CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-09 04:42:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,044 Commits 53 Branches 125 Tags
fix/reinstall2
Commit Graph

786 Commits

Author SHA1 Message Date
Josh Patterson edd207a9d5 soup update socloud.conf 2026-04-22 09:20:53 -04:00
Jorge Reyes 7d22f7bd58 Merge pull request #15776 from Security-Onion-Solutions/foxtrot 
ES 9.3.3
 2026-04-15 16:29:34 -05:00
reyesj2 d598e20fbb soup 3.1.0 2026-04-14 14:55:33 -05:00
Jason Ertel 5634aed679 support minion node descriptions containing spaces 2026-04-13 15:19:39 -04:00
Mike Reeves c91deb97b1 Update SOUP_BRANCH to use 3/main instead of 2.4/main 2026-03-31 15:07:23 -04:00
Josh Patterson f0f9de4b44 add status updates for pillar conversions 2026-03-20 16:12:10 -04:00
Josh Patterson e857a8487a convert suricata pillar data yes/no to true/false 2026-03-20 15:35:44 -04:00
Jorge Reyes 20c4da50b1 Merge pull request #15632 from Security-Onion-Solutions/reyesj2-15601 
fix global override settings affecting non-data stream indices
 2026-03-18 10:51:17 -05:00
reyesj2 1a943aefc5 rollover datastreams to get latest index templates + remove existing ilm policies from so-case / so-detection indices 2026-03-17 13:49:20 -05:00
Josh Patterson 4224713cc6 Merge pull request #15624 from Security-Onion-Solutions/moreja 
Add SOC UI toggle for JA4+ fingerprinting
 2026-03-17 09:44:04 -04:00
Jason Ertel a3b471c1d1 fix health check for new hydra version 2026-03-16 18:43:36 -04:00
Mike Reeves 64bb0dfb5b Merge pull request #15610 from Security-Onion-Solutions/moresoup 
Add -r flag to so-yaml get and migrate pcap pillar to suricata
 2026-03-16 17:36:32 -04:00
Mike Reeves ddb26a9f42 Add test for raw dict output in so-yaml get to reach 100% coverage 
Covers the dict/list branch in raw mode (line 358) that was missing
test coverage.
 2026-03-16 17:19:14 -04:00
Mike Reeves d2cee468a0 Remove support for non-Oracle Linux 9 operating systems 
Security Onion now exclusively supports Oracle Linux 9. This removes
detection, setup, and update logic for Ubuntu, Debian, CentOS, Rocky,
AlmaLinux, and RHEL.
 2026-03-16 16:44:07 -04:00
Jason Ertel 7dcd923ebf Merge pull request #15612 from Security-Onion-Solutions/jertel/wip 
API errors will no longer redirect
 2026-03-13 17:04:51 -04:00
Jason Ertel 1fcd8a7c1a API errors will no longer redirect 2026-03-13 16:53:38 -04:00
Mike Reeves 4a89f7f26b Add -r flag to so-yaml get for raw output without YAML formatting 
Preserve default get behavior with yaml.safe_dump output for backwards
compatibility. Add -r flag for clean scalar output used by soup pcap
migration.
 2026-03-13 16:24:41 -04:00
Mike Reeves 12dec366e0 Fix so-yaml get to output booleans in YAML format and add bool test 2026-03-13 15:58:47 -04:00
Mike Reeves 1713f6af76 Fix so-yaml tests to match scalar output without document end marker 2026-03-13 15:53:53 -04:00
Mike Reeves 7f4adb70bd Fix so-yaml get to print scalar values without YAML document end marker 2026-03-13 15:34:04 -04:00
Mike Reeves e2483e4be0 Fix so-yaml addKey crash when intermediate key has None value 2026-03-13 15:22:29 -04:00
Mike Reeves 322c0b8d56 Move pcap.enabled under suricata.pcap.enabled in so-minion 2026-03-13 15:14:19 -04:00
Mike Reeves 81c1d8362d Fix pcap migration to strip yaml document end marker from so-yaml output 2026-03-13 15:09:37 -04:00
Mike Reeves 18f971954b Improve soup version checks and migrate pcap pillar to suricata 
Consolidate version checks to use regex patterns for 2.4.21X and 3.x
versions. Add migrate_pcap_to_suricata to move pcap.enabled to
suricata.pcap.enabled in minion and pcap pillar files during upgrade.
 2026-03-13 14:54:23 -04:00
Mike Reeves 89f144df75 Remove upgrade instructions for 2.4 branch 
Removed outdated instructions for upgrading to the latest 2.4 branch.
 2026-03-11 16:05:06 -04:00
Mike Reeves cfccbe2bed Update version check to include 2.4.211 2026-03-11 15:59:23 -04:00
Mike Reeves 4539024280 Add minimum version check and fix function call syntax in soup 
Require at least Security Onion 2.4.210 before allowing upgrade.
Fix determine_elastic_agent_upgrade() call syntax (remove parens).
 2026-03-10 15:05:52 -04:00
Mike Reeves 91759587f5 Update version numbers for upgrade scripts 2026-03-10 14:58:43 -04:00
Mike Reeves bc9841ea8c Refactor upgrade functions and remove unused code 
Removed deprecated functions and updated version checks for upgrades.
 2026-03-10 14:45:40 -04:00
Mike Reeves 685e22bd68 soup cleanup 2026-03-10 11:58:06 -04:00
Mike Reeves d78a5867b8 Refactor upgrade functions and version checks 
Removed redundant upgrade functions and streamlined version checks.
 2026-03-09 17:10:18 -04:00
Jason Ertel 2c4d833a5b update 2.4 references to 3 2026-03-05 11:05:19 -05:00
Jason Ertel 863276e24f Merge pull request #15539 from Security-Onion-Solutions/jertel/wip 
prepare for nextgen docs
 2026-02-27 13:18:47 -05:00
Jason Ertel 9bd5e1897a prepare for nextgen docs 2026-02-27 13:09:55 -05:00
Josh Brower 17e3a4bf21 Merge pull request #15536 from Security-Onion-Solutions/idstools-cleanup 
Move rm to post
 2026-02-27 08:39:50 -05:00
DefensiveDepth 2284283b17 Move rm to post 2026-02-27 08:35:28 -05:00
Josh Patterson 972aa1f8a1 Merge pull request #15534 from Security-Onion-Solutions/bravo 
restart salt minion before failing if not ready
 2026-02-26 15:20:44 -05:00
Josh Patterson 79d9b6e0a4 restart salt minion before failing if not ready 2026-02-26 12:05:21 -05:00
DefensiveDepth 5e7b0cfe0e Cleanup idstools 2026-02-26 09:05:54 -05:00
Mike Reeves fa479c4b89 Merge pull request #15517 from Security-Onion-Solutions/souppcap 
Add Support for upgrading to 3.0
 2026-02-24 10:11:24 -05:00
Mike Reeves be35b59b8c Update echo messages for PCAP engine clarity 2026-02-24 10:04:26 -05:00
Josh Patterson 2375061cfa so-yaml.py tell which key not found 2026-02-23 13:19:03 -05:00
Josh Patterson 1a9a087af2 redirect not found if key isn't found 2026-02-23 13:17:38 -05:00
Josh Patterson bf16de7bfd fix duplicate log lines in soup log 2026-02-23 12:07:04 -05:00
Josh Patterson 863c7abc8b fix soup failure if salt-relay isn't running 2026-02-23 11:36:20 -05:00
Mike Reeves 7170289a5e Continue upgrade after pcapengine is changed to SURICATA 
Instead of exiting and requiring the user to rerun the script after
changing pcapengine to SURICATA, let the script continue to the
version check and upgrade.
 2026-02-23 11:35:32 -05:00
Mike Reeves ca040044bb Use so-yaml to update pcapengine pillar and fix file path 
Replace fragile sed with so-yaml.py replace for proper YAML handling.
Also correct the pillar file path from soc_soc.sls to soc_global.sls.
 2026-02-23 11:16:30 -05:00
Mike Reeves f17e2961ed Add PCAP orphan warning and require SURICATA before upgrade 
- Warn users that undeleted Stenographer PCAP data will be inaccessible
  and never automatically cleaned up if they switch to SURICATA without
  deleting it first
- Require pcapengine to be set to SURICATA before allowing upgrade,
  with clear messaging when the user declines to change it
 2026-02-23 11:05:30 -05:00
Mike Reeves bbc7668786 Add version check, PCAP cleanup prompts, and SOC config references to soupto3 
- Skip upgrade if already running Security Onion 3.x.x
- Add interactive prompts to delete Stenographer PCAP data (with double confirmation) and change pcapengine to SURICATA
- Direct users to SOC Configuration UI instead of editing pillar files directly
- Consolidate TRANSITION and STENO cases to reduce repeated code
 2026-02-23 10:49:54 -05:00
Mike Reeves 1888f9e757 Soup to 3 2026-02-23 10:07:16 -05:00