Mike Reeves
23255f88e0
Hooks every so-yaml.py write through a new so_yaml_postgres helper that mirrors disk YAML mutations into so_pillar.pillar_entry via docker exec psql. Disk remains canonical during the transition; PG mirror failures are logged only when a real write error occurs (skipped paths and postgres-unreachable cases stay silent so existing callers don't see new noise on stderr). Adds a `purge YAML_FILE` verb on so-yaml that deletes the file from disk and removes the matching pillar_entry rows. For minion files it also drops the so_pillar.minion row, which CASCADEs to pillar_entry + role_member. Designed for so-minion's delete path (replaces rm -f) so the audit log captures the deletion. setup/so-functions::generate_passwords + secrets_pillar generate secrets:pillar_master_pass and /opt/so/conf/postgres/so_pillar.key on fresh installs, and append the password to existing secrets.sls files on upgrade. - salt/manager/tools/sbin/so_yaml_postgres.py: locate(), write_yaml(), purge_yaml(), and a small CLI for diagnostics. Skips bootstrap and mine-driven paths via the same allowlist used by so-pillar-import. - salt/manager/tools/sbin/so-yaml.py: import the helper, hook writeYaml() to mirror after every disk write, add purgeFile() and the purge verb. - salt/manager/tools/sbin/so-yaml_test.py: 16 new tests covering the purge verb and the path-locator / write contract of so_yaml_postgres without contacting Postgres. All 91 tests pass. - setup/so-functions: generate_passwords adds PILLARMASTERPASS and SO_PILLAR_KEY; secrets_pillar writes pillar_master_pass and the pgcrypto master key file.
Security Onion
Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes a comprehensive suite of tools designed to work together to provide visibility into your network and host activity.
✨ Features
Security Onion includes everything you need to monitor your network and host systems:
- Security Onion Console (SOC): A unified web interface for analyzing security events and managing your grid.
- Elastic Stack: Powerful search backed by Elasticsearch.
- Intrusion Detection: Network-based IDS with Suricata and host-based monitoring with Elastic Fleet.
- Network Metadata: Detailed network metadata generated by Zeek or Suricata.
- Full Packet Capture: Retain and analyze raw network traffic with Suricata PCAP.
⭐ Security Onion Pro
For organizations and enterprises requiring advanced capabilities, Security Onion Pro offers additional features designed for scale and efficiency:
- Onion AI: Leverage powerful AI-driven insights to accelerate your analysis and investigations.
- Enterprise Features: Enhanced tools and integrations tailored for enterprise-grade security operations.
For more information, visit the Security Onion Pro page.
☁️ Cloud Deployment
Security Onion is available and ready to deploy in the AWS, Azure, and Google Cloud (GCP) marketplaces.
🚀 Getting Started
| Goal | Resource |
|---|---|
| Download | Security Onion ISO |
| Requirements | Hardware Guide |
| Install | Installation Instructions |
| What's New | Release Notes |
📖 Documentation & Support
For more detailed information, please visit our Documentation.
- FAQ: Frequently Asked Questions
- Community: Discussions & Support
- Training: Official Training
🤝 Contributing
We welcome contributions! Please see our CONTRIBUTING.md for guidelines on how to get involved.
🛡️ License
Security Onion is licensed under the terms of the license found in the LICENSE file.
Built with 🧅 by Security Onion Solutions.