From 8b56c0a74467f1b668c1f1d3da4891c12a013f20 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Feb 2024 14:12:35 -0500 Subject: [PATCH 1/6] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 69a5af0385..5ae247b83f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.290 +2.3.300 From 595f9651831445c601302344491970d741e0790c Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Tue, 19 Mar 2024 16:44:01 -0400 Subject: [PATCH 2/6] Update soup for 2.3.300 --- salt/common/tools/sbin/soup | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index aeda42c41b..659265d036 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -582,6 +582,7 @@ preupgrade_changes() { [[ "$INSTALLEDVERSION" == 2.3.260 ]] && up_to_2.3.270 [[ "$INSTALLEDVERSION" == 2.3.270 ]] && up_to_2.3.280 [[ "$INSTALLEDVERSION" == 2.3.280 ]] && up_to_2.3.290 + [[ "$INSTALLEDVERSION" == 2.3.290 ]] && up_to_2.3.300 true } @@ -616,6 +617,7 @@ postupgrade_changes() { [[ "$POSTVERSION" == 2.3.260 ]] && post_to_2.3.270 [[ "$POSTVERSION" == 2.3.270 ]] && post_to_2.3.280 [[ "$POSTVERSION" == 2.3.280 ]] && post_to_2.3.290 + [[ "$POSTVERSION" == 2.3.290 ]] && post_to_2.3.300 true } @@ -791,6 +793,11 @@ post_to_2.3.290() { POSTVERSION=2.3.290 } +post_to_2.3.300() { + echo "Nothing to do for .300" + POSTVERSION=2.3.300 +} + stop_salt_master() { # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts set +e @@ -1166,6 +1173,11 @@ up_to_2.3.290() { INSTALLEDVERSION=2.3.290 } +up_to_2.3.300() { + echo "Upgrading to 2.3.300" + INSTALLEDVERSION=2.3.300 +} + verify_upgradespace() { CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') if [ "$CURRENTSPACE" -lt "10" ]; then From 945d2abeed29f0bdddb8b65c3d2b7e8ccf46b236 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 27 Mar 2024 16:13:30 -0400 Subject: [PATCH 3/6] Ignore more rules --- salt/strelka/defaults.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/salt/strelka/defaults.yaml b/salt/strelka/defaults.yaml index 7855109611..1616bf42e8 100644 --- a/salt/strelka/defaults.yaml +++ b/salt/strelka/defaults.yaml @@ -1,12 +1,43 @@ strelka: ignore: - apt_flame2_orchestrator.yar + - apt_apt32.yar + - apt_aa19_024a.yar + - apt_apt15.yar + - apt_barracuda_esg_unc4841_jun23.yar + - apt_bluetermite_emdivi.yar + - apt_danti_svcmondr.yar + - apt_eqgrp.yar + - apt_eqgrp_apr17.yar + - apt_greenbug.yar + - apt_grizzlybear_uscert.yar + - apt_lazarus_jun18.yar + - apt_mal_gopuram_apr23.yar + - apt_moonlightmaze.yar + - apt_oilrig.yar + - apt_oilrig_oct17.yar + - apt_passthehashtoolkit.yar + - apt_poisonivy.yar + - apt_winnti_burning_umbrella.yar + - cn_pentestset_webshells.yar + - crime_emotet.yar + - gen_fake_amsi_dll.yar + - gen_onenote_phish.yar + - apt_laudanum_webshells.yar + - apt_sandworm_cyclops_blink.yar + - cn_pentestset_scripts.yar + - expl_connectwise_screenconnect_vuln_feb24.yar + - mal_fortinet_coathanger_feb24.yar + - thor-hacktools.yar + - thor-webshells.yar - apt_tetris.yar - gen_susp_js_obfuscatorio.yar - gen_webshells.yar + - gen_vcruntime140_dll_sideloading.yar - generic_anomalies.yar - general_cloaking.yar - thor_inverse_matches.yar + - yara-rules_vuln_drivers_strict_renamed.yar - yara_mixed_ext_vars.yar - apt_apt27_hyperbro.yar - apt_turla_gazer.yar @@ -18,4 +49,5 @@ strelka: - gen_webshells_ext_vars.yar - configured_vulns_ext_vars.yar - expl_outlook_cve_2023_23397.yar + - expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar - gen_mal_3cx_compromise_mar23.yar From 1599e69851efb1b680350cc7557a4f95ef1565b0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 29 Mar 2024 09:43:50 -0400 Subject: [PATCH 4/6] 2.3.300 --- VERIFY_ISO.md | 22 ++++++++++---------- sigs/securityonion-2.3.300-20240401.iso.sig | Bin 0 -> 543 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.3.300-20240401.iso.sig diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 9445e76fa7..3fb630f9e1 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,18 +1,18 @@ -### 2.3.290-20240229 ISO image built on 2024/02/29 +### 2.3.300-20240401 ISO image built on 2024/04/01 ### Download and Verify -2.3.290-20240229 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.290-20240229.iso +2.3.300-20240401 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.300-20240401.iso -MD5: D2A7BBDA25F311B7944A95655CC439CE -SHA1: BAD2A67119C6F73B6472E1A31B9C157A60A074B5 -SHA256: FD611421C3B41BA267BA7A57B8FAFB29B0B59435D0A796D686C0D3BDD36AFF7D +MD5: 5CBDA8012D773C5EC362D21C4EA3B7FB +SHA1: 7A34FAA0E11F09F529FF38EC3239211CD87CB1A7 +SHA256: 123066DAFBF6F2AA0E1924296CFEFE1213002D7760E8797AB74F1FC1D683C6D7 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.290-20240229.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.300-20240401.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.290-20240229.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.300-20240401.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.290-20240229.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.300-20240401.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.290-20240229.iso.sig securityonion-2.3.290-20240229.iso +gpg --verify securityonion-2.3.300-20240401.iso.sig securityonion-2.3.300-20240401.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Wed 28 Feb 2024 04:11:05 PM EST using RSA key ID FE507013 +gpg: Signature made Wed 27 Mar 2024 01:42:18 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.300-20240401.iso.sig b/sigs/securityonion-2.3.300-20240401.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..39bfcd7a80976889441dc61ec06222e9c7fe2c8c GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;OST6zEq2@re`V7LBIa1+?a5C2H&)L_nZ6KYJC7(5tW zb$J${h?N$0&hrrxa}%r;z0j~c+r?;Q+AQOOK{tnn2*wUvA!-NuZ4S|YPO}&3t*Lc~ zJ_S^F4d*O19QC-Rt1yrui8SD4-n|Y3n(ssWxfb<`umxD~tSvclxup#sqS8U6w*inA z3!_MnL6X9HRf0s#KDB?Ma!d2>6UvSD?Wc4-3r%d37!8*>(1@}F;UvAPgqP-6V{ijK z2}x8P&n@_6sNYk~ov&dHeLjuC&zRVXZWhhMY|@CkcpZI8I{*SZFei@Vsm0laJ>w;B zhnJ5J{#<&X4P5LgmF$d*gsOyB-FkX#pH~f?@&ZzFxr05d_F-A+Jf^9-K0*s<_6!ND z@jl-1{6^=RRr~ftT7E6Gacx|pQ+0Y|sA(0ewc;#1^&j)4<1<_w5hKQ6S(w5OJR_bw zJ-?l*Wl=aOV}PQ0wIu{sBWJnp3HmfSVz{PLM>yHNxoj hX@;S>=m2AU`G>>3)~Xa;qboX^ENUU`n9OLA!dm4c2m$~A literal 0 HcmV?d00001 From 93c29bc1da18b2c889972287de1b0119a56fe5dc Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 1 Apr 2024 11:22:31 -0400 Subject: [PATCH 5/6] 2.3.300 --- sigs/securityonion-2.3.300-20240401.iso.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/securityonion-2.3.300-20240401.iso.sig b/sigs/securityonion-2.3.300-20240401.iso.sig index 39bfcd7a80976889441dc61ec06222e9c7fe2c8c..1b005658b656e5d097b72448025071c88fd54b91 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;OSiwyt@2@re`V7LBIa1$H}5B@&c5NS)S*!3`_;Vyb^ z@TAeGUfirrOa%uyuOgp8z&jLK*6;BqCIN`YQ^wB9Vok?cx0mUZdf1-dn~jJ>uHsaZ zo=GMGa&@4S8&luPK>&`*(9KrDGZylEJZp`3_Vh z_J02=2A5Ma>m)8up}KZcVI8OL2-#QwvoT8RBbv}BV(UeNTe=H0T@p@tuhWnd2B1D> zWss>&bnum8X@kfD4gnTNtQe?&iZ!!>`mZ6Gn?~1k?0tbzo*ZK8qws|67=_>?dxssG z^_F8-?ibgKFw)dU5O?k|tq8#wQE;;bsz{yDOXX*jmVNvXx?>^}E=j$%K`{S(?)_9d zp@@)53{uX!g&cM%2<^sA?T9I5qsYeRo#LU(b`z@B>gLe)sR>hk{s2$5!e*XsC%B_q z3E2bW(!1n^o04g2nEj?BtU1+{h(n~Ctj%eH<}>G018S;h@v*Yd5Ey>o^#@z&O zt*I7bP5(hJkxwcJ3uO>(-6UvSD?Wc4-3r%d37!8*>(1@}F;UvAPgqP-6V{ijK z2}x8P&n@_6sNYk~ov&dHeLjuC&zRVXZWhhMY|@CkcpZI8I{*SZFei@Vsm0laJ>w;B zhnJ5J{#<&X4P5LgmF$d*gsOyB-FkX#pH~f?@&ZzFxr05d_F-A+Jf^9-K0*s<_6!ND z@jl-1{6^=RRr~ftT7E6Gacx|pQ+0Y|sA(0ewc;#1^&j)4<1<_w5hKQ6S(w5OJR_bw zJ-?l*Wl=aOV}PQ0wIu{sBWJnp3HmfSVz{PLM>yHNxoj hX@;S>=m2AU`G>>3)~Xa;qboX^ENUU`n9OLA!dm4c2m$~A From d15678f6380dd29e659e51e4d653e882017a9ca6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 1 Apr 2024 11:25:29 -0400 Subject: [PATCH 6/6] Update VERIFY_ISO.md --- VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 3fb630f9e1..1e993838c8 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -41,7 +41,7 @@ gpg --verify securityonion-2.3.300-20240401.iso.sig securityonion-2.3.300-202404 The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Wed 27 Mar 2024 01:42:18 PM EDT using RSA key ID FE507013 +gpg: Signature made Wed 27 Mar 2024 05:09:33 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.