CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-20 19:55:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,851 Commits 37 Branches 123 Tags
2d97dfc8a181f9f7abcbf2e0157169d5c4b6b775
Commit Graph

17851 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Reeves
2d97dfc8a1 Add customizable ulimit settings for all Docker containers 
Add ulimits as a configurable advanced setting for every container,
allowing customization through the web UI. Move hardcoded ulimits
from elasticsearch and zeek into defaults.yaml and fix elasticsearch
ulimits that were incorrectly nested under the environment key.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-17 15:10:42 -04:00
Mike Reeves
4bb61d999d Merge pull request #15628 from Security-Onion-Solutions/zeekload 
Add salt states for custom Zeek package loading
 2026-03-17 13:40:14 -04:00
Mike Reeves
e0e0e3e97b Exclude README from zkg sync 2026-03-17 13:36:56 -04:00
Mike Reeves
6b039b3f94 Consolidate zkg directory creation into file.recurse with makedirs 2026-03-17 13:36:03 -04:00
Josh Patterson
d2d2f0cb5f Merge pull request #15627 from Security-Onion-Solutions/delta 
old code cleanup. add ja4 toggle in soc.
 2026-03-17 13:24:59 -04:00
Mike Reeves
e6ee7dac7c Add salt states for custom Zeek package loading 
Create /opt/so/conf/zeek/zkg directory and sync custom packages
from the manager via file.recurse. Bind mount the directory into
the so-zeek container so the entrypoint can install packages on
startup.
 2026-03-17 13:22:59 -04:00
Josh Patterson
7bf63b822d replace placeholder files with .gitkeep to keep empty directories 2026-03-17 11:40:49 -04:00
Josh Patterson
1a7d72c630 ensure empty directory tracked by git 2026-03-17 11:11:02 -04:00
Josh Patterson
4224713cc6 Merge pull request #15624 from Security-Onion-Solutions/moreja 
Add SOC UI toggle for JA4+ fingerprinting
 2026-03-17 09:44:04 -04:00
Mike Reeves
b452e70419 Keep JA4S_raw and JA4H_raw hardcoded to disabled 2026-03-17 09:37:37 -04:00
Mike Reeves
6809497730 Add SOC UI toggle for JA4+ fingerprinting in Zeek 
JA4 (BSD licensed) remains always enabled, but JA4+ variants (JA4S,
JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X) require a FoxIO license
and are now toggleable via the SOC UI. The toggle includes a license
agreement warning and defaults to disabled.
 2026-03-17 09:35:31 -04:00
Jason Ertel
70597a77ab Merge pull request #15623 from Security-Onion-Solutions/jertel/wip 
fix hydra health check
 2026-03-17 07:53:00 -04:00
Jason Ertel
f5faf86cb3 fix hydra health check 2026-03-17 07:50:40 -04:00
Mike Reeves
be4e253620 Merge pull request #15621 from Security-Onion-Solutions/analyzer-cp314-wheels 
Rebuild analyzer source-packages wheels for Python 3.14
 2026-03-16 19:07:27 -04:00
Mike Reeves
ebc1152376 Rebuild all analyzer source-packages for Python 3.14 
Full rebuild of all analyzer source-packages via pip download targeting
cp314/manylinux_2_17_x86_64 to match the so-soc Dockerfile base image
(python:3.14.3-slim).

Replaces cp313 wheels with cp314 for pyyaml and charset_normalizer,
and picks up certifi 2026.2.25 (from 2026.1.4).
 2026-03-16 18:58:24 -04:00
Mike Reeves
625bfb3ba7 Rebuild analyzer source-packages wheels for Python 3.14 
The so-soc Dockerfile base image moved to python:3.14.3-slim but
analyzer source-packages still contained cp313 wheels for pyyaml and
charset_normalizer, causing pip install failures at container startup.

Replace all cp313 wheels with cp314 builds (pyyaml 6.0.3,
charset_normalizer 3.4.6) across all 14 analyzers and update the
CI python-test workflow to match.
 2026-03-16 18:58:23 -04:00
Jason Ertel
c11b83c712 Merge pull request #15622 from Security-Onion-Solutions/jertel/wip 
fix health check for new hydra version
 2026-03-16 18:45:34 -04:00
Jason Ertel
a3b471c1d1 fix health check for new hydra version 2026-03-16 18:43:36 -04:00
Mike Reeves
64bb0dfb5b Merge pull request #15610 from Security-Onion-Solutions/moresoup 
Add -r flag to so-yaml get and migrate pcap pillar to suricata
 2026-03-16 17:36:32 -04:00
Mike Reeves
ddb26a9f42 Add test for raw dict output in so-yaml get to reach 100% coverage 
Covers the dict/list branch in raw mode (line 358) that was missing
test coverage.
 2026-03-16 17:19:14 -04:00
Josh Patterson
744d8fdd5e Merge pull request #15620 from Security-Onion-Solutions/mreeves/remove-non-oracle9-salt 
Remove non-Oracle Linux 9 support from salt states
 2026-03-16 17:10:24 -04:00
Josh Patterson
6feb06e623 cleanup preflight 2026-03-16 17:02:36 -04:00
Mike Reeves
afc14ec29d Remove non-Oracle Linux 9 support from salt states 
Simplifies salt states, map files, and modules to only support
Oracle Linux 9, removing all Debian/Ubuntu/CentOS/Rocky/AlmaLinux/RHEL
conditional branches.
 2026-03-16 16:58:39 -04:00
Josh Patterson
59134c65d0 Merge pull request #15619 from Security-Onion-Solutions/mreeves/remove-non-oracle9-support 
Remove support for non-Oracle Linux 9 operating systems
 2026-03-16 16:55:59 -04:00
Josh Patterson
614537998a remove curator.disabled from top 2026-03-16 16:44:11 -04:00
Mike Reeves
d2cee468a0 Remove support for non-Oracle Linux 9 operating systems 
Security Onion now exclusively supports Oracle Linux 9. This removes
detection, setup, and update logic for Ubuntu, Debian, CentOS, Rocky,
AlmaLinux, and RHEL.
 2026-03-16 16:44:07 -04:00
Josh Patterson
94f454c311 cleanup file.absent 2026-03-16 15:57:15 -04:00
Josh Patterson
17881c9a36 cleanup highlander 2026-03-16 15:56:16 -04:00
Josh Patterson
5b2def6fdd Merge pull request #15618 from Security-Onion-Solutions/delta 
forcedType bool
 2026-03-16 12:50:06 -04:00
Josh Patterson
9b6d29212d forcedType bool 2026-03-16 12:46:25 -04:00
Josh Patterson
c1bff03b1c Merge pull request #15615 from Security-Onion-Solutions/delta 
initialize pcap-log
 2026-03-14 20:33:28 -04:00
Josh Patterson
b00f113658 initialize pcap-log 2026-03-14 19:45:50 -04:00
Jason Ertel
7dcd923ebf Merge pull request #15612 from Security-Onion-Solutions/jertel/wip 
API errors will no longer redirect
 2026-03-13 17:04:51 -04:00
Jason Ertel
1fcd8a7c1a API errors will no longer redirect 2026-03-13 16:53:38 -04:00
Mike Reeves
4a89f7f26b Add -r flag to so-yaml get for raw output without YAML formatting 
Preserve default get behavior with yaml.safe_dump output for backwards
compatibility. Add -r flag for clean scalar output used by soup pcap
migration.
 2026-03-13 16:24:41 -04:00
Mike Reeves
a9196348ab Merge pull request #15609 from Security-Onion-Solutions/moresoup 
Moresoup
 2026-03-13 16:16:35 -04:00
Mike Reeves
12dec366e0 Fix so-yaml get to output booleans in YAML format and add bool test 2026-03-13 15:58:47 -04:00
Mike Reeves
1713f6af76 Fix so-yaml tests to match scalar output without document end marker 2026-03-13 15:53:53 -04:00
Mike Reeves
7f4adb70bd Fix so-yaml get to print scalar values without YAML document end marker 2026-03-13 15:34:04 -04:00
Mike Reeves
e2483e4be0 Fix so-yaml addKey crash when intermediate key has None value 2026-03-13 15:22:29 -04:00
Mike Reeves
322c0b8d56 Move pcap.enabled under suricata.pcap.enabled in so-minion 2026-03-13 15:14:19 -04:00
Mike Reeves
81c1d8362d Fix pcap migration to strip yaml document end marker from so-yaml output 2026-03-13 15:09:37 -04:00
Mike Reeves
d1156ee3fd Merge pull request #15608 from Security-Onion-Solutions/moresoup 
Improve soup version checks and migrate pcap to suricata
 2026-03-13 14:59:57 -04:00
Mike Reeves
18f971954b Improve soup version checks and migrate pcap pillar to suricata 
Consolidate version checks to use regex patterns for 2.4.21X and 3.x
versions. Add migrate_pcap_to_suricata to move pcap.enabled to
suricata.pcap.enabled in minion and pcap pillar files during upgrade.
 2026-03-13 14:54:23 -04:00
Josh Patterson
e55ac7062c Merge pull request #15574 from Security-Onion-Solutions/delta 
pcap cleanup state. enable/disable pcap for suricata in soc
 2026-03-13 14:54:06 -04:00
Josh Patterson
c178eada22 Merge pull request #15595 from Security-Onion-Solutions/TOoSmOotH-patch-5 
Update version check to include 2.4.211
 2026-03-13 14:32:59 -04:00
Doug Burks
92213e302f Merge pull request #15603 from Security-Onion-Solutions/dougburks-patch-1 
Remove version 3.0.0 from 2.4 discussion template
 2026-03-13 10:53:24 -04:00
Doug Burks
72193b0249 Remove version 3.0.0 from 2.4 discussion template 2026-03-13 10:51:25 -04:00
Mike Reeves
066d7106b0 Merge pull request #15599 from Security-Onion-Solutions/TOoSmOotH-patch-6 
Add version 2.4.211 to discussion template
 2026-03-13 10:49:12 -04:00
Doug Burks
589de8e361 Update discussion template by removing unsupported options 
Removed unsupported network installation options for Red Hat, Ubuntu, and Debian.
 2026-03-13 10:48:15 -04:00