CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
16,994 Commits 40 Branches 125 Tags
77fef021160cd66bd593654b61d7bf83e5ca4543
Commit Graph

1478 Commits

Author SHA1 Message Date
m0duspwnens 9d2c5d54b0 hype changes 2024-08-07 10:43:53 -04:00
m0duspwnens a6f1a0245a configure bridge during setup 2024-08-06 12:33:09 -04:00
m0duspwnens fcf859ffed start adding bridge for hyper 2024-08-05 14:53:11 -04:00
Jason Ertel 56ef2a4e1c Merge pull request #13430 from Security-Onion-Solutions/jertel/retryreposync 
retry up to 5 times if reposync fails
 2024-08-02 14:59:27 -04:00
Jason Ertel c36e8abc19 retry up to 5 times if reposync fails 2024-08-02 14:52:08 -04:00
Jason Ertel e76293acdb Merge pull request #13429 from Security-Onion-Solutions/jertel/retryreposync 
retry up to 5 times if reposync fails
 2024-08-02 14:19:30 -04:00
Jason Ertel 5bdb4ed51b retry up to 5 times if reposync fails 2024-08-02 14:17:14 -04:00
m0duspwnens d9a696a411 run state from local 2024-08-01 14:02:21 -04:00
m0duspwnens 76ab4c92f0 use salt to install py modules during setup 2024-08-01 13:37:22 -04:00
m0duspwnens 1a363790a0 upgrade docker python module 2024-08-01 11:20:08 -04:00
Jason Ertel 2e17e93cfe remove unused test parameters from setup 2024-07-22 11:04:45 -04:00
Jason Ertel 7dfb75ba6b remove unused test parameters from setup 2024-07-22 11:02:56 -04:00
reyesj2 4182ff66a0 rearrange kafka pillar, declutters SOC ui 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-11 16:37:16 -04:00
reyesj2 d791b23838 Generate new Kafka truststore 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 11:29:09 -04:00
reyesj2 4e50dabc56 refix typos 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-14 23:03:06 -04:00
reyesj2 83412b813f Renamed Kafka pillar 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 11:19:25 -04:00
reyesj2 1fd5165079 Merge remote-tracking branch 'origin/2.4/dev' into reyesj2/kafka 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 23:37:40 -04:00
m0duspwnens 649f52dac7 create_local_directories in soup too 2024-05-13 10:37:56 -04:00
Jason Ertel 074d063fee tests will retry on any rule import failure 2024-05-09 14:52:58 -04:00
reyesj2 2ad87bf1fe merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:30:45 -04:00
Jason Ertel 4ebe070cd8 test regexes for detections 2024-05-06 19:03:12 -04:00
reyesj2 e960ae66a3 Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2/kafka 2024-05-02 15:12:27 -04:00
Doug Burks 9a4a85e3ae FEATURE: Lower EVAL memory requirement to 8GB RAM #12896 2024-05-01 07:54:38 -04:00
m0duspwnens a663bf63c6 set Suricata as default pcap engine for eval 2024-04-29 14:22:04 -04:00
Mike Reeves b5c5c7857b Merge pull request #12846 from petiepooo/fix/check-srvc-status 
check status before stopping service
 2024-04-25 15:10:42 -04:00
Pete e53e7768a0 check status before stopping service 
resolves #12811 so-verify detects rare false error

If salt is uninstalled during call to so-setup where it detects a previous install, the "Failed" keyword from "systemctl stop $service" causes so-verify to falsely detect an installation error.  This might happen if the user removes the salt packages between calls to so-setup, or if upgrading from Ubuntu 20.04 to 22.04 then installing 2.4.xx on top of a 2.3.xx installation.

The fix is to wrap the call to stop the service in a check if the service is running.

This ignores the setting of pid var, as the next use of pid is within a while loop that will not execute for the same reason the systemctl stop call was not launched in the background.
 2024-04-23 21:24:39 +00:00
reyesj2 a6ff92b099 Note to remove so-kafka-clusterid. Update soup and setup to generate needed kafka pillar values 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-12 12:11:18 -04:00
reyesj2 af29ae1968 Merge kaffytaffy 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-12 11:43:46 -04:00
m0duspwnens 0ed9894b7e create kratos local pillar dirs during setup 2024-04-12 11:19:46 -04:00
reyesj2 3955587372 Use global.pipeline for redis / kafka states 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 16:20:09 -04:00
reyesj2 ca7253a589 Run kafka-clusterid script when pillar values are missing 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 15:38:03 -04:00
reyesj2 af53dcda1b Remove references to kafkanode 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-11 15:32:00 -04:00
m0duspwnens e9e61ea2d8 Merge remote-tracking branch 'origin/2.4/dev' into kaffytaffy 2024-04-10 13:14:13 -04:00
m0duspwnens e25bc8efe4 Merge remote-tracking branch 'origin/reyesj2/kafka' into kaffytaffy 2024-04-02 13:36:47 -04:00
Jason Ertel 3aea2dec85 analytics 2024-04-01 09:50:18 -04:00
DefensiveDepth d7ecad4333 Initial cut to remove Playbook and deps 2024-03-25 19:42:31 -04:00
reyesj2 446f1ffdf5 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-03-25 13:55:48 -04:00
Mike Reeves 9a413a2e31 Fix location of repo 2024-03-06 12:42:22 -05:00
Mike Reeves 9ca0f586ae Manage the repos 2024-02-21 11:45:02 -05:00
Mike Reeves 2db5f4dd41 Merge pull request #12308 from petiepooo/feat-es-ownfs 
FEATURE: Check for mountpoint during Elastic size limit calculations
 2024-02-12 16:03:36 -05:00
Mike Reeves f91cb5b81f Merge pull request #12290 from petiepooo/fix-remove-intca-symlink 
fix: also remove intca symlink
 2024-02-12 12:33:13 -05:00
Pete cf83d1cb86 feat: use mountpoint for Elastic log limit 
Instead of just existence, this checks if the directories are separate mountpoints when determining disk size and log_size_limit calculations.

It also sets the percentage to 80 if /nsm/elasticsearch is a separate mountpoint.  This allows for better disk utilization on server configurations where /nsm is based on large slow HDDs for increased PCAP retention but /nsm/elasticsearch is based on SSDs for faster Elasticsearch performance.
 2024-02-02 12:25:16 -05:00
Pete 7a29b3a529 call salt before stopping salt services 
salt-call does not work when the salt-master is not running.  If these calls are to succeed, they should occur before the salt services are stopped.
 2024-02-02 08:45:01 -05:00
Mike Reeves 341ff5b564 Update so-functions 2024-01-31 16:18:51 -05:00
reyesj2 a73d78300a Add initial stig state 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-15 21:17:17 -05:00
Josh Brower 9159eab9fd Merge pull request #12151 from Security-Onion-Solutions/fix/so-playbook-reset 
Fix reinstall & reset stability
 2024-01-10 14:23:53 -05:00
Mike Reeves fc2f02c0a0 Update so-functions 2024-01-10 14:19:47 -05:00
Mike Reeves 1e3a00a833 Update so-functions 2024-01-10 14:16:55 -05:00
Josh Brower 6ff764e6a1 refactor for reinstall stability 2024-01-10 10:22:50 -05:00
m0duspwnens ccfdafea0a enable startup_states: highstate on managers during setup and not with salt 2024-01-04 16:24:48 -05:00