CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-23 21:12:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,862 Commits 39 Branches 123 Tags
customulimit
Commit Graph

17862 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Patterson
057ec6f0f1 ensure valid ulimit names 2026-03-18 12:49:46 -04:00
Josh Patterson
cacae12ba3 remove .jinja from daemon.json 2026-03-18 11:08:33 -04:00
Josh Patterson
e19e83bebb allow user defined ulimits 2026-03-18 10:38:15 -04:00
Josh Patterson
341471d38e DOCKER to DOCKERMERGED 2026-03-17 16:19:36 -04:00
Josh Patterson
2349750e13 DOCKER to DOCKERMERGED 2026-03-17 16:19:02 -04:00
Josh Patterson
00986dc2fd Merge remote-tracking branch 'origin/delta' into customulimit 2026-03-17 16:04:09 -04:00
Josh Patterson
d60bef1371 add spft/hard ulimits 2026-03-17 16:00:09 -04:00
Josh Patterson
5806a85214 Merge pull request #15629 from Security-Onion-Solutions/ulimits 
Add customizable ulimit settings for all Docker containers
 2026-03-17 15:14:31 -04:00
Mike Reeves
2d97dfc8a1 Add customizable ulimit settings for all Docker containers 
Add ulimits as a configurable advanced setting for every container,
allowing customization through the web UI. Move hardcoded ulimits
from elasticsearch and zeek into defaults.yaml and fix elasticsearch
ulimits that were incorrectly nested under the environment key.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-17 15:10:42 -04:00
Josh Patterson
d6263812a6 move daemon.json to docker/files 2026-03-17 15:09:09 -04:00
Josh Patterson
ef7d1771ab DOCKER TO DOCKERMERGED 2026-03-17 15:08:10 -04:00
Josh Patterson
4dc377c99f DOCKER to DOCKERMERGED 2026-03-17 15:06:06 -04:00
Mike Reeves
4bb61d999d Merge pull request #15628 from Security-Onion-Solutions/zeekload 
Add salt states for custom Zeek package loading
 2026-03-17 13:40:14 -04:00
Mike Reeves
e0e0e3e97b Exclude README from zkg sync 2026-03-17 13:36:56 -04:00
Mike Reeves
6b039b3f94 Consolidate zkg directory creation into file.recurse with makedirs 2026-03-17 13:36:03 -04:00
Josh Patterson
d2d2f0cb5f Merge pull request #15627 from Security-Onion-Solutions/delta 
old code cleanup. add ja4 toggle in soc.
 2026-03-17 13:24:59 -04:00
Mike Reeves
e6ee7dac7c Add salt states for custom Zeek package loading 
Create /opt/so/conf/zeek/zkg directory and sync custom packages
from the manager via file.recurse. Bind mount the directory into
the so-zeek container so the entrypoint can install packages on
startup.
 2026-03-17 13:22:59 -04:00
Josh Patterson
7bf63b822d replace placeholder files with .gitkeep to keep empty directories 2026-03-17 11:40:49 -04:00
Josh Patterson
1a7d72c630 ensure empty directory tracked by git 2026-03-17 11:11:02 -04:00
Josh Patterson
4224713cc6 Merge pull request #15624 from Security-Onion-Solutions/moreja 
Add SOC UI toggle for JA4+ fingerprinting
 2026-03-17 09:44:04 -04:00
Mike Reeves
b452e70419 Keep JA4S_raw and JA4H_raw hardcoded to disabled 2026-03-17 09:37:37 -04:00
Mike Reeves
6809497730 Add SOC UI toggle for JA4+ fingerprinting in Zeek 
JA4 (BSD licensed) remains always enabled, but JA4+ variants (JA4S,
JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X) require a FoxIO license
and are now toggleable via the SOC UI. The toggle includes a license
agreement warning and defaults to disabled.
 2026-03-17 09:35:31 -04:00
Jason Ertel
70597a77ab Merge pull request #15623 from Security-Onion-Solutions/jertel/wip 
fix hydra health check
 2026-03-17 07:53:00 -04:00
Jason Ertel
f5faf86cb3 fix hydra health check 2026-03-17 07:50:40 -04:00
Mike Reeves
be4e253620 Merge pull request #15621 from Security-Onion-Solutions/analyzer-cp314-wheels 
Rebuild analyzer source-packages wheels for Python 3.14
 2026-03-16 19:07:27 -04:00
Mike Reeves
ebc1152376 Rebuild all analyzer source-packages for Python 3.14 
Full rebuild of all analyzer source-packages via pip download targeting
cp314/manylinux_2_17_x86_64 to match the so-soc Dockerfile base image
(python:3.14.3-slim).

Replaces cp313 wheels with cp314 for pyyaml and charset_normalizer,
and picks up certifi 2026.2.25 (from 2026.1.4).
 2026-03-16 18:58:24 -04:00
Mike Reeves
625bfb3ba7 Rebuild analyzer source-packages wheels for Python 3.14 
The so-soc Dockerfile base image moved to python:3.14.3-slim but
analyzer source-packages still contained cp313 wheels for pyyaml and
charset_normalizer, causing pip install failures at container startup.

Replace all cp313 wheels with cp314 builds (pyyaml 6.0.3,
charset_normalizer 3.4.6) across all 14 analyzers and update the
CI python-test workflow to match.
 2026-03-16 18:58:23 -04:00
Jason Ertel
c11b83c712 Merge pull request #15622 from Security-Onion-Solutions/jertel/wip 
fix health check for new hydra version
 2026-03-16 18:45:34 -04:00
Jason Ertel
a3b471c1d1 fix health check for new hydra version 2026-03-16 18:43:36 -04:00
Mike Reeves
64bb0dfb5b Merge pull request #15610 from Security-Onion-Solutions/moresoup 
Add -r flag to so-yaml get and migrate pcap pillar to suricata
 2026-03-16 17:36:32 -04:00
Mike Reeves
ddb26a9f42 Add test for raw dict output in so-yaml get to reach 100% coverage 
Covers the dict/list branch in raw mode (line 358) that was missing
test coverage.
 2026-03-16 17:19:14 -04:00
Josh Patterson
744d8fdd5e Merge pull request #15620 from Security-Onion-Solutions/mreeves/remove-non-oracle9-salt 
Remove non-Oracle Linux 9 support from salt states
 2026-03-16 17:10:24 -04:00
Josh Patterson
6feb06e623 cleanup preflight 2026-03-16 17:02:36 -04:00
Mike Reeves
afc14ec29d Remove non-Oracle Linux 9 support from salt states 
Simplifies salt states, map files, and modules to only support
Oracle Linux 9, removing all Debian/Ubuntu/CentOS/Rocky/AlmaLinux/RHEL
conditional branches.
 2026-03-16 16:58:39 -04:00
Josh Patterson
59134c65d0 Merge pull request #15619 from Security-Onion-Solutions/mreeves/remove-non-oracle9-support 
Remove support for non-Oracle Linux 9 operating systems
 2026-03-16 16:55:59 -04:00
Josh Patterson
614537998a remove curator.disabled from top 2026-03-16 16:44:11 -04:00
Mike Reeves
d2cee468a0 Remove support for non-Oracle Linux 9 operating systems 
Security Onion now exclusively supports Oracle Linux 9. This removes
detection, setup, and update logic for Ubuntu, Debian, CentOS, Rocky,
AlmaLinux, and RHEL.
 2026-03-16 16:44:07 -04:00
Josh Patterson
94f454c311 cleanup file.absent 2026-03-16 15:57:15 -04:00
Josh Patterson
17881c9a36 cleanup highlander 2026-03-16 15:56:16 -04:00
Josh Patterson
5b2def6fdd Merge pull request #15618 from Security-Onion-Solutions/delta 
forcedType bool
 2026-03-16 12:50:06 -04:00
Josh Patterson
9b6d29212d forcedType bool 2026-03-16 12:46:25 -04:00
Josh Patterson
c1bff03b1c Merge pull request #15615 from Security-Onion-Solutions/delta 
initialize pcap-log
 2026-03-14 20:33:28 -04:00
Josh Patterson
b00f113658 initialize pcap-log 2026-03-14 19:45:50 -04:00
Jason Ertel
7dcd923ebf Merge pull request #15612 from Security-Onion-Solutions/jertel/wip 
API errors will no longer redirect
 2026-03-13 17:04:51 -04:00
Jason Ertel
1fcd8a7c1a API errors will no longer redirect 2026-03-13 16:53:38 -04:00
Mike Reeves
4a89f7f26b Add -r flag to so-yaml get for raw output without YAML formatting 
Preserve default get behavior with yaml.safe_dump output for backwards
compatibility. Add -r flag for clean scalar output used by soup pcap
migration.
 2026-03-13 16:24:41 -04:00
Mike Reeves
a9196348ab Merge pull request #15609 from Security-Onion-Solutions/moresoup 
Moresoup
 2026-03-13 16:16:35 -04:00
Mike Reeves
12dec366e0 Fix so-yaml get to output booleans in YAML format and add bool test 2026-03-13 15:58:47 -04:00
Mike Reeves
1713f6af76 Fix so-yaml tests to match scalar output without document end marker 2026-03-13 15:53:53 -04:00
Mike Reeves
7f4adb70bd Fix so-yaml get to print scalar values without YAML document end marker 2026-03-13 15:34:04 -04:00