fa8162de02
Merge pull request #15749 from Security-Onion-Solutions/feature/postgres
...
Add so-postgres Salt states and infrastructure
2026-04-28 10:15:47 -04:00
199c2746f1
stop salt-minion and salt-master regardless of install type. display reinstall on console and save to logfile
2026-04-24 15:24:11 -04:00
8eca465ef6
uninstall elastic-agent before stopping dockers on reinstall
2026-04-24 14:35:11 -04:00
02381fbbe9
stop salt-cloud , belt-and-suspenders against a broken/incomplete salt RPM
2026-04-24 11:33:21 -04:00
0722b681b1
redo service stop on reinstall
2026-04-24 11:04:46 -04:00
564815e836
redo how services are stopped during reinstall
2026-04-24 10:46:29 -04:00
cdd217283d
numeric test description
2026-04-24 08:13:36 -04:00
5228668be0
Fix Telegraf→Postgres table creation and state.apply race
...
- Telegraf's partman template passed p_type:='native', which pg_partman
5.x (the version shipped by postgresql-17-partman on Debian) rejects.
Switched to 'range' so partman.create_parent() actually creates
partitions and Telegraf's INSERTs succeed.
- Added a postgres_wait_ready gate in telegraf_users.sls so psql execs
don't race the init-time restart that docker-entrypoint.sh performs.
- so-verify now ignores the literal "-v ON_ERROR_STOP=1" token in the
setup log. Dropped the matching entry from so-log-check, which scans
container stdout where that token never appears.
2026-04-17 13:00:12 -04:00
f7b80f5931
Merge branch '3/dev' into feature/postgres
2026-04-16 16:37:02 -04:00
da7c2995b0
include trailing numbers as an additional test
2026-04-13 17:09:10 -04:00
5634aed679
support minion node descriptions containing spaces
2026-04-13 15:19:39 -04:00
868cd11874
Add so-postgres Salt states and integration wiring
...
Phase 1 of the PostgreSQL central data platform:
- Salt states: init, enabled, disabled, config, ssl, auth, sostatus
- TLS via SO CA-signed certs with postgresql.conf template
- Two-tier auth: postgres superuser + so_postgres application user
- Firewall restricts port 5432 to manager-only (HA-ready)
- Wired into top.sls, pillar/top.sls, allowed_states, firewall
containers map, docker defaults, CA signing policies, and setup
scripts for all manager-type roles
2026-04-08 10:58:52 -04:00
6feb06e623
cleanup preflight
2026-03-16 17:02:36 -04:00
59134c65d0
Merge pull request #15619 from Security-Onion-Solutions/mreeves/remove-non-oracle9-support
...
Remove support for non-Oracle Linux 9 operating systems
2026-03-16 16:55:59 -04:00
d2cee468a0
Remove support for non-Oracle Linux 9 operating systems
...
Security Onion now exclusively supports Oracle Linux 9. This removes
detection, setup, and update logic for Ubuntu, Debian, CentOS, Rocky,
AlmaLinux, and RHEL.
2026-03-16 16:44:07 -04:00
17881c9a36
cleanup highlander
2026-03-16 15:56:16 -04:00
71839bc87f
remove steno
2026-03-06 15:45:36 -05:00
2c4d833a5b
update 2.4 references to 3
2026-03-05 11:05:19 -05:00
863276e24f
Merge pull request #15539 from Security-Onion-Solutions/jertel/wip
...
prepare for nextgen docs
2026-02-27 13:18:47 -05:00
9bd5e1897a
prepare for nextgen docs
2026-02-27 13:09:55 -05:00
dfed3681df
Merge pull request #15531 from Security-Onion-Solutions/idstools-cleanup
...
Cleanup idstools
2026-02-26 10:21:18 -05:00
039e8db85f
exclude transient ghcr.io network errors since it retries during setup
2026-02-26 10:14:07 -05:00
5e7b0cfe0e
Cleanup idstools
2026-02-26 09:05:54 -05:00
b3d1dd51a4
initialize specific indices as needed
2026-01-29 15:41:39 -06:00
a192455fae
Merge remote-tracking branch 'origin/2.4/dev' into bravo
2026-01-19 17:17:58 -05:00
17532fe49d
run a final highstate on managers prior to verify
2026-01-16 17:42:58 -05:00
693494024d
block redirected to setup_log already, prevent double logging on these lines
2026-01-07 16:58:44 -05:00
9960db200c
Merge remote-tracking branch 'origin/2.4/dev' into bravo
2025-12-11 17:30:43 -05:00
b9ff1704b0
the great ssl refactor
2025-12-11 17:30:06 -05:00
44f5e6659b
Merge branch '2.4/dev' into idstools-refactor
2025-12-05 10:30:54 -05:00
f5741e318f
Merge pull request #15281 from Security-Onion-Solutions/jertel/wip
...
skip continue prompt if user cannot actually continue
2025-12-03 16:37:07 -05:00
8620d3987e
add saltgid
2025-12-03 15:04:28 -05:00
30487a54c1
skip continue prompt if user cannot actually contine
2025-12-03 11:52:10 -05:00
aed27fa111
reserve group ids
2025-12-03 11:19:46 -05:00
4bb0a7c9d9
Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor
2025-11-25 13:52:21 -05:00
4a810696e7
Merge pull request #15231 from Security-Onion-Solutions/reyesj2/bond0
...
fix so-setup error duplicate bond0
2025-11-14 12:12:46 -06:00
6b525a2c21
fix so-setup error duplicate bond0
2025-11-14 11:19:32 -06:00
fed75c7b39
use -r with bootstrap to disable script repo
2025-11-12 19:47:25 -05:00
be11c718f6
configure salt then install it
2025-11-12 18:06:55 -05:00
9a6ff75793
Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor
2025-11-12 08:51:51 -05:00
a84df14137
rename forward node -> sensor node
2025-11-06 15:23:55 -06:00
2f6fb717c1
Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor
2025-11-06 10:38:37 -05:00
d95122ca01
ensure previous setup outcomes are cleared
2025-11-04 16:02:39 -05:00
ee617eeff4
do not log set_timezone in setup
...
creates additional sosetup.log file
2025-10-15 16:44:24 -04:00
d9f70898dd
omit new hypervisor state name fp
2025-10-15 14:59:37 -04:00
c8814d0632
removed commented code
2025-09-29 16:58:45 -04:00
1fb558cc77
managerhype br0 setup
2025-09-25 16:06:25 -04:00
c836dd2acd
set interface for network.ip_addrs for hypervisors
2025-09-24 16:50:29 -04:00
3a87af805f
update service file, use salt.minion state to update mine_functions
2025-09-24 15:19:46 -04:00
ded520c2c1
Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor
2025-09-17 10:42:43 -04:00
Mike Reeves
Josh Patterson
Jason Ertel
Mike Reeves
Jason Ertel
Josh Brower
reyesj2