Merge pull request #561 from Security-Onion-Solutions/2.4/dev

2.4.90

so-elastic-agent/Dockerfile

@@ -27,4 +27,4 @@ USER root
 RUN groupmod -g ${GID} ${USERNAME} && \
     usermod -u ${UID} -g ${GID} ${USERNAME}
 
-RUN chown ${USERNAME}:${USERNAME} /usr/share/elastic-agent/data/elastic-agent-*/components/filebeat* /usr/share/elastic-agent/data/elastic-agent-*/components/metricbeat*
+RUN chown ${USERNAME}:${USERNAME} /usr/share/elastic-agent/data/elastic-agent-*/components/*

so-idh/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.6-slim
+FROM python:3.12.4-slim
 
 WORKDIR /root/
 
@@ -9,4 +9,4 @@ RUN pip install opencanary
 
 ADD supervise-opencanary.conf /etc/supervisor/conf.d/supervise-opencanary.conf
 
-CMD ["/usr/bin/supervisord", "-n"]
+CMD ["/usr/bin/supervisord", "-n"]

so-idstools/Dockerfile

@@ -36,7 +36,8 @@ RUN groupadd --gid ${GID} ${USERNAME} && \
     useradd --uid ${UID} --gid ${GID} \
     --home-dir /opt/so --no-create-home ${USERNAME}
 
-RUN pip install https://github.com/jasonish/py-idstools/archive/master.zip
+#RUN pip install https://github.com/jasonish/py-idstools/archive/master.zip
+RUN pip install https://github.com/Security-Onion-Solutions/py-idstools/archive/master.zip
 
 RUN apk del .build-deps
 

so-nginx/Dockerfile

@@ -14,7 +14,7 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 # Navigator build stage
-FROM ghcr.io/security-onion-solutions/node:16-alpine as navigator-builder
+FROM ghcr.io/security-onion-solutions/node:22.4.1-alpine as navigator-builder
 
 ARG NAVIGATOR_VERSION=4.9.1
 
@@ -31,12 +31,12 @@ RUN sed -i '/<base href="\/"\/>/d' ./dist/index.html
 
 ###################################
 
-FROM nginx:1.22.1-alpine
+FROM nginx:1.26.1-alpine
 HEALTHCHECK --interval=5m --timeout=3s CMD curl --fail http://localhost/ || exit 1
 LABEL maintainer "Security Onion Solutions, LLC"
 LABEL description="Security Onion Core Functions Docker"
 
-ARG CYBERCHEF_VERSION=10.18.6
+ARG CYBERCHEF_VERSION=10.19.0
 
 RUN mkdir -p /opt/socore/html/navigator
 COPY --from=navigator-builder /attack-navigator/nav-app/dist /opt/socore/html/navigator

so-steno/Dockerfile

@@ -13,18 +13,19 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-FROM ghcr.io/security-onion-solutions/centos:7
+FROM ghcr.io/security-onion-solutions/oraclelinux:9
 
-LABEL maintainer "Security Onion Solutions, LLC"
+LABEL maintainer="Security Onion Solutions, LLC"
 LABEL description="Google Stenographer running in a docker for use with Security Onion."
 
 # Common CentOS layer
 RUN yum -y install epel-release bash libpcap iproute && \
-    yum -y install https://repo.ius.io/ius-release-el7.rpm && \
-    yum -y install snappy leveldb tcpdump jq libaio libseccomp golang which openssl python36u python36u-pip && \
-    /usr/bin/pip3.6 install && \
+    yum -y install snappy leveldb tcpdump jq libaio libseccomp golang which openssl && \
     yum -y erase epel-release && yum clean all && rm -rf /var/cache/yum && \
-    rpm -i https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/Stenoupgrade/stenographer-0-1.20200922gite8db1ee.el7.x86_64.rpm && \
+    groupadd -g 941 stenographer && \
+    useradd stenographer -u 941 -g 941 && \
+    rpm -i https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/stenographer-v101/securityonion-stenographer-v1.0.1.0.rpm && \
+    chmod 755 /usr/bin/steno* && \
     setcap 'CAP_NET_RAW+ep CAP_NET_ADMIN+ep CAP_IPC_LOCK+ep CAP_SETGID+ep' /usr/bin/stenotype && \
     mkdir -p /nsm/pcap/files && \
     mkdir -p /nsm/pcap/index && \

so-suricata/Dockerfile

@@ -27,7 +27,7 @@ RUN dnf -y install autoconf automake diffutils file-devel gcc gcc-c++ git \
                lua-devel lz4-devel make nss-devel pcre-devel pcre2-devel pkgconfig \
                python3-devel python3-sphinx python3-yaml sudo which cargo \
                zlib-devel luajit-devel cargo && cargo install --force cbindgen
-ENV SURIVERSION=7.0.5
+ENV SURIVERSION=7.0.6
 RUN mkdir /suricata
 
 WORKDIR /suricata

so-tcpreplay/Dockerfile

@@ -1,4 +1,4 @@
-# Copyright 2014-2023 Security Onion Solutions, LLC
+# Copyright Security Onion Solutions, LLC
 
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -13,22 +13,22 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-FROM ghcr.io/security-onion-solutions/centos:7
+FROM ghcr.io/security-onion-solutions/oraclelinux:9
 
-LABEL maintainer "Security Onion Solutions, LLC"
+LABEL maintainer="Security Onion Solutions, LLC"
 LABEL description="Replay PCAPs to sniffing interface(s)"
 
 # Copy over tcpreplay - using v4.2.6 instead of 4.3.x because of known bugs: https://github.com/appneta/tcpreplay/issues/557
 COPY files/tcpreplay /usr/local/bin/tcpreplay
 
 # Setup our utilities, download the pcap samples, convert them to RPM and install them
 RUN yum update -y && \
-    yum clean all && \
+    yum clean all && dnf config-manager --enable ol9_codeready_builder && dnf -y install oraclelinux-developer-release-el9 && dnf repolist && \
     yum -y install epel-release && \
     yum -y install libpcap && \
     yum -y install rpmrebuild && \
     yum -y install alien && \
-    yum -y install wget && \
+    yum -y install wget libnsl && \
 \
 for i in securityonion-samples_20121202-0ubuntu0securityonion4_all.deb securityonion-samples-bro_20170824-1ubuntu1securityonion3_all.deb securityonion-samples-markofu_20130522-0ubuntu0securityonion3_all.deb securityonion-samples-mta_20190514-1ubuntu1securityonion1_all.deb securityonion-samples-shellshock_20140926-0ubuntu0securityonion2_all.deb; do wget https://launchpad.net/~securityonion/+archive/ubuntu/stable/+files/$i; done && \
 \