Security Onion Live 20110101 is now available! Thanks to Matt Jonkman and Emerging Threats for hosting! You can download the ISO here:
If you have any problems or would like to request new features, please submit an issue here:
- All Xubuntu 10.04 updates as of release date.
- Snort updated to 126.96.36.199.
- Suricata updated to 1.1beta1.
- Barnyard2 updated to 1.9 Stable.
- Vortex updated to 2.9.0.
- Installed OSSEC for host-based intrusion detection.
- Installed Squert web interface for Sguil.
- Installed Armitage GUI interface for Metasploit.
- Many improvements to Setup script for user-friendliness and capability.
In previous releases of Security Onion, Snort and Sguil were automatically configured for eth0. This is no longer the case. The Setup script on the Desktop is now used to choose your IDS engine, select the network interfaces it should listen on, and start the Sguil services.
What is Security Onion?
The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems.
What software does it contain?
The Security Onion LiveDVD is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Xplico, nmap, scapy, hping, netcat, tcpreplay, and many other security tools.
What can it be used for?
- The Security Onion LiveDVD can be used for Intrusion Detection. Simply boot the DVD, double-click the Setup desktop shortcut, and follow the prompts. Once Setup completes, then double-click the Sguil desktop shortcut to launch the GUI and view/investigate the alerts. (This is fine for temporary or demo environments, but production environments should not run from the LiveDVD environment. See installation information below.)
- The Security Onion LiveDVD can be used to test an Intrusion Detection System. Simply boot the DVD and use the included tools (such as nmap, scapy, hping, metasploit, and others) to test your existing IDS or to test the included Snort and Suricata IDS/IPS engines.
- The Security Onion LiveDVD can be used to install an Intrusion Detection System. Simply boot the DVD and choose the Install option in the Boot Menu or boot into the full live Desktop and double-click the Install desktop shortcut. Once you've completed the installation process and have rebooted into your new installation, you will want to install any available Ubuntu updates and then double-click the Setup desktop shortcut to configure Security Onion.
512MB RAM is a minimum. 1GB or more is recommended.
Extra Packages installed from repositories
apache2.2-common argus-client argus-server autopsy bison bittwist build-essential chaosreader chkconfig chkrootkit cryptcat curl daemonlogger dcfldd ddrescue dkms driftnet dsniff flawfinder flex foremost fwsnort ghex gpart gparted hping3 httptunnel hunt ifenslave-2.6 iisemulator inundator iptraf irb john labrea lame lfhex libapache2-mod-php5 libcap-ng-dev libcrypt-ssleay-perl libdl-ruby libdumbnet-dev libiconv-ruby liblua5.1-0-dev libncurses5 libncurses5-dev libnet1-dev libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0 libnids-dev libopenssl-ruby libpcap-dev libpcre3-dev libreadline6-dev libreadline-ruby libsqlite3-dev libsqlite3-ruby libssl-dev libyaml-dev libyaml-ruby md5deep mtr mysql-server netsed netsniff-ng ngrep nmap ntp oinkmaster ophcrack ostinato p0f php5-cli php5-common php5-sqlite pkg-config pbnj pscan ptunnel python-all python-dev python-scapy rats recode remastersys ri ruby rubygems scanmem sdd sleuthkit sniffit sox splint ssdeep ssldump sslsniff sqlite steghide subversion tcl8.3 tcpick tcpreplay tcpslice tcpstat tcpxtract tct testdisk traceroute tshark udptunnel unhide uuid uuid-dev xtightvncviewer xprobe yersinia zenmap zlib1g-dev
Extra Packages installed from other sources
NSMnow (includes Sguil, Barnyard2, Sancp, etc)
Disclaimer of Warranty
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM .AS IS. WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
Limitation of Liability
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.