Release 1.1.0 small (#60)

* Adding updates to troubleshooting to address the latest issues.

* Added Filtering.md to documents to discuss how to filter out unnessecary logs

* Change "activate selected" to "Enable"

* Changed "New - User Security" to "User Security" to reflect current dashboard name

* Updated dashboard count and location

* Adds a script to export dashboards

* Adding Compute Software Overview dashboard

* User HR Dashboard Ready for Review and Release

* Bump Elasticsearch Version

* Bump version in readme

* adding alert dashboard (#46)

Co-authored-by: Diabe <[email protected]>
Co-authored-by: Michael Reeves <[email protected]>

* Add a command to allow the execution of the winlogbeat.exe file (#38)

Co-authored-by: Clint Baxley <[email protected]>

* add process_explorer.ndjson file (#37)

Co-authored-by: root <[email protected]>
Co-authored-by: Connor <[email protected]>

* Creating Initial Draft of issue templates (#34)

* Creating Initial Draft of issue templates

Issue Templates to aid with docs_update

* Update bug-or-error-report.md

* Update bug-or-error-report.md

Minor typos

* Proofread bug-or-error-report.md, updated phrasing in some places

---------

Co-authored-by: Chad Poland <[email protected]>
Co-authored-by: Linda Waterhouse <[email protected]>
Co-authored-by: mitchelbaker-cisa <[email protected]>

* remove input controls and update filtering with Kibana Control filters for (hostname, process exe, process pid)

* Alert Dashboard review (#49)

* adding alert dashboard

* Create Alerting_dashboard.ndjson

* Rename Alerting_dasboard.ndjson to Alerting_dashboard.ndjson

* Rename Alerting_dashboard.ndjson to alert_dashboard.ndjson

* Delete dasboards directory

---------

Co-authored-by: Diabe <[email protected]>
Co-authored-by: Michael Reeves <[email protected]>

* Delete dasboards directory (#50)

* Update deploy.sh to debug issue #33

Add logging to indicate the script's progress and where it might be failing + introduce a maximum number of 60 attempts to check for Elasticsearch readiness, preventing the script from hanging indefinitely.

* Updates the dashboard menu and all of the dashboards that use it. (#53)

* Change the navigation menu to exclude the old home page and include the new dashboards.

* Delete the security dashboard home

---------

Co-authored-by: Clint Baxley <[email protected]>

* Lme update functionality (#30)

* adding updates to chapter3 for deploy.sh changes

* adding updates to dashboard and lme_update to log and run as better cron jobs

* adding in more notes to chapter3 on update functionality

* Added the following features to deploy.sh:
  - update function to add lme_upadte.sh and dashboard_update.sh to
    root's crontab
  - fixed final permissions so that /opt/lme is readable by `sudo` group
  - y/n on the uninstall options fixed
  - upgrade function updated to check for 1.0 version and only remove
    crontab in  upgrading from 0.5.1
  - usage function to print the usage

* fixing read/write on the files_for_windows.zip

* fixing backups permissions

* Update chapter3.md (#29)

* Update chapter3.md

Changed winlogbeat 8.5.0 link to one, that allows user to download not only zip, but also sha512 control sum and also choose between zip and MSI.

* Update chapter3.md

Changed Winlogbeat to 8.11.1

* Update the readmes to delete old dashboards and import new ones. (#54)

Co-authored-by: Clint Baxley <[email protected]>

* Update Uninstall_Sysmon64.ps1 (#27)

Check if Sysmon is installed, run the uninstall command with elevated privileges, and handle potential errors. 
Remove the Sysmon executable if the uninstallation is successful.

* Deploy upgrade 1.1.0 (#58)

* adding in upgrade command to go from 1.0 -> 1.1.0

* pushing upgrade notes

* adding updates to deploy.sh for upgrading 1.0 -> 1.1.0

* adding CONTRIBUTING.md,RELEASES.md, and Custom PR-Template (#41)

* adding Contribution and release documentation to help standardize these processes

* Update CONTRIBUTING.md

fixed typos.

* documenting PR template to standardize and streamline Pull Requests

* adding a few more changes

* adding formatting changes

* Rename pull_request_template.md to pull_request_template.md

Actually renamed directory PULL_REUQEST_TEMPLATE to PULL_REQUEST_TEMPLATE

---------

Co-authored-by: Linda Waterhouse <[email protected]>

* remove updates that break the installation process, need more refactoring/testing before we can push these changes

* Release 1.1.0 small updates (#61)

* updating deploy.sh with fixes that solve permissions issues and still provide security for files with plaintext passwords

* updating docs to state more accurate required disk sizes

---------

Co-authored-by: Alden Hilton <[email protected]>
Co-authored-by: Clint Baxley <[email protected]>
Co-authored-by: Connor Aubry <[email protected]>
Co-authored-by: Grant (SNL) <[email protected]>
Co-authored-by: Clint Baxley <[email protected]>
Co-authored-by: ddiabe <[email protected]>
Co-authored-by: Diabe <[email protected]>
Co-authored-by: mitchelbaker-cisa <[email protected]>
Co-authored-by: root <[email protected]>
Co-authored-by: Connor <[email protected]>
Co-authored-by: Chad Poland <[email protected]>
Co-authored-by: Linda Waterhouse <[email protected]>
Co-authored-by: mitchelbaker-cisa <[email protected]>
Co-authored-by: Dmytro Korzhevin <[email protected]>

.github/ISSUE_TEMPLATE/bug-or-error-report.md

@@ -0,0 +1,59 @@
+---
+name: Bug or Error report
+about: Report issues, mistakes, unsolvable, or unresolved errors to help improve the project
+title: "[BUG] ERROR YYYYY in step X.X"
+labels: bug
+assignees: ''
+
+---
+
+## **BEFORE CREATING THE ISSUE, CHECK THE FOLLOWING GUIDES**: 
+ - [ ] [FAQ](https://github.com/cisagov/LME/blob/main/docs/markdown/reference/faq.md)
+ - [ ] [Troubleshooting](https://github.com/cisagov/LME/blob/main/docs/markdown/reference/troubleshooting.md)
+ - [ ] Search current/closed issues for similar questions, and utilize github/google search to see if an answer exists for the error I'm encountering.  
+
+If the above did not answer your question, proceed with creating an issue below: 
+
+## Describe the bug
+A clear and concise description of what the bug is.
+
+## To Reproduce
+Steps to reproduce the behavior. These should be clear enough that our team can understand your running environment, software/operating system versions, and anything else we might need to debug the issue. 
+
+An example of a usable reproducible list are shown in these issues: [Issue 1](https://github.com/cisagov/LME/issues/15) [Issue 2](https://github.com/cisagov/LME/issues/19). 
+
+To increase the speed and relevance of the reply we suggest you list down debugging steps you have tried, as well as the following information:
+
+### Please complete the following information
+**Desktop:**
+ - OS: [e.g. Windows 10]
+ - Browser: [e.g. Firefox Version 104.0.1]
+ - Software version: [e.g. Sysmon v15.0, Winlogbeat 8.11.1]
+
+**Server:**
+- OS: [e.g. Ubuntu 22.04]
+- Software Versions:
+  - ELK: [e.g. 8.7.1]
+  - Docker: [e.g. 20.10.23, build 7155243]
+- The output of these commands: 
+```
+free -h
+df -h 
+uname -a 
+lsb_release -a
+```
+- Relevant container logs: 
+```
+for name in $(sudo docker ps -a --format '{{.Names}}'); do echo -e "\n\n\n-----------$name----------"; sudo docker logs $name | tail -n 20; done
+```
+Increase the number of lines if your issue is not present, or include a relevant log of the erroring container
+- Output of the relevant /var/log/cron_logs/ file
+
+## Expected behavior
+A clear and concise description of what you expected to happen.
+
+## Screenshots
+If applicable, add screenshots to help explain your problem.
+
+## Additional context
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/PULL_REQUEST_TEMPLATE/pull_request_template.md

@@ -0,0 +1,39 @@
+
+## 🗣 Description ##
+
+<!-- Describe the "what" of your changes in detail. -->
+
+### 💭 Motivation and context 
+
+<!-- Why is this change required? -->
+<!-- What problem does this change solve? How did you solve it? -->
+<!-- Mention any related issue(s) here using appropriate keywords such -->
+<!-- as "closes" or "resolves" to auto-close them on merge. -->
+
+### 📷 Screenshots (DELETE IF UNAPPLICABLE)
+
+## 🧪 Testing 
+
+<!-- How did you test your changes? How could someone else test this PR? -->
+<!-- Include details of your testing environment, and the tests you ran to -->
+<!-- see how your change affects other areas of the code, etc. -->
+
+## ✅ Pre-approval checklist ##
+
+- [ ] Changes are limited to a single goal **AND** 
+      the title reflects this in a clear human readable format
+- [ ] I have read and agree to LME's [CONTRIBUTING.md](https://github.com/cisagov/LME/CONTRIBUTING.md) document.
+- [ ] The PR adheres to LME's requirements in [RELEASES.md](https://github.com/cisagov/LME/RELEASES.md#steps-to-submit-a-PR)
+- [ ] These code changes follow [cisagov code standards](https://github.com/cisagov/development-guide).
+- [ ] All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
+
+## ✅ Pre-merge Checklist
+
+- [ ] All tests pass
+- [ ] PR has been tested and the documentation for testing is above
+
+## ✅ Post-merge Checklist
+
+- [ ] Squash all commits into one PR level commit 
+- [ ] Delete the branch to keep down number of branches
+

.gitignore

@@ -1,2 +1,17 @@
 *.pdf
 .DS_Store
+/.idea/
+/.vscode/
+/Chapter 4 Files/*.dumped.ndjson
+/Chapter 4 Files/exported/
+
+#created files should be ignored:
+Chapter 3 Files/certs/
+Chapter 3 Files/docker-compose-stack-live.yml
+Chapter 3 Files/logstash.edited.conf
+Chapter 3 Files/logstash_custom.conf
+LME/
+dashboard_update.sh
+files_for_windows.zip
+lme.conf
+lme_update.sh

CONTRIBUTING.md

@@ -0,0 +1,45 @@
+# Welcome #
+
+We're so glad you're thinking about contributing to this open-source project! If you're unsure or hesitant to make a recommendation, just ask, submit the issue, or pull request. The worst that can happen is that you'll be politely asked to change something. We appreciate any sort of contribution(s), and don't want a wall of rules to stifle innovation.
+
+Before contributing, we encourage you to read our CONTRIBUTING policy (you are here), our LICENSE, and our README, all of which are in this repository.
+
+## Issues 
+
+If you want to report a bug or request a new feature, the most direct method is to [create an issue](https://github.com/cisagov/development-guide/issues) in this repository.  
+We recommend that you first search through existing issues (both open and closed) to check if your particular issue has already been reported.  
+
+If it has then you might want to add a comment to the existing issue.  
+
+If it hasn't then feel free to create a new one. 
+
+Please follow the provided template and fill out all sections. We have a `BUG` and `FEATURE REQUEST` Template
+
+## Pull Requests (PR)
+
+If you choose to submit a pull request, it will be required to pass various sanity checks in our continuous integration (CI) pipeline, before we merge it. Your pull request may fail these checks, and that's OK. If you want you can stop there and wait for us to make the necessary corrections to ensure your code passes the CI checks, you're more than within your rights; however, it helps our team greatly if you fix the issues found by our CI pipeline. 
+
+Below are some loose requirements we'd like all PR's to follow. Our release process is documented in [Releases](releases.md).
+
+### Quality assurance and code reviews
+
+All PRs will be tested, vetted, and reviewed by our team before being merged with the main code base. All should be pull requested into whatever the upcoming release branch is. Find that by searching for the highest SEMVER `release-X.Y.Z` branch or following our release documentation.
+
+### Steps to submit a PR
+	- All PRs should request merges back into LME's *CLOSEST* Major or Minor upcoming release branch `release-X.Y.Z`. This will be viewable in the branch list on Github. You can also refer to our release documentation for guidance.
+  - If the PR corresponds to an issue we are already tracking on LME's public Github [project](https://github.com/orgs/cisagov/projects/68), please comment the PR in the issue, and we will update the issue. 
+  - If the PR does not have an issue, please add a comment at the top of the pull request describing the PR and how it fits into LME's project/code. If the PR follows our other requirements listed here, we'll add it into our public project linked previously.
+  - We'll work with you to mold it to our development goals/process, so your work can be merged into LME and your Github profile gets credit for the contributions. 
+  - Before merging we request that all commits be squashed into one commit. This way your changes to the repository are tracked, but our `git log` history does not rapidly expand. 
+  - Thanks for wanting to submit and develop improvements for LME!!
+
+## Public domain 
+
+This project is in the public domain within the United States, and
+copyright and related rights in the work worldwide are waived through
+the [CC0 1.0 Universal public domain
+dedication](https://creativecommons.org/publicdomain/zero/1.0/).
+
+All contributions to this project will be released under the CC0
+dedication. By submitting a pull request, you are agreeing to comply
+with this waiver of copyright interest.

Chapter 3 Files/.gitignore

@@ -0,0 +1 @@
+*-live.*