Wednesday, July 20, 2016

Suricata 3.1.1 now available for Security Onion!

Suricata 3.1.1 was recently released:
https://suricata-ids.org/2016/07/13/suricata-3-1-1-released/

I've packaged it and the following package is now available:
securityonion-suricata - 3.1.1-1ubuntu1securityonion1

This new package should resolve the following issue:

Issue 945: Suricata 3.1.1
https://github.com/Security-Onion-Solutions/security-onion/issues/945

This packages has been tested by Wes Lambert.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your snort.conf file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Snort 2.9.8.3 now available for Security Onion!

Snort 2.9.8.3 was recently released:
http://blog.snort.org/2016/06/snort-2983-has-been-released.html

I've packaged it and the following packages are now available:
securityonion-snort 2.9.8.3-1ubuntu1securityonion1
securityonion-daq 2.0.6-0ubuntu0securityonion5

These new packages should resolve the following issue:

Issue 946: Snort 2.9.8.3
https://github.com/Security-Onion-Solutions/security-onion/issues/946

These packages have been tested by Wes Lambert.  Thanks, Wes!

Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing snort.conf files to snort.conf.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your snort.conf file(s)
  • update ruleset and restart Snort as follows:
    sudo rule-update

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

PF_RING 6.4.1 now available for Security Onion!

PF_RING 6.4.1 was recently released:
http://www.ntop.org/pf_ring/pf_ring-6-4-just-released/
https://github.com/ntop/PF_RING/releases

I've packaged PF_RING 6.4.1 and backported some fixes for recent Ubuntu kernels:
https://github.com/ntop/PF_RING/commit/f5fbb56f70a737399f62300bbbfae3bc5adbcbe9
https://github.com/ntop/PF_RING/commit/0e4738d563cbb39e1ce88c116278a390ccc6d0a7
https://github.com/ntop/PF_RING/commit/e40b06114251cfa8f4a5713eb25a9c8a0ef98308
https://github.com/ntop/PF_RING/commit/7677ce2961c6ceab96824460c471ea3c2e3f4f56

The following packages are now available:
securityonion-pfring-daq 20121107-0ubuntu0securityonion13
securityonion-pfring-devel 20121107-0ubuntu0securityonion10
securityonion-pfring-ld 20120827-0ubuntu0securityonion10
securityonion-pfring-module 20121107-0ubuntu0securityonion28
securityonion-pfring-userland 20160708-1ubuntu1securityonion1

These new packages should resolve the following issue:

Issue 941: PF_RING 6.4.1
https://github.com/Security-Onion-Solutions/security-onion/issues/941

These packages have been tested by Wes Lambert.  Thanks, Wes!

Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, July 19, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion138 resolves several issues

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion138 is now available and should resolve the following issues:

Issue 944: NSM: backup scripts should not prompt when run with --force-yes
https://github.com/Security-Onion-Solutions/security-onion/issues/944

Issue 561: NSM: nsm_server_backup-config should check FORCE_YES
https://github.com/Security-Onion-Solutions/security-onion/issues/561

Issue 937: NSM: remove sguild DEBUG 1 from postinst
https://github.com/Security-Onion-Solutions/security-onion/issues/937

Issue 943: NSM: add nsm_server_user-list
https://github.com/Security-Onion-Solutions/security-onion/issues/943

This package has been tested by Phil Plantamura and Wes Lambert.  Thanks!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, July 18, 2016

securityonion-setup - 20120912-0ubuntu0securityonion222 resolves several issues

Wes Lambert submitted some Pull Requests for Setup.  Thanks, Wes!

I've packaged Wes's changes and securityonion-setup - 20120912-0ubuntu0securityonion222 should resolve the following issues:

Issue 925: Setup: ask user for MTU of sniffing interface(s) and allow VLAN tags
https://github.com/Security-Onion-Solutions/security-onion/issues/925

Issue 926: Setup: ask user for HOME_NET
https://github.com/Security-Onion-Solutions/security-onion/issues/926

Issue 948: Setup: configure email
https://github.com/Security-Onion-Solutions/security-onion/issues/948

Issue 949: Setup: change http links to https
https://github.com/Security-Onion-Solutions/security-onion/issues/949

Issue 953: Setup: change "Emerging Threats GPL" to "Emerging Threats Open"
https://github.com/Security-Onion-Solutions/security-onion/issues/953

Issue 955: Setup: Nonstandard interface names not being detected
https://github.com/Security-Onion-Solutions/security-onion/issues/955

Issue 304: Setup: support unique interface names
https://github.com/Security-Onion-Solutions/security-onion/issues/304

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Security Onion Remote Training

Last week's Security Onion online training went very well.  For those of you who missed it and would like to purchase access to the recordings, please see:
https://securityonionsolutions.com/ondemandtraining

The next round of online training sessions will be held Monday September 12 through Thursday September 15.  For more information and to register, please see:
https://securityonionsolutions.com/onlinetraining

Thursday, July 7, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion57 resolves two issues

Wes Lambert submitted some Pull Requests for sostat.  Thanks, Wes!

I've packaged Wes's changes and securityonion-sostat - 20120722-0ubuntu0securityonion57 should resolve the following issues:

Issue 951: sostat: group packet loss stats into one section
https://github.com/Security-Onion-Solutions/security-onion/issues/951

Issue 960: sostat: output when current monitoring interval has not completed
https://github.com/Security-Onion-Solutions/security-onion/issues/960

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes is next week!
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, July 6, 2016

securityonion-capme - 20121213-0ubuntu0securityonion60 resolves an issue

Wes Lambert submitted a patch for CapMe to resolve an issue (thanks, Wes!):

Issue 956: CapMe: only close transcript when 'close' button is clicked
https://github.com/Security-Onion-Solutions/security-onion/issues/956

I've updated the following package:

securityonion-capme - 20121213-0ubuntu0securityonion60

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes is next week!
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, July 4, 2016

securityonion-web-page - 20141015-0ubuntu0securityonion60 resolves 2 issues

I've updated the following package:

securityonion-web-page - 20141015-0ubuntu0securityonion60

It should resolve the following issues:

Issue 952: securityonion-web-page: add FTP Data query to FTP category:
https://github.com/Security-Onion-Solutions/security-onion/issues/952

With the current FTP queries in ELSA, if you pivot to full packet capture, you only see the FTP control channel (you don't see actual files being transferred).  This update add a new query to the FTP category to help users to find the FTP data channel where files are actually transferred.

Issue 957: securityonion-web-page: change public site hyperlinks to https
https://github.com/Security-Onion-Solutions/security-onion/issues/957

Our public websites for the Security Onion project and for Security Onion Solutions now default to https, so we're changing all hyperlinks from http to https.

Wes Lambert tested this package.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes is next week!
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, June 13, 2016

Security Onion 14.04.4.2 ISO image now available!

We have a new Security Onion 14.04.4.2 ISO image now available that contains all the latest Ubuntu and Security Onion updates as of June 6, 2016!

This resolves the following issue:

Issue 913: 14.04.4.2 ISO image
https://github.com/Security-Onion-Solutions/security-onion/issues/913

This new ISO image has been tested by the following (thanks!):
Wes Lambert
Phil Plantamura

New Users
I've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Please remember to verify the signature of the downloaded ISO image using the instructions on that page.

Existing Deployments
If you have existing installations based on a previous 14.04 ISO image, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Security-Onion-14.04-Release-Notes

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes will be in July:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Phil Plantamura has joined Security Onion Solutions LLC as COO

I'm very pleased to announce that Phil Plantamura is starting at Security Onion Solutions LLC today as Chief Operating Officer!



Monday, June 6, 2016

New CapMe and Squert packages resolve several issues

I've updated the following packages:

securityonion-capme - 20121213-0ubuntu0securityonion59
securityonion-squert - 20141015-0ubuntu0securityonion15

These new packages should resolve the following issues:

Issue 871: CapMe: add session support to avoid re-authenticating every time
https://github.com/Security-Onion-Solutions/security-onion/issues/871

Issue 930: CapMe: increase memory limit
https://github.com/Security-Onion-Solutions/security-onion/issues/930

Issue 933: CapMe: handle inactive/failed pcap_agents more gracefully
https://github.com/Security-Onion-Solutions/security-onion/issues/933

Issue 927: CapMe: Handle pcaps that generate no p0f output
https://github.com/Security-Onion-Solutions/security-onion/issues/927

Issue 934: CapMe: subdirectories should redirect to main page
https://github.com/Security-Onion-Solutions/security-onion/issues/934

Issue 935: CapMe: improve input validation on stime and etime variables
https://github.com/Security-Onion-Solutions/security-onion/issues/935

Issue 936: CapMe: replace include_once with require_once
https://github.com/Security-Onion-Solutions/security-onion/issues/936

Issue 867: Squert: pivot to CapMe for pcap
https://github.com/Security-Onion-Solutions/security-onion/issues/867

Issue 929: Squert: update mysql call in scripts
https://github.com/Security-Onion-Solutions/security-onion/issues/929

Wes Lambert tested these packages.  Thanks, Wes!

Screenshots

capME now includes session support

Updating
Thess packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes will be in July:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Thursday, June 2, 2016

securityonion-elsa-extras - 20151011-1ubuntu1securityonion32 resolves an issue

I've updated the following package:

securityonion-elsa-extras - 20151011-1ubuntu1securityonion32

It should resolve the following issue:

Issue 908: securityonion-elsa-extras: add securityonion-elsa-reset script
https://github.com/Security-Onion-Solutions/security-onion/issues/908

Wes Lambert tested this package.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes will be in July:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion134 resolves an issue

I've updated the following package:

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion134

It should resolve the following issue:

Issue 931: nsm_sensor_backup-data missing leading slash in directory
https://github.com/Security-Onion-Solutions/security-onion/issues/931

Wes Lambert tested this package.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes will be in July:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, June 1, 2016

securityonion-setup - 20120912-0ubuntu0securityonion215 resolves 3 issues

Wes Lambert submitted two pull requests and I've updated the following package:

securityonion-setup - 20120912-0ubuntu0securityonion215

It should resolve the following issues:

Issue 919: Setup: check minimum RAM requirements
https://github.com/Security-Onion-Solutions/security-onion/issues/919

Issue 923: Setup: warn user if they disable full packet capture
https://github.com/Security-Onion-Solutions/security-onion/issues/923

Issue 932: Setup: consistently apply title to all zenity windows
https://github.com/Security-Onion-Solutions/security-onion/issues/932

Wes Lambert tested this package.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes will be in July:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, May 25, 2016

securityonion-capme - 20121213-0ubuntu0securityonion47 resolves 5 issues

I've updated the following package:

securityonion-capme - 20121213-0ubuntu0securityonion47

This package should resolve the following issues:

Issue 736: CapMe: Debug information occasionally gets rendered inside the transcript
https://github.com/Security-Onion-Solutions/security-onion/issues/736

Issue 738: CapMe: handle large pcaps more gracefully
https://github.com/Security-Onion-Solutions/security-onion/issues/738

Issue 916: CapMe: Check for gzip encoding and automatically switch to Bro transcript
https://github.com/Security-Onion-Solutions/security-onion/issues/916

Issue 922: CapMe: Handle sguild failure more gracefully
https://github.com/Security-Onion-Solutions/security-onion/issues/922

Issue 493: CapMe: send credentials interactively to avoid exposing on command line
https://github.com/Security-Onion-Solutions/security-onion/issues/493

Wes Lambert and Robert Bardo tested this package.  Thanks, guys!

Screenshots


The CapMe submission form now includes a new field called Max Xscript Bytes (which defaults to 500,000) and the default Output option is now "auto".

With Output set to "auto", CapMe will check for gzip encoding and, if found, will automatically switch to the Bro transcript to decode the gzip. 

If the transcript is larger than the Max Xscript Bytes setting (500,000 bytes by default), CapMe will display this at the bottom of the transcript.

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes will be in July:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, May 23, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion133 resolves an issue

I've updated the following package:

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion133

This package should resolve the following issue:

Issue 924: NSM: set DEBUG 1 in /etc/sguild/sguild.conf
https://github.com/Security-Onion-Solutions/security-onion/issues/924

Wes Lambert tested this package.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes will be in July:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Next Round of Security Onion Online Training Sessions - July 11 through July 14

The next round of online training sessions will be held Monday July 11 through Thursday July 14!

For more information and to register, please see:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Tuesday, May 17, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion53 resolves an issue

I've updated the following package:

securityonion-sostat - 20120722-0ubuntu0securityonion53

This package should resolve the following issue:

securityonion-sostat: mysql calls should use --defaults-file
https://github.com/Security-Onion-Solutions/security-onion/issues/915

Wes Lambert tested this package.  Thanks, Wes!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Online classes are running this week!
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, May 16, 2016

New rule-update, setup, and squert-cron packages resolve 9 issues

I've updated the following packages:

securityonion-rule-update - 20151201-1ubuntu1securityonion6
securityonion-setup - 20120912-0ubuntu0securityonion212
securityonion-squert-cron - 20120722-0ubuntu0securityonion9

These packages should resolve the following issues:

Issue 906: sosetup.conf: allow passwords with special characters
https://github.com/Security-Onion-Solutions/security-onion/issues/906

Issue 907: sosetup-fix-ppconf duplicating Snort community ruleset entries
https://github.com/Security-Onion-Solutions/security-onion/issues/907

Issue 904: Setup should run pulledpork and squert-ip2c as limited user
https://github.com/Security-Onion-Solutions/security-onion/issues/904

Issue 914: securityonion-setup: mysql calls should use --defaults-file
https://github.com/Security-Onion-Solutions/security-onion/issues/914

Issue 909: securityonion-rule-update: ensure barnyard/IDS are running before restarting
https://github.com/Security-Onion-Solutions/security-onion/issues/909

Issue 911: securityonion-rule-update: add cron option to force delay
https://github.com/Security-Onion-Solutions/security-onion/issues/911

Issue 918: securityonion-rule-update: cron delay should be at least 10 minutes
https://github.com/Security-Onion-Solutions/security-onion/issues/918

Issue 910: securityonion-squert-cron: add cron option to force delay
https://github.com/Security-Onion-Solutions/security-onion/issues/910

Issue 917: securityonion-squert-cron: cron delay should be at least 10 minutes
https://github.com/Security-Onion-Solutions/security-onion/issues/917

Wes Lambert tested these packages.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Online classes start today!
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, May 9, 2016

securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion8 resolves an issue with ELSA Dashboard GeoIP mapping

Martin Holste committed some fixes for ELSA dashboard maps recently:
https://github.com/mcholste/elsa/commit/1566d32054cb886a404c68fb6db8d5420d0f85b3

I've built new ELSA packages with all the latest fixes:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion8
securityonion-elsa-extras - 20151011-1ubuntu1securityonion30

These packages should resolve the following issue:

ELSA: Improve dashboard map shading #864
https://github.com/Security-Onion-Solutions/security-onion/issues/864

Wes Lambert tested these packages.  Thanks, Wes!

You can build an ELSA GeoIP dashboard as shown here:
http://blog.securityonion.net/2016/02/securityonion-elsa-1205chartsjsd3.html



Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is next week!
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Thursday, April 28, 2016

securityonion-squert-cron - 20120722-0ubuntu0securityonion6 resolves 3 issues

securityonion-squert-cron - 20120722-0ubuntu0securityonion6 is now available and should resolve the following issues:

Issue 890: Squert ip2c cron job should sleep a random number of minutes
https://github.com/Security-Onion-Solutions/security-onion/issues/890

Issue 899: Squert ip2c cron job should run as a non-root user
https://github.com/Security-Onion-Solutions/security-onion/issues/899

Issue 903: Squert ip2c cron job should log to a log file
https://github.com/Security-Onion-Solutions/security-onion/issues/903

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, April 27, 2016

securityonion-setup - 20120912-0ubuntu0securityonion207 adds more debug info and input validation

Wes Lambert submitted a Pull Request to add additional debug info and input validation:
https://github.com/Security-Onion-Solutions/securityonion-setup/pull/11

I've merged this Pull Request and created a new package:
securityonion-setup - 20120912-0ubuntu0securityonion207

This package should resolve the following issue:
https://github.com/Security-Onion-Solutions/security-onion/issues/902

James Taylor tested this package.  Thanks, James!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, April 26, 2016

New ELSA packages resolve 2 issues

Martin Holste committed some fixes for ELSA email recently:
https://github.com/mcholste/elsa/commit/d6b57293ea2d83d35fc530e8d8071539013b3469
https://github.com/mcholste/elsa/commit/9ea0a9d6ed589297094b97c514f29e20eab0c567
https://github.com/mcholste/elsa/commit/6ad7966897a6c18573788d657cc6e28147dc9880

I've built a new ELSA package with all the latest fixes:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion7

Also, Harvii submitted a pull request to remove a non-ASCII character from securityonion-elsa-reset-archive:
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/16

I've merged the pull request and the new package is as follows:
securityonion-elsa-extras - 20151011-1ubuntu1securityonion28

These packages should resolve the following issues:

Issue 881: ELSA: remove non-ascii character from securityonion-elsa-reset-archive
https://github.com/Security-Onion-Solutions/security-onion/issues/881

Issue 882: ELSA: fix email
https://github.com/Security-Onion-Solutions/security-onion/issues/882

Wes Lambert tested these packages.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, April 25, 2016

Suricata 3.0.1 now available for Security Onion!

Suricata 3.0.1 was recently released:
https://suricata-ids.org/2016/04/04/suricata-3-0-1-released/

I've packaged Suricata 3.0.1 and the new package version is:
securityonion-suricata - 3.0.1-1ubuntu1securityonion1

This resolves the following issue:

Issue 896: Suricata 3.0.1
https://github.com/Security-Onion-Solutions/security-onion/issues/896

Wes Lambert and wingmanjt tested this package.  Thanks, guys!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your snort.conf file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Snort 2.9.8.2 now available for Security Onion!

Snort 2.9.8.2 was recently released:
http://blog.snort.org/2016/03/snort-2982-has-been-released.html

I've packaged Snort 2.9.8.2 and the new package version is as follows:
securityonion-snort - 2.9.8.2-1ubuntu1securityonion1

This resolves the following issue:

Issue 893: Snort 2.9.8.2
https://github.com/Security-Onion-Solutions/security-onion/issues/893

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing snort.conf files to snort.conf.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your snort.conf file(s)
  • update ruleset and restart Snort as follows:
    sudo rule-update

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Tuesday, April 12, 2016

securityonion-rule-update - 20151201-1ubuntu1securityonion2 resolves an issue

David J. Bianco found an issue in the securityonion-rule-update package and submitted a Pull Request.  Thanks, David!

I merged the Pull Request and built a new package.  securityonion-rule-update - 20151201-1ubuntu1securityonion2 is now available and should resolve the following issue:

securityonion-rule-update: avoid su error #892
https://github.com/Security-Onion-Solutions/security-onion/issues/892

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is in May:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Monday, April 11, 2016

securityonion-setup - 20120912-0ubuntu0securityonion206 resolves two issues

securityonion-setup - 20120912-0ubuntu0securityonion206 is now available and should resolve the following issues:

Issue 891: Setup: fix errors when sensors add firewall rules
https://github.com/Security-Onion-Solutions/security-onion/issues/891

Issue 894: Setup: remove old keyring files
https://github.com/Security-Onion-Solutions/security-onion/issues/894

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
We have an upcoming online class in May:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Monday, March 28, 2016

Security Onion 14.04.4.1 ISO image now available!

We have a new Security Onion 14.04.4.1 ISO image now available that contains all the latest Ubuntu and Security Onion updates as of March 19, 2016!

This resolves the following issue:

14.04.4.1 ISO image #861
https://github.com/Security-Onion-Solutions/security-onion/issues/861

This new ISO image has been tested by the following (thanks!):
Wes Lambert
James Taylor
L.T. Easterly

New Users
I've updated the Verify_ISO page for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Please remember to verify the signature of the downloaded ISO image using the instructions on that page.

Existing Deployments
If you have existing installations based on a previous 14.04 ISO image, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Security-Onion-14.04-Release-Notes

Training
This new ISO image will be used in our upcoming online class in May:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Need Support?
If you have questions or problems, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Friday, March 18, 2016

Thursday, March 17, 2016

securityonion-setup - 20120912-0ubuntu0securityonion203 resolves an issue

securityonion-setup - 20120912-0ubuntu0securityonion203 is now available and should resolve the following issue:

Issue 876: Setup: division by 0 error on SNIFFING_INTERFACES
https://github.com/Security-Onion-Solutions/security-onion/issues/876

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion 301 is tomorrow:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Tuesday, March 15, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion132 resolves an issue

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion132 is now available and should resolve the following issue:

Issue 866: NSM: Squert object_mappings table has wrong permissions
https://github.com/Security-Onion-Solutions/security-onion/issues/866

This package was tested by Wes Lambert.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts tomorrow:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Monday, March 14, 2016

securityonion-setup - 20120912-0ubuntu0securityonion201 resolves four issues

securityonion-setup - 20120912-0ubuntu0securityonion201 is now available and should resolve the following issues:

Issue 865: Setup: only open port 22 in ufw firewall
https://github.com/Security-Onion-Solutions/security-onion/issues/865

Issue 860: Setup: disable noisy SURICATA events
https://github.com/Security-Onion-Solutions/security-onion/issues/860

Issue 735: Setup: Production Mode should automatically configure PF_RING instances based on number of CPU cores
https://github.com/Security-Onion-Solutions/security-onion/issues/735

Issue 874: Setup: add -w option to write out sosetup.conf file
https://github.com/Security-Onion-Solutions/security-onion/issues/874

This package was tested by Wes Lambert.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts tomorrow:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Thursday, March 10, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion52 resolves two issues

securityonion-sostat - 20120722-0ubuntu0securityonion52 is now available and should resolve the following issues:

Issue 785: sostat: show number of available updates
https://github.com/Security-Onion-Solutions/security-onion/issues/785

Issue 792: soup: add note about running on master server before running on sensor
https://github.com/Security-Onion-Solutions/security-onion/issues/792

Wes Lambert submitted pull requests for these changes and tested the resulting package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Wednesday, March 9, 2016

securityonion-pulledpork - 0.7.0-0ubuntu0securityonion6 resolves an issue

securityonion-pulledpork - 0.7.0-0ubuntu0securityonion6 is now available and should resolve the following issue:

Issue 832: pulledpork.pl refinement
https://github.com/Security-Onion-Solutions/security-onion/issues/832

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Security Onion Conference 2016 CFP

Security Onion Conference 2016 will be held in Augusta GA on Friday September 9 (please mark your calendar!).  This is the day before BSides Augusta, so you may want to plan on attending both:
http://bsidesaugusta.org

I'll publish more details about the Security Onion Conference as they are finalized.

We want to hear from you!

How are you...
...using Security Onion to fight evil?
...handling lots of traffic using Security Onion?
...integrating Security Onion with other technologies?
...automating common tasks with your own scripts?

Each talk should be 30 minutes with an additional 10 minutes for questions.

March 9 - CFP Open
June 1 - CFP Closed
July 1 - Speakers selected and notified
September 9 - Security Onion Conference

UPDATE 2016/06/02 - CFP is now closed!  Thanks to all who submitted!

UPDATE 2016/06/30 - Registration is now open and speaker lineup has been published!

https://securityonion.net/conference

Tuesday, March 8, 2016

Reminder: Upgrade from Security Onion 12.04 to 14.04

Security Onion 14.04 was released over one month ago:
http://blog.securityonion.net/2016/01/security-onion-140431-iso-image-now.html

The feedback has been overwhelmingly positive!

If you're still running the old Security Onion 12.04, you should start making plans to upgrade:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-12.04-to-14.04

securityonion-capme - 20121213-0ubuntu0securityonion35 resolves an issue

securityonion-capme - 20121213-0ubuntu0securityonion35 is now available and should resolve the following issue:

Issue 862: securityonion-capme: merge timestamp changes from Wes Lambert
https://github.com/Security-Onion-Solutions/security-onion/issues/862

Robert Bardo tested this package.  Thanks, Rob!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Friday, February 26, 2016

Next Round of Security Onion Online Training Sessions - March 15 through March 18

The next round of online training sessions will be held Tuesday March 15 through Friday March 18!

Please note that we'll be using the new Security Onion 14.04:
http://blog.securityonion.net/2016/01/security-onion-140431-iso-image-now.html

For more information and to register, please see:
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Friday, February 19, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion51 resolves two issues

securityonion-sostat - 20120722-0ubuntu0securityonion51 is now available and should resolve the following issues:

Issue 849: sostat: check timezone and warn if not UTC
https://github.com/Security-Onion-Solutions/security-onion/issues/849

Issue 858: sostat: check default_start_time_offset
https://github.com/Security-Onion-Solutions/security-onion/issues/858

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Thursday, February 18, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion130 resolves an issue

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion130 is now available and should resolve the following issue:

Issue 859: NSM: mkdir -p /var/run/nsm/ before trying to chown
https://github.com/Security-Onion-Solutions/security-onion/issues/859

Wes Lambert and Rob Bardo tested this package.  Thanks, guys!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Wednesday, February 17, 2016

Monday, February 15, 2016

Save the Date: Security Onion Conference 2016

Last year's Security Onion Conference was an overwhelming success!

This year's Security Onion Conference will be held in Augusta GA on Friday September 9 (please mark your calendar!).  This is the day before BSides Augusta, so you may want to plan on attending both:
http://bsidesaugusta.org

I'll publish more details about the Security Onion Conference as they are finalized.

PF_RING 6.2 now available for Security Onion 14.04

The following packages are now available for Security Onion 14.04:

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion129
securityonion-pfring-daq - 20121107-0ubuntu0securityonion12
securityonion-pfring-devel - 20121107-0ubuntu0securityonion9
securityonion-pfring-ld - 20120827-0ubuntu0securityonion9
securityonion-pfring-module - 20121107-0ubuntu0securityonion25
securityonion-pfring-userland - 20160204-1ubuntu1securityonion2

These new packages should resolve the following issues:

Issue 835: PF_RING 6.2
https://github.com/Security-Onion-Solutions/security-onion/issues/835

Issue 853: NSM: if BPF file is empty, omit option from snort/suricata command
https://github.com/Security-Onion-Solutions/security-onion/issues/853

Issue 854: NSM: improve check for snort/suricata
https://github.com/Security-Onion-Solutions/security-onion/issues/854

Issue 855: NSM: remove old references to disable_signature_reference
https://github.com/Security-Onion-Solutions/security-onion/issues/855

Wes Lambert and Kevin Branch tested these packages.  Thanks, guys!

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Thursday, February 11, 2016

NetworkMiner 2.0 now available for Security Onion 14.04

NetworkMiner 2.0 was released recently:
http://www.netresec.com/?page=Blog&month=2016-02&post=NetworkMiner-2-0-Released

I've packaged NetworkMiner 2.0 and the new package version is as follows:
securityonion-networkminer - 20160210-1ubuntu1securityonion1

This should resolve the following issue:
https://github.com/Security-Onion-Solutions/security-onion/issues/857

Wes Lambert and Erik Hjelmvik tested this package.  Thanks, guys!

Screenshots


Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Wednesday, February 10, 2016

securityonion-capme - 20121213-0ubuntu0securityonion32 resolves several security issues

John Menerick (https://github.com/lordappsec) found several issues in CapME (thanks, John!):
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/1
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/2
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/3
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/4
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/5
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/6
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/7
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/8
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/9
https://github.com/Security-Onion-Solutions/securityonion-capme/issues/10

I've updated CapME and the new version is as follows:

securityonion-capme - 20121213-0ubuntu0securityonion32

This new package should resolve the following issue:

Issue 856: securityonion-capme needs additional input validation in index.php
https://github.com/Security-Onion-Solutions/security-onion/issues/856

Wes Lambert tested this package.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Suricata 3.0 STABLE now available for Security Onion 14.04!

Suricata 3.0 STABLE was recently released:
http://suricata-ids.org/2016/01/27/suricata-3-0-available/

I've packaged Suricata 3.0 STABLE for Security Onion 14.04 and the new package is as follows:
securityonion-suricata - 3.0stable-1ubuntu1securityonion1

This resolves the following issue:

Issue 847: Suricata 3.0
https://github.com/Security-Onion-Solutions/security-onion/issues/847

Wes Lambert tested this package.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your suricata.yaml file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions is coming up soon:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!