From 07ed2cb3daf36862712dae58e87252b0199a4680 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 10 Oct 2023 21:35:48 -0400 Subject: [PATCH 01/16] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 415d027e4b..a62523bfcf 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.270 +2.3.280 From a9457d5f535a8a8af22e3ab02943c0626cb7c7e8 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Tue, 17 Oct 2023 16:02:16 -0400 Subject: [PATCH 02/16] Remove external community-id replaced with Zeek 6 built in community-id. Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com> --- pillar/zeek/init.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pillar/zeek/init.sls b/pillar/zeek/init.sls index 01023fb602..64316838f3 100644 --- a/pillar/zeek/init.sls +++ b/pillar/zeek/init.sls @@ -42,12 +42,13 @@ zeek: - frameworks/files/hash-all-files - frameworks/files/detect-MHR - policy/frameworks/notice/extend-email/hostnames + - policy/frameworks/notice/community-id + - policy/protocols/conn/community-id-logging - ja3 - hassh - intel - cve-2020-0601 - securityonion/bpfconf - - securityonion/communityid - securityonion/file-extraction - oui-logging - icsnpp-modbus From 7b11ddb032dc6bdf0b428ec664b31174f93cf4b3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 9 Nov 2023 10:25:16 -0500 Subject: [PATCH 03/16] Update soup --- salt/common/tools/sbin/soup | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 993ca4c8c7..e4a25aef59 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -580,6 +580,7 @@ preupgrade_changes() { [[ "$INSTALLEDVERSION" == 2.3.240 ]] && up_to_2.3.250 [[ "$INSTALLEDVERSION" == 2.3.250 ]] && up_to_2.3.260 [[ "$INSTALLEDVERSION" == 2.3.260 ]] && up_to_2.3.270 + [[ "$INSTALLEDVERSION" == 2.3.270 ]] && up_to_2.3.280 true } @@ -612,6 +613,7 @@ postupgrade_changes() { [[ "$POSTVERSION" == 2.3.240 ]] && post_to_2.3.250 [[ "$POSTVERSION" == 2.3.250 ]] && post_to_2.3.260 [[ "$POSTVERSION" == 2.3.260 ]] && post_to_2.3.270 + [[ "$POSTVERSION" == 2.3.270 ]] && post_to_2.3.280 true } @@ -772,6 +774,13 @@ post_to_2.3.270() { POSTVERSION=2.3.270 } +post_to_2.3.280() { + echo "Nothing to do for .280 + + POSTVERSION=2.3.280 +} + + stop_salt_master() { # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts set +e @@ -1137,6 +1146,11 @@ up_to_2.3.270() { INSTALLEDVERSION=2.3.270 } +up_to_2.3.280() { + echo "Upgrading to 2.3.280" + INSTALLEDVERSION=2.3.280 +} + verify_upgradespace() { CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') if [ "$CURRENTSPACE" -lt "10" ]; then From 07df045e79128b41badec7bef3f472a2b9c1af8c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 9 Nov 2023 10:38:53 -0500 Subject: [PATCH 04/16] Update soup --- salt/common/tools/sbin/soup | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index e4a25aef59..029970c5d8 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -1734,8 +1734,12 @@ if [[ -z $UNATTENDED ]]; then SOUP - Security Onion UPdater +**WARNING** Security Onion 2.3 reaches End Of Life (EOL) on April 6, 2024. +Please make plans to migrate to Security Onion 2.4: +https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html + Please review the following for more information about the update process and recent updates: -https://docs.securityonion.net/soup +https://docs.securityonion.net/en/2.3/soup.html https://blog.securityonion.net EOF From b7cf44466c9b4b9bddbda96a7d9e61b816e033b0 Mon Sep 17 00:00:00 2001 From: weslambert Date: Mon, 13 Nov 2023 09:16:23 -0500 Subject: [PATCH 05/16] Elastic 8.10.4 --- salt/kibana/files/config_saved_objects.ndjson | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/kibana/files/config_saved_objects.ndjson b/salt/kibana/files/config_saved_objects.ndjson index 67554a49f9..5b3a0f15ed 100644 --- a/salt/kibana/files/config_saved_objects.ndjson +++ b/salt/kibana/files/config_saved_objects.ndjson @@ -1 +1 @@ -{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.8.2","id": "8.8.2","references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} +{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.10.4","id": "8.10.4","references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} From 3316e1261d45438615f0b5c48aa5eab05d6cea8c Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Mon, 13 Nov 2023 09:16:25 -0500 Subject: [PATCH 06/16] Add EOL warning to README.md --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 1c0a312120..d2efc98cf2 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,20 @@ Security Onion 2.3 is here! +## End Of Life Warning + +Security Onion 2.3 reaches End Of Life (EOL) on April 6, 2024: + +https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html + +For new installations, please see the 2.4 branch of this repo: + +https://github.com/Security-Onion-Solutions/securityonion/tree/2.4/main + +If you have an existing 2.3 installation and would like to migrate to 2.4, please see: + +https://docs.securityonion.net/en/2.4/appendix.html + ## Screenshots Alerts From 18e319cbe3286254441bce439330ba4715b96449 Mon Sep 17 00:00:00 2001 From: weslambert Date: Mon, 13 Nov 2023 09:17:33 -0500 Subject: [PATCH 07/16] Elastic 8.10.4 --- salt/kibana/bin/so-kibana-config-load | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load index 5bfba8bd01..0f7edb0a15 100644 --- a/salt/kibana/bin/so-kibana-config-load +++ b/salt/kibana/bin/so-kibana-config-load @@ -59,7 +59,7 @@ update() { IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))' for i in "${LINES[@]}"; do - RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.8.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") + RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.10.4" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi done From c624a44b0e5242b86b72a15a24d0e3655c9d597e Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Wed, 15 Nov 2023 15:19:54 -0500 Subject: [PATCH 08/16] Update soup add quote --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 029970c5d8..246e59ed4c 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -775,7 +775,7 @@ post_to_2.3.270() { } post_to_2.3.280() { - echo "Nothing to do for .280 + echo "Nothing to do for .280" POSTVERSION=2.3.280 } From 94accb0e8c8794190729bcf28d1edf555911ce2e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 20 Nov 2023 15:09:13 -0500 Subject: [PATCH 09/16] Update signing_policies.conf --- salt/ca/files/signing_policies.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/ca/files/signing_policies.conf b/salt/ca/files/signing_policies.conf index 1e05be0063..8310257fb9 100644 --- a/salt/ca/files/signing_policies.conf +++ b/salt/ca/files/signing_policies.conf @@ -36,7 +36,7 @@ x509_signing_policies: - C: US - ST: Utah - L: Salt Lake City - - basicConstraints: "critical CA:false" + - basicConstraints: "critical CA:false digitalSignature" - keyUsage: "critical keyEncipherment" - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always From 57612c69fe58463035199c6344c994d612a07fab Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 20 Nov 2023 15:11:50 -0500 Subject: [PATCH 10/16] Update signing_policies.conf --- salt/ca/files/signing_policies.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/ca/files/signing_policies.conf b/salt/ca/files/signing_policies.conf index 8310257fb9..aa99b602a9 100644 --- a/salt/ca/files/signing_policies.conf +++ b/salt/ca/files/signing_policies.conf @@ -36,8 +36,8 @@ x509_signing_policies: - C: US - ST: Utah - L: Salt Lake City - - basicConstraints: "critical CA:false digitalSignature" - - keyUsage: "critical keyEncipherment" + - basicConstraints: "critical CA:false" + - keyUsage: "critical keyEncipherment digitalSignature" - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - extendedKeyUsage: serverAuth From fee9b61ce989bee78d38133b058f84fa58e09ecb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 20 Nov 2023 15:14:25 -0500 Subject: [PATCH 11/16] Update soup --- salt/common/tools/sbin/soup | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 246e59ed4c..0dc739691b 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -775,8 +775,11 @@ post_to_2.3.270() { } post_to_2.3.280() { - echo "Nothing to do for .280" - + salt-call state.apply ca queue=True + stop_salt_minion + mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old + mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old + systemctl_func "start" "salt-minion" POSTVERSION=2.3.280 } From c0968d384358bea1f8376f23301bed0cb541c3e9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 20 Nov 2023 15:57:29 -0500 Subject: [PATCH 12/16] Update signing_policies.conf --- salt/ca/files/signing_policies.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/ca/files/signing_policies.conf b/salt/ca/files/signing_policies.conf index aa99b602a9..206e8e998f 100644 --- a/salt/ca/files/signing_policies.conf +++ b/salt/ca/files/signing_policies.conf @@ -37,7 +37,7 @@ x509_signing_policies: - ST: Utah - L: Salt Lake City - basicConstraints: "critical CA:false" - - keyUsage: "critical keyEncipherment digitalSignature" + - keyUsage: "critical keyEncipherment, digitalSignature" - subjectKeyIdentifier: hash - authorityKeyIdentifier: keyid,issuer:always - extendedKeyUsage: serverAuth From 1dc88781f160fb4526a53cdc8537a725aaa83017 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 22 Nov 2023 10:11:34 -0500 Subject: [PATCH 13/16] suricata interface None if so-import --- salt/suricata/afpacket.map.jinja | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/salt/suricata/afpacket.map.jinja b/salt/suricata/afpacket.map.jinja index a6c390abba..7f2f121ab3 100644 --- a/salt/suricata/afpacket.map.jinja +++ b/salt/suricata/afpacket.map.jinja @@ -1,6 +1,6 @@ {% load_yaml as afpacket %} af-packet: - - interface: {{ salt['pillar.get']('sensor:interface', 'bond0') }} + - interface: {{ None if grains.role == 'so-import' else salt['pillar.get']('sensor:interface', 'bond0') }} cluster-id: 59 cluster-type: cluster_flow defrag: yes @@ -8,8 +8,4 @@ af-packet: threads: {{ salt['pillar.get']('sensor:suriprocs', salt['pillar.get']('sensor:suripins') | length) }} tpacket-v3: yes ring-size: {{ salt['pillar.get']('sensor:suriringsize', '5000') }} - - interface: default - #threads: auto - #use-mmap: no - #tpacket-v3: yes {% endload %} From cfad6414d29ec0b21a55f627b837f142998bb5fa Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 27 Nov 2023 11:10:39 -0500 Subject: [PATCH 14/16] enable highstate after starting minion --- salt/common/tools/sbin/soup | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 0dc739691b..31ac8c36b8 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -780,6 +780,7 @@ post_to_2.3.280() { mv /etc/pki/managerssl.crt /etc/pki/managerssl.crt.old mv /etc/pki/managerssl.key /etc/pki/managerssl.key.old systemctl_func "start" "salt-minion" + enable_highstate POSTVERSION=2.3.280 } From 7311d6480cdd0d5ec235b262b472302451fb48a3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 27 Nov 2023 12:15:09 -0500 Subject: [PATCH 15/16] so-nginx watch managerssl to restart if changed --- salt/nginx/init.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls index cad20996ed..f633077bfc 100644 --- a/salt/nginx/init.sls +++ b/salt/nginx/init.sls @@ -118,6 +118,10 @@ so-nginx: - watch: - file: nginxconf - file: nginxconfdir + {% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %} + - x509: managerssl_key + - x509: managerssl_crt + {% endif %} - require: - file: nginxconf {% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %} From de9e9a271659386712950a4083551830de0ab151 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 28 Nov 2023 14:58:25 -0500 Subject: [PATCH 16/16] 2.3.280 --- VERIFY_ISO.md | 22 ++++++++++---------- sigs/securityonion-2.3.280-20231128.iso.sig | Bin 0 -> 543 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.3.280-20231128.iso.sig diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 9475951750..eac8bf648e 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.270-20231006 ISO image built on 2023/10/06 +### 2.3.280-20231128 ISO image built on 2023/11/28 ### Download and Verify -2.3.270-20231006 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.270-20231006.iso +2.3.280-20231128 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.280-20231128.iso -MD5: 3FC7A37EA402A5F0C6609D7431387575 -SHA1: 979851603E431EE9670A1576E5DCCD838CEDA294 -SHA256: 34F72EDEA9A62E1545347A31DEDEDD099D824466EC52B8674ACC7DB6D7E8B943 +MD5: 0BC68BD73547B7E2FBA6F53BEC174590 +SHA1: 1D33C565D37772FE7A3C3FE3ECB05FC1AC1EBFF1 +SHA256: ADBD9DC9E1B266B18E0FDBDF084073EF926C565041858060D283CDAEF021EE11 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.270-20231006.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.280-20231128.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.270-20231006.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.280-20231128.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.270-20231006.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.280-20231128.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.270-20231006.iso.sig securityonion-2.3.270-20231006.iso +gpg --verify securityonion-2.3.280-20231128.iso.sig securityonion-2.3.280-20231128.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 21 Sep 2023 10:43:13 AM EDT using RSA key ID FE507013 +gpg: Signature made Mon 27 Nov 2023 05:09:34 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.280-20231128.iso.sig b/sigs/securityonion-2.3.280-20231128.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..53aed10436ceeadfdf39f5c49bfb692c69419df1 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;Md6P^GH2@re`V7LBIa1&qa5C2VOBB6{9$A`x@CD|nH z4j+`ne;Iv~0Xu+_8#+>SA*6Bzb^ZXF^{{<=THmGfaQnVF$8Z_ zb!2{+JU;afEAkkS`}i!aC->k;`C!|06nl>>*yI)amhv-0vw#jr>D667`M8{-)})Q7 z=?)t*e0%%35`}?exu7?sv&FR-<;5LhI%{qU;V4557;y-}5~~gDUuU_#!tH zWZNyFyM8hn19gtP3eihA?y>S&%QM5Iubc7bMg4_jk-25_o_kQ+YAY9jPe#@8B5!3b z^Fch?-y%PN^(xCDu(7{0*W>5esL#s|$z!P=S~A~I{gwV4_o&!nM@TlcmWbQjuDz|Q zRF54D$(!%I>TAH-SK#Xjm3^Uv=J z*6?M2d7MJ0>=CXF;uNhRVX;dS@LY7SmOr_N9(57uT}s3L(6av)