Merge pull request #4863 from Security-Onion-Solutions/hotfix/2.3.60

Hotfix/2.3.60 CuratorFix

HOTFIX

@@ -1 +1 @@
-ECSFIX HEAVYNODE_SSL_LOGSTASH_REDIS_PIPELINES
+ECSFIX HEAVYNODE_SSL_LOGSTASH_REDIS_PIPELINES FBPIPELINE CURATORAUTH

VERIFY_ISO.md

@@ -1,18 +1,18 @@
-### 2.3.60-ECSFIX ISO image built on 2021/07/02
+### 2.3.60-CURATORAUTH ISO image built on 2021/07/19
 
 
 
 ### Download and Verify
 
-2.3.60-ECSFIX ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.60-ECSFIX.iso
+2.3.60-CURATORAUTH ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.60-CURATORAUTH.iso
 
-MD5: BCD2C449BD3B65D96A0D1E479C0414F9  
-SHA1: 18FB8F33C19980992B291E5A7EC23D5E13853933  
-SHA256: AD3B750E7FC4CA0D58946D8FEB703AE9B01508E314967566B06CFE5D8A8086E9 
+MD5: 953DD42AB3A3560BB35F4E9F69212AE3  
+SHA1: 5D18B98B19FD7F8C799E88FC28ABC46990FC6B9B  
+SHA256: E26F43F969241985DC74915842492F876EC7B8CBAF5F2F52405554E7C92408C2 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60-ECSFIX.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60-CURATORAUTH.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60-ECSFIX.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.60-CURATORAUTH.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.60-ECSFIX.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.60-CURATORAUTH.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.60-ECSFIX.iso.sig securityonion-2.3.60-ECSFIX.iso
+gpg --verify securityonion-2.3.60-CURATORAUTH.iso.sig securityonion-2.3.60-CURATORAUTH.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Fri 02 Jul 2021 10:15:04 AM EDT using RSA key ID FE507013
+gpg: Signature made Mon 19 Jul 2021 01:25:34 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.

salt/common/tools/sbin/so-airgap-hotfixapply

@@ -1,64 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-. /usr/sbin/so-common
-
-UPDATE_DIR=/tmp/sohotfixapply
-
-if [ -z "$1" ]; then
-  echo "No tarball given. Please provide the filename so I can run the hotfix"
-  echo "so-airgap-hotfixapply /path/to/sohotfix.tar" 
-  exit 1
-else
-  if [ ! -f "$1" ]; then
-    echo "Unable to find $1. Make sure your path is correct and retry."
-    exit 1
-  else
-    echo "Determining if we need to apply this hotfix"
-    rm -rf $UPDATE_DIR
-    mkdir -p $UPDATE_DIR
-    tar xvf $1 -C $UPDATE_DIR
-
-    # Compare some versions
-    NEWVERSION=$(cat $UPDATE_DIR/VERSION)
-    HOTFIXVERSION=$(cat $UPDATE_DIR/HOTFIX)
-    CURRENTHOTFIX=$(cat /etc/sohotfix)
-    INSTALLEDVERSION=$(cat /etc/soversion)
-
-    if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then
-      echo "Checking to see if there are hotfixes needed"
-      if [ "$HOTFIXVERSION" == "$CURRENTHOTFIX" ]; then
-        echo "You are already running the latest version of Security Onion."
-        rm -rf $UPDATE_DIR
-        exit 1
-      else
-        echo "We need to apply a hotfix"
-        copy_new_files
-        echo $HOTFIXVERSION > /etc/sohotfix
-        salt-call state.highstate -l info queue=True
-        echo "The Hotfix $HOTFIXVERSION has been applied"
-        # Clean up 
-        rm -rf $UPDATE_DIR
-        exit 0
-      fi
-    else
-      echo "This hotfix is not compatible with your current version. Download the latest ISO and run soup"
-      rm -rf $UPDATE_DIR
-    fi
-
-  fi
-fi

salt/common/tools/sbin/so-airgap-hotfixdownload

@@ -1,33 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# Get the latest code
-rm -rf /tmp/sohotfix
-mkdir -p /tmp/sohotfix
-cd /tmp/sohotfix
-git clone https://github.com/Security-Onion-Solutions/securityonion
-if [ ! -d "/tmp/sohotfix/securityonion" ]; then
-  echo "I was unable to get the latest code. Check your internet and try again."
-  exit 1
-else
-  echo "Looks like we have the code lets create the tarball."
-  cd /tmp/sohotfix/securityonion
-  tar cvf /tmp/sohotfix/sohotfix.tar HOTFIX VERSION salt pillar
-  echo ""
-  echo "Copy /tmp/sohotfix/sohotfix.tar to portable media and then copy it to your airgap manager."
-  exit 0
-fi

salt/curator/files/curator.yml

@@ -18,17 +18,15 @@ client:
   hosts:
     - {{elasticsearch}}
   port: 9200
-{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
-  username: {{ ES_USER }}
-  password: {{ ES_PASS }}
-{% endif %}
+{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
+  http_auth: {{ ES_USER }}:{{ ES_PASS }}
+{%- endif %}
   url_prefix:
   use_ssl: True
   certificate:
   client_cert:
   client_key:
   ssl_no_validate: True
-  http_auth:
   timeout: 30
   master_only: False
 

salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja

@@ -6,7 +6,7 @@
 {%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
 {%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
 output {
-  if [metadata][pipeline] {
+  if "filebeat" in [metadata][pipeline] {
     elasticsearch {
       id => "filebeat_modules_metadata_pipeline"
       pipeline => "%{[metadata][pipeline]}"