securityonion-sostat: change wiki links to docs Security-Onion-Soluti…

…ons/security-onion#1454

bin/sostat

@@ -387,8 +387,6 @@ if [ "$ELSA" = "YES" ]; then
         echo
         echo "ELSA Buffers in Queue:"
         ls -al /nsm/elsa/data/elsa/tmp/buffers/ | wc -l
-	echo "If this number is consistently higher than 20, please see:"
-	echo "https://github.com/Security-Onion-Solutions/security-onion/wiki/FAQ#why-does-sostat-show-a-high-number-of-elsa-buffers-in-queue"
         echo
         echo "ELSA Directory Sizes:"
         du --max-depth=0 -h /nsm/elsa/data /var/lib/mysql/syslog /var/lib/mysql/syslog_data
@@ -462,8 +460,6 @@ if [ "$ELSA" = "YES" ]; then
 			echo
 			mysql --defaults-file=/etc/mysql/debian.cnf -Delsa_web -e 'select * from saved_results'
 			echo
-			echo "Try troubleshooting, using the steps provided here:"
-                        echo "https://github.com/Security-Onion-Solutions/security-onion/wiki/FAQ#why-does-sostat-show-high-loadcpu-usage-and-large-number-of-perl-processes"
 		fi
 	fi
 fi
@@ -685,7 +681,7 @@ if [ -f /etc/timezone ] && ! grep "Etc/UTC" /etc/timezone >/dev/null 2>&1; then
 	header "Time Zone"
 	echo "WARNING! Timezone is NOT set to UTC!"
 	echo "Please see:"
-	echo "https://github.com/Security-Onion-Solutions/security-onion/wiki/TimeZones"
+	echo "https://securityonion.net/docs/TimeZones"
 fi
 
 FILE="/etc/os-release"

bin/sostat-quick

@@ -65,7 +65,7 @@ header_single "                        Security Onion Quick Compliance Check v1.
 
 echo "Collecting Security Onion Setup ...."
 echo -e "\nPlease be patient as this can take a few minutes to complete ...."
-echo "${yellow}The Security Onion Wiki can be referenced at https://github.com/Security-Onion-Solutions/security-onion/wiki${normal}"
+echo "${yellow}The Security Onion Documentation can be referenced at https://securityonion.net/docs${normal}"
 echo -e "\nNow that your Security Onion Installation has been completed, you will now need to fine tune its settings to your Network Requirements"
 echo "Fine Tuning will take several weeks of your time, however; in the end it will provide you with all of the tools to protect your network environment."
 echo -e "\nThis 'Quick' report will help to identify the ${red}' Most Common ' ${normal}issues and is not intended to be a ' Complete ' report of your installation. "
@@ -100,27 +100,27 @@ echo "$data" | grep -A 28 'PID USER'
 next
 
 
-header_top "The Server/Sensor memory is listed below. Please compare to the Wiki recommended specs."
+header_top "The Server/Sensor memory is listed below. Please compare to the recommended specs at https://securityonion.net/docs/Hardware."
 header_mid "If you are maxing out the SO Installations memory, this can cause significant issues with your installation."
 header_mid "Usage of SWAP memory can cause significant performance issues"
-url_bot "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/Hardware"
+url_bot "Help URL: https://securityonion.net/docs/Hardware"
 echo
 echo "$data" | grep 'Mem:'
 echo "$data" | grep 'Swap:'
 next
 
 
 header_top "Check to see the you have sufficent Hard Drive Space"
-url_top "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/FAQ   ${normal}' Why is my disk filling up? '${yellow}"
-url_bot "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/Hardware"
+url_top "Help URL: https://securityonion.net/docs/FAQ   ${normal}' Why is my disk filling up? '${yellow}"
+url_bot "Help URL: https://securityonion.net/docs/Hardware"
 echo
 df -h
 next
 
 header_top "Check Link Statistics"
 header_mid "Look at the interfaces below to see if you are getting traffic on your monitoring interfaces"
 header_mid "You can also run ${normal}' tcpdump -nnvvAi {monitoring interface address} '${red}, To help diagnose network issues."
-url_bot "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/NetworkConfiguration"
+url_bot "Help URL: https://securityonion.net/docs/NetworkConfiguration"
 echo
 ip -s -s link
 next
@@ -130,7 +130,7 @@ header_top "If The number of enabled rules is over 12,000, You should consider d
 header_mid "Too many rules enabled and can lead to performance issues.  You should disable any rules you don't need."
 header_mid "If you do not see any ${normal}' Enabled Rules '${red}, you can run ${normal}' sudo rule-update '${red}"
 header_mid "If you receive a '504' error on sudo rule-update, it could be an issue with the SNORT website or an oinkcode issue."
-url_bot "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/ManagingAlerts"
+url_bot "Help URL: https://securityonion.net/docs/ManagingAlerts"
 echo
 echo "$data" | grep -m 1 'Enabled Rules:'
 next
@@ -155,7 +155,7 @@ header_mid "  lower your uncategorized events in sguild with the following comma
 header_mid "* If you suppressed in threshold.conf correctly and restarted services but the events kept coming in, it's possible that barnyard2 was still"
 header_mid "  processing a backlog of events that would've stopped whenever barnyard2 was fully caught up."
 
-url_top "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/ManagingAlerts"
+url_top "Help URL: https://securityonion.net/docs/ManagingAlerts"
 url_bot "Help URL: http://taosecurity.blogspot.com/2013/02/recovering-from-suricata-gone-wild.html"
 echo
 echo "$data" | grep -A 1 COUNT
@@ -177,7 +177,7 @@ header_top "Check to see if Snort/Suricata is dropping traffic"
 header_mid "If you are seeing packet drops, this can be related to several possibilities."
 header_mid "Underpowered Box (CPU and/or Memory), Failed Services, Too many Enabled Rules and several others..."
 header_mid "Follow all of the comments/recommendations in this report to determine the root cause."
-url_bot "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/ManagingAlerts"
+url_bot "Help URL: https://securityonion.net/docs/ManagingAlerts"
 echo
 if [ "$ENGINE" = "suricata" ]; then
         for i in /nsm/sensor_data/*/stats.log; do
@@ -219,7 +219,7 @@ header_mid "The default firewall configuration tool for Ubuntu is ufw. By defaul
 header_mid "You may want to restrict ports to only accepting connections from a subset of IP addresses."
 header_mid "NOTE! Before attempting any firewall changes, you should always ensure you have a backup plan should you accidentally block your own connection."
 header_mid "So make sure that you have DRAC/KVM/physical or some other form of access."
-url_bot "https://github.com/Security-Onion-Solutions/security-onion/wiki/Firewall"
+url_bot "https://securityonion.net/docs/Firewall"
 echo "First 28 lines of UFW are shown. If you have more than 28 lines in UFW, please run ${red}' sudo ufw status '${normal} after this report for a complete output."
 sudo ufw status | head -n 28
 next

bin/soup

@@ -135,7 +135,7 @@ if [ $SKIP -ne 1 ]; then
 	echo
 	echo "Please review the following for more information"
 	echo "about the update process and recent updates:"
-	echo "https://securityonion.net/wiki/Upgrade"
+	echo "https://securityonion.net/docs/Upgrade"
 	echo "https://blog.securityonion.net"
 	echo
 	echo "If you're running a distributed deployment, please run soup"

debian/changelog

@@ -1,3 +1,9 @@
+securityonion-sostat (20120722-0ubuntu0securityonion121) xenial; urgency=medium
+
+  * securityonion-sostat: change wiki links to docs Security-Onion-Solutions/security-onion#1454 
+
+ -- Doug Burks <[email protected]>  Sat, 16 Feb 2019 08:11:13 -0500
+
 securityonion-sostat (20120722-0ubuntu0securityonion120) xenial; urgency=medium
 
   * soup: node checking master for updates fails if master has 1 update Security-Onion-Solutions/security-onion#1434 

debian/patches/securityonion-sostat:-change-wiki-links-to-docs-Security-Onion-Solutionssecurity-onion#1454

@@ -0,0 +1,145 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-sostat (20120722-0ubuntu0securityonion121) xenial; urgency=medium
+ .
+   * securityonion-sostat: change wiki links to docs Security-Onion-Solutions/security-onion#1454
+Author: Doug Burks <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-sostat-20120722.orig/bin/sostat
++++ securityonion-sostat-20120722/bin/sostat
+@@ -387,8 +387,6 @@ if [ "$ELSA" = "YES" ]; then
+         echo
+         echo "ELSA Buffers in Queue:"
+         ls -al /nsm/elsa/data/elsa/tmp/buffers/ | wc -l
+-	echo "If this number is consistently higher than 20, please see:"
+-	echo "https://github.com/Security-Onion-Solutions/security-onion/wiki/FAQ#why-does-sostat-show-a-high-number-of-elsa-buffers-in-queue"
+         echo
+         echo "ELSA Directory Sizes:"
+         du --max-depth=0 -h /nsm/elsa/data /var/lib/mysql/syslog /var/lib/mysql/syslog_data
+@@ -462,8 +460,6 @@ if [ "$ELSA" = "YES" ]; then
+ 			echo
+ 			mysql --defaults-file=/etc/mysql/debian.cnf -Delsa_web -e 'select * from saved_results'
+ 			echo
+-			echo "Try troubleshooting, using the steps provided here:"
+-                        echo "https://github.com/Security-Onion-Solutions/security-onion/wiki/FAQ#why-does-sostat-show-high-loadcpu-usage-and-large-number-of-perl-processes"
+ 		fi
+ 	fi
+ fi
+@@ -685,7 +681,7 @@ if [ -f /etc/timezone ] && ! grep "Etc/U
+ 	header "Time Zone"
+ 	echo "WARNING! Timezone is NOT set to UTC!"
+ 	echo "Please see:"
+-	echo "https://github.com/Security-Onion-Solutions/security-onion/wiki/TimeZones"
++	echo "https://securityonion.net/docs/TimeZones"
+ fi
+
+ FILE="/etc/os-release"
+--- securityonion-sostat-20120722.orig/bin/sostat-quick
++++ securityonion-sostat-20120722/bin/sostat-quick
+@@ -65,7 +65,7 @@ header_single "                        S
+
+ echo "Collecting Security Onion Setup ...."
+ echo -e "\nPlease be patient as this can take a few minutes to complete ...."
+-echo "${yellow}The Security Onion Wiki can be referenced at https://github.com/Security-Onion-Solutions/security-onion/wiki${normal}"
++echo "${yellow}The Security Onion Documentation can be referenced at https://securityonion.net/docs${normal}"
+ echo -e "\nNow that your Security Onion Installation has been completed, you will now need to fine tune its settings to your Network Requirements"
+ echo "Fine Tuning will take several weeks of your time, however; in the end it will provide you with all of the tools to protect your network environment."
+ echo -e "\nThis 'Quick' report will help to identify the ${red}' Most Common ' ${normal}issues and is not intended to be a ' Complete ' report of your installation. "
+@@ -100,10 +100,10 @@ echo "$data" | grep -A 28 'PID USER'
+ next
+
+
+-header_top "The Server/Sensor memory is listed below. Please compare to the Wiki recommended specs."
++header_top "The Server/Sensor memory is listed below. Please compare to the recommended specs at https://securityonion.net/docs/Hardware."
+ header_mid "If you are maxing out the SO Installations memory, this can cause significant issues with your installation."
+ header_mid "Usage of SWAP memory can cause significant performance issues"
+-url_bot "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/Hardware"
++url_bot "Help URL: https://securityonion.net/docs/Hardware"
+ echo
+ echo "$data" | grep 'Mem:'
+ echo "$data" | grep 'Swap:'
+@@ -111,8 +111,8 @@ next
+
+
+ header_top "Check to see the you have sufficent Hard Drive Space"
+-url_top "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/FAQ   ${normal}' Why is my disk filling up? '${yellow}"
+-url_bot "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/Hardware"
++url_top "Help URL: https://securityonion.net/docs/FAQ   ${normal}' Why is my disk filling up? '${yellow}"
++url_bot "Help URL: https://securityonion.net/docs/Hardware"
+ echo
+ df -h
+ next
+@@ -120,7 +120,7 @@ next
+ header_top "Check Link Statistics"
+ header_mid "Look at the interfaces below to see if you are getting traffic on your monitoring interfaces"
+ header_mid "You can also run ${normal}' tcpdump -nnvvAi {monitoring interface address} '${red}, To help diagnose network issues."
+-url_bot "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/NetworkConfiguration"
++url_bot "Help URL: https://securityonion.net/docs/NetworkConfiguration"
+ echo
+ ip -s -s link
+ next
+@@ -130,7 +130,7 @@ header_top "If The number of enabled rul
+ header_mid "Too many rules enabled and can lead to performance issues.  You should disable any rules you don't need."
+ header_mid "If you do not see any ${normal}' Enabled Rules '${red}, you can run ${normal}' sudo rule-update '${red}"
+ header_mid "If you receive a '504' error on sudo rule-update, it could be an issue with the SNORT website or an oinkcode issue."
+-url_bot "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/ManagingAlerts"
++url_bot "Help URL: https://securityonion.net/docs/ManagingAlerts"
+ echo
+ echo "$data" | grep -m 1 'Enabled Rules:'
+ next
+@@ -155,7 +155,7 @@ header_mid "  lower your uncategorized e
+ header_mid "* If you suppressed in threshold.conf correctly and restarted services but the events kept coming in, it's possible that barnyard2 was still"
+ header_mid "  processing a backlog of events that would've stopped whenever barnyard2 was fully caught up."
+
+-url_top "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/ManagingAlerts"
++url_top "Help URL: https://securityonion.net/docs/ManagingAlerts"
+ url_bot "Help URL: http://taosecurity.blogspot.com/2013/02/recovering-from-suricata-gone-wild.html"
+ echo
+ echo "$data" | grep -A 1 COUNT
+@@ -177,7 +177,7 @@ header_top "Check to see if Snort/Surica
+ header_mid "If you are seeing packet drops, this can be related to several possibilities."
+ header_mid "Underpowered Box (CPU and/or Memory), Failed Services, Too many Enabled Rules and several others..."
+ header_mid "Follow all of the comments/recommendations in this report to determine the root cause."
+-url_bot "Help URL: https://github.com/Security-Onion-Solutions/security-onion/wiki/ManagingAlerts"
++url_bot "Help URL: https://securityonion.net/docs/ManagingAlerts"
+ echo
+ if [ "$ENGINE" = "suricata" ]; then
+         for i in /nsm/sensor_data/*/stats.log; do
+@@ -219,7 +219,7 @@ header_mid "The default firewall configu
+ header_mid "You may want to restrict ports to only accepting connections from a subset of IP addresses."
+ header_mid "NOTE! Before attempting any firewall changes, you should always ensure you have a backup plan should you accidentally block your own connection."
+ header_mid "So make sure that you have DRAC/KVM/physical or some other form of access."
+-url_bot "https://github.com/Security-Onion-Solutions/security-onion/wiki/Firewall"
++url_bot "https://securityonion.net/docs/Firewall"
+ echo "First 28 lines of UFW are shown. If you have more than 28 lines in UFW, please run ${red}' sudo ufw status '${normal} after this report for a complete output."
+ sudo ufw status | head -n 28
+ next
+--- securityonion-sostat-20120722.orig/bin/soup
++++ securityonion-sostat-20120722/bin/soup
+@@ -135,7 +135,7 @@ if [ $SKIP -ne 1 ]; then
+ 	echo
+ 	echo "Please review the following for more information"
+ 	echo "about the update process and recent updates:"
+-	echo "https://securityonion.net/wiki/Upgrade"
++	echo "https://securityonion.net/docs/Upgrade"
+ 	echo "https://blog.securityonion.net"
+ 	echo
+ 	echo "If you're running a distributed deployment, please run soup"

debian/patches/series

@@ -115,3 +115,4 @@ soup:-create-etcaptapt.conf.d10periodic-Security-Onion-Solutionssecurity-onion#1
 soup:-output-reminder-to-update-remaining-boxes-in-deployment-Security-Onion-Solutionssecurity-onion#1424
 soup:-check-for-lock-Security-Onion-Solutionssecurity-onion#1428
 soup:-node-checking-master-for-updates-fails-if-master-has-1-update-Security-Onion-Solutionssecurity-onion#1434
+securityonion-sostat:-change-wiki-links-to-docs-Security-Onion-Solutionssecurity-onion#1454