt_file ]]; then
 		if [[ ! $is_airgap ]]; then
 			title "Downloading IDS Rules"
 			logCmd "so-rule-update"
-			title "Restarting Suricata to pick up the new rules"
-			logCmd "so-suricata-restart"
 			title "Downloading YARA rules"
 			logCmd "su socore -c '/usr/sbin/so-yara-download'"
-			title "Restarting Strelka to use new rules"
-			logCmd "so-strelka-restart"
+			if [[ $monints ]]; then
+				title "Restarting Suricata to pick up the new rules"
+				logCmd "so-suricata-restart"
+				title "Restarting Strelka to use new rules"
+				logCmd "so-strelka-restart"
+			fi
 		fi
 		title "Setting up Kibana Default Space"
 		logCmd "so-kibana-space-defaults"

From bb2a1b9521884505337337d368a3a847fe49d959 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 28 Jul 2023 09:46:27 -0400
Subject: [PATCH 2/9] Fix Desktop ISO install

---
 setup/so-functions | 31 ++++++++++++++-
 setup/so-setup     | 95 ++++++++++++++++++++++++----------------------
 2 files changed, 78 insertions(+), 48 deletions(-)

diff --git a/setup/so-functions b/setup/so-functions
index 491b2563a..96716058c 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1898,14 +1898,41 @@ securityonion_repo() {
 		logCmd "dnf -v clean all"
 		logCmd "mkdir -vp /root/oldrepos"
 		logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
-		if [[ ! $waitforstate ]]; then
+		if [[ $is_desktop_iso ]]; then
+			if [[ ! is_airgap ]]; then
+				echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /etc/yum/mirror.txt
+				echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /etc/yum/mirror.txt
+				echo "[main]" > /etc/yum.repos.d/securityonion.repo
+				echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
+				echo "installonly_limit=3" >> /etc/yum.repos.d/securityonion.repo
+				echo "clean_requirements_on_remove=True" >> /etc/yum.repos.d/securityonion.repo
+				echo "best=True" >> /etc/yum.repos.d/securityonion.repo
+				echo "skip_if_unavailable=False" >> /etc/yum.repos.d/securityonion.repo
+				echo "cachedir=/opt/so/conf/reposync/cache" >> /etc/yum.repos.d/securityonion.repo
+				echo "keepcache=0" >> /etc/yum.repos.d/securityonion.repo
+				echo "[securityonionsync]" >> /etc/yum.repos.d/securityonion.repo
+				echo "name=Security Onion Repo repo" >> /etc/yum.repos.d/securityonion.repo
+				echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /etc/yum.repos.d/securityonion.repo
+				echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo
+				echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
+				logCmd "dnf repolist"
+			else
+				echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo
+				echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo
+				echo "baseurl=https://$MSRV/repo" >> /etc/yum.repos.d/securityonion.repo
+				echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo
+				echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
+				echo "sslverify=0" >> /etc/yum.repos.d/securityonion.repo
+				logCmd "dnf repolist"
+			fi
+		elif [[ ! $waitforstate ]]; then
 			echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo
 			echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo
 			echo "baseurl=https://$MSRV/repo" >> /etc/yum.repos.d/securityonion.repo
 			echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo
 			echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
 			echo "sslverify=0" >> /etc/yum.repos.d/securityonion.repo		
-		else
+		elif [[ $waitforstate ]]; then
 			echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo
 			echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo
 			echo "baseurl=file:///nsm/repo/" >> /etc/yum.repos.d/securityonion.repo
diff --git a/setup/so-setup b/setup/so-setup
index d752bc113..16db76ef6 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -117,52 +117,6 @@ if [[ "$setup_type" == 'iso' ]]; then
 	fi
 fi
 
-# Check to see if this is an desktop install. If it is let's run things differently
-if [[ $is_desktop ]]; then
-	title "This is a desktop install"
-
-	# Make sure it's CentOS or Rocky Linux
-	if [[ $is_rpm ]]; then
-		info "Security Onion Desktop is supported on this OS."
-	else
-		info "Security Onion Desktop is not supported on this OS."
-		exit 1
-	fi
-
-	if ! whiptail_desktop_install; then
-		if [[ $is_desktop_iso ]]; then
-			if whiptail_desktop_nongrid_iso; then
-				# Remove setup from auto launching
-				parse_install_username
-				sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1
-				info "Enabling graphical interface and setting it to load at boot"
-				systemctl set-default graphical.target
-				startx
-				exit 0
-			else
-				# Abort!
-				exit 0
-			fi
-		else
-			if whiptail_desktop_nongrid_network; then
-				info ""
-				info ""
-				info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection."
-				info ""
-				info ""
-				desktop_salt_local
-			else
-				# Abort!
-				exit 0
-			fi
-		fi
-	fi
-
-	# If you got this far then you want to join the grid
-	is_minion=true
-
-fi
-
 if ! [ -f $install_opt_file ] && [ -d /root/manager_setup/securityonion ] && [[ $(pwd) != /root/manager_setup/securityonion/setup ]]; then
 	exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}"
 fi
@@ -366,6 +320,55 @@ fi
 # Process the install type
 process_installtype
 
+# Check to see if this is an desktop install. If it is let's run things differently
+if [[ $is_desktop ]]; then
+	title "This is a desktop install"
+
+	# Make sure it's oracle
+	if [[ $is_oracle ]]; then
+		info "Security Onion Desktop is supported on this OS."
+	else
+		info "Security Onion Desktop is not supported on this OS."
+		exit 1
+	fi
+
+#	if ! whiptail_desktop_install; then
+	if [[ $is_desktop_iso ]]; then
+		if whiptail_desktop_nongrid_iso; then
+			# Remove setup from auto launching
+			parse_install_username
+			sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1
+			securityonion_repo
+			info "Enabling graphical interface and setting it to load at boot"
+			systemctl set-default graphical.target
+			startx
+			exit 0
+		else
+			# Abort!
+			exit 0
+		fi
+	else
+		if whiptail_desktop_nongrid_network; then
+			info ""
+			info ""
+			info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection."
+			info ""
+			info ""
+			desktop_salt_local
+		else
+			# Abort!
+			exit 0
+		fi
+	fi
+#	fi
+
+	# If you got this far then you want to join the grid
+	is_minion=true
+
+fi
+
+
+
 # If this is not an automated install prompt
 if ! [[ -f $install_opt_file ]]; then
 	# If you are a manager ask ALL the manager things here. I know there is code re-use but this makes it easier to add new roles

From 4672eeb99bb29d7a65bd5fe670bc7e67c51769e3 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 28 Jul 2023 10:51:45 -0400
Subject: [PATCH 3/9] Fix Desktop ISO install

---
 setup/so-functions | 2 +-
 setup/so-setup     | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/setup/so-functions b/setup/so-functions
index 96716058c..226674163 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1899,7 +1899,7 @@ securityonion_repo() {
 		logCmd "mkdir -vp /root/oldrepos"
 		logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
 		if [[ $is_desktop_iso ]]; then
-			if [[ ! is_airgap ]]; then
+			if [[ ! $is_airgap ]]; then
 				echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /etc/yum/mirror.txt
 				echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /etc/yum/mirror.txt
 				echo "[main]" > /etc/yum.repos.d/securityonion.repo
diff --git a/setup/so-setup b/setup/so-setup
index 16db76ef6..171ef090c 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -341,7 +341,9 @@ if [[ $is_desktop ]]; then
 			securityonion_repo
 			info "Enabling graphical interface and setting it to load at boot"
 			systemctl set-default graphical.target
-			startx
+			echo "Desktop Install Complete!"
+			echo ""
+			echo "Please reboot to start graphical interface"
 			exit 0
 		else
 			# Abort!

From 858e884ec2d24d0e82c298a20da7f42ffec5ea1b Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 28 Jul 2023 10:52:37 -0400
Subject: [PATCH 4/9] Fix Desktop ISO install

---
 setup/so-setup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-setup b/setup/so-setup
index 171ef090c..ce0aa83f7 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -343,7 +343,7 @@ if [[ $is_desktop ]]; then
 			systemctl set-default graphical.target
 			echo "Desktop Install Complete!"
 			echo ""
-			echo "Please reboot to start graphical interface"
+			echo "Please reboot to start graphical interface."
 			exit 0
 		else
 			# Abort!

From 0bb5db2e725823234329e5b666009dc02d41d725 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 28 Jul 2023 11:34:30 -0400
Subject: [PATCH 5/9] Update so-functions

---
 setup/so-functions | 1 +
 1 file changed, 1 insertion(+)

diff --git a/setup/so-functions b/setup/so-functions
index 226674163..3d8fc6794 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1899,6 +1899,7 @@ securityonion_repo() {
 		logCmd "mkdir -vp /root/oldrepos"
 		logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
 		if [[ $is_desktop_iso ]]; then
+			gpg_rpm_import
 			if [[ ! $is_airgap ]]; then
 				echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /etc/yum/mirror.txt
 				echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /etc/yum/mirror.txt

From 9aa655365bf13539584d266ec4b53a060e2f0eb0 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 28 Jul 2023 12:20:15 -0400
Subject: [PATCH 6/9] Update so-functions

---
 setup/so-functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index 3d8fc6794..e9f13f092 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1913,7 +1913,7 @@ securityonion_repo() {
 				echo "keepcache=0" >> /etc/yum.repos.d/securityonion.repo
 				echo "[securityonionsync]" >> /etc/yum.repos.d/securityonion.repo
 				echo "name=Security Onion Repo repo" >> /etc/yum.repos.d/securityonion.repo
-				echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /etc/yum.repos.d/securityonion.repo
+				echo "mirrorlist=file:///etc/yum/mirror.txt" >> /etc/yum.repos.d/securityonion.repo
 				echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo
 				echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
 				logCmd "dnf repolist"

From 9fce80dba33dc2ecad532ab48271d02bda6d9ea5 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 28 Jul 2023 14:01:14 -0400
Subject: [PATCH 7/9] install epel-next after epel-release

---
 setup/so-functions | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index 491b2563a..c0bbffcb3 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1969,7 +1969,8 @@ repo_sync_local() {
 				logCmd "dnf -y install https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm"
 			else  
 				logCmd "dnf config-manager --set-enabled crb"
-				logCmd "dnf -y install epel-release epel-next"
+				logCmd "dnf -y install epel-release"
+				logCmd "dnf -y install epel-next"
 			fi
 			dnf install -y yum-utils device-mapper-persistent-data lvm2
 			curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo

From 6f6db61a6977f9b7911390948dc479c90cd6ea97 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 28 Jul 2023 14:04:27 -0400
Subject: [PATCH 8/9] remove epel-next

---
 setup/so-functions | 1 -
 1 file changed, 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index c0bbffcb3..3d7cedf1e 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1970,7 +1970,6 @@ repo_sync_local() {
 			else  
 				logCmd "dnf config-manager --set-enabled crb"
 				logCmd "dnf -y install epel-release"
-				logCmd "dnf -y install epel-next"
 			fi
 			dnf install -y yum-utils device-mapper-persistent-data lvm2
 			curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo

From 2a282a29c32c48774a9278a48ba50bed3903eade Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 28 Jul 2023 14:49:50 -0400
Subject: [PATCH 9/9] 2.4.4

---
 DOWNLOAD_AND_VERIFY_ISO.md |  20 ++++++++++----------
 sigs                       | Bin 566 -> 566 bytes
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/DOWNLOAD_AND_VERIFY_ISO.md b/DOWNLOAD_AND_VERIFY_ISO.md
index 9466c9bba..c1594b954 100644
--- a/DOWNLOAD_AND_VERIFY_ISO.md
+++ b/DOWNLOAD_AND_VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.4.3-20230711 ISO image built on 2023/07/11
+### 2.4.4-20230728 ISO image built on 2023/07/28
 
 
 
 ### Download and Verify
 
-2.4.3-20230711 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso
+2.4.4-20230728 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso
 
-MD5: F481ED39E02A5AF05EB50D319D97A6C7  
-SHA1: 20F9BAA8F73A44C21A8DFE81F36247BCF33CEDA6  
-SHA256: D805522E02CD4941641385F6FF86FAAC240DA6C5FD98F78460348632C7C631B0 
+MD5: F63E76245F3E745B5BDE9E6E647A7CB6  
+SHA1: 6CE4E4A3399CD282D4F8592FB19D510388AB3EEA  
+SHA256: BF8FEB91B1D94B67C3D4A79D209B068F4A46FEC7C15EEF65B0FCE9851D7E6C9F 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -26,17 +26,17 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.3-20230711.iso.sig securityonion-2.4.3-20230711.iso
+gpg --verify securityonion-2.4.4-20230728.iso.sig securityonion-2.4.4-20230728.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
diff --git a/sigs b/sigs
index 34c6a9eeebf5281b2173684f36290e56bb8a4e6c..75a14e1a124888e706fa4e8a2cb8c950e0df7217 100644
GIT binary patch
delta 542
zcmV+(0^$9(1hxc_BY(s2r~nEH5PT3|xBgIY6IR&||9=cs@>p+W<o;3MY+fIDyxnf%
z7vm6E<R;-CnMy?C?F<8IO^~?Ie@_n@u5jE^4Y;lQ1@o!&yFUmP56r&mhGLOteg9%x
z{8tKnJkyZx>KyMXEHkdmM<l{z8&q!WRu&|dgT2^FL^saxqkqoI=h<G97;=3<2Va`X
z^6o)cLIR$R*!c$x(^M2uJRYzX`UfCr|1^^K@&BSFi}q?F8SgrWWdLS)A{DLyxC4wn
z;=;t81)D7z2q?s!nfY;{(e#_}%5xG3lqvmYbaC%L`4N6DaJ#&$!{~A5?TU#a)Dbk<
zP1hyo8GTi<1%Fy*1_pz7L0@%GRGiO-QqimYwGUS)x5O?u;}quX|HjNHWx49U=k4oD
z4jMoz4f5*WYced*7m-5hMSlvQrLesu-F8EVPL<cy2r%IMF=HJ?3D`tn-3dZsy<Ba=
z#_2?N%e#~^a}xYPYVeq)kvv`XsXowZIQ^$fE%!OqFMsS^)3;07ww&#B8n9j8?)DdU
za~93uB~1(6IQXS`04lVxa?MBgOn-H%PJdan@PzcNLz|%zfSW$fHgKjp&W-?69fxtM
z663Q(zG3dWnjGgVmxe-JJyad8Gs>@nnrOxF1wCOG%^>?M&TJ|xXVRkJ-MD5W@+o3x
g*U>?v{uhh(M#Jj5bTOQNtyAg9srzf(VL^Z*kUZ@Vw*UYD

delta 542
zcmV+(0^$9(1hxc_BY&;dX#ffd5PT3|xBgIY6ZifP|8m2*fJvxBZ&oLt(^fhdf7k46
zjaM<o?zi?AFR=*mIl@Fd@^YE$c|dgv0{v<q8Maz|>>6mnpG#;;x;p{HNfXi1wyGH6
zdF6OA^SZD4PRbP{-8#_;xe}c;6T<k?ZoL{=4UTT{37Ga`UVpuJZm)n{HP~@aKX~N`
z<0#m%SgXkLh>r5)?(mzU;%aZ13|-)mryQipvdH8Ne26Gth&mzspy2YUlx#348-lwG
zVaUMV0ffl9AJTE|!U423`EGz#{2%l24?!f49LIj}>99~OwY8JRbLhgSk6rf>X(Bh<
zHg{zU+1foT1b=tIV7vWDrm-(+Y(v_5xB@Or6<s!gQd<f0EL`;ym!~=Lq;NqifE3R3
zLbl-B^#^#rw`FKKt%3_W<*RC9)$7{CawAx+9clrKHGrG8d|)PEm;98EI(bt?#v<%n
zsB*fm{Q@#4P&Uj31|eW`e=PPVle!nn*LM0Re7$MdKYy%8F)psBo5xCNG)>R*U5_Y@
zyID6`>>|_E1-q3%B4hst8h)oY<WwaArY7I@GhdkXq$z8u)`B@M`c4C@>Y~%z(igo+
zQk_}{a^<lKmzK&2MU8f<P6&fHVD5Gh(=1+rZgrnC!XabY4A36FW~{4W1WSf0Y<1cH
gklXAD@fTf&W^2-U3zh7grbPWQbQ{IX$ciKfXdikC_5c6?