updates sigs and testing instructions for 14.04.5.5

dougburks · dougburks · commit de605c34cb09 · 2017-11-26T16:26:35.000-05:00
diff --git a/checksums.txt b/checksums.txt
@@ -1,3 +1,8 @@
+14.04.5.5 ISO image
+md5sum 43f95d68b58952ece6e79fa8d7b96e5c
+sha1sum 3464b035a75444b169a28e17edb2dc6331c942d9
+sha256sum ea01b24acefa321fd0a1f05b6da3e320176ae39c7d9eaf9633f6a72a99510be9
+
 14.04.5.4 ISO image
 md5sum 9c7cab756b675beb10de4274a3ad3bc6
 sha1sum 329814d3326d30f2165f03031215d4cbd9cc2450
diff --git a/sigs/securityonion-14.04.5.5.iso.sig b/sigs/securityonion-14.04.5.5.iso.sig
diff --git a/testing/Verify_ISO_14.04.5.5.md b/testing/Verify_ISO_14.04.5.5.md
@@ -0,0 +1,65 @@
+### 14.04.5.5 ISO image built on 2017/11/26
+
+**Please note!** This ISO image includes the **EXPERIMENTAL** Elastic stack!
+
+The Elastic components are included in the ISO image and Setup gives you an option of Stable Setup (ELSA) or Experimental Setup (Elastic).  If you do not want to try the new Elastic stack, you can choose Stable Setup.  
+
+If you **do** want to proceed with the new 14.04.5.5 ISO image, please skip down to the "Download and Verify" section.  If you would prefer an ISO image with no Elastic components at all, you have a few options:
+
+- Use the older Security Onion 14.04.5.2 ISO image (and then run `sudo soup`):<br>
+https://github.com/Security-Onion-Solutions/security-onion/blob/master/old/Verify_ISO_14.04.5.2.md
+
+OR 
+
+- Install your preferred flavor of Ubuntu 14.04 and then add our PPA and packages:<br>
+https://github.com/Security-Onion-Solutions/security-onion/wiki/InstallingOnUbuntu
+
+### Download and Verify
+
+14.04.5.5 ISO image:  
+https://github.com/Security-Onion-Solutions/security-onion/releases/download/v14.04.5.5_20171126/securityonion-14.04.5.5.iso
+
+Signature for ISO image:  
+https://github.com/Security-Onion-Solutions/security-onion/raw/master/sigs/securityonion-14.04.5.5.iso.sig  
+
+Signing key:  
+https://raw.githubusercontent.com/Security-Onion-Solutions/security-onion/master/KEYS  
+
+For example, here are the steps you can use on most Linux distributions to download and verify our Security Onion ISO image.
+
+Download the signing key:  
+```
+wget https://raw.githubusercontent.com/Security-Onion-Solutions/security-onion/master/KEYS
+```
+
+Import the signing key:  
+```
+gpg --import KEYS
+```
+
+Download the signature file for the ISO:  
+```
+wget https://github.com/Security-Onion-Solutions/security-onion/raw/master/sigs/securityonion-14.04.5.5.iso.sig
+```
+
+Download the ISO image:  
+```
+wget https://github.com/Security-Onion-Solutions/security-onion/releases/download/v14.04.5.5_20171126/securityonion-14.04.5.5.iso
+```
+
+Verify the downloaded ISO image using the signature file:  
+```
+gpg --verify securityonion-14.04.5.5.iso.sig securityonion-14.04.5.5.iso
+```
+
+The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
+```
+gpg: Signature made Sun 26 Nov 2017 04:17:26 PM EST using RSA key ID ED6CF680
+gpg: Good signature from "Doug Burks <doug.burks@gmail.com>"
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg:          There is no indication that the signature belongs to the owner.
+Primary key fingerprint: BD56 2813 E345 A068 5FBB  91D3 788F 62F8 ED6C F680
+```
+
+Once you've verified the ISO image, you're ready to proceed to our Installation guide:  
+https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation
