Merge pull request #2003 from Security-Onion-Solutions/dev

2.3.10

.github/ISSUE_TEMPLATE

@@ -0,0 +1,12 @@
+PLEASE STOP AND READ THIS INFORMATION!
+
+If you are creating an issue just to ask a question, you will likely get faster and better responses by posting to our discussions forum instead:
+https://securityonion.net/discuss
+
+If you think you have found a possible bug or are observing a behavior that you weren't expecting, use the discussion forum to start a conversation about it instead of creating an issue.
+
+If you are very familiar with the latest version of the product and are confident you have found a bug in Security Onion, you can continue with creating an issue here, but please make sure you have done the following:
+- duplicated the issue on a fresh installation of the latest version
+- provide information about your system and how you installed Security Onion
+- include relevant log files
+- include reproduction steps

.github/workflows/leaktest.yml

@@ -0,0 +1,15 @@
+name: leak-test
+
+on: [push,pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: '0'
+
+    - name: Gitleaks
+      uses: zricethezav/gitleaks-action@master

KEYS

@@ -1,4 +1,5 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
+
 mQINBF7rzwEBEADBg87uJhnC3Ls7s60hbHGaywGrPtbz2WuYA/ev3YS3X7WS75p8
 PGlzTWUCujx0pEHbK2vYfExl3zksZ8ZmLyZ9VB3oSLiWBzJgKAeB7YCFEo8te+eE
 P2Z+8c+kX4eOV+2waxZyewA2TipSkhWgStSI4Ow8SyVUcUWA3hCw7mo2duNVi7KO

README.md

@@ -1,7 +1,14 @@
-## Security Onion 2.3.2
+## Security Onion 2.3.10
 
-Security Onion 2.3.2 is here!
+Security Onion 2.3.10 is here!
 
+## Screenshots
+
+Alerts
+![Alerts](https://raw.githubusercontent.com/security-onion-solutions/securityonion/master/screenshots/alerts-1.png)
+
+Hunt
+![Hunt](https://raw.githubusercontent.com/security-onion-solutions/securityonion/master/screenshots/hunt-1.png)
 
 ### Release Notes
 

VERIFY_ISO.md

@@ -1,16 +1,16 @@
-### 2.3.2 ISO image built on 2020/10/25
+### 2.3.10 ISO image built on 2020/11/19
 
 ### Download and Verify
 
-2.3.2 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso
+2.3.10 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso
 
-MD5: 8010C32803CD62AA3F61487524E37049  
-SHA1: DCA300424C9DF81A4F332B8AA3945E18779C9D28  
-SHA256: 1099494AA3E476D682746AAD9C2BD7DED292589DFAAB7B517933336C07AA01D0 
+MD5: 55E10BAE3D90DF47CA4D5DCCDCB67A96  
+SHA1: 01361123F35CEACE077803BC8074594D57EE653A  
+SHA256: 772EA4EFFFF12F026593F5D1CC93DB538CC17B9BA5F60308F1976B6ED7032A8D 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.2.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -24,22 +24,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.2.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.2.iso.sig securityonion-2.3.2.iso
+gpg --verify securityonion-2.3.10.iso.sig securityonion-2.3.10.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Sun 25 Oct 2020 10:44:27 AM EDT using RSA key ID FE507013
+gpg: Signature made Thu 19 Nov 2020 03:38:54 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <[email protected]>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.

VERSION

@@ -1 +1 @@
-2.3.2
+2.3.10

salt/_modules/so.py

@@ -1,4 +1,51 @@
 #!py
 
+import logging
+
 def status():
-  return __salt__['cmd.run']('/usr/sbin/so-status')
+    return __salt__['cmd.run']('/usr/sbin/so-status')
+
+
+def mysql_conn(retry):
+    log = logging.getLogger(__name__)
+
+    from time import sleep
+
+    try:
+        from MySQLdb import _mysql
+    except ImportError as e:
+        log.error(e)
+        return False
+
+    mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('manager:mainint'))
+    mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0]
+
+    mysql_up = False
+    for i in range(0, retry):
+        log.debug(f'Connection attempt {i+1}')
+        try:
+            db = _mysql.connect(
+                host=mainip,
+                user='root',
+                passwd=__salt__['pillar.get']('secrets:mysql')
+            )
+            log.debug(f'Connected to MySQL server on {mainip} after {i} attempts.')
+
+            db.query("""SELECT 1;""")
+            log.debug(f'Successfully completed query against MySQL server on {mainip}')
+
+            db.close()
+            mysql_up = True
+            break
+        except _mysql.OperationalError as e:
+            log.debug(e)
+        except Exception as e:
+            log.error('Unexpected error occured.')
+            log.error(e)
+            break
+        sleep(1)
+
+    if not mysql_up:
+        log.error(f'Could not connect to MySQL server on {mainip} after {retry} attempts.')
+
+    return mysql_up

salt/common/files/log-rotate.conf

@@ -18,6 +18,7 @@
 /opt/so/log/filebeat/*.log
 /opt/so/log/telegraf/*.log
 /opt/so/log/redis/*.log
+/opt/so/log/salt/so-salt-minion-check
 {
     {{ logrotate_conf | indent(width=4) }}
 }

salt/common/init.sls

@@ -32,6 +32,18 @@ soconfperms:
     - gid: 939
     - dir_mode: 770
 
+sostatusconf:
+  file.directory:
+    - name: /opt/so/conf/so-status
+    - uid: 939
+    - gid: 939
+    - dir_mode: 770
+
+so-status.conf:
+  file.touch:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - unless: ls /opt/so/conf/so-status/so-status.conf
+
 sosaltstackperms:
   file.directory:
     - name: /opt/so/saltstack
@@ -158,8 +170,8 @@ Etc/UTC:
 utilsyncscripts:
   file.recurse:
     - name: /usr/sbin
-    - user: 0
-    - group: 0
+    - user: root
+    - group: root
     - file_mode: 755
     - template: jinja
     - source: salt://common/tools/sbin