Merge pull request #12100 from Security-Onion-Solutions/mkrtemp

2.4.30 hotfix
Update DOWNLOAD_AND_VERIFY_ISO.md
2026-05-03 09:58:17 +02:00 · 2024-01-02 11:16:13 -05:00 · 2024-01-02 10:31:14 -05:00 · 2024-01-02 10:29:45 -05:00 · 2024-01-02 10:09:13 -05:00 · 2024-01-02 09:48:45 -05:00
8 changed files with 43 additions and 30 deletions
@@ -1,18 +1,17 @@
-### 2.4.30-20231117 ISO image released on 2023/11/20
+### 2.4.30-20231228 ISO image released on 2024/01/02
 ### Download and Verify
-2.4.30-20231117 ISO image:  
+2.4.30-20231228 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231117.iso
+https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231228.iso
-MD5: DF7E2540AFF2A233A9B0EEC78B37D0EA  
+MD5: DBD47645CD6FA8358C51D8753046FB54  
-SHA1: 93DB33A46C6F9C7D7CB8031C0A4F8738F4F14E89  
+SHA1: 2494091065434ACB028F71444A5D16E8F8A11EDF  
-SHA256: 48C7BD1C664F545554490B8F191BCD7808C519488DCC85984760400F4F68E2DA  
+SHA256: 3345AE1DC58AC7F29D82E60D9A36CDF8DE19B7DFF999D8C4F89C7BD36AEE7F1D  
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231117.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231228.iso.sig
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -26,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231117.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231228.iso.sig
 ```
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231117.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231228.iso
 ```
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.30-20231117.iso.sig securityonion-2.4.30-20231117.iso
+gpg --verify securityonion-2.4.30-20231228.iso.sig securityonion-2.4.30-20231228.iso
 ```
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Sun 19 Nov 2023 08:11:53 PM EST using RSA key ID FE507013
+gpg: Signature made Thu 28 Dec 2023 10:08:31 AM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
@@ -1 +1 @@
-20231117
+20231204
@@ -20,8 +20,8 @@
            ],
            "data_stream.dataset": "import",
            "custom": "",
-	    "processors": "- dissect:\n    tokenizer: \"/nsm/import/%{import.id}/evtx/%{import.file}\"\n    field: \"log.file.path\"\n    target_prefix: \"\"\n- decode_json_fields:\n    fields: [\"message\"]\n    target: \"\"\n- drop_fields:\n    fields: [\"host\"]\n    ignore_missing: true\n- add_fields:\n    target: data_stream\n    fields:\n      type: logs\n      dataset: system.security\n- add_fields:\n    target: event\n    fields:\n      dataset: system.security\n      module: system\n      imported: true\n- add_fields:\n    target: \"@metadata\"\n    fields:\n        pipeline: logs-system.security-1.34.0\n- if:\n    equals:\n      winlog.channel: 'Microsoft-Windows-Sysmon/Operational'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: windows.sysmon_operational\n    - add_fields:\n        target: event\n        fields:\n          dataset: windows.sysmon_operational\n          module: windows\n          imported: true\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-windows.sysmon_operational-1.24.0\n- if:\n    equals:\n      winlog.channel: 'Application'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: system.application\n    - add_fields:\n        target: event\n        fields:\n          dataset: system.application\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-system.application-1.34.0\n- if:\n    equals:\n      winlog.channel: 'System'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: system.system\n    - add_fields:\n        target: event\n        fields:\n          dataset: system.system\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-system.system-1.34.0\n    \n- if:\n    equals:\n      winlog.channel: 'Microsoft-Windows-PowerShell/Operational'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: windows.powershell_operational\n    - add_fields:\n        target: event\n        fields:\n          dataset: windows.powershell_operational\n          module: windows\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-windows.powershell_operational-1.24.0\n- add_fields:\n    target: data_stream\n    fields:\n        dataset: import",
+            "processors": "- dissect:\n    tokenizer: \"/nsm/import/%{import.id}/evtx/%{import.file}\"\n    field: \"log.file.path\"\n    target_prefix: \"\"\n- decode_json_fields:\n    fields: [\"message\"]\n    target: \"\"\n- drop_fields:\n    fields: [\"host\"]\n    ignore_missing: true\n- add_fields:\n    target: data_stream\n    fields:\n      type: logs\n      dataset: system.security\n- add_fields:\n    target: event\n    fields:\n      dataset: system.security\n      module: system\n      imported: true\n- add_fields:\n    target: \"@metadata\"\n    fields:\n        pipeline: logs-system.security-1.43.0\n- if:\n    equals:\n      winlog.channel: 'Microsoft-Windows-Sysmon/Operational'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: windows.sysmon_operational\n    - add_fields:\n        target: event\n        fields:\n          dataset: windows.sysmon_operational\n          module: windows\n          imported: true\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-windows.sysmon_operational-1.38.0\n- if:\n    equals:\n      winlog.channel: 'Application'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: system.application\n    - add_fields:\n        target: event\n        fields:\n          dataset: system.application\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-system.application-1.43.0\n- if:\n    equals:\n      winlog.channel: 'System'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: system.system\n    - add_fields:\n        target: event\n        fields:\n          dataset: system.system\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-system.system-1.43.0\n    \n- if:\n    equals:\n      winlog.channel: 'Microsoft-Windows-PowerShell/Operational'\n  then: \n    - add_fields:\n        target: data_stream\n        fields:\n          dataset: windows.powershell_operational\n    - add_fields:\n        target: event\n        fields:\n          dataset: windows.powershell_operational\n          module: windows\n    - add_fields:\n        target: \"@metadata\"\n        fields:\n            pipeline: logs-windows.powershell_operational-1.38.0\n- add_fields:\n    target: data_stream\n    fields:\n        dataset: import",
-	    "tags": [
+            "tags": [
              "import"
            ]
          }
@@ -450,11 +450,16 @@ post_to_2.4.20() {
 post_to_2.4.30() {
  echo "Regenerating Elastic Agent Installers"
  /sbin/so-elastic-agent-gen-installers
  # there is an occasional error with this state: pki_public_ca_crt: TypeError: list indices must be integers or slices, not str
  set +e
  salt-call state.apply ca queue=True
  set -e
  stop_salt_minion
  mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
  mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
  systemctl_func "start" "salt-minion"
  salt-call state.apply nginx queue=True
  enable_highstate
  POSTVERSION=2.4.30
 }
@@ -592,7 +597,11 @@ unmount_update() {
 update_airgap_rules() {
  # Copy the rules over to update them for airgap.
-  rsync -av $UPDATE_DIR/agrules/* /nsm/repo/rules/
+  rsync -av $UPDATE_DIR/agrules/suricata/* /nsm/rules/suricata/
  rsync -av $UPDATE_DIR/agrules/yara/* /nsm/rules/yara/
  if [ -d /nsm/repo/rules/sigma ]; then
    rsync -av $UPDATE_DIR/agrules/sigma/* /nsm/repo/rules/sigma/
  fi
 }
 update_airgap_repo() {
@@ -751,20 +760,26 @@ apply_hotfix() {
    elastic_fleet_integration_remove endpoints-initial elastic-defend-endpoints
    /usr/sbin/so-elastic-fleet-integration-policy-elastic-defend
  elif [[ "$INSTALLEDVERSION" == "2.4.30" ]] ; then
-    rm -f /opt/so/conf/elastic-fleet/integrations/endpoints-initial/elastic-defend-endpoints.json
+    if [[ $is_airgap -eq 0 ]]; then
-    so-kibana-restart --force
+      update_airgap_rules
-    so-kibana-api-check
+    fi
-    . /usr/sbin/so-elastic-fleet-common
+    if [[ -f /etc/pki/managerssl.key.old ]]; then
      echo "Skipping Certificate Generation"
    else
      rm -f /opt/so/conf/elastic-fleet/integrations/endpoints-initial/elastic-defend-endpoints.json
      so-kibana-restart --force
      so-kibana-api-check
      . /usr/sbin/so-elastic-fleet-common
-    elastic_fleet_integration_remove endpoints-initial elastic-defend-endpoints
+      elastic_fleet_integration_remove endpoints-initial elastic-defend-endpoints
-    rm -f /opt/so/state/eaintegrations.txt
+      rm -f /opt/so/state/eaintegrations.txt
-    salt-call state.apply ca queue=True
+      salt-call state.apply ca queue=True
-    stop_salt_minion
+      stop_salt_minion
-    mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
+      mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old
-    mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
+      mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old
-    systemctl_func "start" "salt-minion"
+      systemctl_func "start" "salt-minion"
-    echo "Applying Salt Highstate"
+      (wait_for_salt_minion "$MINIONID" "5" '/dev/stdout' || fail "Salt minion was not running or ready.") 2>&1 | tee -a "$SOUP_LOG"
-    salt-call state.highstate queue=True  
+    fi  
  else
   echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
  fi
@@ -871,7 +886,6 @@ main() {
    echo "Hotfix applied"
    update_version
    enable_highstate
    (wait_for_salt_minion "$MINIONID" "5" '/dev/stdout' || fail "Salt minion was not running or ready.") 2>&1 | tee -a "$SOUP_LOG"
    highstate
  else
    echo ""
Author	SHA1	Message	Date
Mike Reeves	30bc02178a	Merge pull request #12100 from Security-Onion-Solutions/mkrtemp 2.4.30 hotfix	2024-01-02 11:16:13 -05:00
Mike Reeves	84e8013e46	Update DOWNLOAD_AND_VERIFY_ISO.md	2024-01-02 10:31:14 -05:00
Mike Reeves	80ec4cecec	Merge pull request #12099 from Security-Onion-Solutions/2.4.30hf5 2.4.30 hotfix	2024-01-02 10:29:45 -05:00
Mike Reeves	82482d309a	Update DOWNLOAD_AND_VERIFY_ISO.md	2024-01-02 10:09:13 -05:00
Mike Reeves	d437a2856a	2.4.30 hotfix	2024-01-02 09:48:45 -05:00
Mike Reeves	552e4c0d1c	Merge pull request #12050 from Security-Onion-Solutions/hotfix/2.4.30 Hotfix/2.4.30	2023-12-19 14:37:35 -05:00
Mike Reeves	72fbf386eb	Merge pull request #12051 from Security-Onion-Solutions/jertel/hotfixm Jertel/hotfixm	2023-12-19 13:48:21 -05:00
Jason Ertel	ce8a774129	Merge branch '2.4/main' into jertel/hotfixm	2023-12-19 13:42:13 -05:00
Mike Reeves	cb956fb399	Merge pull request #12049 from Security-Onion-Solutions/2.4.30hf4 2.4.30 hotfix	2023-12-19 13:10:51 -05:00
Mike Reeves	5c34cdd943	2.4.30 hotfix	2023-12-19 13:07:25 -05:00
Mike Reeves	d7bf52de76	Merge pull request #11918 from Security-Onion-Solutions/hotfix/2.4.30 Hotfix/2.4.30	2023-12-06 13:31:33 -05:00
Mike Reeves	b878728882	Merge pull request #11951 from Security-Onion-Solutions/2.4.30hf3 2.4.30 hotfix	2023-12-06 08:36:13 -05:00
Mike Reeves	386e9214fc	2.4.30 hotfix	2023-12-06 08:34:46 -05:00
Mike Reeves	8eaa07a186	Merge pull request #11942 from Security-Onion-Solutions/TOoSmOotH-patch-4 Update soup	2023-12-05 11:26:42 -05:00
Mike Reeves	9446b750c0	Update soup	2023-12-05 11:25:25 -05:00
Mike Reeves	fdd4173632	Update soup	2023-12-05 11:20:56 -05:00
Mike Reeves	b7227e15eb	Merge pull request #11939 from Security-Onion-Solutions/TOoSmOotH-patch-3 Update soup	2023-12-05 10:26:56 -05:00
Mike Reeves	90d9e5b927	Update soup	2023-12-05 10:24:31 -05:00
Mike Reeves	802bf9ce27	Merge pull request #11931 from Security-Onion-Solutions/TOoSmOotH-patch-2 Update soup	2023-12-04 14:00:40 -05:00
Mike Reeves	0b6ba6d2f2	Update soup	2023-12-04 13:51:12 -05:00
Mike Reeves	55a8b1064d	Update soup	2023-12-04 13:36:04 -05:00
Josh Patterson	11a3e12e94	Merge pull request #11929 from Security-Onion-Solutions/hf_soup avoid exiting salt when ca state applied in post for 2.4.30	2023-12-04 11:46:27 -05:00
m0duspwnens	38868af08a	avoid exiting salt when ca state applied in post for 2.4.30	2023-12-04 10:11:38 -05:00
Josh Patterson	ace5dff351	Merge pull request #11923 from Security-Onion-Solutions/hf_soup move wait_for_salt_minion for hotfix	2023-12-01 15:37:35 -05:00
m0duspwnens	265cde5296	move wait_for_salt_minion for hotfix	2023-12-01 15:31:15 -05:00
weslambert	55052c4811	Merge pull request #11919 from Security-Onion-Solutions/fix/remove_curator_changes Remove Curator Changes	2023-12-01 11:15:23 -05:00
Wes	e36044e164	Remove close changes	2023-12-01 16:10:56 +00:00
Wes	6fa4a69753	Remove action changes	2023-12-01 16:10:07 +00:00
Doug Burks	4fc3c852a1	Merge pull request #11890 from chateaulav/chateaulav-import-evtx-logs-11889 Update import-evtx-logs.json	2023-11-30 13:57:59 -05:00
weslambert	32b03f514e	Merge pull request #11907 from Security-Onion-Solutions/fix/curator_close Curator close fixes	2023-11-30 11:05:49 -05:00
Wes	a605c5c62c	Ensure indices managed by ILM can be managed by Curator	2023-11-29 22:13:20 +00:00
Wes	2368e8b793	Fix action file names	2023-11-29 22:06:11 +00:00
weslambert	317b6cb614	Merge pull request #11902 from Security-Onion-Solutions/fix/hotfix_version Update HOTFIX	2023-11-29 17:03:59 -05:00
weslambert	a6d20bdc71	Update HOTFIX	2023-11-29 17:01:29 -05:00
Jonathan Race	ece3c367b5	Update import-evtx-logs.json version updates to match 2.4 release pipelines	2023-11-29 09:20:37 -05:00
Mike Reeves	d3802c1668	Merge pull request #11854 from Security-Onion-Solutions/hotfix/2.4.30 Hotfix/2.4.30	2023-11-21 16:39:40 -05:00
Mike Reeves	874618d512	Merge pull request #11853 from Security-Onion-Solutions/2.4.30hf2 2.4.30 hotfix	2023-11-21 14:32:53 -05:00
Mike Reeves	fa9032b323	2.4.30 hotfix	2023-11-21 14:28:23 -05:00
Mike Reeves	17942676c6	Merge pull request #11844 from Security-Onion-Solutions/TOoSmOotH-patch-5 Update soup	2023-11-21 10:32:24 -05:00
Mike Reeves	458c6de39d	Update soup	2023-11-21 10:30:21 -05:00
Mike Reeves	a39f696a34	Merge pull request #11843 from Security-Onion-Solutions/TOoSmOotH-patch-4 Update soup	2023-11-21 10:19:21 -05:00
Mike Reeves	9aa193af3b	Update soup	2023-11-21 10:18:02 -05:00
Mike Reeves	3f1f256748	Merge pull request #11842 from Security-Onion-Solutions/TOoSmOotH-patch-3 Update HOTFIX	2023-11-21 10:01:13 -05:00
Mike Reeves	c78ea0183f	Update HOTFIX	2023-11-21 09:59:51 -05:00
Mike Reeves	e9417dd437	Merge pull request #11841 from Security-Onion-Solutions/TOoSmOotH-patch-2 Update soup	2023-11-21 09:56:45 -05:00
Mike Reeves	14b5aa476e	Update soup	2023-11-21 09:55:44 -05:00