Merge pull request #7392 from Security-Onion-Solutions/hotfix/2.3.100

Hotfix 2.3.100 20220301
Merge pull request #7393 from Security-Onion-Solutions/jertelhf
2026-02-20 22:15:28 +01:00 · 2022-03-02 10:24:50 -05:00 · 2022-03-02 10:20:29 -05:00 · 2022-03-02 10:18:14 -05:00 · 2022-03-02 10:08:27 -05:00 · 2022-03-02 10:05:41 -05:00
10 changed files with 38 additions and 21 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -29,7 +29,11 @@

 * See this document's [code styling and conventions section](#code-style-and-conventions) below to be sure your PR fits our code requirements prior to submitting.

-* Minor bug fixes can be submitted immediately. However, if you are wanting to make more involved changes, please start a [discussion](https://github.com/Security-Onion-Solutions/securityonion/discussions) first and tell us what you are hoping to achieve. If we agree with your goals, then you can submit the PR.
+* Change behavior (fix a bug, add a new feature) separately from refactoring code. Refactor pull requests are welcome, but ensure your new code behaves exactly the same as the old.
+
+* **Do not refactor code for non-functional reasons**. If you are submitting a pull request that refactors code, ensure the refactor is improving the functionality of the code you're refactoring (e.g. decreasing complexity, removing reliance on 3rd party tools, improving performance).
+
+* Before submitting a PR with significant changes to the project, [start a discussion](https://github.com/Security-Onion-Solutions/securityonion/discussions/new) explaining what you hope to acheive. The project maintainers will provide feedback and determine whether your goal aligns with the project. 


 ### Code style and conventions
@@ -38,3 +42,5 @@
 * All new Bash code should pass [ShellCheck](https://www.shellcheck.net/) analysis. Where errors can be *safely* [ignored](https://github.com/koalaman/shellcheck/wiki/Ignore), the relevant disable directive should be accompanied by a brief explanation as to why the error is being ignored.

 * **Ensure all YAML (this includes Salt states and pillars) is properly formatted**. The spec for YAML v1.2 can be found [here](https://yaml.org/spec/1.2/spec.html), however there are numerous online resources with simpler descriptions of its formatting rules. 
+
+* **All code of any language should match the style of other code of that same language within the project.** Be sure that any changes you make do not break from the pre-existing style of Security Onion code.
--- a/2
+++ b/2
@@ -1 +1 @@
-20220202
+20220202 20220203 20220301
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.100-20220202 ISO image built on 2022/02/02
+### 2.3.100-20220301 ISO image built on 2022/03/01



 ### Download and Verify

-2.3.100-20220202 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220202.iso
+2.3.100-20220301 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220301.iso

-MD5: 170337342118DC32F8C2F687F332CA25  
-SHA1: 202235BFE37F1F2E129F5D5DE13173A27A9D8CC0  
-SHA256: F902C561D35F5B9DFB2D65BDAE97D30FD9E46F6822AFA36CA9C4043C50864484 
+MD5: 53A992D6321B7C33440219BAD9157769  
+SHA1: D730157F4847EB91393CF0C1A22410708312F605  
+SHA256: F6C0E55968ED1F0AA35CB9E1F7FF5BEB27673638A4F2223302B301360BC401A1 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220202.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220301.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220202.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.100-20220301.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220202.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.100-20220301.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.100-20220202.iso.sig securityonion-2.3.100-20220202.iso
+gpg --verify securityonion-2.3.100-20220301.iso.sig securityonion-2.3.100-20220301.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 02 Feb 2022 12:12:39 PM EST using RSA key ID FE507013
+gpg: Signature made Tue 01 Mar 2022 03:14:02 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/pillar/logstash/nodes.sls
+++ b/pillar/logstash/nodes.sls
@@ -1,11 +1,13 @@
 {% set node_types = {} %}
+{% set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %}
 {% for minionid, ip in salt.saltutil.runner(
    'mine.get',
    tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-node or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ',
    fun='network.ip_addrs',
-    tgt_type='compound') | dictsort() 
+    tgt_type='compound') | dictsort()
 %}
-{%   set hostname = minionid.split('_')[0] %}
+
+{%   set hostname = cached_grains[minionid]['host'] %}
 {%   set node_type = minionid.split('_')[1] %}
 {%   if node_type not in node_types.keys() %}
 {%     do node_types.update({node_type: {hostname: ip[0]}}) %}
--- a/salt/curator/files/action/delete.yml
+++ b/salt/curator/files/action/delete.yml
@@ -18,6 +18,10 @@ actions:
    - filtertype: pattern
      kind: regex
      value: '^(logstash-.*|so-.*)$'
+    - filtertype: pattern
+      kind: regex
+      value: '^(so-case.*)$'
+      exclude: True
    - filtertype: space
      source: creation_date
      use_age: True
--- a/salt/curator/files/bin/so-curator-closed-delete-delete
+++ b/salt/curator/files/bin/so-curator-closed-delete-delete
@@ -34,9 +34,13 @@ overlimit() {

 closedindices() {

-        INDICES=$({{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed 2> /dev/null)
+	# If we can't query Elasticsearch, then immediately return false.
+        {{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed >/dev/null 2>&1
        [ $? -eq 1 ] && return false 
-        echo ${INDICES} | grep -q -E "(logstash-|so-)"
+	# First, get the list of closed indices using _cat/indices?h=index\&expand_wildcards=closed.
+	# Next, filter out any so-case indices.
+	# Finally, use grep's -q option to return true if there are any remaining logstash- or so- indices.
+        {{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | grep -v "so-case" | grep -q -E "(logstash-|so-)"
 }

 # Check for 2 conditions:
@@ -47,9 +51,10 @@ while overlimit && closedindices; do

 	# We need to determine OLDEST_INDEX:
 	# First, get the list of closed indices using _cat/indices?h=index\&expand_wildcards=closed.
-	# Then, sort by date by telling sort to use hyphen as delimiter and then sort on the third field.
+	# Next, filter out any so-case indices and only select the remaining logstash- or so- indices.
+	# Then, sort by date by telling sort to use hyphen as delimiter and sort on the third field.
 	# Finally, select the first entry in that sorted list.
-	OLDEST_INDEX=$({{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | grep -E "(logstash-|so-)" | sort -t- -k3 | head -1)
+	OLDEST_INDEX=$({{ ELASTICCURL }} -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | grep -v "so-case" | grep -E "(logstash-|so-)" | sort -t- -k3 | head -1)
 	
 	# Now that we've determined OLDEST_INDEX, ask Elasticsearch to delete it.
 	{{ ELASTICCURL }} -XDELETE -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX}
--- a/setup/automation/distributed-airgap-manager
+++ b/setup/automation/distributed-airgap-manager
@@ -34,7 +34,7 @@ GRAFANA=1
 # HELIXAPIKEY=
 HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
 HNSENSOR=inherit
-HOSTNAME=distributed-manager
+HOSTNAME=Distributed-manager
 install_type=MANAGER
 INTERWEBS=AIRGAP
 # LSINPUTBATCHCOUNT=
--- a/setup/automation/distributed-airgap-sensor
+++ b/setup/automation/distributed-airgap-sensor
@@ -34,7 +34,7 @@ ZEEKVERSION=ZEEK
 # HELIXAPIKEY=
 HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
 HNSENSOR=inherit
-HOSTNAME=distributed-sensor
+HOSTNAME=Distributed-sensor
 install_type=SENSOR
 # LSINPUTBATCHCOUNT=
 # LSINPUTTHREADS=
--- a/sigs/securityonion-2.3.100-20220203.iso.sig
+++ b/sigs/securityonion-2.3.100-20220203.iso.sig
--- a/sigs/securityonion-2.3.100-20220301.iso.sig
+++ b/sigs/securityonion-2.3.100-20220301.iso.sig
Author	SHA1	Message	Date
Mike Reeves	d570b56c55	Merge pull request #7392 from Security-Onion-Solutions/hotfix/2.3.100 Hotfix 2.3.100 20220301	2022-03-02 10:24:50 -05:00
Mike Reeves	ff4345d3aa	Merge pull request #7393 from Security-Onion-Solutions/jertelhf Jertelhf	2022-03-02 10:20:29 -05:00
Jason Ertel	e59f0d69d9	Merge branch 'master' into jertelhf	2022-03-02 10:18:14 -05:00
Mike Reeves	ad2b69c9de	Merge pull request #7391 from Security-Onion-Solutions/hf0301 Hotfix 2.3.100 20220301	2022-03-02 10:08:27 -05:00
Mike Reeves	e874c32c08	Hotfix 2.3.100-20220301	2022-03-02 10:05:41 -05:00
Mike Reeves	c0649a863b	Merge pull request #7376 from Security-Onion-Solutions/hfnew Curator Fixes	2022-03-01 14:38:31 -05:00
Mike Reeves	e93dbb5347	Update Hotfix	2022-03-01 14:37:03 -05:00
doug	bbced5b52f	FIX: curator should exclude so-case* indices #7270	2022-03-01 14:34:52 -05:00
Doug Burks	f134c74585	FIX: curator should exclude so-case* indices #7270	2022-03-01 14:34:41 -05:00
William Wernert	bc5fa55ecd	Merge pull request #7160 from Security-Onion-Solutions/rwwiv-contributing-patch-1 Update CONTRIBUTING.md	2022-02-09 11:49:52 -05:00
William Wernert	2e2eed9f42	PR's -> pull requests	2022-02-09 11:45:12 -05:00
William Wernert	3f83191083	Update CONTRIBUTING.md	2022-02-09 11:34:39 -05:00
Doug Burks	e54ece06a2	Merge pull request #7106 from Security-Onion-Solutions/hotfix/2.3.100 Hotfix/2.3.100	2022-02-03 16:25:04 -05:00
Mike Reeves	cc986c8d7c	Merge pull request #7105 from Security-Onion-Solutions/23100hotfix2 2.3.100 Hotfix 2	2022-02-03 16:04:06 -05:00
Mike Reeves	b7732fb14a	2.3.100 Hotfix 2	2022-02-03 15:58:26 -05:00
Mike Reeves	6f03662120	Merge pull request #7102 from Security-Onion-Solutions/TOoSmOotH-patch-5 Update HOTFIX	2022-02-03 15:08:52 -05:00
Mike Reeves	4f2952105e	Update HOTFIX	2022-02-03 15:06:18 -05:00
Josh Patterson	b34d0d7f7a	Merge pull request #7100 from Security-Onion-Solutions/100_hotfix_2 100 hotfix 2	2022-02-03 13:15:37 -05:00
m0duspwnens	797d769661	use actual hostname in logstash:nodes pillar	2022-02-03 10:36:18 -05:00
Mike Reeves	bbd2f0da2b	Merge pull request #7094 from Security-Onion-Solutions/TOoSmOotH-patch-4 Update distributed-airgap-manager	2022-02-03 10:36:09 -05:00
Mike Reeves	5c39162aef	Update distributed-airgap-sensor	2022-02-03 10:34:55 -05:00
Mike Reeves	d8a4301533	Update distributed-airgap-manager	2022-02-03 10:34:12 -05:00