Merge 2.4/main into 3/dev, resolve VERSION conflict to 3.0.0

.github/DISCUSSION_TEMPLATE/2-4.yml

@@ -35,7 +35,6 @@ body:
         - 2.4.200
         - 2.4.201
         - 2.4.210
-        - 2.4.211
         - Other (please provide detail below)
     validations:
       required: true

DOWNLOAD_AND_VERIFY_ISO.md

@@ -1,17 +1,17 @@
-### 2.4.211-20260312 ISO image released on 2026/03/12
+### 2.4.210-20260302 ISO image released on 2026/03/02
 
 
 ### Download and Verify
 
-2.4.211-20260312 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260312.iso
+2.4.210-20260302 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.210-20260302.iso
  
-MD5: 7082210AE9FF4D2634D71EAD4DC8F7A3  
-SHA1: F76E08C47FD786624B2385B4235A3D61A4C3E9DC  
-SHA256: CE6E61788DFC492E4897EEDC139D698B2EDBEB6B631DE0043F66E94AF8A0FF4E  
+MD5: 575F316981891EBED2EE4E1F42A1F016  
+SHA1: 600945E8823221CBC5F1C056084A71355308227E  
+SHA256: A6AA6471125F07FA6E2796430E94BEAFDEF728E833E9728FDFA7106351EBC47E  
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260312.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.210-20260302.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260312.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.210-20260302.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260312.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.210-20260302.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.211-20260312.iso.sig securityonion-2.4.211-20260312.iso
+gpg --verify securityonion-2.4.210-20260302.iso.sig securityonion-2.4.210-20260302.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 11 Mar 2026 03:05:09 PM EDT using RSA key ID FE507013
+gpg: Signature made Mon 02 Mar 2026 11:55:24 AM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.

HOTFIX

@@ -1 +0,0 @@
-

VERSION

@@ -1 +1 @@
-2.4.211
+3.0.0

salt/common/files/daemon.json

@@ -8,12 +8,5 @@
       "base": "172.17.0.0/24",
       "size": 24
     }
-  ],
-  "default-ulimits": {
-      "nofile": {
-        "Name": "nofile",
-        "Soft": 1048576,
-        "Hard": 1048576
-      }
-  }
+  ]
 }

salt/manager/tools/sbin/soup

@@ -467,7 +467,6 @@ preupgrade_changes() {
     [[ "$INSTALLEDVERSION" == 2.4.190 ]] && up_to_2.4.200
     [[ "$INSTALLEDVERSION" == 2.4.200 ]] && up_to_2.4.201
     [[ "$INSTALLEDVERSION" == 2.4.201 ]] && up_to_2.4.210
-    [[ "$INSTALLEDVERSION" == 2.4.210 ]] && up_to_2.4.211
     true
 }
 
@@ -502,7 +501,6 @@ postupgrade_changes() {
     [[ "$POSTVERSION" == 2.4.190 ]] && post_to_2.4.200
     [[ "$POSTVERSION" == 2.4.200 ]] && post_to_2.4.201
     [[ "$POSTVERSION" == 2.4.201 ]] && post_to_2.4.210
-    [[ "$POSTVERSION" == 2.4.210 ]] && post_to_2.4.211
     true
 }
 
@@ -721,11 +719,6 @@ post_to_2.4.210() {
   POSTVERSION=2.4.210
 }
 
-post_to_2.4.211() {
-  echo "Nothing to apply"
-  POSTVERSION=2.4.211
-}
-
 repo_sync() {
   echo "Sync the local repo."
   su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync."
@@ -1016,12 +1009,6 @@ up_to_2.4.210() {
   INSTALLEDVERSION=2.4.210
 }
 
-up_to_2.4.211() {
-  echo "Nothing to do for 2.4.211"
-
-  INSTALLEDVERSION=2.4.211
-}
-
 add_hydra_pillars() {
   mkdir -p /opt/so/saltstack/local/pillar/hydra
   touch /opt/so/saltstack/local/pillar/hydra/soc_hydra.sls

salt/salt/cloud/cloud.profiles.d/socloud.conf.jinja

@@ -29,11 +29,7 @@ sool9_{{host}}:
     hypervisor_host: {{host ~ "_" ~ role}}
   preflight_cmds:
     - |
-      {%- set hostnames = [MANAGERHOSTNAME] %}
-      {%- if not (URL_BASE | ipaddr) and URL_BASE != MANAGERHOSTNAME %}
-      {%-   do hostnames.append(URL_BASE) %}
-      {%- endif %}
-      tee -a /etc/hosts <<< "{{ MANAGERIP }}    {{ hostnames | join('  ') }}"
+      tee -a /etc/hosts <<< "{{ MANAGERIP }}    {{ MANAGERHOSTNAME }}"
     - |
       timeout 600 bash -c 'trap "echo \"Preflight Check: Failed to establish repo connectivity\"; exit 1" TERM; \
         while ! dnf makecache --repoid=securityonion >/dev/null 2>&1; do echo "Preflight Check: Waiting for repo connectivity..."; \

salt/salt/cloud/config.sls

@@ -14,7 +14,6 @@
 {%   if 'vrt' in salt['pillar.get']('features', []) %}
 {%     set HYPERVISORS = salt['pillar.get']('hypervisor:nodes', {} ) %}
 {%     from 'salt/map.jinja' import SALTVERSION %}
-{%     from 'vars/globals.map.jinja' import GLOBALS %}
 
 {%     if HYPERVISORS %}
 cloud_providers:
@@ -35,7 +34,6 @@ cloud_profiles:
         MANAGERHOSTNAME: {{ grains.host }}
         MANAGERIP: {{ pillar.host.mainip }}
         SALTVERSION: {{ SALTVERSION }}
-        URL_BASE: {{ GLOBALS.url_base }}
     - template: jinja
     - makedirs: True
 {%     else %}

salt/salt/engines/master/virtual_node_manager.py

@@ -805,6 +805,11 @@ def process_vm_creation(hypervisor_path: str, vm_config: dict) -> None:
                     mark_invalid_hardware(hypervisor_path, vm_name, vm_config,
                                         {'nsm_size': 'Invalid nsm_size: must be positive integer'})
                     return
+                if size > 10000:  # 10TB reasonable maximum
+                    log.error("VM: %s - nsm_size %dGB exceeds reasonable maximum (10000GB)", vm_name, size)
+                    mark_invalid_hardware(hypervisor_path, vm_name, vm_config,
+                                        {'nsm_size': f'Invalid nsm_size: {size}GB exceeds maximum (10000GB)'})
+                    return
                 log.debug("VM: %s - nsm_size validated: %dGB", vm_name, size)
             except (ValueError, TypeError) as e:
                 log.error("VM: %s - nsm_size must be a valid integer, got: %s", vm_name, vm_config.get('nsm_size'))

salt/suricata/map.jinja

@@ -16,13 +16,7 @@
 {%     do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': PCAPBPF|join(" ")}) %}
 {%   endif %}
 
-{%   set PCAP = salt['pillar.get']('pcap', {'enabled': false}) %}
-{%   if PCAP.enabled and GLOBALS.role != 'so-import'%}
-{%     do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'yes'}) %}
-{%   else %}
-{%     do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'no'}) %}
-{%   endif %}
-
+{%   do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'yes'}) %}
 {#   move the items in suricata.pcap into suricata.config.outputs.pcap-log. these items were placed under suricata.config for ease of access in SOC #}
 {%   do SURICATAMERGED.config.outputs['pcap-log'].update({'compression': SURICATAMERGED.pcap.compression}) %}
 {%   do SURICATAMERGED.config.outputs['pcap-log'].update({'lz4-checksum': SURICATAMERGED.pcap['lz4-checksum']}) %}