Merge pull request #12195 from Security-Onion-Solutions/2.4/dev

2.4.40

DOWNLOAD_AND_VERIFY_ISO.md

@@ -1,17 +1,17 @@
-### 2.4.30-20231228 ISO image released on 2024/01/02
+### 2.4.40-20240116 ISO image released on 2024/01/17
 
 
 ### Download and Verify
 
-2.4.30-20231228 ISO image:  
+2.4.40-20240116 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231228.iso
+https://download.securityonion.net/file/securityonion/securityonion-2.4.40-20240116.iso
  
-MD5: DBD47645CD6FA8358C51D8753046FB54  
+MD5: AC55D027B663F3CE0878FEBDAD9DD78B  
-SHA1: 2494091065434ACB028F71444A5D16E8F8A11EDF  
+SHA1: C2B51723B17F3DC843CC493EB80E93B123E3A3E1  
-SHA256: 3345AE1DC58AC7F29D82E60D9A36CDF8DE19B7DFF999D8C4F89C7BD36AEE7F1D  
+SHA256: C5F135FCF45A836BBFF58C231F95E1EA0CD894898322187AD5FBFCD24BC2F123  
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231228.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.40-20240116.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.30-20231228.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.40-20240116.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.30-20231228.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.40-20240116.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.30-20231228.iso.sig securityonion-2.4.30-20231228.iso
+gpg --verify securityonion-2.4.40-20240116.iso.sig securityonion-2.4.40-20240116.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Thu 28 Dec 2023 10:08:31 AM EST using RSA key ID FE507013
+gpg: Signature made Tue 16 Jan 2024 07:34:40 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.

pillar/top.sls

@@ -16,7 +16,6 @@ base:
     - sensoroni.adv_sensoroni
     - telegraf.soc_telegraf
     - telegraf.adv_telegraf
-    - users
 
   '* and not *_desktop':
     - firewall.soc_firewall

pillar/users/init.sls

@@ -1,2 +0,0 @@
-# users pillar goes in /opt/so/saltstack/local/pillar/users/init.sls
-# the users directory may need to be created under /opt/so/saltstack/local/pillar

pillar/users/pillar.example

@@ -1,18 +0,0 @@
-users:
-  sclapton:
-    # required fields
-    status: present
-    # node_access determines which node types the user can access.
-    # this can either be by grains.role or by final part of the minion id after the _
-    node_access:
-      - standalone
-      - searchnode
-    # optional fields
-    fullname: Stevie Claptoon
-    uid: 1001
-    gid: 1001
-    homephone: does not have a phone
-    groups:
-      - mygroup1
-      - mygroup2
-      - wheel # give sudo access

pillar/users/pillar.usage

@@ -1,20 +0,0 @@
-users:
-  sclapton:
-    # required fields
-    status: <present | absent>
-    # node_access determines which node types the user can access.
-    # this can either be by grains.role or by final part of the minion id after the _
-    node_access:
-      - standalone
-      - searchnode
-    # optional fields
-    fullname: <string>
-    uid: <integer>
-    gid: <integer>
-    roomnumber: <string>
-    workphone: <string>
-    homephone: <string>
-    groups:
-      - <string>
-      - <string>
-      - wheel # give sudo access

salt/top.sls

@@ -29,7 +29,6 @@ base:
     - salt.minion-check
     - salt.lasthighstate
     - common
-    - users
     - docker
     - docker_clean
 

salt/users/init.sls

@@ -1,110 +0,0 @@
-# The creation of a user will require a pub key placed in /opt/so/saltstack/local/salt/users/authorized_keys/<username>
-
-# If a user is changed from present to absent, their usergroup will be removed, but any additional usergroups that were created
-# for that user will remain.
-
-{% from 'users/map.jinja' import reserved_usernames %}
-
-{% for username, userdeets in pillar.get('users', {}).items() if username not in reserved_usernames %}
-  {% if 'status' in userdeets %}
-    {% if userdeets.status == 'absent' %}
-
-remove_user_{{username}}:
-  user.absent:
-    - name: {{ username }}
-    {% if 'purge' in userdeets %}
-    - purge: {{ userdeets.purge }}
-    {% endif %}
-    - force: True
-
-  {% elif userdeets.status == 'present' %}
-
-    {% if 'node_access' in userdeets %}
-      {% if grains.role in userdeets.node_access or grains.id.split('_')|last in userdeets.node_access %}
-
-add_user_group_{{username}}:
-  group.present:
-    - name: {{ username }}
-        {% if 'uid' in userdeets %}
-    - gid: {{ userdeets.uid }}
-        {% endif %}
-
-add_user_{{username}}:
-  user.present:
-    - name: {{ username }}
-    - home: {{ userdeets.get('home', "/home/%s" % username) }}
-    - shell: {{ userdeets.get('shell', '/bin/bash') }}
-    - usergroup: True
-
-        {% if 'fullname' in userdeets %}
-    - fullname: {{ userdeets.fullname }}
-        {% endif %}
-
-        {% if 'uid' in userdeets %}
-    - uid: {{ userdeets.uid }}
-        {% endif %}
-
-        {% if 'gid' in userdeets %}
-    - gid: {{ userdeets.gid }}
-        {% endif %}
-
-        {% if 'roomnumber' in userdeets %}
-    - roomnumber: {{ userdeets.roomnumber }}
-        {% endif %}
-
-        {% if 'workphone' in userdeets %}
-    - workphone: {{ userdeets.workphone }}
-        {% endif %}
-
-        {% if 'homephone' in userdeets %}
-    - homephone: {{ userdeets.homephone }}
-        {% endif %}
-
-        {% if 'groups' in userdeets %}
-    - groups:
-          {% for group in userdeets.groups %}
-      - {{ group }}
-          {% endfor %}
-        {% endif %}
-
-{{username}}_authorized_keys:
-  file.managed:
-    - name: /home/{{username}}/.ssh/authorized_keys
-    - source: salt://users/authorized_keys/{{username}}
-    - user: {{username}}
-    - group: {{username}}
-    - mode: 644
-    - show_diff: False
-    - makedirs: True
-    - require:
-      - user: add_user_{{username}}
-
-      {% endif %}
-    {% endif %}
-
-  {% else %}
-
-unknown_status_or_password_not_provided_for_user_{{username}}:
-  test.fail_without_changes:
-    - comment: "Verify status is 'present' or 'absent' and a password is provided for {{username}} in the users pillar."
-
-    {% endif %}
-
-  {% else %}
-
-status_not_provided_for_user_{{username}}:
-  test.fail_without_changes:
-    - comment: "Status should be 'present' or 'absent'."
-
-  {% endif %}
-{% endfor %}
-
-disable_wheel_pwd_required:
-  file.comment:
-    - name: /etc/sudoers
-    - regex: "%wheel\\s+ALL=\\(ALL\\)\\s+ALL"
-
-allow_wheel_no_pwd:
-  file.uncomment:
-    - name: /etc/sudoers
-    - regex: "%wheel\\s+ALL=\\(ALL\\)\\s+NOPASSWD: ALL"

salt/users/map.jinja

@@ -1,58 +0,0 @@
-{% set reserved_usernames = [
-    'root',
-    'bin',
-    'daemon',
-    'adm',
-    'lp',
-    'sync',
-    'shutdown',
-    'halt',
-    'mail',
-    'operator',
-    'games',
-    'ftp',
-    'nobody',
-    'systemd-network',
-    'dbus',
-    'polkitd',
-    'tss',
-    'sshd',
-    'ossec',
-    'postfix',
-    'chrony',
-    'ntp',
-    'tcpdump',
-    'socore',
-    'soremote',
-    'elasticsearch',
-    'stenographer',
-    'suricata',
-    'zeek',
-    'curator',
-    'kratos',
-    'kibana',
-    'elastalert',
-    'ossecm',
-    'ossecr',
-    'logstash',
-    'sys',
-    'man',
-    'news',
-    'uucp',
-    'proxy',
-    'www-data',
-    'backup',
-    'list',
-    'irc',
-    'gnats',
-    'systemd-resolve',
-    'syslog',
-    'messagebus',
-    '_apt',
-    'lxd',
-    'uuidd',
-    'dnsmasq',
-    'landscape',
-    'pollinate',
-    'ossec'
-] %}