Merge pull request #1072 from Security-Onion-Solutions/fix/2.0.1-pcap-interval

Fix/2.0.1 Update Readme and changes.json
Update changes.json
2025-12-06 09:12:45 +01:00 · 2020-07-23 12:12:13 -04:00 · 2020-07-23 11:59:20 -04:00 · 2020-07-23 11:56:14 -04:00 · 2020-07-23 10:38:26 -04:00 · 2020-07-23 09:53:56 -04:00
11 changed files with 53 additions and 20 deletions
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-## Security Onion 2.0.0.rc1
+## Security Onion 2.0.1.rc1

-Security Onion 2.0.0 RC1 is here! This version requires a fresh install, but there is good news - we have brought back soup! From now on, you should be able to run soup on the manager to upgrade your environment to RC2 and beyond! 
+Security Onion 2.0.1 RC1 is here! This version requires a fresh install, but there is good news - we have brought back soup! From now on, you should be able to run soup on the manager to upgrade your environment to RC2 and beyond! 

 ### Warnings and Disclaimers

--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -24,7 +24,7 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.0.0-rc1.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.0.0-rc1.iso.sig
 ```

 Download the ISO image:  
--- a/2
+++ b/2
@@ -1 +1 @@
-2.0.0-rc.1
+2.0.1-rc.1
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -1,5 +1,10 @@
 {% set role = grains.id.split('_') | last %}

+# Remove variables.txt from /tmp - This is temp
+rmvariablesfile:
+  file.absent:
+    - name: /tmp/variables.txt
+
 # Add socore Group
 socoregroup:
  group.present:
--- a/salt/common/tools/sbin/so-docker-refresh
+++ b/salt/common/tools/sbin/so-docker-refresh
@@ -64,7 +64,7 @@ if [ $MANAGERCHECK != 'so-helix' ]; then
    "so-thehive-cortex:$VERSION" \
    "so-curator:$VERSION" \
    "so-domainstats:$VERSION" \
-    "so-elastalert$VERSION" \
+    "so-elastalert:$VERSION" \
    "so-elasticsearch:$VERSION" \
    "so-filebeat:$VERSION" \
    "so-fleet:$VERSION" \
@@ -84,7 +84,10 @@ if [ $MANAGERCHECK != 'so-helix' ]; then
    "so-soc:$VERSION" \
    "so-soctopus:$VERSION" \
    "so-steno:$VERSION" \
-    "so-strelka:$VERSION" \
+    "so-strelka-frontend:$VERSION" \
+		"so-strelka-manager:$VERSION" \
+		"so-strelka-backend:$VERSION" \
+		"so-strelka-filestream:$VERSION" \
    "so-suricata:$VERSION" \
    "so-telegraf:$VERSION" \
    "so-thehive:$VERSION" \
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -43,8 +43,11 @@ clone_to_tmp() {
  # Make a temp location for the files
  mkdir -p /tmp/sogh
  cd /tmp/sogh
-  #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion.git
-  git clone https://github.com/Security-Onion-Solutions/securityonion.git
+  SOUP_BRANCH=""
+  if [ -n "$BRANCH" ]; then
+    SOUP_BRANCH="-b $BRANCH"
+  fi
+  git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git
  cd /tmp
  if [ ! -f $UPDATE_DIR/VERSION ]; then
    echo "Update was unable to pull from github. Please check your internet."
@@ -102,7 +105,10 @@ update_dockers() {
      "so-soc" \
      "so-soctopus" \
      "so-steno" \
-      "so-strelka" \
+      "so-strelka-frontend" \
+      "so-strelka-manager" \
+      "so-strelka-backend" \
+      "so-strelka-filestream" \
      "so-suricata" \
      "so-telegraf" \
      "so-thehive" \
@@ -139,7 +145,7 @@ update_version() {
  # Update the version to the latest
  echo "Updating the version file."
  echo $NEWVERSION > /etc/soversion
-  sed -i 's/$INSTALLEDVERSION/$NEWVERISON/g' /opt/so/saltstack/local/pillar/static.sls
+  sed -i "s/$INSTALLEDVERSION/$NEWVERSION/g" /opt/so/saltstack/local/pillar/static.sls
 }

 upgrade_check() {
@@ -192,10 +198,10 @@ echo ""
 echo "Copying new code"
 copy_new_files
 echo ""
-echo "Running a highstate to complete upgrade"
-highstate
-echo ""
 echo "Updating version"
 update_version
 echo ""
+echo "Running a highstate to complete upgrade"
+highstate
+echo ""
 echo "Upgrade from $INSTALLEDVERSION to $NEWVERSION complete."
--- a/salt/pcap/files/sensoroni.json
+++ b/salt/pcap/files/sensoroni.json
@@ -1,6 +1,6 @@
 {%- set MANAGER = salt['grains.get']('master') -%}
 {%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%}
-{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms') -%}
+{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms', 10000) -%}
 {
  "logFilename": "/opt/sensoroni/logs/sensoroni.log",
  "logLevel":"debug",
--- a/salt/soc/files/soc/changes.json
+++ b/salt/soc/files/soc/changes.json
@@ -1,6 +1,11 @@
 {
-  "title": "Security Onion 2.0.0 RC1 is here!",
+  "title": "Security Onion 2.0.1 RC1 is here!",
  "changes": [
+    { "summary": "<a target='so-github' href='https://github.com/Security-Onion-Solutions/securityonion/issues/1067'>Security Fix 1067:</a> variables.txt from ISO install stays on disk for 10 days." }, 
+    { "summary": "<a target='so-github' href='https://github.com/Security-Onion-Solutions/securityonion/issues/1068'>Security Fix 1068:</a> Remove user values from static.sls." },
+    { "summary": "<a target='so-github' href='https://github.com/Security-Onion-Solutions/securityonion/issues/1059'>Issue 1059:</a> Fix distributed deployment sensor interval issue allowing PCAP." }, 
+    { "summary": "<a target='so-github' href='https://github.com/Security-Onion-Solutions/securityonion/issues/1058'>Issue 1058:</a> Support for passwords that start with special characters." },
+    { "summary": "Minor soup updates." },
    { "summary": "Re-branded 2.0 to give it a fresh look." },
    { "summary": "All documentation has moved to <a target='so-help' href='https://docs.securityonion.net/en/2.0'>https://docs.securityonion.net/en/2.0</a>" },
    { "summary": "<i>soup</i> is alive! Note: This tool only updates Security Onion components. Please use the built-in OS update process to keep the OS and other components up to date." },
--- a/salt/thehive/scripts/cortex_init
+++ b/salt/thehive/scripts/cortex_init
@@ -9,6 +9,12 @@

 default_salt_dir=/opt/so/saltstack/default

+cortex_clean(){
+    sed -i '/^  cortexuser:/d' /opt/so/saltstack/local/pillar/static.sls
+    sed -i '/^  cortexpassword:/d' /opt/so/saltstack/local/pillar/static.sls
+    sed -i '/^  cortexorguser:/d' /opt/so/saltstack/local/pillar/static.sls
+}
+
 cortex_init(){
    sleep 60
    CORTEX_IP="{{MANAGERIP}}"
@@ -51,6 +57,7 @@ cortex_init(){
 }

 if [ -f /opt/so/state/cortex.txt ]; then
+    cortex_clean
    exit 0
 else
    rm -f garbage_file
@@ -63,4 +70,5 @@ else
    rm -f garbage_file
    sleep 5
    cortex_init
+    cortex_clean
 fi
--- a/salt/thehive/scripts/hive_init
+++ b/salt/thehive/scripts/hive_init
@@ -4,6 +4,11 @@
 # {%- set THEHIVEPASSWORD = salt['pillar.get']('static:hivepassword', 'hivechangeme') %}
 # {%- set THEHIVEKEY = salt['pillar.get']('static:hivekey', '') %}

+thehive_clean(){
+    sed -i '/^  hiveuser:/d' /opt/so/saltstack/local/pillar/static.sls
+    sed -i '/^  hivepassword:/d' /opt/so/saltstack/local/pillar/static.sls 
+}
+
 thehive_init(){
    sleep 120
    THEHIVE_IP="{{MANAGERIP}}"
@@ -49,6 +54,7 @@ thehive_init(){
 }

 if [ -f /opt/so/state/thehive.txt ]; then
+    thehive_clean
    exit 0
 else
    rm -f garbage_file
@@ -61,4 +67,5 @@ else
    rm -f garbage_file
    sleep 5
    thehive_init
+    thehive_clean
 fi
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -979,9 +979,6 @@ manager_pillar() {
 		"  lsheap: $LS_HEAP_SIZE"\
 		"  ls_pipeline_workers: $num_cpu_cores"\
 		""\
-		"pcap:">> "$pillar_file"\
-		"  sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\
-		""\
 		"idstools:"\
 		"  config:"\
 		"    ruleset: $RULESETUP"\
@@ -1017,10 +1014,10 @@ manager_static() {
 		"  ids: $NIDS"\
 		"  managerip: $MAINIP"\
 		"  hiveuser: $WEBUSER"\
-		"  hivepassword: $WEBPASSWD1"\
+		"  hivepassword: '$WEBPASSWD1'"\
 		"  hivekey: $HIVEKEY"\
 		"  cortexuser: $WEBUSER"\
-		"  cortexpassword: $WEBPASSWD1"\
+		"  cortexpassword: '$WEBPASSWD1'"\
 		"  cortexkey: $CORTEXKEY"\
 		"  cortexorgname: SecurityOnion"\
 		"  cortexorguser: $WEBUSER"\
@@ -1036,6 +1033,8 @@ manager_static() {
 		"  wazuh: $WAZUH"\
        "  managerupdate: $MANAGERUPDATES"\
 		"  imagerepo: $IMAGEREPO"\
+		"pcap:"\
+		"  sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\
 		"strelka:"\
 		"  enabled: $STRELKA"\
 		"  rules: $STRELKARULES"\
Author	SHA1	Message	Date
Mike Reeves	d66f424e5e	Merge pull request #1072 from Security-Onion-Solutions/fix/2.0.1-pcap-interval Fix/2.0.1 Update Readme and changes.json	2020-07-23 12:12:13 -04:00
Mike Reeves	4b127010ee	Update changes.json	2020-07-23 11:59:20 -04:00
Mike Reeves	75477fe9bf	Update changes.json	2020-07-23 11:56:14 -04:00
Mike Reeves	30fa9872f9	Update README.md	2020-07-23 10:38:26 -04:00
Mike Reeves	42390eb8a2	Merge pull request #1069 from Security-Onion-Solutions/fix/2.0.1-pcap-interval Fix/2.0.1 pcap interval and security fixes	2020-07-23 09:53:56 -04:00
Mike Reeves	ff77abfdc8	Update soup Remove strelka that isn't an image. Fix formatting	2020-07-23 09:51:52 -04:00
Mike Reeves	74faab92ab	Remove variables.txt	2020-07-23 09:21:05 -04:00
Mike Reeves	201efd285a	Fix passwords from conflicting with yaml	2020-07-22 16:34:50 -04:00
Mike Reeves	6d6ba04dcd	Fix version replace	2020-07-22 16:15:32 -04:00
Mike Reeves	b24c82d49c	Fix Docker List	2020-07-22 16:09:28 -04:00
Mike Reeves	b9e6ddf7df	Clean up static.sls passwords	2020-07-22 15:50:56 -04:00
Jason Ertel	46e7d29f12	Add support for custom branches in soup	2020-07-22 14:35:50 -04:00
Jason Ertel	cb46ca4832	Ensure distributed installations have the check-in interval correctly set	2020-07-22 14:26:55 -04:00
Mike Reeves	f5665ad700	Merge pull request #1045 from Security-Onion-Solutions/TOoSmOotH-patch-1 Update VERIFY_ISO.md	2020-07-21 08:49:53 -04:00
Mike Reeves	3141e2eca1	Update VERIFY_ISO.md	2020-07-21 08:46:38 -04:00