mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-02-25 16:35:35 +01:00
Compare commits
9 Commits
TOoSmOotH-
...
reyesj2-pa
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
7e5daf7f7f | ||
|
|
2552a5c17d | ||
|
|
fa479c4b89 | ||
|
|
be35b59b8c | ||
|
|
7170289a5e | ||
|
|
ca040044bb | ||
|
|
f17e2961ed | ||
|
|
bbc7668786 | ||
|
|
1888f9e757 |
@@ -17,7 +17,7 @@
|
|||||||
"paths": [
|
"paths": [
|
||||||
"/nsm/suricata/eve*.json"
|
"/nsm/suricata/eve*.json"
|
||||||
],
|
],
|
||||||
"data_stream.dataset": "filestream.generic",
|
"data_stream.dataset": "suricata",
|
||||||
"pipeline": "suricata.common",
|
"pipeline": "suricata.common",
|
||||||
"parsers": "#- ndjson:\n# target: \"\"\n# message_key: msg\n#- multiline:\n# type: count\n# count_lines: 3\n",
|
"parsers": "#- ndjson:\n# target: \"\"\n# message_key: msg\n#- multiline:\n# type: count\n# count_lines: 3\n",
|
||||||
"exclude_files": [
|
"exclude_files": [
|
||||||
|
|||||||
184
salt/manager/tools/sbin/soupto3
Executable file
184
salt/manager/tools/sbin/soupto3
Executable file
@@ -0,0 +1,184 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||||
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||||
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||||
|
# Elastic License 2.0.
|
||||||
|
|
||||||
|
|
||||||
|
. /usr/sbin/so-common
|
||||||
|
|
||||||
|
UPDATE_URL=https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/refs/heads/3/main/VERSION
|
||||||
|
|
||||||
|
# Check if already running version 3
|
||||||
|
CURRENT_VERSION=$(cat /etc/soversion 2>/dev/null)
|
||||||
|
if [[ "$CURRENT_VERSION" =~ ^3\. ]]; then
|
||||||
|
echo ""
|
||||||
|
echo "========================================================================="
|
||||||
|
echo " Already Running Security Onion 3"
|
||||||
|
echo "========================================================================="
|
||||||
|
echo ""
|
||||||
|
echo " This system is already running Security Onion $CURRENT_VERSION."
|
||||||
|
echo " Use 'soup' to update within the 3.x release line."
|
||||||
|
echo ""
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "Checking PCAP settings."
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
# Check pcapengine setting - must be SURICATA before upgrading to version 3
|
||||||
|
PCAP_ENGINE=$(lookup_pillar "pcapengine")
|
||||||
|
|
||||||
|
PCAP_DELETED=false
|
||||||
|
|
||||||
|
prompt_delete_pcap() {
|
||||||
|
read -rp " Would you like to delete all remaining Stenographer PCAP data? (y/N): " DELETE_PCAP
|
||||||
|
if [[ "$DELETE_PCAP" =~ ^[Yy]$ ]]; then
|
||||||
|
echo ""
|
||||||
|
echo " WARNING: This will permanently delete all Stenographer PCAP data"
|
||||||
|
echo " on all nodes. This action cannot be undone."
|
||||||
|
echo ""
|
||||||
|
read -rp " Are you sure? (y/N): " CONFIRM_DELETE
|
||||||
|
if [[ "$CONFIRM_DELETE" =~ ^[Yy]$ ]]; then
|
||||||
|
echo ""
|
||||||
|
echo " Deleting Stenographer PCAP data on all nodes..."
|
||||||
|
salt '*' cmd.run "rm -rf /nsm/pcap/* && rm -rf /nsm/pcapindex/*"
|
||||||
|
echo " Done."
|
||||||
|
PCAP_DELETED=true
|
||||||
|
else
|
||||||
|
echo ""
|
||||||
|
echo " Delete cancelled."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
pcapengine_not_changed() {
|
||||||
|
echo ""
|
||||||
|
echo " PCAP engine must be set to SURICATA before upgrading to Security Onion 3."
|
||||||
|
echo " You can change this in SOC by navigating to:"
|
||||||
|
echo " Configuration -> global -> pcapengine"
|
||||||
|
}
|
||||||
|
|
||||||
|
prompt_change_engine() {
|
||||||
|
local current_engine=$1
|
||||||
|
echo ""
|
||||||
|
read -rp " Would you like to change the PCAP engine to SURICATA now? (y/N): " CHANGE_ENGINE
|
||||||
|
if [[ "$CHANGE_ENGINE" =~ ^[Yy]$ ]]; then
|
||||||
|
if [[ "$PCAP_DELETED" != "true" ]]; then
|
||||||
|
echo ""
|
||||||
|
echo " WARNING: Stenographer PCAP data was not deleted. If you proceed,"
|
||||||
|
echo " this data will no longer be accessible through SOC and will never"
|
||||||
|
echo " be automatically deleted. You will need to manually remove it later."
|
||||||
|
echo ""
|
||||||
|
read -rp " Continue with changing pcapengine to SURICATA? (y/N): " CONFIRM_CHANGE
|
||||||
|
if [[ ! "$CONFIRM_CHANGE" =~ ^[Yy]$ ]]; then
|
||||||
|
pcapengine_not_changed
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
echo ""
|
||||||
|
echo " Updating PCAP engine to SURICATA..."
|
||||||
|
so-yaml.py replace /opt/so/saltstack/local/pillar/global/soc_global.sls global.pcapengine SURICATA
|
||||||
|
echo " Done."
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
pcapengine_not_changed
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$PCAP_ENGINE" in
|
||||||
|
SURICATA)
|
||||||
|
echo "PCAP engine settings OK."
|
||||||
|
;;
|
||||||
|
TRANSITION|STENO)
|
||||||
|
echo ""
|
||||||
|
echo "========================================================================="
|
||||||
|
echo " PCAP Engine Check Failed"
|
||||||
|
echo "========================================================================="
|
||||||
|
echo ""
|
||||||
|
echo " Your PCAP engine is currently set to $PCAP_ENGINE."
|
||||||
|
echo ""
|
||||||
|
echo " Before upgrading to Security Onion 3, Stenographer PCAP data must be"
|
||||||
|
echo " removed and the PCAP engine must be set to SURICATA."
|
||||||
|
echo ""
|
||||||
|
echo " To check remaining Stenographer PCAP usage, run:"
|
||||||
|
echo " salt '*' cmd.run 'du -sh /nsm/pcap'"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
prompt_delete_pcap
|
||||||
|
if ! prompt_change_engine "$PCAP_ENGINE"; then
|
||||||
|
echo ""
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo ""
|
||||||
|
echo "========================================================================="
|
||||||
|
echo " PCAP Engine Check Failed"
|
||||||
|
echo "========================================================================="
|
||||||
|
echo ""
|
||||||
|
echo " Unable to determine the PCAP engine setting (got: '$PCAP_ENGINE')."
|
||||||
|
echo " Please ensure the PCAP engine is set to SURICATA."
|
||||||
|
echo " In SOC, navigate to Configuration -> global -> pcapengine"
|
||||||
|
echo " and change the value to SURICATA."
|
||||||
|
echo ""
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "Checking Versions."
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
# Check if Security Onion 3 has been released
|
||||||
|
VERSION=$(curl -sSf "$UPDATE_URL" 2>/dev/null)
|
||||||
|
|
||||||
|
if [[ -z "$VERSION" ]]; then
|
||||||
|
echo ""
|
||||||
|
echo "========================================================================="
|
||||||
|
echo " Unable to Check Version"
|
||||||
|
echo "========================================================================="
|
||||||
|
echo ""
|
||||||
|
echo " Could not retrieve version information from:"
|
||||||
|
echo " $UPDATE_URL"
|
||||||
|
echo ""
|
||||||
|
echo " Please check your network connection and try again."
|
||||||
|
echo ""
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "$VERSION" == "UNRELEASED" ]]; then
|
||||||
|
echo ""
|
||||||
|
echo "========================================================================="
|
||||||
|
echo " Security Onion 3 Not Available"
|
||||||
|
echo "========================================================================="
|
||||||
|
echo ""
|
||||||
|
echo " Security Onion 3 has not been released yet."
|
||||||
|
echo ""
|
||||||
|
echo " Please check back later or visit https://securityonion.net for updates."
|
||||||
|
echo ""
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Validate version format (e.g., 3.0.2)
|
||||||
|
if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||||
|
echo ""
|
||||||
|
echo "========================================================================="
|
||||||
|
echo " Invalid Version"
|
||||||
|
echo "========================================================================="
|
||||||
|
echo ""
|
||||||
|
echo " Received unexpected version format: '$VERSION'"
|
||||||
|
echo ""
|
||||||
|
echo " Please check back later or visit https://securityonion.net for updates."
|
||||||
|
echo ""
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Security Onion 3 ($VERSION) is available. Upgrading..."
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
# All checks passed - proceed with upgrade
|
||||||
|
BRANCH=3/main soup
|
||||||
Reference in New Issue
Block a user