Merge pull request #6646 from Security-Onion-Solutions/patch/2.3.91

Patch/2.3.91
fix hashes in VERIFY_ISO.md
2025-12-06 09:12:45 +01:00 · 2021-12-21 09:27:14 -05:00 · 2021-12-20 17:27:19 -05:00 · 2021-12-20 17:23:52 -05:00 · 2021-12-20 17:21:53 -05:00 · 2021-12-20 12:12:00 -05:00
11 changed files with 29 additions and 21 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-WAZUH AIRGAPFIX 20211206 20211210
+
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-## Security Onion 2.3.90-20211210
+## Security Onion 2.3.91

-Security Onion 2.3.90-20211210 is here!
+Security Onion 2.3.91 is here!

 ## Screenshots

--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.90-20211210 ISO image built on 2021/12/10
+### 2.3.91 ISO image built on 2021/12/20



 ### Download and Verify

-2.3.90-20211210 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.90-20211210.iso
+2.3.91 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.91.iso

-MD5: 512C13089060EE17BC3FA275D62152DC  
-SHA1: A70D3A3C4B74AD2EE9B1353BDE7E5DD327248511  
-SHA256: 271DA7617FBA3549B1E496C60E9AD743B13CC8D0468DF3F7AC9A76B6D496D212 
+MD5: CD979038EC60318B7C7F8BA278A12D04  
+SHA1: 9FB2AC07FCD24A4993B3F61FC2B2863510650520  
+SHA256: BAA8BEF574ECCB9ADC326D736A00C00AAF940FC6AD68CF491FF1F0AB6C5BAA64 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-20211210.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.91.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-20211210.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.91.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90-20211210.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.91.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.90-20211210.iso.sig securityonion-2.3.90-20211210.iso
+gpg --verify securityonion-2.3.91.iso.sig securityonion-2.3.91.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Fri 10 Dec 2021 02:52:08 PM EST using RSA key ID FE507013
+gpg: Signature made Mon 20 Dec 2021 12:37:42 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/2
+++ b/2
@@ -1 +1 @@
-2.3.90
+2.3.91
--- a/salt/elasticsearch/files/scripts/so-catrust
+++ b/salt/elasticsearch/files/scripts/so-catrust
@@ -24,9 +24,9 @@ set -e

 # Check to see if we have extracted the ca cert.
 if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then
-    docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt
-    docker cp so-elasticsearchca:/etc/pki/ca-trust/extracted/java/cacerts /opt/so/saltstack/local/salt/common/cacerts
-    docker cp so-elasticsearchca:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /opt/so/saltstack/local/salt/common/tls-ca-bundle.pem
+    docker run -v /etc/pki/ca.crt:/etc/ssl/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} -keystore /usr/share/elasticsearch/jdk/lib/security/cacerts -alias SOSCA -import -file /etc/ssl/ca.crt -storepass changeit -noprompt
+    docker cp so-elasticsearchca:/usr/share/elasticsearch/jdk/lib/security/cacerts /opt/so/saltstack/local/salt/common/cacerts
+    docker cp so-elasticsearchca:/etc/ssl/certs/ca-certificates.crt /opt/so/saltstack/local/salt/common/tls-ca-bundle.pem
    docker rm so-elasticsearchca
    echo "" >> /opt/so/saltstack/local/salt/common/tls-ca-bundle.pem
    echo "sosca" >> /opt/so/saltstack/local/salt/common/tls-ca-bundle.pem
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -131,6 +131,10 @@ esrolesdir:
    - group: 939
    - makedirs: True

+eslibdir:
+  file.absent:
+    - name: /opt/so/conf/elasticsearch/lib
+    
 esingestdynamicconf:
  file.recurse:
    - name: /opt/so/conf/elasticsearch/ingest
@@ -271,7 +275,7 @@ so-elasticsearch:
      - /opt/so/conf/elasticsearch/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
      - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw
      - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw
-      - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro
+      - /opt/so/conf/ca/cacerts:/usr/share/elasticsearch/jdk/lib/security/cacerts:ro
      {% if ismanager %}
      - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro
      {% else %}
--- a/salt/kibana/bin/so-kibana-config-load
+++ b/salt/kibana/bin/so-kibana-config-load
@@ -35,7 +35,7 @@ update() {
  wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}"  
  IFS=$'\r\n' GLOBIGNORE='*' command eval  'LINES=($(cat $1))'
  for i in "${LINES[@]}"; do
-    {{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/7.15.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i "
+    {{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/7.16.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i "
  done

 }
--- a/salt/kibana/files/config_saved_objects.ndjson
+++ b/salt/kibana/files/config_saved_objects.ndjson
@@ -1 +1 @@
-{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion": "7.15.2","id": "7.15.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}
+{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n  \"from\": \"now-24h\",\n  \"to\": \"now\"\n}"},"coreMigrationVersion": "7.16.2","id": "7.16.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -61,6 +61,10 @@ logstash:
    - gid: 931
    - home: /opt/so/conf/logstash

+lslibdir:
+  file.absent:
+    - name: /opt/so/conf/logstash/lib
+    
 lsetcdir:
  file.directory:
    - name: /opt/so/conf/logstash/etc
--- a/sigs/securityonion-2.3.90-20211213.iso.sig
+++ b/sigs/securityonion-2.3.90-20211213.iso.sig
--- a/sigs/securityonion-2.3.91.iso.sig
+++ b/sigs/securityonion-2.3.91.iso.sig
Author	SHA1	Message	Date
Doug Burks	c8de36d467	Merge pull request #6646 from Security-Onion-Solutions/patch/2.3.91 Patch/2.3.91	2021-12-21 09:27:14 -05:00
doug	284e0e9108	fix hashes in VERIFY_ISO.md	2021-12-20 17:27:19 -05:00
doug	e66b023c9c	update README.md for 2.3.91	2021-12-20 17:23:52 -05:00
doug	9f47522591	add sig for 2.3.91 ISO and update VERIFY_ISO.md	2021-12-20 17:21:53 -05:00
Jason Ertel	35617acaeb	Update cacerts to reflect new path; this changed due to ES 7.16.2	2021-12-20 12:12:00 -05:00
Jason Ertel	6f116a2d01	Switch to new Ubuntu SSL dir	2021-12-20 09:43:59 -05:00
Jason Ertel	d6c651af1c	Remove old patch dir from previously-patched installations	2021-12-20 09:42:27 -05:00
Jason Ertel	203e8a7873	Bump version to 2.3.91	2021-12-20 09:33:20 -05:00
Jason Ertel	b8fcec04b8	Remove patched jar due to upgrade of Elastic images to 7.16.2	2021-12-20 09:27:03 -05:00
Jason Ertel	6556a37869	Merge branch 'master' into patch/1.3.91	2021-12-20 09:20:03 -05:00
Jason Ertel	5af2bd8fa4	Upgrade to Elastic 7.16.2	2021-12-20 09:16:28 -05:00
Mike Reeves	85cf096322	Merge pull request #6541 from Security-Onion-Solutions/hotfix/2.3.90 Hotfix/2.3.90	2021-12-13 12:41:24 -05:00
Mike Reeves	4eaf3f8d8b	Merge pull request #6540 from Security-Onion-Solutions/2390hotfix3 2.3.90-20211213 Hotfix	2021-12-13 12:12:03 -05:00
Mike Reeves	d90904b4d4	2.3.90-20211213 Hotfix	2021-12-13 12:09:09 -05:00
Mike Reeves	65cc9930e7	Merge pull request #6537 from Security-Onion-Solutions/TOoSmOotH-patch-1 Update HOTFIX	2021-12-13 11:13:40 -05:00
Mike Reeves	7f982d2824	Update HOTFIX	2021-12-13 11:12:18 -05:00
Mike Reeves	d3ac1f7994	Merge pull request #6533 from Security-Onion-Solutions/jertel/hotfix-20211213 Add missing logstash lib	2021-12-13 09:30:32 -05:00
Jason Ertel	c94d5fa9dc	Strip JndiLookup.class from log4j-core jars, to match Elastic's mitigation approach	2021-12-13 09:27:13 -05:00
Mike Reeves	83d1cdad90	Merge pull request #6532 from Security-Onion-Solutions/jertel/hotfix-20211213 Strip JndiLookup.class from log4j-core jars, to match Elastic's mitigation approach	2021-12-13 09:05:30 -05:00
Jason Ertel	8365b5f140	Strip JndiLookup.class from log4j-core jars, to match Elastic's mitigation approach	2021-12-13 09:02:41 -05:00
@@ -1 +1 @@
 .3.90
 .3.91