339a5af4a3
Serve /kernelrepo through nginx so minions can reach the kernel repo
...
The /nsm/kernelrepo bind mount exposed the files, but without a matching
location block external requests to /kernelrepo/ fell through to the SOC
app and returned HTML, so minions hit 'repomd.xml parser error'. Add a
/kernelrepo/ location mirroring /repo/.
2026-06-26 12:02:49 -04:00
698a746d6d
Add UEK8 kernel repo support across install and grid
...
Mirror the kernel repo to full parity with the main package repo so the
grid can pull the Oracle UEK8 kernel:
- setup/so-functions: securityonion_repo() emits a [securityonionkernel]
section in every branch (mirrorlist on non-airgap, https://$MSRV/kernelrepo
for airgap/minion, file:///nsm/kernelrepo/ for manager); repo_sync_local()
and create_repo() sync and build /nsm/kernelrepo.
- manager/init.sls: create /nsm/kernelrepo and deploy mirror-kernel.txt.
- nginx/enabled.sls: serve /nsm/kernelrepo at https://<repo_host>/kernelrepo.
- repo/client/oracle.sls: add so_kernel_repo, gated by
onlyif test -e /opt/so/state/nic_names_pinned so the kernel repo is only
assigned once NICs are pinned by MAC.
- update_packages(): run so-nic-pin before the dnf update that pulls the
kernel, freezing interface names and dropping the pin marker so the kernel
isn't downgraded then re-upgraded on the first highstate.
2026-06-23 13:19:56 -04:00
024fece607
Tweak for nginx upgrade
2026-05-14 17:08:57 -04:00
8ea97e4af3
Merge pull request #15658 from Security-Onion-Solutions/jertel/wip
...
do not attempt to redirect to a source map after login
2026-03-23 09:55:31 -04:00
2f9a2e15b3
do not attempt to redirect to a source map after login
2026-03-23 09:48:06 -04:00
c2c5aea244
ensure bool sliders for each state:enabled annotation
2026-03-19 12:35:38 -04:00
a982056363
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 15:45:15 -04:00
4254769e68
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 15:32:52 -04:00
0c88b32fc2
fix casing to match annotation docs
2026-03-18 15:31:19 -04:00
825f377d2d
more doc updates
2026-03-18 13:05:36 -04:00
74ad2990a7
Merge remote-tracking branch 'origin/3/dev' into delta
2026-03-18 13:05:02 -04:00
e19e83bebb
allow user defined ulimits
2026-03-18 10:38:15 -04:00
930985b770
update helpLink references for new documentation
2026-03-18 09:46:45 -04:00
2349750e13
DOCKER to DOCKERMERGED
2026-03-17 16:19:02 -04:00
00986dc2fd
Merge remote-tracking branch 'origin/delta' into customulimit
2026-03-17 16:04:09 -04:00
2d97dfc8a1
Add customizable ulimit settings for all Docker containers
...
Add ulimits as a configurable advanced setting for every container,
allowing customization through the web UI. Move hardcoded ulimits
from elasticsearch and zeek into defaults.yaml and fix elasticsearch
ulimits that were incorrectly nested under the environment key.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-17 15:10:42 -04:00
4dc377c99f
DOCKER to DOCKERMERGED
2026-03-17 15:06:06 -04:00
1fcd8a7c1a
API errors will no longer redirect
2026-03-13 16:53:38 -04:00
b03b75315d
Support additional alt names in web cert
2026-03-04 15:45:03 -05:00
fcad82c4d4
prevent caching of main doc to ensure logged out detection is processed
2026-02-26 16:04:43 -05:00
c1c568e94d
do not allow auth redirection to login page or home page; that serves no purpose
2026-02-25 17:58:35 -05:00
00fbc1c259
add back individual signing policies
2026-01-12 09:25:15 -05:00
b9ff1704b0
the great ssl refactor
2025-12-11 17:30:06 -05:00
36a6a59d55
renew certs 7 days before expire
2025-12-01 11:54:10 -05:00
ec27517bdd
New Config Values
...
New config values with annotations and defaults.
Updated Nginx config to allow streaming requests to not be buffered on the way to the client.
2025-09-08 09:13:08 -06:00
3efe0eac13
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-06-06 08:54:23 -04:00
643afeeae7
enable STS for browser redirects
2025-06-05 16:02:27 -04:00
8c37a4454c
merge and fix conflicts
2025-05-06 11:55:42 -04:00
1931de2e52
copy so_agent-installers to nsm for nginx
2025-05-05 12:40:56 -04:00
102ddaf262
Merge remote-tracking branch 'origin/2.4/dev' into vlb2
2025-04-29 08:18:25 -04:00
5f45327372
Update enabled.sls
2025-04-28 08:39:26 -04:00
ac8ac23522
Update enabled.sls
2025-04-28 08:36:43 -04:00
44a5b3b1e5
MANAGERHYPE setup is now complete!
2025-03-12 21:05:04 -04:00
0047246cf2
reduce stdout verbosity
2025-03-04 10:55:12 -05:00
19593cd771
use consistent ciphers across listeners
2025-02-18 12:17:50 -05:00
7dd64380cc
Enable TLSv1.3 and use consistent ciphers across listeners
2025-02-18 11:48:00 -05:00
964bbe6aa5
additional web server security measures
2025-01-17 12:14:30 -05:00
dcdf31eee8
Fix folder perm
2025-01-10 16:15:17 -05:00
bcb92b63e3
Move json files to container image
2025-01-09 10:58:40 -05:00
6fa11a38ef
Update defaults
2025-01-07 13:14:50 -05:00
9475211417
Refactor Navigator for Detections
2024-12-09 16:31:51 -05:00
d4ed34d0ea
connect
2024-11-11 11:56:19 -05:00
d503c09ef2
connect
2024-10-24 15:45:18 -04:00
523ff66389
connect work
2024-10-16 13:44:01 -04:00
15c32f9103
connect routes
2024-10-16 12:33:14 -04:00
4913df2297
adjustments for support of PKCE OIDC
2024-10-01 08:54:14 -04:00
cce9e162d4
remove colon to avoid yaml parsing problems
2024-09-16 15:30:14 -04:00
217bb388a0
Clarify enabled settings
2024-09-16 10:05:17 -04:00
6e2c319e7e
Fix http2 declaration
2024-09-09 19:42:04 -04:00
eab7828bfe
Formatting and add setting
2024-09-09 18:39:19 -04:00
Mike Reeves
Josh Brower
Jason Ertel
Jason Ertel
Josh Patterson
Doug Burks
Mike Reeves
Corey Ogburn