mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-03-23 21:12:39 +01:00
Compare commits
7 Commits
2.4.211-20
...
reyesj2-44
| Author | SHA1 | Date | |
|---|---|---|---|
|
7e7b8dc8a8 | ||
|
|
2c6c502067 | ||
|
179019b136 | ||
|
|
ac022acbbe | ||
|
|
6bfe020c3b | ||
|
55a960bbc5 | ||
|
|
80f8fdc8d3 |
2
.github/DISCUSSION_TEMPLATE/2-4.yml
vendored
2
.github/DISCUSSION_TEMPLATE/2-4.yml
vendored
@@ -35,7 +35,7 @@ body:
|
||||
- 2.4.200
|
||||
- 2.4.201
|
||||
- 2.4.210
|
||||
- 2.4.211
|
||||
- 3.0.0
|
||||
- Other (please provide detail below)
|
||||
validations:
|
||||
required: true
|
||||
|
||||
@@ -1,17 +1,17 @@
|
||||
### 2.4.211-20260312 ISO image released on 2026/03/12
|
||||
### 2.4.210-20260302 ISO image released on 2026/03/02
|
||||
|
||||
|
||||
### Download and Verify
|
||||
|
||||
2.4.211-20260312 ISO image:
|
||||
https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260312.iso
|
||||
2.4.210-20260302 ISO image:
|
||||
https://download.securityonion.net/file/securityonion/securityonion-2.4.210-20260302.iso
|
||||
|
||||
MD5: 7082210AE9FF4D2634D71EAD4DC8F7A3
|
||||
SHA1: F76E08C47FD786624B2385B4235A3D61A4C3E9DC
|
||||
SHA256: CE6E61788DFC492E4897EEDC139D698B2EDBEB6B631DE0043F66E94AF8A0FF4E
|
||||
MD5: 575F316981891EBED2EE4E1F42A1F016
|
||||
SHA1: 600945E8823221CBC5F1C056084A71355308227E
|
||||
SHA256: A6AA6471125F07FA6E2796430E94BEAFDEF728E833E9728FDFA7106351EBC47E
|
||||
|
||||
Signature for ISO image:
|
||||
https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260312.iso.sig
|
||||
https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.210-20260302.iso.sig
|
||||
|
||||
Signing key:
|
||||
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS
|
||||
@@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.
|
||||
|
||||
Download the signature file for the ISO:
|
||||
```
|
||||
wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260312.iso.sig
|
||||
wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.210-20260302.iso.sig
|
||||
```
|
||||
|
||||
Download the ISO image:
|
||||
```
|
||||
wget https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260312.iso
|
||||
wget https://download.securityonion.net/file/securityonion/securityonion-2.4.210-20260302.iso
|
||||
```
|
||||
|
||||
Verify the downloaded ISO image using the signature file:
|
||||
```
|
||||
gpg --verify securityonion-2.4.211-20260312.iso.sig securityonion-2.4.211-20260312.iso
|
||||
gpg --verify securityonion-2.4.210-20260302.iso.sig securityonion-2.4.210-20260302.iso
|
||||
```
|
||||
|
||||
The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
|
||||
```
|
||||
gpg: Signature made Wed 11 Mar 2026 03:05:09 PM EDT using RSA key ID FE507013
|
||||
gpg: Signature made Mon 02 Mar 2026 11:55:24 AM EST using RSA key ID FE507013
|
||||
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
|
||||
gpg: WARNING: This key is not certified with a trusted signature!
|
||||
gpg: There is no indication that the signature belongs to the owner.
|
||||
|
||||
@@ -8,12 +8,5 @@
|
||||
"base": "172.17.0.0/24",
|
||||
"size": 24
|
||||
}
|
||||
],
|
||||
"default-ulimits": {
|
||||
"nofile": {
|
||||
"Name": "nofile",
|
||||
"Soft": 1048576,
|
||||
"Hard": 1048576
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
vm.max_map_count:
|
||||
sysctl.present:
|
||||
- value: 262144
|
||||
- value: {{ ELASTICSEARCHMERGED.vm.max_map_count }}
|
||||
|
||||
# Add ES Group
|
||||
elasticsearchgroup:
|
||||
|
||||
@@ -2,6 +2,8 @@ elasticsearch:
|
||||
enabled: false
|
||||
version: 9.0.8
|
||||
index_clean: true
|
||||
vm:
|
||||
max_map_count: 1048576
|
||||
config:
|
||||
action:
|
||||
destructive_requires_name: true
|
||||
|
||||
@@ -15,6 +15,11 @@ elasticsearch:
|
||||
description: Determines if indices should be considered for deletion by available disk space in the cluster. Otherwise, indices will only be deleted by the age defined in the ILM settings. This setting only applies to EVAL, STANDALONE, and HEAVY NODE installations. Other installations can only use ILM settings.
|
||||
forcedType: bool
|
||||
helpLink: elasticsearch.html
|
||||
vm:
|
||||
max_map_count:
|
||||
description: The maximum number of memory map areas a process may use. Elasticsearch uses a mmapfs directory by default to store its indices. The default operating system limits on mmap counts could be too low, which may result in out of memory exceptions.
|
||||
forcedType: int
|
||||
helpLink: elasticsearch.html
|
||||
retention:
|
||||
retention_pct:
|
||||
decription: Total percentage of space used by Elasticsearch for multi node clusters
|
||||
|
||||
@@ -467,7 +467,6 @@ preupgrade_changes() {
|
||||
[[ "$INSTALLEDVERSION" == 2.4.190 ]] && up_to_2.4.200
|
||||
[[ "$INSTALLEDVERSION" == 2.4.200 ]] && up_to_2.4.201
|
||||
[[ "$INSTALLEDVERSION" == 2.4.201 ]] && up_to_2.4.210
|
||||
[[ "$INSTALLEDVERSION" == 2.4.210 ]] && up_to_2.4.211
|
||||
true
|
||||
}
|
||||
|
||||
@@ -502,7 +501,6 @@ postupgrade_changes() {
|
||||
[[ "$POSTVERSION" == 2.4.190 ]] && post_to_2.4.200
|
||||
[[ "$POSTVERSION" == 2.4.200 ]] && post_to_2.4.201
|
||||
[[ "$POSTVERSION" == 2.4.201 ]] && post_to_2.4.210
|
||||
[[ "$POSTVERSION" == 2.4.210 ]] && post_to_2.4.211
|
||||
true
|
||||
}
|
||||
|
||||
@@ -721,11 +719,6 @@ post_to_2.4.210() {
|
||||
POSTVERSION=2.4.210
|
||||
}
|
||||
|
||||
post_to_2.4.211() {
|
||||
echo "Nothing to apply"
|
||||
POSTVERSION=2.4.211
|
||||
}
|
||||
|
||||
repo_sync() {
|
||||
echo "Sync the local repo."
|
||||
su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync."
|
||||
@@ -1016,12 +1009,6 @@ up_to_2.4.210() {
|
||||
INSTALLEDVERSION=2.4.210
|
||||
}
|
||||
|
||||
up_to_2.4.211() {
|
||||
echo "Nothing to do for 2.4.211"
|
||||
|
||||
INSTALLEDVERSION=2.4.211
|
||||
}
|
||||
|
||||
add_hydra_pillars() {
|
||||
mkdir -p /opt/so/saltstack/local/pillar/hydra
|
||||
touch /opt/so/saltstack/local/pillar/hydra/soc_hydra.sls
|
||||
|
||||
@@ -29,11 +29,7 @@ sool9_{{host}}:
|
||||
hypervisor_host: {{host ~ "_" ~ role}}
|
||||
preflight_cmds:
|
||||
- |
|
||||
{%- set hostnames = [MANAGERHOSTNAME] %}
|
||||
{%- if not (URL_BASE | ipaddr) and URL_BASE != MANAGERHOSTNAME %}
|
||||
{%- do hostnames.append(URL_BASE) %}
|
||||
{%- endif %}
|
||||
tee -a /etc/hosts <<< "{{ MANAGERIP }} {{ hostnames | join(' ') }}"
|
||||
tee -a /etc/hosts <<< "{{ MANAGERIP }} {{ MANAGERHOSTNAME }}"
|
||||
- |
|
||||
timeout 600 bash -c 'trap "echo \"Preflight Check: Failed to establish repo connectivity\"; exit 1" TERM; \
|
||||
while ! dnf makecache --repoid=securityonion >/dev/null 2>&1; do echo "Preflight Check: Waiting for repo connectivity..."; \
|
||||
|
||||
@@ -14,7 +14,6 @@
|
||||
{% if 'vrt' in salt['pillar.get']('features', []) %}
|
||||
{% set HYPERVISORS = salt['pillar.get']('hypervisor:nodes', {} ) %}
|
||||
{% from 'salt/map.jinja' import SALTVERSION %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
{% if HYPERVISORS %}
|
||||
cloud_providers:
|
||||
@@ -35,7 +34,6 @@ cloud_profiles:
|
||||
MANAGERHOSTNAME: {{ grains.host }}
|
||||
MANAGERIP: {{ pillar.host.mainip }}
|
||||
SALTVERSION: {{ SALTVERSION }}
|
||||
URL_BASE: {{ GLOBALS.url_base }}
|
||||
- template: jinja
|
||||
- makedirs: True
|
||||
{% else %}
|
||||
|
||||
@@ -805,6 +805,11 @@ def process_vm_creation(hypervisor_path: str, vm_config: dict) -> None:
|
||||
mark_invalid_hardware(hypervisor_path, vm_name, vm_config,
|
||||
{'nsm_size': 'Invalid nsm_size: must be positive integer'})
|
||||
return
|
||||
if size > 10000: # 10TB reasonable maximum
|
||||
log.error("VM: %s - nsm_size %dGB exceeds reasonable maximum (10000GB)", vm_name, size)
|
||||
mark_invalid_hardware(hypervisor_path, vm_name, vm_config,
|
||||
{'nsm_size': f'Invalid nsm_size: {size}GB exceeds maximum (10000GB)'})
|
||||
return
|
||||
log.debug("VM: %s - nsm_size validated: %dGB", vm_name, size)
|
||||
except (ValueError, TypeError) as e:
|
||||
log.error("VM: %s - nsm_size must be a valid integer, got: %s", vm_name, vm_config.get('nsm_size'))
|
||||
|
||||
@@ -16,13 +16,7 @@
|
||||
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': PCAPBPF|join(" ")}) %}
|
||||
{% endif %}
|
||||
|
||||
{% set PCAP = salt['pillar.get']('pcap', {'enabled': false}) %}
|
||||
{% if PCAP.enabled and GLOBALS.role != 'so-import'%}
|
||||
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'yes'}) %}
|
||||
{% else %}
|
||||
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'no'}) %}
|
||||
{% endif %}
|
||||
|
||||
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'enabled': 'yes'}) %}
|
||||
{# move the items in suricata.pcap into suricata.config.outputs.pcap-log. these items were placed under suricata.config for ease of access in SOC #}
|
||||
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'compression': SURICATAMERGED.pcap.compression}) %}
|
||||
{% do SURICATAMERGED.config.outputs['pcap-log'].update({'lz4-checksum': SURICATAMERGED.pcap['lz4-checksum']}) %}
|
||||
|
||||
Binary file not shown.
Reference in New Issue
Block a user