Merge pull request #5353 from Security-Onion-Solutions/hotfix/2.3.70

Merge pull request #5352 from Security-Onion-Solutions/wazhf
2.3.70 WAZUH Hotfix sigs
2025-12-06 09:12:45 +01:00 · 2021-08-31 09:57:05 -04:00 · 2021-08-31 08:47:14 -04:00 · 2021-08-31 08:39:37 -04:00 · 2021-08-30 17:48:53 -04:00 · 2021-08-30 17:38:29 -04:00
11 changed files with 93 additions and 52 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-
+CURATOR GRAFANA_DASH_ALLOW WAZUH
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.70 ISO image built on 2021/08/17
+### 2.3.70-WAZUH ISO image built on 2021/08/23



 ### Download and Verify

-2.3.70 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.70.iso
+2.3.70-WAZUH ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.70-WAZUH.iso

-MD5: F048FABC7FD2D0E1A8B02381F115D1E0  
-SHA1: DF6D20FEF13CDC1B19309D2A1178D6E5D25FDA6F  
-SHA256: B193FFD7EE69958A8E257117149DCFB2125C5772FBFA6003AD80FD1CC129E571 
+MD5: CEDEF3C38089896C252F9E3C75F7CB15  
+SHA1: FB420115C72DABDEB87C8B27F26E862C94628057  
+SHA256: CC3E75A97163E9CD255DA0D9C3EB11922FA045651827F291025398943C1BC230 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70-WAZUH.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70-WAZUH.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.70.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.70-WAZUH.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.70.iso.sig securityonion-2.3.70.iso
+gpg --verify securityonion-2.3.70-WAZUH.iso.sig securityonion-2.3.70-WAZUH.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Tue 17 Aug 2021 10:52:17 PM EDT using RSA key ID FE507013
+gpg: Signature made Mon 30 Aug 2021 06:13:14 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -4,6 +4,7 @@
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
+{% set REMOVECURATORCRON = False %}
 {% if grains['role'] in ['so-eval', 'so-node', 'so-managersearch', 'so-heavynode', 'so-standalone', 'so-manager'] %}
  {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
  {% from "curator/map.jinja" import CURATOROPTIONS with context %}
@@ -88,36 +89,6 @@ curdel:
    - group: 939
    - mode: 755

-so-curatorcloseddeletecron:
- cron.present:
-   - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1
-   - user: root
-   - minute: '*'
-   - hour: '*'
-   - daymonth: '*'
-   - month: '*'
-   - dayweek: '*'
-
-so-curatorclosecron:
- cron.present:
-   - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1
-   - user: root
-   - minute: '*'
-   - hour: '*'
-   - daymonth: '*'
-   - month: '*'
-   - dayweek: '*'
-
-so-curatordeletecron:
- cron.present:
-   - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1
-   - user: root
-   - minute: '*'
-   - hour: '*'
-   - daymonth: '*'
-   - month: '*'
-   - dayweek: '*'
-
 so-curator:
  docker_container.{{ CURATOROPTIONS.status }}:
  {% if CURATOROPTIONS.status == 'running' %}
@@ -152,12 +123,77 @@ so-curator_so-status.disabled:
  file.comment:
    - name: /opt/so/conf/so-status/so-status.conf
    - regex: ^so-curator$
+
+      # need to remove cronjobs here since curator is disabled
+      {% set REMOVECURATORCRON = True %}    
    {% else %}
 delete_so-curator_so-status.disabled:
  file.uncomment:
    - name: /opt/so/conf/so-status/so-status.conf
    - regex: ^so-curator$
+
    {% endif %}
+
+  {% else %}
+delete_so-curator_so-status:
+  file.line:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - match: ^so-curator$
+    - mode: delete
+
+    # need to remove cronjobs here since curator is disabled
+    {% set REMOVECURATORCRON = True %}
+
+  {% endif %}
+
+  {% if REMOVECURATORCRON %}
+so-curatorcloseddeletecron:
+ cron.absent:
+   - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1
+   - user: root
+
+so-curatorclosecron:
+ cron.absent:
+   - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1
+   - user: root
+
+so-curatordeletecron:
+ cron.absent:
+   - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1
+   - user: root
+
+  {% else %}
+
+so-curatorcloseddeletecron:
+ cron.present:
+   - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1
+   - user: root
+   - minute: '*'
+   - hour: '*'
+   - daymonth: '*'
+   - month: '*'
+   - dayweek: '*'
+
+so-curatorclosecron:
+ cron.present:
+   - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1
+   - user: root
+   - minute: '*'
+   - hour: '*'
+   - daymonth: '*'
+   - month: '*'
+   - dayweek: '*'
+
+so-curatordeletecron:
+ cron.present:
+   - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1
+   - user: root
+   - minute: '*'
+   - hour: '*'
+   - daymonth: '*'
+   - month: '*'
+   - dayweek: '*'
+
  {% endif %}

 # Begin Curator Cron Jobs
--- a/salt/curator/map.jinja
+++ b/salt/curator/map.jinja
@@ -3,13 +3,13 @@
 {% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %}
 {% do CURATOROPTIONS.update({'manage_sostatus': True}) %}

-# don't start the docker container if searchnode and true clustering is enabled or curator disabled via pillar or true cluster not enabled and manager
-{% if not ENABLED or (TRUECLUSTER and grains.id.split('_')|last == 'searchnode') or (not TRUECLUSTER and grains.id.split('_')|last == 'manager') %}
+# don't start the docker container if curator is disabled via pillar
+{% if not ENABLED or grains.id.split('_')|last == 'manager'%}
  {% do CURATOROPTIONS.update({'start': False}) %}
  {% do CURATOROPTIONS.update({'status': 'absent'}) %}
-  {% if (TRUECLUSTER and grains.id.split('_')|last == 'searchnode') or (not TRUECLUSTER and grains.id.split('_')|last == 'manager') %}
+  {% if grains.id.split('_')|last == 'manager' %}
    {% do CURATOROPTIONS.update({'manage_sostatus': False}) %}
-  {% endif %}%}
+  {% endif %}
 {% else %}
  {% do CURATOROPTIONS.update({'start': True}) %}
  {% do CURATOROPTIONS.update({'status': 'running'}) %}
--- a/salt/grafana/init.sls
+++ b/salt/grafana/init.sls
@@ -12,16 +12,21 @@

 {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %}

+{% set ALLOWED_DASHBOARDS = ['overview', 'standalone', 'manager', 'managersearch', 'sensor', 'searchnode', 'heavynode', 'eval'] %}
 {% set DASHBOARDS = ['overview'] %}
 {% if grains.role == 'so-eval' %}
  {% do DASHBOARDS.append('eval') %}
 {% else %}
  {# Grab a unique listing of nodetypes that exists so that we create only the needed dashboards #}
  {% for dashboard in salt['cmd.shell']("ls /opt/so/saltstack/local/pillar/minions/|awk -F'_' {'print $2'}|awk -F'.' {'print $1'}").split() %}
-    {% do DASHBOARDS.append(dashboard) %}
+    {% if dashboard in ALLOWED_DASHBOARDS %}
+      {% do DASHBOARDS.append(dashboard) %}
+    {% endif %}
  {% endfor %}
 {% endif %}

+
+
 # Grafana all the things
 grafanadir:
  file.directory:
--- a/salt/telegraf/node_config.json.jinja
+++ b/salt/telegraf/node_config.json.jinja
@@ -1,6 +1,6 @@
 {
-  "manint": "{{ salt['pillar.get']('host:mainint', '') }}",
 {%- if grains.role in  ['so-standalone', 'so-eval', 'so-sensor', 'so-heavynode', ] %}
-  "monint": "{{ salt['pillar.get']('sensor:interface', '') }}"
-{% endif -%}
+  "monint": "{{ salt['pillar.get']('sensor:interface', '') }}",
+{%- endif %}
+  "manint": "{{ salt['pillar.get']('host:mainint', '') }}"
 }
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -189,13 +189,13 @@ base:
    {%- if KIBANA %}
    - kibana
    {%- endif %}
-    - curator
    {%- if ELASTALERT %}
    - elastalert
    {%- endif %}
    {%- if FILEBEAT %}
    - filebeat
    {%- endif %}
+    - curator
    - utility
    - schedule
    {%- if FLEETMANAGER or FLEETNODE %}
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -2795,7 +2795,7 @@ update_sudoers() {
 update_packages() {
 	if [ "$OS" = 'centos' ]; then
 	    yum repolist >> /dev/null
-        yum -y update --exclude=salt* >> "$setup_log"
+        yum -y update --exclude=salt*,wazuh* >> "$setup_log"
 	else
 		retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1
 		retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1
--- a/sigs/securityonion-2.3.70-CURATOR.iso.sig
+++ b/sigs/securityonion-2.3.70-CURATOR.iso.sig
--- a/sigs/securityonion-2.3.70-GRAFANA.iso.sig
+++ b/sigs/securityonion-2.3.70-GRAFANA.iso.sig
--- a/sigs/securityonion-2.3.70-WAZUH.iso.sig
+++ b/sigs/securityonion-2.3.70-WAZUH.iso.sig
Author	SHA1	Message	Date
Mike Reeves	ccc8f9ff0a	Merge pull request #5353 from Security-Onion-Solutions/hotfix/2.3.70	2021-08-31 09:57:05 -04:00
Mike Reeves	43d20226a8	Merge pull request #5352 from Security-Onion-Solutions/wazhf 2.3.70 WAZUH Hotfix sigs	2021-08-31 08:47:14 -04:00
Mike Reeves	4fe0a1d7b4	2.3.70 WAZUH Hotfix sigs	2021-08-31 08:39:37 -04:00
Mike Reeves	1aacc27cd4	Merge pull request #5340 from Security-Onion-Solutions/TOoSmOotH-patch-4 Update HOTFIX	2021-08-30 17:48:53 -04:00
Mike Reeves	92858cd13a	Update HOTFIX	2021-08-30 17:38:29 -04:00
Mike Reeves	99cb38362a	Merge pull request #5339 from Security-Onion-Solutions/hotfix/wazuh-update-exclude wazuh-agent fix + pull in master	2021-08-30 17:37:47 -04:00
William Wernert	bfd632e20a	Add wazuh to exclude arg when running yum update	2021-08-30 14:21:13 -04:00
Mike Reeves	518f9fceb0	Merge pull request #5337 from Security-Onion-Solutions/TOoSmOotH-patch-3 Update HOTFIX	2021-08-30 12:33:43 -04:00
Mike Reeves	2b34da0fee	Update HOTFIX	2021-08-30 12:32:44 -04:00
Josh Patterson	72ba29fb7b	Merge pull request #5282 from Security-Onion-Solutions/hotfix/2.3.70 Hotfix/2.3.70	2021-08-24 10:15:33 -04:00
Josh Patterson	2859bff0e4	Merge pull request #5281 from Security-Onion-Solutions/grafana_fleet_hotfix sig files and iso info	2021-08-24 10:01:10 -04:00
Mike Reeves	6e921415ea	sig files and iso info	2021-08-24 10:00:06 -04:00
Mike Reeves	2f8b68e67a	sig files and iso info	2021-08-24 09:58:28 -04:00
Josh Patterson	8ea89932ae	Merge pull request #5270 from Security-Onion-Solutions/grafana_fleet_hotfix Grafana fleet hotfix	2021-08-23 13:10:35 -04:00
m0duspwnens	f87cf123b0	fix typo - https://github.com/Security-Onion-Solutions/securityonion/issues/5268	2021-08-23 13:08:11 -04:00
m0duspwnens	80f4d03254	place unique identifier on same line for hotfix - https://github.com/Security-Onion-Solutions/securityonion/issues/5268	2021-08-23 13:05:28 -04:00
m0duspwnens	a9cc68f89e	add unique identifier for hotfix - https://github.com/Security-Onion-Solutions/securityonion/issues/5268	2021-08-23 13:02:49 -04:00
m0duspwnens	b053f29a89	only create dashboards for certain node types - https://github.com/Security-Onion-Solutions/securityonion/issues/5268	2021-08-23 12:58:52 -04:00
Mike Reeves	0abf7593ed	Merge pull request #5233 from Security-Onion-Solutions/hotfix/2.3.70 Hotfix/2.3.70	2021-08-23 09:28:07 -04:00
Mike Reeves	f096b513b7	Merge pull request #5232 from Security-Onion-Solutions/cfixhfix Cfixhfix	2021-08-20 15:40:44 -04:00
Mike Reeves	51b517581a	2.3.70 sigs	2021-08-20 15:38:56 -04:00
Mike Reeves	936c998ecb	CURATOR ISO info	2021-08-20 12:49:55 -04:00
Mike Reeves	02372d130a	Merge pull request #5224 from Security-Onion-Solutions/curator_cron remove the curator cronjobs if it is disabled	2021-08-20 10:44:55 -04:00
m0duspwnens	6f9a263af3	remove the curator cronjobs if it is disabled	2021-08-20 10:40:15 -04:00
Mike Reeves	43ffaab82c	Merge pull request #5213 from Security-Onion-Solutions/hotfix/curator stop curator and remove from so-status for manager	2021-08-19 15:45:17 -04:00
m0duspwnens	dccfdb14e4	stop curator and remove from so-status for manager	2021-08-19 15:40:17 -04:00
Josh Patterson	21f3b3d985	Merge pull request #5212 from Security-Onion-Solutions/hotfix/curator just dont run curator on manager	2021-08-19 15:27:55 -04:00
m0duspwnens	e2d74b115f	just dont run curator on manager	2021-08-19 15:26:22 -04:00
Mike Reeves	13741400f1	Merge pull request #5210 from Security-Onion-Solutions/TOoSmOotH-patch-1 Update VERSION	2021-08-19 15:02:52 -04:00
Mike Reeves	d0f587858c	Merge pull request #5211 from Security-Onion-Solutions/TOoSmOotH-patch-2 Curator	2021-08-19 15:02:28 -04:00
Mike Reeves	acca8cc5d2	Update HOTFIX	2021-08-19 15:01:21 -04:00
Mike Reeves	ef950955bd	Update VERSION	2021-08-19 15:00:51 -04:00
Josh Patterson	9a8ccef828	Merge pull request #5209 from Security-Onion-Solutions/issue/5195 fix error in telegraf log	2021-08-19 13:27:08 -04:00
m0duspwnens	7b8e23fadd	fix error in telegraf log - https://github.com/Security-Onion-Solutions/securityonion/issues/5195	2021-08-19 11:11:24 -04:00
Mike Reeves	18335afa7f	Merge pull request #5204 from Security-Onion-Solutions/kilo Update 2.3.80	2021-08-19 08:55:44 -04:00
Jason Ertel	41e8be87b6	Update 2.3.80	2021-08-19 08:42:29 -04:00