Mike Reeves 40c02b3149 Make so-kernel-upgrade populate the kernel repo and fail loudly
Three stages of the UEK8 path fail silently, and the script only handled
the last one:

1. Populate. so-repo-sync runs before the highstate deploys the
   [securityonionkernel] section into repodownload.conf, so the first
   kernel-aware soup skips the kernel sync. kernelrepo_init_empty then
   seeds valid-but-empty repodata, leaving an enabled repo with zero
   packages. dnf resolves it happily and installs nothing, no error.

2. Install. `dnf install kernel-uek` on a UEK7 node sees kernel-uek 5.15
   already installed, prints "Nothing to do" and exits 0 -- so the script
   sailed past the install and died later with a misleading grubby error.

3. Boot. Already handled: grubby only auto-promotes within the running
   kernel's flavor lineage, so 5.x -> 6.x UEK never promotes on its own.

Add ensure_kernel_repo(), which verifies the repo is enabled (necessary
because skip_if_unavailable=1 hides a broken repo) and that it can serve a
6.x kernel-uek. When it cannot, a manager runs so-repo-sync to populate
/nsm/kernelrepo and re-checks; a minion cannot fix it and exits non-zero
pointing the admin at the manager. Airgap managers bail, since their repo
comes from the ISO rather than a sync.

Install the explicit UEK8 NEVRA instead of the bare package name so the
"Nothing to do" exit-0 case cannot mask a no-op, and pin the repoquery to
securityonionkernel so a UEK7 kernel-uek in the main repo is never picked.

Still idempotent and still never reboots.
2026-07-09 14:21:08 -04:00
2023-12-19 18:58:17 +00:00
2024-04-11 15:32:00 -04:00
2026-05-28 09:34:17 -04:00
2025-06-27 11:00:35 -04:00
2026-04-01 10:47:59 -04:00
2026-05-28 09:34:17 -04:00
2026-05-28 10:24:47 -04:00
2020-11-17 09:00:02 -05:00
2025-02-20 11:07:50 -05:00
2026-03-04 15:48:16 -05:00
2026-03-05 11:05:19 -05:00
2023-06-26 16:01:58 -04:00
2022-09-07 09:06:25 -04:00
2026-06-22 16:52:29 -04:00

Security Onion Logo

Security Onion

Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes a comprehensive suite of tools designed to work together to provide visibility into your network and host activity.

Features

Security Onion includes everything you need to monitor your network and host systems:

  • Security Onion Console (SOC): A unified web interface for analyzing security events and managing your grid.
  • Elastic Stack: Powerful search backed by Elasticsearch.
  • Intrusion Detection: Network-based IDS with Suricata and host-based monitoring with Elastic Fleet.
  • Network Metadata: Detailed network metadata generated by Zeek or Suricata.
  • Full Packet Capture: Retain and analyze raw network traffic with Suricata PCAP.

Security Onion Pro

For organizations and enterprises requiring advanced capabilities, Security Onion Pro offers additional features designed for scale and efficiency:

  • Onion AI: Leverage powerful AI-driven insights to accelerate your analysis and investigations.
  • Enterprise Features: Enhanced tools and integrations tailored for enterprise-grade security operations.

For more information, visit the Security Onion Pro page.

☁️ Cloud Deployment

Security Onion is available and ready to deploy in the AWS, Azure, and Google Cloud (GCP) marketplaces.

🚀 Getting Started

Goal Resource
Download Security Onion ISO
Requirements Hardware Guide
Install Installation Instructions
What's New Release Notes

📖 Documentation & Support

For more detailed information, please visit our Documentation.

🤝 Contributing

We welcome contributions! Please see our CONTRIBUTING.md for guidelines on how to get involved.

🛡️ License

Security Onion is licensed under the terms of the license found in the LICENSE file.


Built with 🧅 by Security Onion Solutions.

S
Description
Security Onion 2 - Linux distro for threat hunting, enterprise security monitoring, and log management
Readme
79 MiB
Languages
Shell 51%
Jinja 22.2%
SaltStack 12%
Python 8.7%
CSS 2%
Other 4%