Merge pull request #457 from Security-Onion-Solutions/2.4/dev

2.4.20
Security-Onion-Solutions · Oct 6, 2023 · a1c3c48 · a1c3c48
2 parents 3d2be03 + dfac866
commit a1c3c48
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 13 deletions.
diff --git a/so-elastic-agent-builder/source/so-elastic-agent.go b/so-elastic-agent-builder/source/so-elastic-agent.go
@@ -130,7 +130,7 @@ func main() {
 
 		if (err != nil) || (resp.StatusCode != http.StatusNotFound) {
 			// Cannot access Fleet Host URL
-			fmt.Println("Not Accessible")
+			// fmt.Println("Not Accessible")
 			log.WithFields(log.Fields{
 				"Fleet Host Connectivity Check": "Failed",
 				"Fleet Host URL":                fleetHostURLs[i],

diff --git a/so-elastic-fleet-package-registry/Dockerfile b/so-elastic-fleet-package-registry/Dockerfile
@@ -17,10 +17,11 @@ ARG VERSION
 FROM docker.elastic.co/package-registry/distribution:$VERSION as original_image
 
 # Cleanup unneeded packages, keeping the two most recent versons of each one
+# Except for endpoint packages, keep all versions
 RUN cd /packages/package-storage/ \
-&& rm -rf suricata-* zeek-* snort-* dga-* endpoint*preview* endpoint*dev* endpoint*next* \
-&& cd /packages/package-storage/ && LIST=$(ls | awk -F'[-]' '{print $1}' | sort | uniq ) \
-&& for item in $LIST; do ls $item-*.zip | cut -d '-' -f 2 | tr - \~ | sort -V | tr \~ - | head -n-2 | xargs -I {} echo "$item-"{} |  xargs rm -r; done
+&& rm -rf suricata-* zeek-* snort-* dga-* endpoint*dev* endpoint*next* *preview* *beta* \
+&& cd /packages/package-storage/ && LIST=$(ls --ignore="endpoint-*" | awk -F'[-]' '{print $1}' | sort | uniq ) \
+&& for item in $LIST; do ls $item-*.zip | cut -d '-' -f 2 | tr - \~ | sort -V | tr \~ - | head -n-2 | xargs -I {} echo "$item-"{} |  xargs -r rm -fr; done
 
 FROM scratch
 
@@ -32,4 +33,4 @@ ENTRYPOINT ["./package-registry"]
 
 ENV EPR_ADDRESS=0.0.0.0:8080
 
-HEALTHCHECK --interval=1s --retries=30 CMD curl --silent --fail localhost:8080/health || exit 1
+HEALTHCHECK --interval=1m --retries=30 CMD curl --silent --fail localhost:8080/health || exit 1
diff --git a/so-strelka-backend/Dockerfile b/so-strelka-backend/Dockerfile
@@ -1,4 +1,4 @@
-FROM ghcr.io/security-onion-solutions/ubuntu:22.04
+FROM ghcr.io/security-onion-solutions/ubuntu:23.04
 LABEL maintainer "Security Onion Solutions, LLC"
 
 ARG DEBIAN_FRONTEND=noninteractive
@@ -9,17 +9,23 @@ ARG USERNAME=strelka
 ARG USER_UID=1001
 ARG USER_GID=$USER_UID
 
+ENV PYTHONUNBUFFERED 1
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PIP_BREAK_SYSTEM_PACKAGES 1
+
 # Create the user
 RUN groupadd --gid $USER_GID $USERNAME \
     && useradd --uid $USER_UID --gid $USER_GID --create-home --shell /bin/bash $USERNAME
 
-ARG YARA_VERSION=4.2.3
-ARG YARA_PYTHON_VERSION=4.2.3
+ARG YARA_VERSION=4.3.0
+ARG YARA_PYTHON_VERSION=4.3.0
 ARG CAPA_VERSION=5.0.0
 ARG EXIFTOOL_VERSION=12.52
 
+RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
+
 # SO - Pin to release tag, download from GitHub, and prepare container dirs
-ARG STRELKA_RELEASE_VERSION=0.23.07.10
+ARG STRELKA_RELEASE_VERSION=0.23.09.12
 RUN mkdir /strelka && \
     mkdir /etc/strelka && \
     mkdir /tmp/strelka && \
@@ -30,7 +36,7 @@ RUN mkdir /strelka && \
     cp -fr /tmp/strelka/src/python/* /strelka/ && \
     cp -fr /tmp/strelka/configs/python/backend/* /etc/strelka/ && \
     cp -fr /tmp/strelka/build/python/backend/pin.pref /etc/apt/preferences.d/ && \
-    cp -fr /tmp/strelka/build/python/backend/kinetic.list /etc/apt/sources.list.d/ && \
+    cp -fr /tmp/strelka/build/python/backend/lunar.list /etc/apt/sources.list.d/ && \
     rm -fr /tmp/strelka && \
     chown -R ${USER_UID}:${USER_GID} /var/log/strelka/
 

diff --git a/so-strelka-backend/lunar.list b/so-strelka-backend/lunar.list
@@ -0,0 +1,2 @@
+deb [arch=amd64] http://archive.ubuntu.com/ubuntu lunar main restricted universe multiverse
+deb [arch=arm64] http://ports.ubuntu.com/ lunar main restricted universe multiverse
diff --git a/so-strelka-backend/pin.pref b/so-strelka-backend/pin.pref
@@ -0,0 +1,7 @@
+Package: 7zip
+Pin: release n=jammy
+Pin-Priority: 100
+
+Package: *
+Pin: release n=lunar
+Pin-Priority: 200
diff --git a/so-suricata/Dockerfile b/so-suricata/Dockerfile
@@ -27,7 +27,7 @@ RUN dnf -y install autoconf automake diffutils file-devel gcc gcc-c++ git \
                lua-devel lz4-devel make nss-devel pcre-devel pcre2-devel pkgconfig \
                python3-devel python3-sphinx python3-yaml sudo which cargo \
                zlib-devel luajit-devel cargo && cargo install --force cbindgen
-ENV SURIVERSION=6.0.13
+ENV SURIVERSION=6.0.14
 RUN mkdir /suricata
 
 WORKDIR /suricata

diff --git a/so-suricata/files/so-suricata.sh b/so-suricata/files/so-suricata.sh
@@ -4,7 +4,7 @@ AFPACKET=
 if [ -n "$INTERFACE" ]; then
   AFPACKET=--af-packet=$INTERFACE
 fi
-# delete the old PID do Suricata will start
+# delete the old PID so Suricata will start
 mkdir -p /var/run/suricata
 chown 940:940 /var/run/suricata
 chmod 770 /var/run/suricata

diff --git a/so-zeek/Dockerfile b/so-zeek/Dockerfile
@@ -41,7 +41,7 @@ RUN dnf -y install perl && \
 
 WORKDIR /
 
-ENV ZEEKVER=5.0.9
+ENV ZEEKVER=5.0.10
 ARG BUILD_TYPE=Release
 
 RUN mkdir /zeekbuild
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		deb [arch=amd64] http://archive.ubuntu.com/ubuntu lunar main restricted universe multiverse
		deb [arch=arm64] http://ports.ubuntu.com/ lunar main restricted universe multiverse