Mike Reeves 8b488f9226 soup: make failed upgrades and hotfixes resumable
A failed highstate mid-upgrade left /etc/soversion already advanced to the
target version (the highstate stamps it from the pillar via the soversionfile
state), so a re-run of soup saw INSTALLEDVERSION == NEWVERSION and reported
"already running the latest version", stranding the box with post-upgrade
steps never run.

Introduce /etc/sopostversion, a soup-owned marker (no salt state manages it)
that records post-upgrade walk progress. It is seeded from the pre-upgrade
version before the highstate, advanced after each post_to_* step, and removed
on successful completion. upgrade_check treats a leftover marker as "upgrade
not finished" and resumes the remaining post steps instead of bailing.

Also fix the hotfix path: /etc/sohotfix was written before the hotfix
highstate, so a failed hotfix highstate looked already-applied on re-run.
Since no salt state manages /etc/sohotfix, defer its write (update_version)
until after the highstate succeeds so it is an honest completion marker.
2026-07-14 17:30:58 -04:00
2026-05-28 09:34:17 -04:00
2026-04-01 10:47:59 -04:00
2026-05-28 09:34:17 -04:00
2026-05-28 10:24:47 -04:00
2026-06-22 16:52:29 -04:00

Security Onion Logo

Security Onion

Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes a comprehensive suite of tools designed to work together to provide visibility into your network and host activity.

Features

Security Onion includes everything you need to monitor your network and host systems:

  • Security Onion Console (SOC): A unified web interface for analyzing security events and managing your grid.
  • Elastic Stack: Powerful search backed by Elasticsearch.
  • Intrusion Detection: Network-based IDS with Suricata and host-based monitoring with Elastic Fleet.
  • Network Metadata: Detailed network metadata generated by Zeek or Suricata.
  • Full Packet Capture: Retain and analyze raw network traffic with Suricata PCAP.

Security Onion Pro

For organizations and enterprises requiring advanced capabilities, Security Onion Pro offers additional features designed for scale and efficiency:

  • Onion AI: Leverage powerful AI-driven insights to accelerate your analysis and investigations.
  • Enterprise Features: Enhanced tools and integrations tailored for enterprise-grade security operations.

For more information, visit the Security Onion Pro page.

☁️ Cloud Deployment

Security Onion is available and ready to deploy in the AWS, Azure, and Google Cloud (GCP) marketplaces.

🚀 Getting Started

Goal Resource
Download Security Onion ISO
Requirements Hardware Guide
Install Installation Instructions
What's New Release Notes

📖 Documentation & Support

For more detailed information, please visit our Documentation.

🤝 Contributing

We welcome contributions! Please see our CONTRIBUTING.md for guidelines on how to get involved.

🛡️ License

Security Onion is licensed under the terms of the license found in the LICENSE file.


Built with 🧅 by Security Onion Solutions.

S
Description
Security Onion 2 - Linux distro for threat hunting, enterprise security monitoring, and log management
Readme
79 MiB
Languages
Shell 51%
Jinja 22.2%
SaltStack 12%
Python 8.7%
CSS 2%
Other 4%