Merge pull request #9857 from Security-Onion-Solutions/dev

2.3.220
Merge pull request #9856 from Security-Onion-Solutions/2.3.220
2026-01-20 23:22:06 +01:00 · 2023-02-27 09:35:14 -05:00 · 2023-02-27 09:26:28 -05:00 · 2023-02-27 09:23:33 -05:00 · 2023-02-21 16:36:58 -05:00 · 2023-02-21 16:35:11 -05:00
11 changed files with 36 additions and 22 deletions
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.210-20230202 ISO image built on 2023/02/02
+### 2.3.220-20230224 ISO image built on 2023/02/24



 ### Download and Verify

-2.3.210-20230202 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.210-20230202.iso
+2.3.220-20230224 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230224.iso

-MD5: ED38C36DBE40509FC5E87D82B07141C0  
-SHA1: EDEBDBE75FF34DAD87E141CA8F8614295ED23FB5  
-SHA256: 30068D4B910E83B63287EAB98E49497A584BAE07854367716813E5D610D3E5E3 
+MD5: 74CDCE07BC5787567E07C1CAC64DC381  
+SHA1: 8DA0E8541C46CBDCFA0FB9B60F3C95D027D4BB37  
+SHA256: E5EDB011693AC33C40CAB483400F72FAF9615053867FD9C80DDD1AACAD9100B3 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.210-20230202.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230224.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.210-20230202.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.220-20230224.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.210-20230202.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.220-20230224.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.210-20230202.iso.sig securityonion-2.3.210-20230202.iso
+gpg --verify securityonion-2.3.220-20230224.iso.sig securityonion-2.3.220-20230224.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Thu 02 Feb 2023 08:31:18 PM EST using RSA key ID FE507013
+gpg: Signature made Fri 24 Feb 2023 02:32:08 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/2
+++ b/2
@@ -1 +1 @@
-2.3.210
+2.3.220
--- a/salt/common/tools/sbin/so-fleet-user-add
+++ b/salt/common/tools/sbin/so-fleet-user-add
@@ -53,8 +53,10 @@ if [[ $? -ne 0 ]]; then
    exit 2
 fi

+TEMPPW=$FLEET_SA_PW!
+
 # Create New User
-CREATE_OUTPUT=$(docker exec so-fleet fleetctl user create --email $USER_EMAIL --name $USER_EMAIL --password $USER_PASS --global-role admin 2>&1)
+CREATE_OUTPUT=$(docker exec so-fleet fleetctl user create --email $USER_EMAIL --name $USER_EMAIL --password $TEMPPW --global-role admin 2>&1)

 if [[ $? -eq 0 ]]; then
    echo "Successfully added user to Fleet"
@@ -64,6 +66,9 @@ else
    exit 2
 fi

+# Reset New User Password to user supplied password
+echo "$USER_PASS" | so-fleet-user-update "$USER_EMAIL"
+
 # Disable forced password reset
 MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PW fleet -e \
 "UPDATE users SET admin_forced_password_reset = 0 WHERE email = '$USER_EMAIL'" 2>&1)
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -553,6 +553,7 @@ preupgrade_changes() {
    [[ "$INSTALLEDVERSION" == 2.3.182 ]] && up_to_2.3.190
    [[ "$INSTALLEDVERSION" == 2.3.190 ]] && up_to_2.3.200
    [[ "$INSTALLEDVERSION" == 2.3.200 ]] && up_to_2.3.210
+    [[ "$INSTALLEDVERSION" == 2.3.210 ]] && up_to_2.3.220
    true
 }

@@ -578,6 +579,7 @@ postupgrade_changes() {
    [[ "$POSTVERSION" == 2.3.182 ]] && post_to_2.3.190
    [[ "$POSTVERSION" == 2.3.190 ]] && post_to_2.3.200
    [[ "$POSTVERSION" == 2.3.200 ]] && post_to_2.3.210
+    [[ "$POSTVERSION" == 2.3.210 ]] && post_to_2.3.220

    true
 }
@@ -706,6 +708,11 @@ post_to_2.3.210() {
  POSTVERSION=2.3.210
 }

+post_to_2.3.220() {
+  echo "Nothing to do for .220"
+  POSTVERSION=2.3.220
+}
+
 stop_salt_master() {
    # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
    set +e
@@ -1041,6 +1048,11 @@ up_to_2.3.210() {
  INSTALLEDVERSION=2.3.210
 }

+up_to_2.3.220() {
+  echo "Upgrading to 2.3.220"
+  INSTALLEDVERSION=2.3.220
+}
+
 verify_upgradespace() {
  CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
  if [ "$CURRENTSPACE" -lt "10" ]; then
--- a/salt/fleet/files/packs/osquery-config.conf
+++ b/salt/fleet/files/packs/osquery-config.conf
@@ -26,9 +26,6 @@ spec:
        distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
        enable_windows_events_publisher: true
        enable_windows_events_subscriber: true
-        logger_plugin: tls
-        logger_tls_endpoint: /api/v1/osquery/log
-        logger_tls_period: 10
        pack_delimiter: _
  host_settings:
    enable_software_inventory: false
--- a/salt/kibana/bin/so-kibana-config-load
+++ b/salt/kibana/bin/so-kibana-config-load
@@ -59,7 +59,7 @@ update() {

    IFS=$'\r\n' GLOBIGNORE='*' command eval  'LINES=($(cat $1))'
    for i in "${LINES[@]}"; do
-      RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.6.1" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
+      RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.6.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
      echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
    done
 
--- a/salt/kibana/files/config_saved_objects.ndjson
+++ b/salt/kibana/files/config_saved_objects.ndjson
@@ -1 +1 @@
-{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.1","id": "8.6.1","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}
+{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.2","id": "8.6.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -319,7 +319,7 @@ http {
 		{%- if fleet_node %}

 		location /fleet/ {
-			return 307 https://{{ fleet_ip }}/fleet;
+			return 307 https://{{ fleet_ip }}/fleet/dashboard;
 		}

 		{%- else %}
--- a/salt/soc/files/soc/tools.json
+++ b/salt/soc/files/soc/tools.json
@@ -3,6 +3,6 @@
  { "name": "toolGrafana",   "description": "toolGrafanaHelp",   "icon": "fa-external-link-alt", "target": "so-grafana",   "link": "/grafana/d/so_overview" },
  { "name": "toolCyberchef", "description": "toolCyberchefHelp", "icon": "fa-external-link-alt", "target": "so-cyberchef", "link": "/cyberchef/" },
  { "name": "toolPlaybook",  "description": "toolPlaybookHelp",  "icon": "fa-external-link-alt", "target": "so-playbook",  "link": "/playbook/projects/detection-playbooks/issues/" },
-  { "name": "toolFleet",     "description": "toolFleetHelp",     "icon": "fa-external-link-alt", "target": "so-fleet",     "link": "/fleet/" },
+  { "name": "toolFleet",     "description": "toolFleetHelp",     "icon": "fa-external-link-alt", "target": "so-fleet",     "link": "/fleet/dashboard" },
  { "name": "toolNavigator", "description": "toolNavigatorHelp", "icon": "fa-external-link-alt", "target": "so-navigator", "link": "/navigator/" }
-]
+]
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1511,7 +1511,7 @@ generate_passwords(){
  PLAYBOOKADMINPASS=$(get_random_value)
  PLAYBOOKAUTOMATIONPASS=$(get_random_value)
  FLEETPASS=$(get_random_value)
-  FLEETSAPASS=$(get_random_value)
+  FLEETSAPASS="$(get_random_value)!1"
  FLEETJWT=$(get_random_value)
  GRAFANAPASS=$(get_random_value)
  SENSORONIKEY=$(get_random_value)
--- a/sigs/securityonion-2.3.220-20230224.iso.sig
+++ b/sigs/securityonion-2.3.220-20230224.iso.sig
Author	SHA1	Message	Date
Mike Reeves	2ca2724a4c	Merge pull request #9857 from Security-Onion-Solutions/dev 2.3.220	2023-02-27 09:35:14 -05:00
Mike Reeves	884883a225	Merge pull request #9856 from Security-Onion-Solutions/2.3.220 2.3.220	2023-02-27 09:26:28 -05:00
Mike Reeves	5c8ba3af65	2.3.220	2023-02-27 09:23:33 -05:00
Josh Brower	4b5d314adf	Merge pull request #9833 from Security-Onion-Solutions/FleetDMConfigFix Remove unsupported config option	2023-02-21 16:36:58 -05:00
Josh Brower	6e637f559c	Remove unsupported config option	2023-02-21 16:35:11 -05:00
Doug Burks	cc5304e9f7	Merge pull request #9806 from Security-Onion-Solutions/2.3/upgrade-elastic-8.6.2 2.3/upgrade elastic 8.6.2	2023-02-17 08:03:01 -05:00
Doug Burks	002403055d	UPGRADE: Elastic 8.6.2 #9804	2023-02-17 07:04:57 -05:00
Doug Burks	b80b80e825	UPGRADE: Elastic 8.6.2 #9804	2023-02-17 07:03:47 -05:00
Josh Brower	c539d53a02	Merge pull request #9791 from Security-Onion-Solutions/fleetsapassword Fix edge case	2023-02-15 15:30:49 -05:00
Josh Brower	3a22978c2b	Fix password gen edge case	2023-02-15 15:25:35 -05:00
Doug Burks	5b1461e9a1	Merge pull request #9782 from Security-Onion-Solutions/dougburks-patch-1 Update soup for 2.3.220	2023-02-14 08:44:09 -05:00
Doug Burks	69f889dbd9	Update soup for 2.3.220	2023-02-14 08:42:35 -05:00
Josh Brower	aefe1cceb8	Merge pull request #9758 from Security-Onion-Solutions/fleetupgrade Fix link for FleetDM standalone nodes	2023-02-09 14:10:45 -05:00
Josh Brower	b7e97eceb3	Fix link for FleetDM standalone nodes	2023-02-09 14:08:48 -05:00
Josh Brower	450e02e874	Merge pull request #9749 from Security-Onion-Solutions/fleetdm-fix FleetDM Upgrade Fix	2023-02-09 09:30:22 -05:00
Josh Brower	09bebf08d6	Fix FleetDM SOC Link	2023-02-09 09:10:50 -05:00
Josh Brower	4dd54cea6c	Use correct variable name	2023-02-08 16:58:47 -05:00
Josh Brower	e07f4bd0ed	Workaround for FleetDM PW Req	2023-02-08 13:03:33 -05:00
Mike Reeves	6adb586bb4	Merge pull request #9734 from Security-Onion-Solutions/TOoSmOotH-patch-1 Update VERSION	2023-02-07 09:07:06 -05:00
Mike Reeves	2f99821736	Update VERSION	2023-02-07 09:05:16 -05:00
@@ -1 +1 @@
 .3.210
 .3.220