diff --git a/so-elastic-agent/Dockerfile b/so-elastic-agent/Dockerfile index 0c13f48d..ef983ebb 100644 --- a/so-elastic-agent/Dockerfile +++ b/so-elastic-agent/Dockerfile @@ -17,7 +17,7 @@ # along with this program. If not, see . ARG VERSION -FROM docker.elastic.co/beats/elastic-agent:$VERSION +FROM docker.elastic.co/elastic-agent/elastic-agent:$VERSION ARG GID=947 ARG UID=947 diff --git a/so-elastic-fleet-package-registry/versions/8.18.8.txt b/so-elastic-fleet-package-registry/versions/8.18.8.txt index f1d5cdee..176b6e18 100644 --- a/so-elastic-fleet-package-registry/versions/8.18.8.txt +++ b/so-elastic-fleet-package-registry/versions/8.18.8.txt @@ -1 +1,365 @@ -security_detection_engine-8.18.14.zip \ No newline at end of file +security_detection_engine-8.18.14.zip +1password-1.34.0.zip +abnormal_security-1.11.0.zip +activemq-1.9.0.zip +admin_by_request_epm-1.1.0.zip +airflow-0.11.0.zip +airlock_digital-0.3.0.zip +akamai-2.28.0.zip +amazon_security_lake-2.8.0.zip +apache-2.1.1.zip +apache_spark-1.5.0.zip +apache_tomcat-1.12.0.zip +arista_ngfw-1.4.1.zip +armis-0.4.0.zip +atlassian_bitbucket-2.5.0.zip +atlassian_confluence-1.29.2.zip +atlassian_jira-1.30.3.zip +auditd-3.22.0.zip +auditd_manager-1.19.0.zip +auth0-1.23.0.zip +authentik-1.6.0.zip +aws-4.3.0.zip +aws_bedrock-1.3.0.zip +aws_billing-0.1.0.zip +aws_logs-1.8.3.zip +aws_mq-0.10.0.zip +awsfargate-1.3.0.zip +awsfirehose-1.9.0.zip +azure-1.28.7.zip +azure_ai_foundry-0.6.1.zip +azure_app_service-0.7.0.zip +azure_application_insights-1.9.1.zip +azure_billing-1.9.0.zip +azure_blob_storage-2.3.0.zip +azure_frontdoor-2.2.2.zip +azure_functions-0.10.0.zip +azure_logs-0.4.1.zip +azure_metrics-1.10.1.zip +azure_network_watcher_nsg-1.5.0.zip +azure_network_watcher_vnet-1.6.0.zip +azure_openai-1.9.0.zip +barracuda-1.18.0.zip +barracuda_cloudgen_firewall-1.16.0.zip +bbot-1.4.0.zip +beaconing-1.3.2.zip +beat-1.0.1.zip +beelzebub-0.4.0.zip +beyondinsight_password_safe-0.12.0.zip +beyondtrust_pra-0.3.1.zip +bitdefender-2.7.0.zip +bitwarden-1.17.0.zip +blacklens-0.4.1.zip +bluecoat-0.18.1.zip +box_events-2.15.1.zip +canva-1.0.0.zip +carbon_black_cloud-3.2.1.zip +carbonblack_edr-1.21.0.zip +cassandra-1.20.0.zip +cef-2.21.2.zip +cel-1.19.0.zip +ceph-1.9.0.zip +checkpoint-1.41.1.zip +checkpoint_email-1.3.0.zip +checkpoint_harmony_endpoint-1.0.0.zip +cilium_tetragon-0.2.1.zip +cisa_kevs-1.7.0.zip +cisco-0.14.0.zip +cisco_aironet-1.17.0.zip +cisco_asa-2.43.9.zip +cisco_duo-2.7.0.zip +cisco_ftd-3.10.2.zip +cisco_ios-1.32.0.zip +cisco_ise-1.29.0.zip +cisco_meraki-1.31.0.zip +cisco_meraki_metrics-0.4.1.zip +cisco_nexus-1.4.3.zip +cisco_secure_email_gateway-1.27.1.zip +cisco_secure_endpoint-2.32.0.zip +cisco_umbrella-1.32.0.zip +citrix_adc-1.17.2.zip +citrix_waf-1.18.1.zip +claroty_ctd-1.1.0.zip +claroty_xdome-1.0.0.zip +cloud_asset_inventory-1.1.6.zip +cloud_defend-1.3.0.zip +cloudflare-2.31.0.zip +cloudflare_logpush-1.40.0.zip +cockroachdb-1.13.1.zip +containerd-0.6.0.zip +coredns-0.10.0.zip +corelight-1.0.0.zip +couchbase-1.9.1.zip +couchdb-1.5.1.zip +cribl-1.0.0.zip +crowdstrike-2.5.1.zip +cyberark-0.5.1.zip +cyberark_epm-1.2.1.zip +cyberark_pta-1.13.0.zip +cyberarkpas-2.27.0.zip +cybereason-1.4.0.zip +cyera-0.3.1.zip +cylance-0.24.0.zip +darktrace-1.23.0.zip +ded-2.3.5.zip +digital_guardian-1.7.0.zip +docker-2.14.0.zip +elastic_agent-2.6.3.zip +elastic_connectors-1.0.3.zip +elastic_package_registry-0.3.1.zip +elastic_security-0.4.0.zip +elasticsearch-1.19.0.zip +endace-0.1.1.zip +endpoint-9.2.0-prerelease.4.zip +enterprisesearch-1.0.1.zip +entityanalytics_ad-0.16.0.zip +entityanalytics_entra_id-1.8.1.zip +entityanalytics_okta-2.5.1.zip +entro-0.1.1.zip +envoyproxy-0.4.0.zip +eset_protect-1.9.0.zip +ess_billing-1.5.2.zip +etcd-1.4.1.zip +extrahop-0.2.0.zip +f5-0.19.0.zip +f5_bigip-1.27.1.zip +falco-2.0.1.zip +filestream-2.0.0.zip +fim-1.16.0.zip +fireeye-1.27.0.zip +first_epss-1.1.0.zip +fleet_server-1.6.0.zip +forcepoint_web-1.13.0.zip +forgerock-1.21.2.zip +fortinet-1.9.0.zip +fortinet_forticlient-1.12.1.zip +fortinet_fortiedr-1.19.1.zip +fortinet_fortigate-1.34.0.zip +fortinet_fortimail-2.16.0.zip +fortinet_fortimanager-2.16.1.zip +fortinet_fortiproxy-1.2.1.zip +gcp-2.42.2.zip +gcp_metrics-0.3.1.zip +gcp_pubsub-2.2.1.zip +gcp_vertexai-1.3.2.zip +gigamon-2.1.0.zip +github-2.16.0.zip +gitlab-2.3.3.zip +goflow2-0.5.1.zip +golang-1.9.0.zip +google_cloud_storage-2.2.0.zip +google_scc-2.2.0.zip +google_secops-1.2.1.zip +google_workspace-2.46.0.zip +hadoop-1.9.0.zip +haproxy-1.17.1.zip +hashicorp_vault-1.28.1.zip +hid_bravura_monitor-1.21.0.zip +hta-1.0.1.zip +http_endpoint-2.5.0.zip +httpjson-1.23.0.zip +ibmmq-1.8.0.zip +iis-1.24.1.zip +imperva-1.8.1.zip +imperva_cloud_waf-1.13.0.zip +influxdb-0.11.0.zip +infoblox-0.8.1.zip +infoblox_bloxone_ddi-1.21.0.zip +infoblox_nios-2.0.0.zip +infoblox_threat_defense-0.1.0.zip +iptables-1.21.3.zip +island_browser-0.3.1.zip +istio-0.8.0.zip +jamf_compliance_reporter-1.16.0.zip +jamf_pro-1.0.0.zip +jamf_protect-3.2.2.zip +jolokia-1.0.0.zip +journald-1.2.1.zip +jumpcloud-1.17.0.zip +juniper-1.2.0.zip +juniper_junos-0.12.1.zip +juniper_netscreen-0.12.1.zip +juniper_srx-1.25.1.zip +kafka-1.24.0.zip +kafka_log-1.8.1.zip +keeper-0.1.0.zip +keycloak-1.30.0.zip +kibana-2.8.0.zip +kubernetes-1.81.0.zip +kubernetes_otel-1.2.0.zip +lastpass-1.20.0.zip +linux-0.7.3.zip +lmd-2.5.3.zip +log-2.4.4.zip +logstash-2.8.0.zip +lumos-1.5.0.zip +lyve_cloud-1.17.0.zip +m365_defender-4.2.0.zip +mattermost-2.5.0.zip +memcached-1.7.1.zip +menlo-1.6.0.zip +microsoft-1.2.1.zip +microsoft_defender_cloud-3.1.0.zip +microsoft_defender_endpoint-3.1.2.zip +microsoft_dhcp-1.27.0.zip +microsoft_dnsserver-1.5.0.zip +microsoft_exchange_online_message_trace-1.28.0.zip +microsoft_exchange_server-1.4.0.zip +microsoft_sentinel-1.2.1.zip +microsoft_sqlserver-2.13.0.zip +mimecast-3.2.1.zip +miniflux-1.0.0.zip +modsecurity-1.21.1.zip +mongodb-1.22.0.zip +mongodb_atlas-1.1.0.zip +mysql-1.28.1.zip +mysql_enterprise-1.17.0.zip +nagios_xi-1.8.0.zip +nats-1.11.0.zip +netflow-2.23.1.zip +netscout-0.22.1.zip +netskope-2.3.0.zip +network_traffic-1.33.0.zip +nginx-2.3.2.zip +nginx_ingress_controller-1.12.0.zip +nozomi_networks-0.2.0.zip +nvidia_gpu-0.4.0.zip +o365-2.30.0.zip +o365_metrics-1.0.2.zip +okta-3.10.3.zip +openai-1.2.0.zip +opencanary-1.0.0.zip +oracle-1.31.0.zip +oracle_weblogic-1.9.1.zip +osquery-1.24.0.zip +osquery_manager-1.19.0.zip +pad-0.6.4.zip +panw-5.3.4.zip +panw_cortex_xdr-2.4.0.zip +panw_metrics-0.2.0.zip +pfsense-1.23.1.zip +php_fpm-1.6.0.zip +ping_federate-1.0.2.zip +ping_one-1.20.0.zip +platform_observability-0.1.0.zip +postgresql-1.31.0.zip +pps-1.0.1.zip +prisma_access-1.6.1.zip +prisma_cloud-3.3.0.zip +problemchild-2.4.3.zip +profiler_agent-8.17.3.zip +profiler_collector-8.17.3.zip +profiler_symbolizer-8.17.3.zip +prometheus-1.24.2.zip +prometheus_input-1.0.0.zip +proofpoint-0.9.1.zip +proofpoint_itm-1.0.0.zip +proofpoint_on_demand-1.7.0.zip +proofpoint_tap-1.28.0.zip +proxysg-0.6.1.zip +pulse_connect_secure-2.6.0.zip +qnap_nas-1.23.1.zip +qualys_gav-0.2.0.zip +qualys_vmdr-6.10.0.zip +qualys_was-0.3.0.zip +rabbitmq-1.22.0.zip +radware-0.20.1.zip +rapid7_insightvm-2.4.0.zip +redis-1.20.0.zip +redisenterprise-0.12.0.zip +rubrik-0.9.1.zip +sailpoint_identity_sc-1.2.0.zip +salesforce-1.4.0.zip +santa-3.24.0.zip +security_ai_prompts-1.0.5.zip +sentinel_one-1.39.0.zip +sentinel_one_cloud_funnel-1.13.1.zip +servicenow-1.1.0.zip +slack-1.25.1.zip +snort-1.19.1.zip +snyk-3.2.0.zip +sonicwall-0.8.2.zip +sonicwall_firewall-1.19.1.zip +sophos-3.15.3.zip +sophos_central-1.19.0.zip +splunk-1.0.0.zip +spring_boot-1.9.1.zip +spycloud-1.5.0.zip +sql-1.1.0.zip +squid-1.3.1.zip +stan-1.11.0.zip +statsd_input-1.0.0.zip +stormshield-1.3.1.zip +sublime_security-1.11.0.zip +swimlane-0.4.1.zip +symantec-0.1.3.zip +symantec_edr_cloud-1.8.1.zip +symantec_endpoint-2.19.0.zip +symantec_endpoint_security-1.14.2.zip +synthetics-1.4.2.zip +synthetics_dashboards-1.0.1.zip +sysdig-2.2.0.zip +syslog_router-0.3.0.zip +sysmon_linux-1.9.0.zip +system-2.6.1.zip +system_audit-1.11.0.zip +tanium-1.16.2.zip +tcp-2.0.1.zip +teleport-1.6.0.zip +tenable_io-4.4.0.zip +tenable_ot_security-1.0.0.zip +tenable_sc-1.31.0.zip +tencent_cloud-0.2.0.zip +threat_map-1.1.0.zip +thycotic_ss-1.12.0.zip +ti_abusech-3.4.0.zip +ti_anomali-2.1.0.zip +ti_cif3-1.17.0.zip +ti_crowdstrike-2.6.0.zip +ti_custom-1.2.1.zip +ti_cybersixgill-1.33.0.zip +ti_cyware_intel_exchange-0.2.0.zip +ti_domaintools-1.1.0.zip +ti_eclecticiq-1.4.1.zip +ti_eset-1.7.0.zip +ti_google_threat_intelligence-0.6.1.zip +ti_greynoise-0.7.0.zip +ti_maltiverse-1.5.0.zip +ti_mandiant_advantage-1.9.0.zip +ti_misp-1.38.0.zip +ti_opencti-2.8.0.zip +ti_otx-1.28.0.zip +ti_rapid7_threat_command-2.5.0.zip +ti_recordedfuture-2.3.0.zip +ti_threatconnect-1.10.2.zip +ti_threatq-1.35.0.zip +ti_util-1.7.0.zip +tines-1.15.0.zip +tomcat-1.14.0.zip +traefik-2.7.0.zip +trellix_edr_cloud-1.9.0.zip +trellix_epo_cloud-1.15.0.zip +trend_micro_vision_one-2.4.0.zip +trendmicro-2.8.0.zip +tychon-1.1.0.zip +udp-2.2.1.zip +unifiedlogs-0.4.0.zip +varonis-1.0.0.zip +vectra_detect-1.14.0.zip +vectra_rux-0.3.2.zip +vsphere-1.22.0.zip +watchguard_firebox-1.4.1.zip +websocket-1.0.0.zip +websphere_application_server-1.6.1.zip +windows-3.1.2.zip +windows_etw-1.0.0.zip +winlog-2.4.0.zip +wiz-3.9.0.zip +wmi-0.0.1.zip +zerofox-1.28.0.zip +zeronetworks-1.18.0.zip +zookeeper-1.14.0.zip +zoom-1.23.0.zip +zscaler-0.5.1.zip +zscaler_zia-3.15.1.zip +zscaler_zpa-1.23.3.zip diff --git a/so-elastic-fleet-package-registry/versions/9.0.8.txt b/so-elastic-fleet-package-registry/versions/9.0.8.txt new file mode 100644 index 00000000..1235a721 --- /dev/null +++ b/so-elastic-fleet-package-registry/versions/9.0.8.txt @@ -0,0 +1 @@ +security_detection_engine-9.0.8 diff --git a/so-elasticsearch/Dockerfile b/so-elasticsearch/Dockerfile index 046a1903..facef0ad 100644 --- a/so-elasticsearch/Dockerfile +++ b/so-elasticsearch/Dockerfile @@ -40,12 +40,12 @@ COPY *.yml log4j2.properties config/ COPY bin bin -RUN apt-get update && apt-get install -y ca-certificates unzip wget && \ +RUN microdnf update -y && microdnf install -y ca-certificates unzip wget && \ wget -O /tmp/GeoLite2.zip https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/geolite2-db/GeoLite2.zip && \ mkdir -p /usr/share/elasticsearch/config/ingest-geoip && \ unzip -o /tmp/GeoLite2.zip -d /usr/share/elasticsearch/config/ingest-geoip && \ - apt-get remove -y unzip wget && \ - rm -rf /var/lib/apt/lists/* + rm -f /tmp/GeoLite2.zip && \ + microdnf clean all RUN chown elasticsearch:elasticsearch config/elasticsearch.yml config/log4j2.properties bin/es-docker /usr/share/elasticsearch/config/ingest-geoip && \ chmod 0750 bin/es-docker diff --git a/so-logstash/Dockerfile b/so-logstash/Dockerfile index 89e38b6c..a528837d 100644 --- a/so-logstash/Dockerfile +++ b/so-logstash/Dockerfile @@ -50,7 +50,7 @@ ENV LANG='en_US.UTF-8' LC_ALL='en_US.UTF-8' # Place the startup wrapper script. ADD bin/docker-entrypoint /usr/local/bin/ -RUN chmod 0755 /usr/local/bin/docker-entrypoint +RUN chmod 0755 /usr/local/bin/docker-entrypoint USER logstash diff --git a/so-suricata/Dockerfile b/so-suricata/Dockerfile index b37a4d1e..a88daa32 100644 --- a/so-suricata/Dockerfile +++ b/so-suricata/Dockerfile @@ -18,36 +18,33 @@ FROM ghcr.io/security-onion-solutions/oraclelinux:9 as builder RUN dnf update -y && \ dnf -y install epel-release && \ dnf config-manager --enable ol9_codeready_builder -RUN dnf -y install oraclelinux-developer-release-el9 +RUN dnf -y install oraclelinux-developer-release-el9 RUN dnf repolist RUN dnf -y install autoconf automake diffutils file-devel gcc gcc-c++ git \ jansson-devel jq libcap-ng-devel libevent-devel \ libmaxminddb-devel libmaxminddb libnet-devel libnetfilter_queue-devel \ libnfnetlink-devel libpcap-devel libtool libyaml-devel \ - lua-devel lz4-devel make nss-devel pcre-devel pcre2-devel pkgconfig \ + lz4-devel make nss-devel pcre-devel pcre2-devel pkgconfig \ python3-devel python3-sphinx python3-yaml sudo which cargo \ - zlib-devel luajit-devel cargo && cargo install --force cbindgen + zlib-devel cargo && cargo install --force cbindgen ENV SURIVERSION=8.0.2 RUN mkdir /suricata WORKDIR /suricata RUN curl -vO https://www.openinfosecfoundation.org/download/suricata-$SURIVERSION.tar.gz && tar zxvf suricata-$SURIVERSION.tar.gz && \ - cd suricata-$SURIVERSION && ./configure --enable-rust --enable-luajit --prefix=/opt/suricata --sysconfdir=/etc --disable-gccmarch-native --localstatedir=/var --enable-geoip && make -j4 + cd suricata-$SURIVERSION && ./configure --enable-rust --prefix=/opt/suricata --sysconfdir=/etc --disable-gccmarch-native --localstatedir=/var --enable-geoip && make -j4 RUN mkdir suriinstall && cd suricata-$SURIVERSION && make install DESTDIR=/suricata/suriinstall && make install-conf DESTDIR=/suricata/suriinstall && rm -rf /suricata/suriinstall/var/run -FROM ghcr.io/security-onion-solutions/oraclelinux:9 +FROM ghcr.io/security-onion-solutions/ubi9:9.7 -LABEL maintainer "Security Onion Solutions, LLC" +LABEL maintainer="Security Onion Solutions, LLC" LABEL description="Suricata running in a docker with AF_Packet for use with Security Onion." -# Common Oracle layer -RUN dnf update -y && dnf -y install epel-release bash libpcap iproute && \ - dnf clean all && rm -rf /var/cache/dnf/* - # Packages Specific to this Container -RUN dnf -y install luajit libnet jansson libyaml cargo rustc nss nss-devel libmaxminddb && \ - dnf -y erase epel-release && dnf clean all && rm -rf /var/cache/dnf/* +RUN dnf -y update && dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \ + dnf -y install bash libpcap iproute libnet jansson libyaml nss libmaxminddb && \ + dnf -y erase epel-release && dnf clean all && rm -rf /var/cache/dnf/* COPY --from=builder /suricata/suriinstall/ / diff --git a/so-zeek/Dockerfile b/so-zeek/Dockerfile index 91a29ca1..e3912f20 100644 --- a/so-zeek/Dockerfile +++ b/so-zeek/Dockerfile @@ -86,22 +86,21 @@ RUN groupadd --gid 937 zeek && \ chown -R 937:937 /nsm/zeek && \ chown -R 937:937 /usr/local/ssl -FROM ghcr.io/security-onion-solutions/oraclelinux:9 +FROM ghcr.io/security-onion-solutions/ubi9:9.7 LABEL maintainer="Security Onion Solutions, LLC" LABEL description="Zeek running in docker for use with Security Onion" # Common Oracle layer, Packages specific to container, User configuration -RUN dnf update -y && dnf -y install epel-release bash libpcap iproute && \ +RUN dnf update -y && dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm bash libpcap iproute && \ dnf clean all && rm -rf /var/cache/dnf/* && \ dnf -y install findutils jemalloc numactl libnl3 libdnet gdb libunwind-devel && \ - dnf config-manager --enable ol9_codeready_builder ol9_developer_EPEL && \ + dnf config-manager --enable ubi-9-codeready-builder-rpms && \ dnf -y install libnghttp2-devel brotli-devel zeromq-devel && \ - dnf config-manager --disable ol9_codeready_builder ol9_developer_EPEL && \ + dnf config-manager --disable ubi-9-codeready-builder-rpms && \ dnf -y remove epel-release && \ dnf clean all && \ rm -rf /var/cache/dnf/ && rm -rf /var/cache/yum/ && \ - rm -rf /usr/share/doc/oraclelinux-release/OL9-RELNOTES9-4.zip && \ groupadd --gid 937 zeek && \ adduser --uid 937 --gid 937 --home-dir /opt/zeek --no-create-home zeek