CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-11 15:22:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,989 Commits 31 Branches 125 Tags
0d3e2a07088a78979e19b895a0c7f8c6dd61564c
Commit Graph

17989 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Reeves
0d3e2a0708 Merge pull request #15759 from Security-Onion-Solutions/feature/postgres 
Add ES credentials to postgres SOC module config
 2026-04-10 11:44:20 -04:00
Mike Reeves
9ccd0acb4f Add ES credentials to postgres module config for migration 
Postgres module now queries Elasticsearch directly via HTTP
for the chat migration (bypasses RBAC that needs user context).
Pass esHostUrl, esUsername, esPassword alongside postgres creds.
 2026-04-10 11:41:33 -04:00
Mike Reeves
e339aa41d5 Merge pull request #15757 from Security-Onion-Solutions/feature/postgres 
Add postgres admin password to SOC config
 2026-04-09 22:24:23 -04:00
Mike Reeves
1ffdcab3be Add postgres adminPassword to SOC module config 
Injects the postgres superuser password from secrets pillar so
SOC can run schema migrations as admin before switching to the
app user for normal operations.
 2026-04-09 22:21:35 -04:00
Mike Reeves
01a24b3684 Merge pull request #15756 from Security-Onion-Solutions/feature/postgres 
Fix init-users.sh password escaping for special characters
 2026-04-09 22:00:09 -04:00
Mike Reeves
da1045e052 Fix init-users.sh password escaping for special characters 
Use format() with %L for SQL literal escaping instead of raw
string interpolation. Also ALTER ROLE if user already exists
to keep password in sync with pillar.
 2026-04-09 21:52:20 -04:00
Mike Reeves
f1cdd265f9 Merge pull request #15755 from Security-Onion-Solutions/feature/postgres 
Only load postgres module on manager nodes
 2026-04-09 21:10:57 -04:00
Mike Reeves
55be1f1119 Only add postgres module config on manager nodes 
Removed postgres from soc/defaults.yaml (shared by all nodes)
and moved it entirely into defaults.map.jinja, which only injects
the config when postgres auth pillar exists (manager-type nodes).
Sensors and other non-manager nodes will not have a postgres module
section in their sensoroni.json, so sensoroni won't try to connect.
 2026-04-09 21:09:43 -04:00
Mike Reeves
631f5bd754 Merge pull request #15753 from Security-Onion-Solutions/feature/postgres 
Use manager IP for postgres host in SOC config
 2026-04-09 19:45:33 -04:00
Mike Reeves
c1b1452bd9 Use manager IP for postgres hostUrl instead of container hostname 
SOC connects to postgres via the host network, not the Docker
bridge network, so it needs the manager's IP address rather than
the container hostname.
 2026-04-09 19:34:14 -04:00
Mike Reeves
fb4615d5cd Merge pull request #15750 from Security-Onion-Solutions/feature/postgres 
Wire postgres credentials into SOC module config
 2026-04-09 14:55:51 -04:00
Mike Reeves
2dfa83dd7d Wire postgres credentials into SOC module config 
- Create vars/postgres.map.jinja for postgres auth globals
- Add POSTGRES_GLOBALS to all manager-type role vars
  (manager, eval, standalone, managersearch, import)
- Add postgres module config to soc/defaults.yaml
- Inject so_postgres credentials from auth pillar into
  soc/defaults.map.jinja (conditional on auth pillar existing)
 2026-04-09 14:09:32 -04:00
Mike Reeves
6eaf22fc5a Merge pull request #15748 from Security-Onion-Solutions/feature/postgres 
Add postgres.auth to allowed_states
 2026-04-09 12:47:00 -04:00
Mike Reeves
b87af8ea3d Add postgres.auth to allowed_states 
Matches the elasticsearch.auth pattern where auth states use
the full sls path check and are explicitly listed.
 2026-04-09 12:39:46 -04:00
Mike Reeves
592a6a4c21 Merge pull request #15747 from Security-Onion-Solutions/feature/postgres 
Enable postgres by default for manager nodes
 2026-04-09 12:24:37 -04:00
Mike Reeves
46e38d39bb Enable postgres by default 
Safe because postgres states are only applied to manager-type
nodes via top.sls and allowed_states.map.jinja.
 2026-04-09 12:23:47 -04:00
Mike Reeves
409d4fb632 Merge pull request #15746 from Security-Onion-Solutions/feature/postgres 
Add daily PostgreSQL database backup
 2026-04-09 10:44:47 -04:00
Mike Reeves
61bdfb1a4b Add daily PostgreSQL database backup 
- pg_dumpall piped through gzip, stored in /nsm/backup/
- Runs daily at 00:05 (4 minutes after config backup)
- 7-day retention matching existing config backup policy
- Skips gracefully if container isn't running
 2026-04-09 10:29:10 -04:00
Mike Reeves
9d72149fcd Merge pull request #15743 from Security-Onion-Solutions/feature/postgres 
Add so-postgres container and Salt infrastructure
 2026-04-09 10:05:15 -04:00
Mike Reeves
358a2e6d3f Add so-postgres to container image pull list 
Add to both the import and default manager container lists so
the image gets downloaded during installation.
 2026-04-09 10:02:41 -04:00
Mike Reeves
762e73faf5 Add so-postgres host management scripts 
- so-postgres-manage: wraps docker exec for psql operations
  (sql, sqlfile, shell, dblist, userlist)
- so-postgres-start/stop/restart: standard container lifecycle
- Scripts installed to /usr/sbin via file.recurse in config.sls
 2026-04-09 09:55:42 -04:00
Mike Reeves
e6afecbaa9 Change version from 3.1.0 to 3.0.0-bravo 2026-04-09 09:47:53 -04:00
Mike Reeves
868cd11874 Add so-postgres Salt states and integration wiring 
Phase 1 of the PostgreSQL central data platform:
- Salt states: init, enabled, disabled, config, ssl, auth, sostatus
- TLS via SO CA-signed certs with postgresql.conf template
- Two-tier auth: postgres superuser + so_postgres application user
- Firewall restricts port 5432 to manager-only (HA-ready)
- Wired into top.sls, pillar/top.sls, allowed_states, firewall
  containers map, docker defaults, CA signing policies, and setup
  scripts for all manager-type roles
 2026-04-08 10:58:52 -04:00
Mike Reeves
88de246ce3 Merge pull request #15725 from Security-Onion-Solutions/3/main 
License Link to dev
 2026-04-06 10:59:22 -04:00
Mike Reeves
3643b57167 Merge pull request #15724 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Fix JA4+ license link in soc_zeek.yaml
 2026-04-06 10:24:04 -04:00
Mike Reeves
5b3ca98b80 Fix JA4+ license link in soc_zeek.yaml 
Updated the license link in the JA4+ fingerprinting description.
 2026-04-06 10:12:37 -04:00
Jason Ertel
76f4ccf8c8 Merge pull request #15705 from Security-Onion-Solutions/3/main 
Merge pr/workflow changes back to dev
 2026-04-01 10:57:34 -04:00
Jason Ertel
2a37ad82b2 Merge pull request #15704 from Security-Onion-Solutions/jertel/mainpr 
pr/workflow changes
 2026-04-01 10:55:57 -04:00
Jason Ertel
80540da52f pr/workflow changes 2026-04-01 10:48:47 -04:00
Jason Ertel
e4ba3d6a2a pr/workflow changes 2026-04-01 10:47:59 -04:00
Mike Reeves
3dec6986b6 Merge pull request #15702 from Security-Onion-Solutions/3/main 
soup fix
 2026-03-31 15:12:01 -04:00
Mike Reeves
bbfb58ea4e Merge pull request #15701 from Security-Onion-Solutions/TOoSmOotH-patch-1 
Update SOUP_BRANCH to use 3/main instead of 2.4/main
 2026-03-31 15:09:34 -04:00
Mike Reeves
c91deb97b1 Update SOUP_BRANCH to use 3/main instead of 2.4/main 2026-03-31 15:07:23 -04:00
Mike Reeves
ff45e5ebc6 Merge pull request #15699 from Security-Onion-Solutions/TOoSmOotH-patch-4 
Version Bump
 2026-03-31 13:55:55 -04:00
Mike Reeves
1e2b51eae6 Add version 3.1.0 to discussion template options 2026-03-31 13:53:00 -04:00
Mike Reeves
58d332ea94 Bump version from 3.0.0 to 3.1.0 2026-03-31 13:52:07 -04:00
Mike Reeves
dcc67b9b8f Merge pull request #15696 from Security-Onion-Solutions/3/dev 
3.0.0
3.0.0-20260331 		2026-03-31 13:47:03 -04:00
Mike Reeves
cd886dd0f9 Merge pull request #15698 from Security-Onion-Solutions/merge-main-into-dev 
Merge 3/main into 3/dev
 2026-03-31 09:49:36 -04:00
Mike Reeves
37a6e28a6c Merge remote-tracking branch 'origin/3/dev' into merge-main-into-dev 2026-03-31 09:48:06 -04:00
Mike Reeves
434a2e7866 Merge pull request #15695 from Security-Onion-Solutions/3.0.0 
3.0.0
 2026-03-31 09:33:34 -04:00
Mike Reeves
79707db6ee 3.0.0 2026-03-31 09:17:08 -04:00
Josh Brower
0707507412 Merge pull request #15694 from Security-Onion-Solutions/fixpath 
Remove hardcoded index
 2026-03-30 12:47:55 -04:00
Josh Brower
c7e865aa1c Remove hardcoded index 2026-03-30 12:42:48 -04:00
Josh Brower
a89db79854 Merge pull request #15691 from Security-Onion-Solutions/jertel/wip 
revisit workflows
 2026-03-27 16:24:30 -04:00
Jason Ertel
812f65eee8 revisit workflows 2026-03-27 16:11:31 -04:00
Josh Patterson
cfa530ba9c Merge pull request #15690 from Security-Onion-Solutions/delta 
ensure bool sliders soc
 2026-03-27 15:19:30 -04:00
Josh Patterson
922c008b11 ensure bool sliders soc 2026-03-27 15:02:54 -04:00
Mike Reeves
ea30749512 Merge pull request #15676 from Security-Onion-Solutions/TOoSmOotH-patch-3 
Make AI adapter settings visible
 2026-03-26 09:43:58 -04:00
Mike Reeves
0a55592d7e Make AI adapter settings visible 
Changed 'advanced' field from True to False for AI adapters and available models.
 2026-03-26 09:37:39 -04:00
Josh Brower
115ca2c41d Merge pull request #15672 from Security-Onion-Solutions/yaracomments 
update yara template
 2026-03-24 15:59:48 -04:00