Merge pull request #514 from Security-Onion-Solutions/2.4/dev

2.4.50
Security-Onion-Solutions · Feb 20, 2024 · f94474e · f94474e
2 parents c9f6faa + c74f213
commit f94474e
Show file tree

Hide file tree

Showing 9 changed files with 27 additions and 12 deletions.
diff --git a/so-elastic-fleet-package-registry/scripts/supported-integrations.txt b/so-elastic-fleet-package-registry/scripts/supported-integrations.txt
@@ -13,6 +13,8 @@ cisco_ios-
 cisco_ise-
 cisco_meraki-
 cisco_umbrella-
+citrix_adc-
+citrix_waf-
 cloudflare-
 crowdstrike-
 darktrace-
@@ -42,6 +44,7 @@ microsoft_sqlserver-
 mimecast-
 mysql-
 netflow-
+nginx-
 o365-
 okta-
 osquery_manager-
@@ -72,6 +75,7 @@ ti_threatq-
 udp-
 vsphere-
 windows-
+winlog-
 zscaler_zia-
 zscaler_zpa-
 1password-
diff --git a/so-nginx/Dockerfile b/so-nginx/Dockerfile
@@ -36,7 +36,7 @@ HEALTHCHECK --interval=5m --timeout=3s CMD curl --fail http://localhost/ || exit
 LABEL maintainer "Security Onion Solutions, LLC"
 LABEL description="Security Onion Core Functions Docker"
 
-ARG CYBERCHEF_VERSION=10.5.2
+ARG CYBERCHEF_VERSION=10.6.0
 
 RUN mkdir -p /opt/socore/html/navigator
 COPY --from=navigator-builder /attack-navigator/nav-app/dist /opt/socore/html/navigator

diff --git a/so-steno/files/so-steno.sh b/so-steno/files/so-steno.sh
@@ -1,8 +1,9 @@
 #!/bin/bash
+exec >> /var/log/stenographer/stenographer.log 2>&1
 
 # Generate the keys if they have not been already
 /usr/bin/stenokeys.sh 941 939
 
 chown -R 941:939 /etc/stenographer/certs
 
-runuser -l stenographer -c '/usr/bin/stenographer --syslog=false >> /var/log/stenographer/stenographer.log 2>&1' 
+exec runuser -l stenographer -c 'exec /usr/bin/stenographer -v 1 --syslog=false' 
diff --git a/so-strelka-backend/Dockerfile b/so-strelka-backend/Dockerfile
@@ -25,7 +25,7 @@ RUN groupadd --gid $USER_GID $USERNAME \
 RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
 
 # SO - Pin to release tag, download from GitHub, and prepare container dirs
-ARG STRELKA_RELEASE_VERSION=0.23.12.01
+ARG STRELKA_RELEASE_VERSION=0.24.01.18
 RUN mkdir /strelka && \
     mkdir /etc/strelka && \
     mkdir /tmp/strelka && \

diff --git a/so-strelka-filestream/Dockerfile b/so-strelka-filestream/Dockerfile
@@ -1,6 +1,6 @@
-FROM ghcr.io/security-onion-solutions/golang:alpine AS build
+FROM ghcr.io/security-onion-solutions/golang:1.21.5-alpine AS build
 LABEL maintainer "Security Onion Solutions, LLC"
-ARG STRELKA_RELEASE_VERSION=0.23.12.01
+ARG STRELKA_RELEASE_VERSION=0.24.01.18
 
 RUN CGO_ENABLED=0 go install github.com/target/strelka/src/go/cmd/strelka-filestream@$STRELKA_RELEASE_VERSION
 

diff --git a/so-strelka-frontend/Dockerfile b/so-strelka-frontend/Dockerfile
@@ -1,14 +1,24 @@
-FROM ghcr.io/security-onion-solutions/golang AS build
+FROM ghcr.io/security-onion-solutions/golang:1.21.5-alpine AS build
 LABEL maintainer "Security Onion Solutions, LLC"
-ARG STRELKA_RELEASE_VERSION=0.23.12.01
+ARG STRELKA_RELEASE_VERSION=0.24.01.18
 
-RUN CGO_ENABLED=0 go install github.com/target/strelka/src/go/cmd/strelka-frontend@$STRELKA_RELEASE_VERSION
+RUN apk add openssl-dev \
+    bash \
+    build-base \
+    pkgconfig \
+    librdkafka \
+    librdkafka-dev && \
+    CGO_ENABLED=1 go install -tags musl github.com/target/strelka/src/go/cmd/strelka-frontend@$STRELKA_RELEASE_VERSION
 
 FROM ghcr.io/security-onion-solutions/alpine
+
 COPY --from=build /go/bin/strelka-frontend /usr/local/bin/
+
 RUN addgroup -g 939 strelka && \
     adduser -u 939 -G strelka strelka --disabled-password \
     -h /etc/strelka --no-create-home strelka && \
     mkdir /var/log/strelka/ && \
+    touch /var/log/strelka/strelka.log && \
     chown -R 939:939 /var/log/strelka/
+
 USER strelka
diff --git a/so-strelka-manager/Dockerfile b/so-strelka-manager/Dockerfile
@@ -1,6 +1,6 @@
-FROM ghcr.io/security-onion-solutions/golang AS build
+FROM ghcr.io/security-onion-solutions/golang:1.21.5-alpine AS build
 LABEL maintainer "Security Onion Solutions, LLC"
-ARG STRELKA_RELEASE_VERSION=0.23.12.01
+ARG STRELKA_RELEASE_VERSION=0.24.01.18
 
 RUN CGO_ENABLED=0 go install github.com/target/strelka/src/go/cmd/strelka-manager@$STRELKA_RELEASE_VERSION
 

diff --git a/so-suricata/Dockerfile b/so-suricata/Dockerfile
@@ -27,7 +27,7 @@ RUN dnf -y install autoconf automake diffutils file-devel gcc gcc-c++ git \
                lua-devel lz4-devel make nss-devel pcre-devel pcre2-devel pkgconfig \
                python3-devel python3-sphinx python3-yaml sudo which cargo \
                zlib-devel luajit-devel cargo && cargo install --force cbindgen
-ENV SURIVERSION=7.0.2
+ENV SURIVERSION=7.0.3
 RUN mkdir /suricata
 
 WORKDIR /suricata

diff --git a/so-zeek/Dockerfile b/so-zeek/Dockerfile
@@ -39,7 +39,7 @@ RUN dnf -y install perl && \
 
 WORKDIR /
 
-ENV ZEEKVER=6.0.2
+ENV ZEEKVER=6.0.3
 ARG BUILD_TYPE=Release
 
 RUN mkdir /zeekbuild