Merge pull request #3209 from Security-Onion-Solutions/dev

2.3.30
Merge pull request #3208 from Security-Onion-Solutions/sigs
2025-12-06 09:12:45 +01:00 · 2021-03-01 15:09:29 -05:00 · 2021-03-01 14:48:04 -05:00 · 2021-03-01 14:45:51 -05:00 · 2021-03-01 13:59:36 -05:00 · 2021-03-01 13:58:04 -05:00
319 changed files with 13619 additions and 8168 deletions
--- a/.github/workflows/leaktest.yml
+++ b/.github/workflows/leaktest.yml
@@ -1,6 +1,6 @@
 name: leak-test
-on: [push,pull_request]
+on: [pull_request]
 jobs:
  build:
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-## Security Onion 2.3.20
+## Security Onion 2.3.30
-Security Onion 2.3.20 is here!
+Security Onion 2.3.30 is here!
 ## Screenshots
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,16 +1,16 @@
-### 2.3.20 ISO image built on 2020/12/20
+### 2.3.30 ISO image built on 2021/03/01
 ### Download and Verify
-2.3.20 ISO image:  
+2.3.30 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso
+https://download.securityonion.net/file/securityonion/securityonion-2.3.30.iso
-MD5: E348FA65A46FD3FBA0D574D9C1A0582D  
+MD5: 65202BA0F7661A5E27087F097B8E571E  
-SHA1: 4A6E6D4E0B31ECA1B72E642E3DB2C186B59009D6  
+SHA1: 14E842E39EDBB55A104263281CF25BF88A2E9D67  
-SHA256: 25DE77097903640771533FA13094D0720A032B70223875F8C77A92F5C44CA687 
+SHA256: 210B37B9E3DFC827AFE2940E2C87B175ADA968EDD04298A5926F63D9269847B7 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.30.iso.sig
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -24,22 +24,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.30.iso.sig
 ```
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.30.iso
 ```
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.20.iso.sig securityonion-2.3.20.iso
+gpg --verify securityonion-2.3.30.iso.sig securityonion-2.3.30.iso
 ```
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Sun 20 Dec 2020 11:11:28 AM EST using RSA key ID FE507013
+gpg: Signature made Mon 01 Mar 2021 02:15:28 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/2
+++ b/2
@@ -1 +1 @@
-2.3.20
+2.3.30
--- a/files/salt/master/master
+++ b/files/salt/master/master
@@ -13,6 +13,8 @@
 # user: socore
 log_file: /opt/so/log/salt/master
 log_level_logfile: info
 log_level: info
 #####      File Server settings      #####
 ##########################################
--- a/pillar/logrotate/init.sls
+++ b/pillar/logrotate/init.sls
@@ -8,4 +8,6 @@ logrotate:
    create
    extension .log
    dateext
-    dateyesterday
+    dateyesterday
  group_conf: |
    su root socore
--- a/salt/airgap/init.sls
+++ b/salt/airgap/init.sls
@@ -1,3 +1,6 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls in allowed_states %}
 {% set MANAGER = salt['grains.get']('master') %}
 airgapyum:
  file.managed:
@@ -57,4 +60,12 @@ agssrepo:
 agwazrepo:
  file.absent:
-    - name: /etc/yum.repos.d/wazuh.repo
+    - name: /etc/yum.repos.d/wazuh.repo
 {% else %}
 {{sls}}_state_not_allowed:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
 {% endif %}
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -0,0 +1,299 @@
 {% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
 {% set WAZUH = salt['pillar.get']('global:wazuh', '0') %}
 {% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
 {% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
 {% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %}
 {% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
 {% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
 {% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
 {% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %}
 {% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %}
 {% set FILEBEAT = salt['pillar.get']('filebeat:enabled', True) %}
 {% set KIBANA = salt['pillar.get']('kibana:enabled', True) %}
 {% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %}
 {% set CURATOR = salt['pillar.get']('curator:enabled', True) %}
 {% set REDIS = salt['pillar.get']('redis:enabled', True) %}
 {% set STRELKA = salt['pillar.get']('strelka:enabled', '0') %}
 {% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %}
 {% import_yaml 'salt/minion.defaults.yaml' as saltversion %}
 {% set saltversion = saltversion.salt.minion.version %}
 {# this is the list we are returning from this map file, it gets built below #}
 {% set allowed_states= [] %}
 {% if grains.saltversion | string == saltversion | string %}
  {% set allowed_states= salt['grains.filter_by']({
      'so-eval': [
          'salt.master',
          'ca',
          'ssl',
          'registry',
          'manager',
          'nginx',
          'telegraf',
          'influxdb',
          'grafana',
          'soc',
          'firewall',
          'idstools',
          'suricata.manager',
          'healthcheck',
          'pcap',
          'suricata',
          'utility',
          'schedule',
          'soctopus',
          'tcpreplay',
          'docker_clean'
          ],
      'so-heavynode': [
          'ca',
          'ssl',
          'nginx',
          'telegraf',
          'firewall',
          'pcap',
          'suricata',
          'healthcheck',
          'schedule',
          'tcpreplay',
          'docker_clean'
          ],
      'so-helixsensor': [
          'salt.master',
          'ca',
          'ssl',
          'registry',
          'telegraf',
          'firewall',
          'idstools',
          'suricata.manager',
          'zeek',
          'redis',
          'elasticsearch',
          'logstash',
          'schedule',
          'tcpreplay',
          'docker_clean'
          ],
      'so-fleet': [
          'ca',
          'ssl',
          'nginx',
          'telegraf',
          'firewall',
          'mysql',
          'redis',
          'fleet',
          'fleet.install_package',
          'filebeat',
          'schedule',
          'docker_clean'
          ],
      'so-import': [
          'salt.master',
          'ca',
          'ssl',
          'registry',
          'manager',
          'nginx',
          'soc',
          'firewall',
          'idstools',
          'suricata.manager',
          'pcap',
          'utility',
          'suricata',
          'zeek',
          'schedule',
          'tcpreplay',
          'docker_clean'
          ],
      'so-manager': [
          'salt.master',
          'ca',
          'ssl',
          'registry',
          'manager',
          'nginx',
          'telegraf',
          'influxdb',
          'grafana',
          'soc',
          'firewall',
          'idstools',
          'suricata.manager',
          'utility',
          'schedule',
          'soctopus',
          'docker_clean'
          ],
      'so-managersearch': [
          'salt.master',
          'ca',
          'ssl',
          'registry',
          'nginx',
          'telegraf',
          'influxdb',
          'grafana',
          'soc',
          'firewall',
          'manager',
          'idstools',
          'suricata.manager',
          'utility',
          'schedule',
          'soctopus',
          'docker_clean'
          ],
      'so-node': [
          'ca',
          'ssl',
          'nginx',
          'telegraf',
          'firewall',
          'schedule',
          'docker_clean'
          ],
      'so-standalone': [
          'salt.master',
          'ca',
          'ssl',
          'registry',
          'manager',
          'nginx',
          'telegraf',
          'influxdb',
          'grafana',
          'soc',
          'firewall',
          'idstools',
          'suricata.manager',
          'pcap',
          'suricata',
          'healthcheck',
          'utility',
          'schedule',
          'soctopus',
          'tcpreplay',
          'docker_clean'
          ],
      'so-sensor': [
          'ca',
          'ssl',
          'telegraf',
          'firewall',
          'nginx',
          'pcap',
          'suricata',
          'healthcheck',
          'wazuh',
          'filebeat',
          'schedule',
          'tcpreplay',
          'docker_clean'
          ],
  }, grain='role') %}
  {% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import'] %}
    {% do allowed_states.append('filebeat') %}
  {% endif %}
  {% if ((FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0) and grains.role in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone'] %}
    {% do allowed_states.append('mysql') %}
  {% endif %}
  {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode'] %}
    {% do allowed_states.append('fleet.install_package') %}
  {% endif %}
  {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
    {% do allowed_states.append('fleet') %}
  {% endif %}
  {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-eval'] %}
    {% do allowed_states.append('redis') %}
  {% endif %}
  {%- if ZEEKVER != 'SURICATA' and grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %}
    {% do allowed_states.append('zeek') %}
  {%- endif %}
  {% if STRELKA and grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %}
    {% do allowed_states.append('strelka') %}
  {% endif %}
  {% if WAZUH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode']%}
    {% do allowed_states.append('wazuh') %}
  {% endif %}
  {% if ELASTICSEARCH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import'] %}
    {% do allowed_states.append('elasticsearch') %}
  {% endif %}
  {% if KIBANA and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
    {% do allowed_states.append('kibana') %}
  {% endif %}
  {% if CURATOR and grains.role in ['so-eval', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode'] %}
    {% do allowed_states.append('curator') %}
  {% endif %}
  {% if ELASTALERT and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
    {% do allowed_states.append('elastalert') %}
  {% endif %}
  {% if (THEHIVE != 0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
    {% do allowed_states.append('thehive') %}
  {% endif %}
  {% if (PLAYBOOK !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
    {% do allowed_states.append('playbook') %}
  {% endif %}
  {% if (PLAYBOOK !=0) and grains.role in ['so-eval'] %}
    {% do allowed_states.append('redis') %}
  {% endif %}
  {% if (FREQSERVER !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
    {% do allowed_states.append('freqserver') %}
  {% endif %}
  {% if (DOMAINSTATS !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
    {% do allowed_states.append('domainstats') %}
  {% endif %}
  {% if LOGSTASH and grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode'] %}
    {% do allowed_states.append('logstash') %}
  {% endif %}
  {% if REDIS and grains.role in ['so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
    {% do allowed_states.append('redis') %}
  {% endif %}
  {% if grains.os == 'CentOS' %}
    {% if not ISAIRGAP %}
      {% do allowed_states.append('yum') %}
    {% endif %}
    {% do allowed_states.append('yum.packages') %}
  {% endif %}
  {# all nodes on the right salt version can run the following states #}
  {% do allowed_states.append('common') %}
  {% do allowed_states.append('patch.os.schedule') %}
  {% do allowed_states.append('motd') %}
  {% do allowed_states.append('salt.minion-check') %}
  {% do allowed_states.append('sensoroni') %}
  {% do allowed_states.append('salt.lasthighstate') %}
 {% endif %}
 {% if ISAIRGAP %}
  {% do allowed_states.append('airgap') %}
 {% endif %}
 {# all nodes can always run salt.minion state #}
 {% do allowed_states.append('salt.minion') %}
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
-{% set top_states = show_top.values() | join(', ') %}
+{% if sls in allowed_states %}
 {% if 'ca' in top_states %}
 {% set manager = salt['grains.get']('master') %}
 /etc/salt/minion.d/signing_policies.conf:
@@ -44,6 +42,9 @@ pki_private_key:
    - replace: False
    - require:
      - file: /etc/pki
    - timeout: 30
    - retry: 5
    - interval: 30
 x509_pem_entries:
  module.run:
@@ -60,8 +61,8 @@ cakeyperms:
 {% else %}
-ca_state_not_allowed:
+{{sls}}_state_not_allowed:
  test.fail_without_changes:
-    - name: ca_state_not_allowed
+    - name: {{sls}}_state_not_allowed
 {% endif %}
--- a/salt/common/cron/common-rotate
+++ b/salt/common/cron/common-rotate
@@ -1,2 +1,2 @@
 #!/bin/bash
-logrotate -f /opt/so/conf/log-rotate.conf >/dev/null 2>&1
+/usr/sbin/logrotate -f /opt/so/conf/log-rotate.conf > /dev/null 2>&1
--- a/salt/common/files/99-reserved-ports.conf
+++ b/salt/common/files/99-reserved-ports.conf
@@ -0,0 +1 @@
 net.ipv4.ip_local_reserved_ports="55000,57314"
--- a/salt/common/files/log-rotate.conf
+++ b/salt/common/files/log-rotate.conf
@@ -1,4 +1,6 @@
 {%- set logrotate_conf = salt['pillar.get']('logrotate:conf') %}
 {%- set group_conf = salt['pillar.get']('logrotate:group_conf') %}
 /opt/so/log/aptcacher-ng/*.log
 /opt/so/log/idstools/*.log
@@ -13,12 +15,21 @@
 /opt/so/log/fleet/*.log
 /opt/so/log/suricata/*.log
 /opt/so/log/mysql/*.log
 /opt/so/log/playbook/*.log
 /opt/so/log/logstash/*.log
 /opt/so/log/filebeat/*.log
 /opt/so/log/telegraf/*.log
 /opt/so/log/redis/*.log
 /opt/so/log/sensoroni/*.log
 /opt/so/log/stenographer/*.log
 /opt/so/log/salt/so-salt-minion-check
 /opt/so/log/salt/minion
 /opt/so/log/salt/master
 {
    {{ logrotate_conf | indent(width=4) }}
 }
 # Playbook's log directory needs additional configuration
 # because Playbook requires a more permissive directory
 /opt/so/log/playbook/*.log
 {
    {{ logrotate_conf | indent(width=4) }}
    {{ group_conf | indent(width=4) }}
 }
--- a/salt/common/files/sensor-rotate.conf
+++ b/salt/common/files/sensor-rotate.conf
@@ -6,5 +6,17 @@
    nocompress
    create
    sharedscripts
    endscript
 }
 /nsm/strelka/log/strelka.log
 {
    daily
    rotate 14
    missingok
    copytruncate
    compress
    create
    extension .log
    dateext
    dateyesterday
 }
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
-{% set top_states = show_top.values() | join(', ') %}
+{% if sls in allowed_states %}
 {% if 'common' in top_states %}
 {% set role = grains.id.split('_') | last %}
@@ -233,6 +231,15 @@ commonlogrotateconf:
    - dayweek: '*'
 {% if role in ['eval', 'manager', 'managersearch', 'standalone'] %}
 # Lock permissions on the backup directory
 backupdir:
  file.directory:
    - name: /nsm/backup
    - user: 0
    - group: 0
    - makedirs: True
    - mode: 700
 # Add config backup
 /usr/sbin/so-config-backup > /dev/null 2>&1:
  cron.present:
@@ -258,10 +265,34 @@ docker:
    - watch:
      - file: docker_daemon
-{% else %}
+# Reserve OS ports for Docker proxy in case boot settings are not already applied/present
 dockerapplyports:
    cmd.run:
      - name: if [ ! -s /etc/sysctl.d/99-reserved-ports.conf ]; then sysctl -w net.ipv4.ip_local_reserved_ports="55000,57314"; fi
-common_state_not_allowed:
+# Reserve OS ports for Docker proxy
-  test.fail_without_changes:
+dockerreserveports:
-    - name: common_state_not_allowed
+  file.managed:
    - source: salt://common/files/99-reserved-ports.conf
    - name: /etc/sysctl.d/99-reserved-ports.conf
 {% if salt['grains.get']('sosmodel', '') %}
 # Install raid check cron
 /usr/sbin/so-raid-status > /dev/null 2>&1:
  cron.present:
    - user: root
    - minute: '*/15'
    - hour: '*'
    - daymonth: '*'
    - month: '*'
    - dayweek: '*'
 {% endif %}
 {% else %}
 {{sls}}_state_not_allowed:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
 {% endif %}
--- a/salt/common/tools/sbin/so-allow
+++ b/salt/common/tools/sbin/so-allow
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-allow-view
+++ b/salt/common/tools/sbin/so-allow-view
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-analyst-install
+++ b/salt/common/tools/sbin/so-analyst-install
@@ -84,7 +84,7 @@ while [[ $INSTALL != "yes" ]] && [[ $INSTALL != "no" ]]; do
    echo "##                                       ##"
    echo "##    Installing the Security Onion      ##"
    echo "##   analyst node on this device will    ##"
-    echo "##      make permanenet changes to       ##"
+    echo "##       make permanent changes to       ##"
    echo "##              the system.              ##"
    echo "##                                       ##"
    echo "###########################################"
--- a/salt/common/tools/sbin/so-checkin
+++ b/salt/common/tools/sbin/so-checkin
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,55 +17,73 @@
 # Check for prerequisites
 if [ "$(id -u)" -ne 0 ]; then
-  echo "This script must be run using sudo!"
+	echo "This script must be run using sudo!"
-  exit 1
+	exit 1
 fi
 # Define a banner to separate sections
 banner="========================================================================="
-header() {
+add_interface_bond0() {
-	echo
+	local BNIC=$1
-    printf '%s\n' "$banner" "$*" "$banner"
+	if [[ -z $MTU ]]; then
-}
+		local MTU
 		MTU=$(lookup_pillar "mtu" "sensor")
 	fi
 	local nic_error=0
-lookup_salt_value() {
+	# Check if specific offload features are able to be disabled
-  key=$1
+	for string in "generic-segmentation-offload" "generic-receive-offload" "tcp-segmentation-offload"; do
-  group=$2
+		if ethtool -k "$BNIC" | grep $string | grep -q "on [fixed]"; then
-  kind=$3
+			echo "The hardware or driver for interface ${BNIC} is not supported, packet capture may not work as expected."
 			((nic_error++))
 			break
 		fi
 	done
-  if [ -z "$kind" ]; then
+	case "$2" in
-    kind=pillar
+		-v|--verbose)
-  fi
+			local verbose=true
 		;;
 	esac
-  if [ -n "$group" ]; then
+	for i in rx tx sg tso ufo gso gro lro; do
-    group=${group}:
+		if [[ $verbose == true ]]; then
-  fi
+			ethtool -K "$BNIC" $i off
 		else
 			ethtool -K "$BNIC" $i off &>/dev/null
 		fi
 	done
 	# Check if the bond slave connection has already been created
 	nmcli -f name,uuid -p con | grep -q "bond0-slave-$BNIC"
 	local found_int=$?
-  salt-call --no-color  ${kind}.get ${group}${key} --out=newline_values_only
+	if [[ $found_int != 0 ]]; then
-}
+		# Create the slave interface and assign it to the bond
 		nmcli con add type ethernet ifname "$BNIC" con-name "bond0-slave-$BNIC" master bond0 -- \
 			ethernet.mtu "$MTU" \
 			connection.autoconnect "yes"
 	else
 		local int_uuid
 		int_uuid=$(nmcli -f name,uuid -p con | sed -n "s/bond0-slave-$BNIC //p" | tr -d ' ')
-lookup_pillar() {
+		nmcli con mod "$int_uuid" \
-  key=$1
+			ethernet.mtu "$MTU" \
-  pillar=$2
+			connection.autoconnect "yes"
-  if [ -z "$pillar" ]; then
+	fi
    pillar=global
  fi
  lookup_salt_value "$key" "$pillar" "pillar"
 }
-lookup_pillar_secret() {
+	ip link set dev "$BNIC" arp off multicast off allmulticast off promisc on
-  lookup_pillar "$1" "secrets"
+			
-}
+	# Bring the slave interface up
-
+	if [[ $verbose == true ]]; then
-lookup_grain() {
+		nmcli con up "bond0-slave-$BNIC"
-  lookup_salt_value "$1" "" "grains"
+	else
-}
+		nmcli con up "bond0-slave-$BNIC" &>/dev/null
-
+	fi
-lookup_role() {
+	 
-  id=$(lookup_grain id)
+	if [ "$nic_error" != 0 ]; then
-  pieces=($(echo $id | tr '_' ' '))
+		return "$nic_error"
-  echo ${pieces[1]}
+	fi
 }
 check_container() {
@@ -74,69 +92,295 @@ check_container() {
 }
 check_password() {
-  local password=$1
+	local password=$1
-  echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1
+	echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1
-  return $?
+	return $?
 }
 set_os() {
  if [ -f /etc/redhat-release ]; then
    OS=centos
  else
    OS=ubuntu
  fi
 }
 set_minionid() {
  MINIONID=$(lookup_grain id)
 }
 set_version() {
  CURRENTVERSION=0.0.0
  if [ -f /etc/soversion ]; then
    CURRENTVERSION=$(cat /etc/soversion)
  fi
  if [ -z "$VERSION" ]; then
    if [ -z "$NEWVERSION" ]; then
      if [ "$CURRENTVERSION" == "0.0.0" ]; then
        echo "ERROR: Unable to detect Security Onion version; terminating script."
        exit 1
      else
        VERSION=$CURRENTVERSION
      fi
    else
      VERSION="$NEWVERSION"
    fi
  fi
 }
 require_manager() {
  # Check to see if this is a manager
  MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
  if [ $MANAGERCHECK == 'so-eval' ] || [ $MANAGERCHECK == 'so-manager' ] || [ $MANAGERCHECK == 'so-managersearch' ] || [ $MANAGERCHECK == 'so-standalone' ] || [ $MANAGERCHECK == 'so-helix' ] || [ $MANAGERCHECK == 'so-import' ]; then
    echo "This is a manager, We can proceed."
  else
    echo "Please run this command on the manager; the manager controls the grid."
    exit 1
  fi
 }
 is_single_node_grid() {
  role=$(lookup_role)
  if [ "$role" != "eval" ] && [ "$role" != "standalone" ] && [ "$role" != "import" ]; then
    return 1
  fi
  return 0
 }
 fail() {
-  msg=$1
+	msg=$1
-  echo "ERROR: $msg"
+	echo "ERROR: $msg"
-  echo "Exiting."
+	echo "Exiting."
-  exit 1
+	exit 1
 }
 get_random_value() {
-  length=${1:-20}
+	length=${1:-20}
-  head -c 5000 /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $length | head -n 1
+	head -c 5000 /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $length | head -n 1
-}
+}
 header() {
 	printf '%s\n' "" "$banner" " $*" "$banner" 
 }
 init_monitor() {
 	MONITORNIC=$1
 	if [[ $MONITORNIC == "bond0" ]]; then 
 	  BIFACES=$(lookup_bond_interfaces)
 	else
 	  BIFACES=$MONITORNIC
 	fi
 	for DEVICE_IFACE in $BIFACES; do
 	  for i in rx tx sg tso ufo gso gro lro; do
 	    ethtool -K "$DEVICE_IFACE" "$i" off;
  	  done
 	  ip link set dev "$DEVICE_IFACE" arp off multicast off allmulticast off promisc on
 	done
 }
 is_manager_node() {
 	# Check to see if this is a manager node
 	role=$(lookup_role)
 	is_single_node_grid && return 0
 	[ $role == 'manager' ] && return 0
 	[ $role == 'managersearch' ] && return 0
 	[ $role == 'helix' ] && return 0
 	return 1
 }
 is_sensor_node() {
 	# Check to see if this is a sensor (forward) node
 	role=$(lookup_role)
 	is_single_node_grid && return 0
 	[ $role == 'sensor' ] && return 0
 	[ $role == 'heavynode' ] && return 0
 	[ $role == 'helix' ] && return 0
 	return 1
 }
 is_single_node_grid() {
 	role=$(lookup_role)
 	[ $role == 'eval' ] && return 0
 	[ $role == 'standalone' ] && return 0
 	[ $role == 'import' ] && return 0
 	return 1
 }
 lookup_bond_interfaces() {
 	cat /proc/net/bonding/bond0 | grep "Slave Interface:" | sed -e "s/Slave Interface: //g"
 }
 lookup_salt_value() {
 	key=$1
 	group=$2
 	kind=$3
 	if [ -z "$kind" ]; then
 		kind=pillar
 	fi
 	if [ -n "$group" ]; then
 		group=${group}:
 	fi
 	salt-call --no-color  ${kind}.get ${group}${key} --out=newline_values_only
 }
 lookup_pillar() {
 	key=$1
 	pillar=$2
 	if [ -z "$pillar" ]; then
 		pillar=global
 	fi
 	lookup_salt_value "$key" "$pillar" "pillar"
 }
 lookup_pillar_secret() {
 	lookup_pillar "$1" "secrets"
 }
 lookup_grain() {
 	lookup_salt_value "$1" "" "grains"
 }
 lookup_role() {
 	id=$(lookup_grain id)
 	pieces=($(echo $id | tr '_' ' '))
 	echo ${pieces[1]}
 }
 require_manager() {
 	if is_manager_node; then
 		echo "This is a manager, We can proceed."
 	else
 		echo "Please run this command on the manager; the manager controls the grid."
 		exit 1
 	fi
 }
 retry() {
 	maxAttempts=$1
 	sleepDelay=$2
 	cmd=$3
 	expectedOutput=$4
 	attempt=0
 	while [[ $attempt -lt $maxAttempts ]]; do			
 		attempt=$((attempt+1))
 		echo "Executing command with retry support: $cmd"
 		output=$(eval "$cmd")
 		exitcode=$?
 		echo "Results: $output ($exitcode)"
 		if [ -n "$expectedOutput" ]; then
 			if [[ "$output" =~ "$expectedOutput" ]]; then
 				return $exitCode
 			else
 				echo "Expected '$expectedOutput' but got '$output'"
 			fi
 		elif [[ $exitcode -eq 0 ]]; then
 			return $exitCode
 		fi
 		echo "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..."
 		sleep $sleepDelay
 	done
 	echo "Command continues to fail; giving up."
 	return 1
 }
 set_os() {
 	if [ -f /etc/redhat-release ]; then
 		OS=centos
 	else
 		OS=ubuntu
 	fi
 }
 set_minionid() {
 	MINIONID=$(lookup_grain id)
 }
 set_version() {
 	CURRENTVERSION=0.0.0
 	if [ -f /etc/soversion ]; then
 		CURRENTVERSION=$(cat /etc/soversion)
 	fi
 	if [ -z "$VERSION" ]; then
 		if [ -z "$NEWVERSION" ]; then
 			if [ "$CURRENTVERSION" == "0.0.0" ]; then
 				echo "ERROR: Unable to detect Security Onion version; terminating script."
 				exit 1
 			else
 				VERSION=$CURRENTVERSION
 			fi
 		else
 			VERSION="$NEWVERSION"
 		fi
 	fi
 }
 valid_cidr() {
 	# Verify there is a backslash in the string
 	echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1
 	local cidr
 	local ip
 	cidr=$(echo "$1" | sed 's/.*\///')
 	ip=$(echo "$1" | sed 's/\/.*//' )
 	if valid_ip4 "$ip"; then
 		[[ $cidr =~ ([0-9]|[1-2][0-9]|3[0-2]) ]] && return 0 || return 1
 	else
 		return 1
 	fi
 }
 valid_cidr_list() {
 	local all_valid=0
 	IFS="," read -r -a net_arr <<< "$1"
 	for net in "${net_arr[@]}"; do
 		valid_cidr "$net" || all_valid=1
 	done
 	return $all_valid
 }
 valid_dns_list() {
 	local all_valid=0
 	IFS="," read -r -a dns_arr <<< "$1"
 	for addr in "${dns_arr[@]}"; do
 		valid_ip4 "$addr" || all_valid=1
 	done
 	return $all_valid
 }
 valid_fqdn() {
 	local fqdn=$1
 	echo "$fqdn" | grep -qP '(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)' \
 		&& return 0 \
 		|| return 1
 }
 valid_hostname() {
 	local hostname=$1
 	[[ $hostname =~ ^[a-zA-Z0-9\-]+$ ]] && [[ $hostname != 'localhost' ]] && return 0 || return 1
 }
 valid_ip4() {
 	local ip=$1
 	echo "$ip" | grep -qP '^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$' && return 0 || return 1
 }
 valid_int() {
 	local num=$1
 	local min=${2:-1}
 	local max=${3:-1000000000}
 	[[ $num =~ ^[0-9]*$ ]] && [[ $num -ge $min ]] && [[ $num -le $max ]] && return 0 || return 1
 }
 # {% raw %}
 valid_string() {
 	local str=$1
 	local min_length=${2:-1}
 	local max_length=${3:-64}
 	echo "$str" | grep -qP '^\S+$' && [[ ${#str} -ge $min_length ]] && [[ ${#str} -le $max_length ]] && return 0 || return 1
 }
 # {% endraw %}
 valid_username() {
 	local user=$1
 	echo "$user" | grep -qP '^[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}\$)$' && return 0 || return 1
 }
 wait_for_web_response() {
 	url=$1
 	expected=$2
 	maxAttempts=${3:-300}
 	logfile=/root/wait_for_web_response.log
 	attempt=0
 	while [[ $attempt -lt $maxAttempts ]]; do
 		attempt=$((attempt+1))
 		echo "Waiting for value '$expected' at '$url' ($attempt/$maxAttempts)"
 		result=$(curl -ks -L $url)
 		exitcode=$?
 		echo "--------------------------------------------------" >> $logfile
 		echo "$(date) - Checking web URL: $url ($attempt/$maxAttempts)" >> $logfile
 		echo "$result" >> $logfile
 		echo "exit code=$exitcode" >> $logfile
 		echo "" >> $logfile
 		if [[ $exitcode -eq 0 && "$result" =~ $expected ]]; then
 			echo "Received expected response; proceeding."
 			return 0
 		fi
 		echo "Server is not ready"
 		sleep 1
 	done
 	echo "Server still not ready after $maxAttempts attempts; giving up."
 	return 1
 }
--- a/salt/common/tools/sbin/so-config-backup
+++ b/salt/common/tools/sbin/so-config-backup
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -33,12 +33,15 @@ if [ ! -f $BACKUPFILE ]; then
  {%- for LOCATION in BACKUPLOCATIONS %}
  tar -rf $BACKUPFILE {{ LOCATION }}
  {%- endfor %}
  tar -rf $BACKUPFILE /etc/pki
  tar -rf $BACKUPFILE /etc/salt
 fi
-# Find oldest backup file and remove it
+# Find oldest backup files and remove them
 NUMBACKUPS=$(find /nsm/backup/ -type f -name "so-config-backup*" | wc -l)
-OLDESTBACKUP=$(find /nsm/backup/ -type f -name "so-config-backup*" | ls -1t | tail -1)
+while [ "$NUMBACKUPS" -gt "$MAXBACKUPS" ]; do
-if [ "$NUMBACKUPS" -gt "$MAXBACKUPS" ]; then
+  OLDESTBACKUP=$(find /nsm/backup/ -type f -name "so-config-backup*" -type f -printf '%T+ %p\n' | sort | head -n 1 | awk -F" " '{print $2}')
-  rm -f /nsm/backup/$OLDESTBACKUP
+  rm -f $OLDESTBACKUP
-fi
+  NUMBACKUPS=$(find /nsm/backup/ -type f -name "so-config-backup*" | wc -l)
 done
--- a/salt/common/tools/sbin/so-cortex-restart
+++ b/salt/common/tools/sbin/so-cortex-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-cortex-start
+++ b/salt/common/tools/sbin/so-cortex-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-cortex-stop
+++ b/salt/common/tools/sbin/so-cortex-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-cortex-user-add
+++ b/salt/common/tools/sbin/so-cortex-user-add
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-cortex-user-enable
+++ b/salt/common/tools/sbin/so-cortex-user-enable
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-curator-restart
+++ b/salt/common/tools/sbin/so-curator-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-curator-start
+++ b/salt/common/tools/sbin/so-curator-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-curator-stop
+++ b/salt/common/tools/sbin/so-curator-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-docker-refresh
+++ b/salt/common/tools/sbin/so-docker-refresh
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastalert-restart
+++ b/salt/common/tools/sbin/so-elastalert-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastalert-start
+++ b/salt/common/tools/sbin/so-elastalert-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastalert-stop
+++ b/salt/common/tools/sbin/so-elastalert-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastalert-test
+++ b/salt/common/tools/sbin/so-elastalert-test
@@ -96,7 +96,7 @@ rule_prompt(){
 	echo "-----------------------------------"
 	echo
 	while [ -z "$RULE_NAME" ]; do
-		read -p "Please enter the rule filename you want to test (filename only, no path): " -e RULE_NAME
+		read -p "Choose a rule to test from the list above (must be typed exactly as shown above): " -e RULE_NAME
 	done
 }
--- a/salt/common/tools/sbin/so-elastic-clear
+++ b/salt/common/tools/sbin/so-elastic-clear
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastic-diagnose
+++ b/salt/common/tools/sbin/so-elastic-diagnose
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastic-restart
+++ b/salt/common/tools/sbin/so-elastic-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastic-start
+++ b/salt/common/tools/sbin/so-elastic-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elastic-stop
+++ b/salt/common/tools/sbin/so-elastic-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-indices-rw
+++ b/salt/common/tools/sbin/so-elasticsearch-indices-rw
@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-pipeline-stats
+++ b/salt/common/tools/sbin/so-elasticsearch-pipeline-stats
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-pipelines-list
+++ b/salt/common/tools/sbin/so-elasticsearch-pipelines-list
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-restart
+++ b/salt/common/tools/sbin/so-elasticsearch-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-start
+++ b/salt/common/tools/sbin/so-elasticsearch-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-stop
+++ b/salt/common/tools/sbin/so-elasticsearch-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-elasticsearch-templates-list
+++ b/salt/common/tools/sbin/so-elasticsearch-templates-list
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-features-enable
+++ b/salt/common/tools/sbin/so-features-enable
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-filebeat-restart
+++ b/salt/common/tools/sbin/so-filebeat-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-filebeat-start
+++ b/salt/common/tools/sbin/so-filebeat-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-filebeat-stop
+++ b/salt/common/tools/sbin/so-filebeat-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-firewall
+++ b/salt/common/tools/sbin/so-firewall
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -15,31 +15,42 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import subprocess
 import sys
 import time
 import yaml
 lockFile = "/tmp/so-firewall.lock"
 hostgroupsFilename = "/opt/so/saltstack/local/salt/firewall/hostgroups.local.yaml"
 portgroupsFilename = "/opt/so/saltstack/local/salt/firewall/portgroups.local.yaml"
 defaultPortgroupsFilename = "/opt/so/saltstack/default/salt/firewall/portgroups.yaml"
 supportedProtocols = ['tcp', 'udp']
-def showUsage(args):
+def showUsage(options, args):
  print('Usage: {} [OPTIONS] <COMMAND> [ARGS...]'.format(sys.argv[0]))
  print('  Options:')
-  print('   --apply       - After updating the firewall configuration files, apply the new firewall state')
+  print('   --apply         - After updating the firewall configuration files, apply the new firewall state')
  print('   --defaultports  - Read port groups from default configuration files instead of local configuration.')
  print('')
-  print('  Available commands:')
+  print('  General commands:')
-  print('   help          - Prints this usage information.')
+  print('    help           - Prints this usage information.')
-  print('   includedhosts - Lists the IPs included in the given group. Args: <GROUP_NAME>')
+  print('')
-  print('   excludedhosts - Lists the IPs excluded from the given group. Args: <GROUP_NAME>')
+  print('  Host commands:')
-  print('   includehost   - Includes the given IP in the given group. Args: <GROUP_NAME> <IP>')
+  print('    listhostgroups - Lists the known host groups.')
-  print('   excludehost   - Excludes the given IP from the given group. Args: <GROUP_NAME> <IP>')
+  print('    includedhosts  - Lists the IPs included in the given group. Args: <GROUP_NAME>')
-  print('   removehost    - Removes an excluded IP from the given group. Args: <GROUP_NAME> <IP>')
+  print('    excludedhosts  - Lists the IPs excluded from the given group. Args: <GROUP_NAME>')
-  print('   addhostgroup  - Adds a new, custom host group. Args: <GROUP_NAME>')
+  print('    includehost    - Includes the given IP in the given group. Args: <GROUP_NAME> <IP>')
-  print('   listports     - Lists ports in the given group and protocol. Args: <GROUP_NAME> <PORT_PROTOCOL>')
+  print('    excludehost    - Excludes the given IP from the given group. Args: <GROUP_NAME> <IP>')
-  print('   addport       - Adds a PORT to the given group. Args: <GROUP_NAME> <PORT_PROTOCOL> <PORT>')
+  print('    removehost     - Removes an excluded IP from the given group. Args: <GROUP_NAME> <IP>')
-  print('   removeport    - Removes a PORT from the given group. Args: <GROUP_NAME> <PORT_PROTOCOL> <PORT>')
+  print('    addhostgroup   - Adds a new, custom host group. Args: <GROUP_NAME>')
-  print('   addportgroup  - Adds a new, custom port group. Args: <GROUP_NAME>')
+  print('')
  print('  Port commands:')
  print('    listportgroups - Lists the known port groups.')
  print('    listports      - Lists ports in the given group and protocol. Args: <GROUP_NAME> <PORT_PROTOCOL>')
  print('    addport        - Adds a PORT to the given group. Args: <GROUP_NAME> <PORT_PROTOCOL> <PORT>')
  print('    removeport     - Removes a PORT from the given group. Args: <GROUP_NAME> <PORT_PROTOCOL> <PORT>')
  print('    addportgroup   - Adds a new, custom port group. Args: <GROUP_NAME>')
  print('')
  print('  Where:')
  print('   GROUP_NAME    - The name of an alias group (Ex: analyst)')
@@ -48,6 +59,15 @@ def showUsage(args):
  print('   PORT          - Either a single numeric port (Ex: 443), or a port range (Ex: 8000:8002).')
  sys.exit(1)
 def checkDefaultPortsOption(options):
  global portgroupsFilename
  if "--defaultports" in options:
    portgroupsFilename = defaultPortgroupsFilename
 def checkApplyOption(options):
  if "--apply" in options:
    return apply()
 def loadYaml(filename):
  file = open(filename, "r")
  return yaml.load(file.read())
@@ -56,6 +76,14 @@ def writeYaml(filename, content):
  file = open(filename, "w")
  return yaml.dump(content, file)
 def listHostGroups():
  content = loadYaml(hostgroupsFilename)
  hostgroups = content['firewall']['hostgroups']
  if hostgroups is not None:
    for group in hostgroups:
      print(group)
  return 0
 def listIps(name, mode):
  content = loadYaml(hostgroupsFilename)
  if name not in content['firewall']['hostgroups']:
@@ -111,10 +139,18 @@ def createProtocolMap():
    map[protocol] = []
  return map
-def addhostgroup(args):
+def listPortGroups():
  content = loadYaml(portgroupsFilename)
  portgroups = content['firewall']['aliases']['ports']
  if portgroups is not None:
    for group in portgroups:
      print(group)
  return 0
 def addhostgroup(options, args):
  if len(args) != 1:
    print('Missing host group name argument', file=sys.stderr)
-    showUsage(args)
+    showUsage(options, args)
  name = args[0]
  content = loadYaml(hostgroupsFilename)
@@ -125,10 +161,17 @@ def addhostgroup(args):
  writeYaml(hostgroupsFilename, content)
  return 0
-def addportgroup(args):
+def listportgroups(options, args):
  if len(args) != 0:
    print('Unexpected arguments', file=sys.stderr)
    showUsage(options, args)
  checkDefaultPortsOption(options)
  return listPortGroups()
 def addportgroup(options, args):
  if len(args) != 1:
    print('Missing port group name argument', file=sys.stderr)
-    showUsage(args)
+    showUsage(options, args)
  name = args[0]
  content = loadYaml(portgroupsFilename)
@@ -143,11 +186,12 @@ def addportgroup(args):
  writeYaml(portgroupsFilename, content)
  return 0
-def listports(args):
+def listports(options, args):
  if len(args) != 2:
    print('Missing port group name or port protocol', file=sys.stderr)
-    showUsage(args)
+    showUsage(options, args)
  checkDefaultPortsOption(options)
  name = args[0]
  protocol = args[1]
  if protocol not in supportedProtocols:
@@ -162,16 +206,19 @@ def listports(args):
  if name not in ports:
    print('Port group does not exist', file=sys.stderr)
    return 3
  if protocol not in ports[name]:
    print('Port group does not contain protocol', file=sys.stderr)
    return 3
  ports = ports[name][protocol]
  if ports is not None:
    for port in ports:
      print(port)
  return 0
-def addport(args):
+def addport(options, args):
  if len(args) != 3:
    print('Missing port group name or port protocol, or port argument', file=sys.stderr)
-    showUsage(args)
+    showUsage(options, args)
  name = args[0]
  protocol = args[1]
@@ -197,12 +244,13 @@ def addport(args):
    return 3
  ports.append(port)
  writeYaml(portgroupsFilename, content)
-  return 0
+  code = checkApplyOption(options)
  return code
-def removeport(args):
+def removeport(options, args):
  if len(args) != 3:
    print('Missing port group name or port protocol, or port argument', file=sys.stderr)
-    showUsage(args)
+    showUsage(options, args)
  name = args[0]
  protocol = args[1]
@@ -225,49 +273,66 @@ def removeport(args):
    return 3
  ports.remove(port)
  writeYaml(portgroupsFilename, content)
-  return 0
+  code = checkApplyOption(options)
  return code
-def includedhosts(args):
+
 def listhostgroups(options, args):
  if len(args) != 0:
    print('Unexpected arguments', file=sys.stderr)
    showUsage(options, args)
  return listHostGroups()
 def includedhosts(options, args):
  if len(args) != 1:
    print('Missing host group name argument', file=sys.stderr)
-    showUsage(args)
+    showUsage(options, args)
  return listIps(args[0], 'insert')
-def excludedhosts(args):
+def excludedhosts(options, args):
  if len(args) != 1:
    print('Missing host group name argument', file=sys.stderr)
-    showUsage(args)
+    showUsage(options, args)
  return listIps(args[0], 'delete')
-def includehost(args):
+def includehost(options, args):
  if len(args) != 2:
    print('Missing host group name or ip argument', file=sys.stderr)
-    showUsage(args)
+    showUsage(options, args)
  result = addIp(args[0], args[1], 'insert')
  if result == 0:
    removeIp(args[0], args[1], 'delete', True)
-  return result
+  code = result
  if code == 0:
    code = checkApplyOption(options)
  return code
-def excludehost(args):
+def excludehost(options, args):
  if len(args) != 2:
    print('Missing host group name or ip argument', file=sys.stderr)
-    showUsage(args)
+    showUsage(options, args)
  result = addIp(args[0], args[1], 'delete')
  if result == 0:
    removeIp(args[0], args[1], 'insert', True)
-  return result
+  code = result
  if code == 0:
    code = checkApplyOption(options)
  return code
-def removehost(args):
+def removehost(options, args):
  if len(args) != 2:
    print('Missing host group name or ip argument', file=sys.stderr)
-    showUsage(args)
+    showUsage(options, args)
-  return removeIp(args[0], args[1], 'delete')
+  code = removeIp(args[0], args[1], 'delete')
  if code == 0:
    code = checkApplyOption(options)
  return code
 def apply():
  proc = subprocess.run(['salt-call', 'state.apply', 'firewall', 'queue=True'])
  return proc.returncode
-def main():
+def main():  
  options = []
  args = sys.argv[1:]
  for option in args:
@@ -276,28 +341,48 @@ def main():
      args.remove(option)
  if len(args) == 0:
-    showUsage(None)
+    showUsage(options, None)
  commands = {
    "help": showUsage,
    "listhostgroups": listhostgroups,
    "includedhosts": includedhosts,
    "excludedhosts": excludedhosts,
    "includehost": includehost,
    "excludehost": excludehost,
    "removehost": removehost,
    "listportgroups": listportgroups,
    "listports": listports,
    "addport": addport,
    "removeport": removeport,
    "addhostgroup": addhostgroup,
    "addportgroup": addportgroup
  }
  cmd = commands.get(args[0], showUsage)
  code = cmd(args[1:])
  code=1
-  if code == 0 and "--apply" in options:
+  try:
-    code = apply()
+    lockAttempts = 0
    maxAttempts = 30
    while lockAttempts < maxAttempts:
      lockAttempts = lockAttempts + 1
      try:
        f = open(lockFile, "x")
        f.close()
        break
      except:
        time.sleep(2)
    if lockAttempts == maxAttempts:
      print("Lock file (" + lockFile + ") could not be created; proceeding without lock.")
    cmd = commands.get(args[0], showUsage)
    code = cmd(options, args[1:])
  finally:
    try:
      os.remove(lockFile)
    except:
      print("Lock file (" + lockFile + ") already removed")
  sys.exit(code)
--- a/salt/common/tools/sbin/so-fleet-restart
+++ b/salt/common/tools/sbin/so-fleet-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-fleet-setup
+++ b/salt/common/tools/sbin/so-fleet-setup
@@ -16,7 +16,7 @@ if [ ! "$(docker ps -q -f name=so-fleet)" ]; then
 fi
 docker exec so-fleet fleetctl config set --address https://127.0.0.1:8080 --tls-skip-verify --url-prefix /fleet
-docker exec -it so-fleet bash -c 'while [[ "$(curl -s -o /dev/null --insecure -w ''%{http_code}'' https://127.0.0.1:8080/fleet)" != "301" ]]; do sleep 5; done'
+docker exec so-fleet bash -c 'while [[ "$(curl -s -o /dev/null --insecure -w ''%{http_code}'' https://127.0.0.1:8080/fleet)" != "301" ]]; do sleep 5; done'
 docker exec so-fleet fleetctl setup --email $1 --password $2
 docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml
--- a/salt/common/tools/sbin/so-fleet-start
+++ b/salt/common/tools/sbin/so-fleet-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-fleet-stop
+++ b/salt/common/tools/sbin/so-fleet-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-fleet-user-add
+++ b/salt/common/tools/sbin/so-fleet-user-add
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-fleet-user-enable
+++ b/salt/common/tools/sbin/so-fleet-user-enable
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-grafana-restart
+++ b/salt/common/tools/sbin/so-grafana-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-grafana-start
+++ b/salt/common/tools/sbin/so-grafana-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-grafana-stop
+++ b/salt/common/tools/sbin/so-grafana-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-idstools-restart
+++ b/salt/common/tools/sbin/so-idstools-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-idstools-start
+++ b/salt/common/tools/sbin/so-idstools-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-idstools-stop
+++ b/salt/common/tools/sbin/so-idstools-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 # NOTE: This script depends on so-common
-IMAGEREPO=securityonion
+IMAGEREPO=security-onion-solutions
 container_list() {
  MANAGERCHECK=$1
@@ -30,6 +30,7 @@ container_list() {
  if [ $MANAGERCHECK == 'so-import' ]; then
    TRUSTED_CONTAINERS=(
      "so-acng"
      "so-elasticsearch"
      "so-filebeat"
      "so-idstools"
@@ -103,7 +104,7 @@ update_docker_containers() {
  local PROGRESS_CALLBACK=$3
  local LOG_FILE=$4
-  local CONTAINER_REGISTRY=quay.io
+  local CONTAINER_REGISTRY=ghcr.io
  local SIGNPATH=/root/sosigs
  if [ -z "$CURLTYPE" ]; then
@@ -126,12 +127,19 @@ update_docker_containers() {
    container_list
  fi
  # Let's make sure we have the public key
  curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import -  >> "$LOG_FILE" 2>&1
  rm -rf $SIGNPATH >> "$LOG_FILE" 2>&1 
  mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1 
  # Let's make sure we have the public key
  retry 50 10 "curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS -o $SIGNPATH/KEYS" >> "$LOG_FILE" 2>&1
  result=$?
  if [[ $result -eq 0 ]]; then
    cat $SIGNPATH/KEYS | gpg --import - >> "$LOG_FILE" 2>&1
  else
    echo "Failed to pull signature key file: $result"
    exit 1
  fi
  # Download the containers from the interwebs
  for i in "${TRUSTED_CONTAINERS[@]}"
  do
@@ -143,10 +151,10 @@ update_docker_containers() {
    # Pull down the trusted docker image
    local image=$i:$VERSION$IMAGE_TAG_SUFFIX
-    docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image >> "$LOG_FILE" 2>&1 
+    retry 50 10 "docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image" >> "$LOG_FILE" 2>&1 
    # Get signature
-    curl -A "$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig >> "$LOG_FILE" 2>&1 
+    retry 50 10 "curl -A '$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)' https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig" >> "$LOG_FILE" 2>&1
    if [[ $? -ne 0 ]]; then
      echo "Unable to pull signature file for $image" >> "$LOG_FILE" 2>&1 
      exit 1
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-index-list
+++ b/salt/common/tools/sbin/so-index-list
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-influxdb-restart
+++ b/salt/common/tools/sbin/so-influxdb-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-influxdb-start
+++ b/salt/common/tools/sbin/so-influxdb-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-influxdb-stop
+++ b/salt/common/tools/sbin/so-influxdb-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-kibana-config-export
+++ b/salt/common/tools/sbin/so-kibana-config-export
@@ -5,7 +5,7 @@
 # {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', '') %}
 # {%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-kibana-restart
+++ b/salt/common/tools/sbin/so-kibana-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-kibana-start
+++ b/salt/common/tools/sbin/so-kibana-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-kibana-stop
+++ b/salt/common/tools/sbin/so-kibana-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-get-parsed
+++ b/salt/common/tools/sbin/so-logstash-get-parsed
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-get-unparsed
+++ b/salt/common/tools/sbin/so-logstash-get-unparsed
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-restart
+++ b/salt/common/tools/sbin/so-logstash-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-start
+++ b/salt/common/tools/sbin/so-logstash-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-logstash-stop
+++ b/salt/common/tools/sbin/so-logstash-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-monitor-add
+++ b/salt/common/tools/sbin/so-monitor-add
@@ -0,0 +1,23 @@
 #!/bin/bash
 . /usr/sbin/so-common
 usage() {
  read -r -d '' message <<- EOM
 		usage: so-monitor-add [-h] NIC
    positional arguments:
      NIC           The interface to add to the monitor bond (ex: eth2)
    optional arguments:
      -h, --help    Show this help message and exit
 	EOM
  echo "$message"
  exit 1
 }
 if [[ $# -eq 0 || $# -gt 1 ]] || [[ $1 == '-h' || $1 == '--help' ]]; then
  usage
 fi
 add_interface_bond0 "$1"
--- a/salt/common/tools/sbin/so-mysql-restart
+++ b/salt/common/tools/sbin/so-mysql-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-mysql-start
+++ b/salt/common/tools/sbin/so-mysql-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-mysql-stop
+++ b/salt/common/tools/sbin/so-mysql-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-nginx-restart
+++ b/salt/common/tools/sbin/so-nginx-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-nginx-start
+++ b/salt/common/tools/sbin/so-nginx-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-nginx-stop
+++ b/salt/common/tools/sbin/so-nginx-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-nodered-restart
+++ b/salt/common/tools/sbin/so-nodered-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-nodered-start
+++ b/salt/common/tools/sbin/so-nodered-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-nodered-stop
+++ b/salt/common/tools/sbin/so-nodered-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-nsm-clear
+++ b/salt/common/tools/sbin/so-nsm-clear
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-pcap-import
+++ b/salt/common/tools/sbin/so-pcap-import
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-pcap-restart
+++ b/salt/common/tools/sbin/so-pcap-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-pcap-start
+++ b/salt/common/tools/sbin/so-pcap-start
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-pcap-stop
+++ b/salt/common/tools/sbin/so-pcap-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-playbook-reset
+++ b/salt/common/tools/sbin/so-playbook-reset
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-playbook-restart
+++ b/salt/common/tools/sbin/so-playbook-restart
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-playbook-ruleupdate
+++ b/salt/common/tools/sbin/so-playbook-ruleupdate
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-playbook-sigma-refresh
+++ b/salt/common/tools/sbin/so-playbook-sigma-refresh
@@ -0,0 +1,27 @@
 #!/bin/bash
 # Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 . /usr/sbin/so-common
 # Regenerate ElastAlert & update Plays
 docker exec so-soctopus python3 playbook_play-update.py
 # Delete current Elastalert Rules
 rm /opt/so/rules/elastalert/playbook/*.yaml
 # Regenerate Elastalert Rules
 so-playbook-sync
--- a/salt/common/tools/sbin/so-playbook-start
+++ b/salt/common/tools/sbin/so-playbook-start
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-playbook-stop
+++ b/salt/common/tools/sbin/so-playbook-stop
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-playbook-sync
+++ b/salt/common/tools/sbin/so-playbook-sync
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/salt/common/tools/sbin/so-raid-status
+++ b/salt/common/tools/sbin/so-raid-status
@@ -0,0 +1,81 @@
 #!/bin/bash
 # Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 . /usr/sbin/so-common
 #check_boss_raid() {
 #    BOSSBIN=/opt/boss/mvcli
 #    BOSSRC=$($BOSSBIN info -o vd | grep functional)
 #
 #    if [[ $BOSSRC ]]; then
 #        # Raid is good
 #        BOSSRAID=0
 #    else
 #        BOSSRAID=1
 #    fi
 #}
 check_lsi_raid() {
    # For use for LSI on Ubuntu
    #MEGA=/opt/MegaRAID/MegeCli/MegaCli64
    #LSIRC=$($MEGA -LDInfo -Lall -aALL | grep Optimal)
    # Open Source Centos
    MEGA=/opt/mega/megasasctl
    LSIRC=$($MEGA | grep optimal)
    if [[ $LSIRC ]]; then
        # Raid is good
        LSIRAID=0
    else
        LSIRAID=1
    fi
 }
 check_software_raid() {
    SWRC=$(grep "_" /proc/mdstat)
    if [[ $SWRC ]]; then
        # RAID is failed in some way
        SWRAID=1
    else
        SWRAID=0
    fi
 }
 # This script checks raid status if you use SO appliances
 # See if this is an appliance
 {%- if salt['grains.get']('sosmodel', '') %}
 mkdir -p /opt/so/log/raid
  {%- if grains['sosmodel'] in ['SOSMN', 'SOSSNNV'] %}
 #check_boss_raid
 check_software_raid
 echo "osraid=$BOSSRAID nsmraid=$SWRAID" > /opt/so/log/raid/status.log
  {%- elif grains['sosmodel'] in ['SOS1000F', 'SOS1000', 'SOSSN7200', 'SOS10K', 'SOS4000'] %}
 #check_boss_raid
 check_lsi_raid
 echo "osraid=$BOSSRAID nsmraid=$LSIRAID" > /opt/so/log/raid/status.log
  {%- else %}
 exit 0
  {%- endif %}
 {%- else %}
 exit 0
 {%- endif %}
--- a/Show More
+++ b/Show More
`@@ -1,2 +1,2 @@`
	`#!/bin/bash`	`#!/bin/bash`
	`logrotate -f /opt/so/conf/log-rotate.conf >/dev/null 2>&1`	`/usr/sbin/logrotate -f /opt/so/conf/log-rotate.conf > /dev/null 2>&1`
		`@@ -0,0 +1 @@`
							`net.ipv4.ip_local_reserved_ports="55000,57314"`