CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 10:42:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,989 Commits 25 Branches 119 Tags
91f8b1fef7d0bfc8059abd29e3a77103cb08076c
Commit Graph

14989 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
m0duspwnens
0bd0c7b1ec allow for mmap-locked to be configured 2024-04-24 13:26:25 -04:00
weslambert
428fe787c4 Merge pull request #12852 from Security-Onion-Solutions/fix/elastic_max_age 
Remove hot max_age
 2024-04-24 10:15:06 -04:00
weslambert
1b3a0a3de8 Remove hot max_age 2024-04-24 10:11:02 -04:00
weslambert
96ec285241 Merge pull request #12848 from Security-Onion-Solutions/fix/elastic_annotation 
Fix description, regex, and type for cold, warm, and hot
 2024-04-24 09:22:05 -04:00
weslambert
75b5e16696 Update description, type, and regex 2024-04-24 09:14:39 -04:00
weslambert
8a0a435700 Fix warm description 2024-04-24 08:35:19 -04:00
Pete
e53e7768a0 check status before stopping service 
resolves #12811 so-verify detects rare false error

If salt is uninstalled during call to so-setup where it detects a previous install, the "Failed" keyword from "systemctl stop $service" causes so-verify to falsely detect an installation error.  This might happen if the user removes the salt packages between calls to so-setup, or if upgrading from Ubuntu 20.04 to 22.04 then installing 2.4.xx on top of a 2.3.xx installation.

The fix is to wrap the call to stop the service in a check if the service is running.

This ignores the setting of pid var, as the next use of pid is within a while loop that will not execute for the same reason the systemctl stop call was not launched in the background.
 2024-04-23 21:24:39 +00:00
reyesj2
36573d6005 Update kafka cert permissions 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-23 16:45:36 -04:00
reyesj2
aa0c589361 Update kafka managed node pillar template to include its process.role 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-23 13:51:12 -04:00
weslambert
bef408b944 Merge pull request #12844 from Security-Onion-Solutions/fix/elastic_annotation 
Fix warm description
 2024-04-23 10:47:04 -04:00
weslambert
691b02a15e Fix warm description 2024-04-23 10:40:09 -04:00
Josh Brower
fc1c41e5a4 Merge pull request #12841 from Security-Onion-Solutions/2.4/logfix 
Temp exclude yara runtime status log
 2024-04-23 07:36:02 -04:00
DefensiveDepth
58ddd55123 Exclude yara runtime log 2024-04-23 07:28:07 -04:00
reyesj2
685b80e519 Merge remote-tracking branch 'remotes/origin/kaffytaffy' into reyesj2/kafka 2024-04-22 16:45:59 -04:00
reyesj2
5a401af1fd Update kafka process_x_roles annotation 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-22 16:44:35 -04:00
reyesj2
25d63f7516 Setup kafka reactor for managing kafka controllers globally 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-22 16:42:59 -04:00
Jorge Reyes
d402943403 Merge pull request #12773 from Security-Onion-Solutions/reyesj2/kismet 
Kismet integration for WiFi devices
 2024-04-22 15:59:22 -04:00
Josh Brower
64c43b1a55 Merge pull request #12805 from Security-Onion-Solutions/2.4/detectiondefaults 
Strelka fixes and more
 2024-04-19 16:53:07 -04:00
DefensiveDepth
a237ef5d96 Update default queries 2024-04-19 16:33:35 -04:00
m0duspwnens
6c5e0579cf logging changes. ensure salt master has pillarWatch engine 2024-04-19 09:32:32 -04:00
reyesj2
4ac04a1a46 add kafkapass soc annotation 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-18 16:46:36 -04:00
reyesj2
746128e37b update so-kafka-clusterid 
This is a temporary script used to setup kafka secret and clusterid needed for kafka to start. This scripts functionality will be replaced by soup/setup scripts

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-18 15:13:29 -04:00
reyesj2
fe81ffaf78 Variables no longer used. Replaced by map file 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-18 15:11:22 -04:00
m0duspwnens
1f6eb9cdc3 match keys better. go through files reverse first found is prio 2024-04-18 13:50:37 -04:00
Doug Burks
c48da45ac3 Merge pull request #12820 from Security-Onion-Solutions/dougburks-patch-1 
FIX: Elastic retention setting not being honored when manager hostname is a subset of search node hostname #12819
 2024-04-18 11:59:57 -04:00
reyesj2
5cc358de4e Update map files to handle empty kafka:nodes pillar 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-18 11:58:25 -04:00
Doug Burks
406dda6051 Update so-elasticsearch-cluster-space-used 2024-04-18 11:48:15 -04:00
Doug Burks
229a989914 Update so-elasticsearch-cluster-space-total 2024-04-18 11:47:01 -04:00
DefensiveDepth
6c6647629c Refactor yara for compilation 2024-04-18 11:32:17 -04:00
m0duspwnens
610dd2c08d improve it 2024-04-18 11:11:14 -04:00
m0duspwnens
506bbd314d more comments, better logging 2024-04-18 10:26:10 -04:00
Doug Burks
7f9bc1fc0f Merge pull request #12817 from Security-Onion-Solutions/dougburks-patch-1 
FEATURE: Add queue=True to so-checkin so that it will wait for any ru…
 2024-04-18 09:30:55 -04:00
Doug Burks
8d9aae1983 FEATURE: Add queue=True to so-checkin so that it will wait for any running states #12815 2024-04-18 09:28:30 -04:00
m0duspwnens
4caa6a10b5 watch a pillar in files and take action 2024-04-17 18:09:04 -04:00
reyesj2
665b7197a6 Update Kafka nodeid 
Update so-minion to include running kafka.nodes state to ensure nodeid is generated for new brokers

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-17 17:08:41 -04:00
Mike Reeves
3854620bcd Merge pull request #12810 from Security-Onion-Solutions/TOoSmOotH-patch-1 
Update limited-analyst.json
 2024-04-17 13:21:04 -04:00
Mike Reeves
67a57e9df7 Update limited-analyst.json 2024-04-17 13:14:45 -04:00
m0duspwnens
4b79623ce3 watch pillar files for changes and do something 2024-04-16 16:51:35 -04:00
DefensiveDepth
ff28476191 Fix compile_yara path 2024-04-16 13:10:17 -04:00
DefensiveDepth
8cc4d2668e Move compile_yara 2024-04-16 12:52:14 -04:00
DefensiveDepth
dbfb178556 Add test 2024-04-16 12:22:53 -04:00
m0duspwnens
c4994a208b restart salt minion if a manager and signing policies change 2024-04-15 11:37:21 -04:00
reyesj2
eedea2ca88 Merge remote-tracking branch 'remotes/origin/kaffytaffy' into reyesj2/kafka 2024-04-12 16:24:33 -04:00
reyesj2
de6ea29e3b update default process.role to broker only 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-12 16:18:53 -04:00
m0duspwnens
bb983d4ba2 just broker as default process 2024-04-12 16:16:03 -04:00
Josh Brower
5e8b16569f Merge pull request #12793 from Security-Onion-Solutions/2.4/detectiondefaults 
Add docs for ruleset change
 2024-04-12 13:54:06 -04:00
m0duspwnens
c014508519 need /opt/so/conf/ca/cacerts on receiver for kafka to run 2024-04-12 13:50:25 -04:00
DefensiveDepth
f5e42e73af Add docs for ruleset change 2024-04-12 13:30:20 -04:00
reyesj2
fcfbb1e857 Merge kaffytaffy 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-12 12:50:56 -04:00
reyesj2
911ee579a9 Typo 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-12 12:16:20 -04:00