Merge pull request #8535 from Security-Onion-Solutions/hotfix/2.3.140

Hotfix/2.3.140
Merge pull request #8534 from Security-Onion-Solutions/2.3.140hotfix3
2025-12-06 17:22:49 +01:00 · 2022-08-15 15:06:37 -04:00 · 2022-08-15 13:09:14 -04:00 · 2022-08-15 13:03:25 -04:00 · 2022-08-12 15:04:00 -04:00 · 2022-08-12 13:21:06 -04:00
6 changed files with 83 additions and 47 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-
+20220719 20220812
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.140-20220718 ISO image built on 2022/07/18
+### 2.3.140-20220812 ISO image built on 2022/08/12



 ### Download and Verify

-2.3.140-20220718 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.140-20220718.iso
+2.3.140-20220812 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.140-20220812.iso

-MD5: 9570065548DBFA6230F28FF623A8B61A  
-SHA1: D48B2CC81DF459C3EBBC0C54BD9AAFAB4327CB75  
-SHA256: 0E31E15EDFD3392B9569FCCAF1E4518432ECB0D7A174CCA745F2F22CDAC4A034 
+MD5: 13D4A5D663B5A36D045B980E5F33E6BC  
+SHA1: 85DC36B7E96575259DFD080BC860F6508D5F5899  
+SHA256: DE5D0F82732B81456180AA40C124E5C82688611941EEAF03D85986806631588C 

 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.140-20220718.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.140-20220812.iso.sig

 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma

 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.140-20220718.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.140-20220812.iso.sig
 ```

 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.140-20220718.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.140-20220812.iso
 ```

 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.140-20220718.iso.sig securityonion-2.3.140-20220718.iso
+gpg --verify securityonion-2.3.140-20220812.iso.sig securityonion-2.3.140-20220812.iso
 ```

 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Mon 18 Jul 2022 10:16:05 AM EDT using RSA key ID FE507013
+gpg: Signature made Fri 12 Aug 2022 03:59:11 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -371,6 +371,74 @@ clone_to_tmp() {
  fi
 }

+elastalert_indices_check() {
+
+  # Stop Elastalert to prevent Elastalert indices from being re-created
+  if grep -q "^so-elastalert$" /opt/so/conf/so-status/so-status.conf ; then
+    so-elastalert-stop || true
+  fi
+  
+  # Wait for ElasticSearch to initialize
+  echo -n "Waiting for ElasticSearch..."
+  COUNT=0
+  ELASTICSEARCH_CONNECTED="no"
+  while [[ "$COUNT" -le 240 ]]; do
+    so-elasticsearch-query / -k --output /dev/null
+      if [ $? -eq 0 ]; then
+        ELASTICSEARCH_CONNECTED="yes"
+        echo "connected!"
+          break
+      else
+        ((COUNT+=1))
+        sleep 1
+        echo -n "."
+      fi
+  done
+  
+  # Unable to connect to Elasticsearch 
+  if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
+    echo
+    echo -e "Connection attempt timed out.  Unable to connect to ElasticSearch.  \nPlease try: \n  -checking log(s) in /var/log/elasticsearch/\n  -running 'sudo docker ps' \n  -running 'sudo so-elastic-restart'"
+    echo
+    exit 1
+  fi
+
+  # Check Elastalert indices
+  echo "Deleting Elastalert indices to prevent issues with upgrade to Elastic 8..."
+  CHECK_COUNT=0
+  while [[ "$CHECK_COUNT" -le 2 ]]; do
+    # Delete Elastalert indices
+    for i in $(so-elasticsearch-query _cat/indices | grep elastalert | awk '{print $3}'); do
+      so-elasticsearch-query $i -XDELETE;
+    done
+
+    # Check to ensure Elastalert indices are deleted
+    COUNT=0
+    ELASTALERT_INDICES_DELETED="no"
+    while [[ "$COUNT" -le 240 ]]; do
+      RESPONSE=$(so-elasticsearch-query elastalert*)
+      if [[ "$RESPONSE" == "{}" ]]; then
+        ELASTALERT_INDICES_DELETED="yes"
+        echo "Elastalert indices successfully deleted."
+        break
+      else
+        ((COUNT+=1))
+        sleep 1
+        echo -n "."
+      fi
+    done
+    ((CHECK_COUNT+=1))
+  done
+
+  # If we were unable to delete the Elastalert indices, exit the script
+  if [ "$ELASTALERT_INDICES_DELETED" == "no" ]; then
+    echo
+    echo -e "Unable to connect to delete Elastalert indices. Exiting."
+    echo
+    exit 1
+  fi
+}
+
 enable_highstate() {
    echo "Enabling highstate."
    salt-call state.enable highstate -l info --local
@@ -825,40 +893,7 @@ up_to_2.3.130() {
 }

 up_to_2.3.140() {
-  ## Deleting Elastalert indices to prevent issues with upgrade to Elastic 8 ##
-  echo "Deleting Elastalert indices to prevent issues with upgrade to Elastic 8..."
-  # Wait for ElasticSearch to initialize
-  echo -n "Waiting for ElasticSearch..."
-  COUNT=0
-  ELASTICSEARCH_CONNECTED="no" 
-  while [[ "$COUNT" -le 240 ]]; do
-    so-elasticsearch-query / -k --output /dev/null
-      if [ $? -eq 0 ]; then
-        ELASTICSEARCH_CONNECTED="yes"
-        echo "connected!"
-          break
-      else
-        ((COUNT+=1))
-        sleep 1
-        echo -n "."
-      fi
-  done
-  if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
-    echo
-    echo -e "Connection attempt timed out.  Unable to connect to ElasticSearch.  \nPlease try: \n  -checking log(s) in /var/log/elasticsearch/\n  -running 'sudo docker ps' \n  -running 'sudo so-elastic-restart'"
-    echo
-    exit 1
-   fi
-   
-   # Delete Elastalert indices
-   for i in $(so-elasticsearch-query _cat/indices | grep elastalert | awk '{print $3}'); do so-elasticsearch-query $i -XDELETE; done
-   # Check to ensure Elastalert indices have been deleted
-   RESPONSE=$(so-elasticsearch-query elastalert*)
-   if [[ "$RESPONSE" == "{}" ]]; then
-     echo "Elastalert indices have been deleted."
-   else
-     fail "Something went wrong. Could not delete the Elastalert indices. Exiting."
-   fi
+   elastalert_indices_check
   ##
   INSTALLEDVERSION=2.3.140
 }
@@ -1178,6 +1213,7 @@ main() {
  verify_latest_update_script
  es_version_check
  es_indices_check
+  elastalert_indices_check
  echo ""
  set_palette
  check_elastic_license
--- a/salt/curator/files/bin/so-curator-closed-delete-delete
+++ b/salt/curator/files/bin/so-curator-closed-delete-delete
@@ -29,7 +29,7 @@ LOG="/opt/so/log/curator/so-curator-closed-delete.log"

 overlimit() {

-        [[ $(du -hs --block-size=1GB /nsm/elasticsearch/nodes | awk '{print $1}' ) -gt "{{LOG_SIZE_LIMIT}}" ]]
+        [[ $(du -hs --block-size=1GB /nsm/elasticsearch/indices | awk '{print $1}' ) -gt "{{LOG_SIZE_LIMIT}}" ]]
 }

 closedindices() {
--- a/sigs/securityonion-2.3.140-20220719.iso.sig
+++ b/sigs/securityonion-2.3.140-20220719.iso.sig
--- a/sigs/securityonion-2.3.140-20220812.iso.sig
+++ b/sigs/securityonion-2.3.140-20220812.iso.sig
Author	SHA1	Message	Date
Mike Reeves	9f2b920454	Merge pull request #8535 from Security-Onion-Solutions/hotfix/2.3.140 Hotfix/2.3.140	2022-08-15 15:06:37 -04:00
Mike Reeves	604af45661	Merge pull request #8534 from Security-Onion-Solutions/2.3.140hotfix3 2.3.140 Hotfix	2022-08-15 13:09:14 -04:00
Mike Reeves	3f435c5c1a	2.3.140 Hotfix	2022-08-15 13:03:25 -04:00
Mike Reeves	9903be8120	Merge pull request #8532 from Security-Onion-Solutions/2.3.140-20220815	2022-08-12 15:04:00 -04:00
Doug Burks	991a601a3d	FIX: so-curator-closed-delete-delete needs to reference new Elasticsearch directory #8529	2022-08-12 13:21:06 -04:00
Doug Burks	86519d43dc	Update HOTFIX	2022-08-12 13:20:15 -04:00
Doug Burks	484aa7b207	Merge pull request #8336 from Security-Onion-Solutions/hotfix/2.3.140 Hotfix/2.3.140	2022-07-19 16:13:47 -04:00
Mike Reeves	6986448239	Merge pull request #8333 from Security-Onion-Solutions/2.3.140hotfix 2.3.140 Hotfix	2022-07-19 14:47:50 -04:00
Mike Reeves	dd48d66c1c	2.3.140 Hotfix	2022-07-19 14:39:44 -04:00
Mike Reeves	440f4e75c1	Merge pull request #8332 from Security-Onion-Solutions/dev Merge Hotfix	2022-07-19 13:30:20 -04:00
weslambert	c795a70e9c	Merge pull request #8329 from Security-Onion-Solutions/fix/elastalert_stop_check_enabled Check to ensure Elastalert is enabled and suppress missing container error output	2022-07-19 13:27:35 -04:00
weslambert	340dbe8547	Check to see if Elastalert is enabled before trying to run 'so-elastalert-stop'. Also suppress error output for when so-elastalert container is not present.	2022-07-19 13:25:09 -04:00
Mike Reeves	52a5e743e9	Merge pull request #8327 from Security-Onion-Solutions/TOoSmOotH-patch-1 Update HOTFIX	2022-07-19 11:17:13 -04:00
Wes Lambert	5ceff52796	Move Elastalert indices check to function and call from beginning of soup and during pre-upgrade to 2.3.140	2022-07-19 14:54:39 +00:00
Wes Lambert	f3a0ab0b2d	Perform Elastalert index check twice	2022-07-19 14:48:19 +00:00
Wes Lambert	4a7c994b66	Revise Elastalert index check deletion logic	2022-07-19 14:31:45 +00:00
Mike Reeves	07b8785f3d	Update soup	2022-07-19 10:23:10 -04:00
Mike Reeves	9a1092ab01	Update HOTFIX	2022-07-19 10:21:36 -04:00