Security Onion 20120312 is now available! This resolves the following issues:
Our original Snorby package was a good way of getting it deployed quickly. However, the time has come to break the monolithic package up into separate packages:
1. securityonion-ruby contains Ruby 1.9.2-p290 and replaces the existing system-wide Ruby 1.8 (/usr/bin/ruby).
2. securityonion-snorby contains /usr/local/share/snorby (Snorby 2.5.0 and all required gems using "bundle install --deployment").
3. securityonion-passenger allows us to run Snorby under Apache instead of using Ruby's "thin" web server.
These separate packages will make our Snorby implementation faster, more standardized, more secure, and more maintainable. In addition, this update brings the newly-released Snorby 2.5.0, which has many features and bugfixes!
/usr/bin/sostat is a simple bash script which collects details about your system and its processes. When asking for help on the mailing list, we may ask you to run "sudo sostat" and copy the output to your email so that we can have some data to help us diagnose your issue. We also recommend running sostat in a daily cronjob and having it send you an email for review.
New users can download and install the 20120125 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
If you have any questions, please join our mailing list and ask away!
Thanks to Dustin Webber for his hard work on Snorby 2.5.0!
Thanks to the following for their help in testing this release!
Security Onion needs help in the following areas:
- assisting users on the mailing list and in IRC
- quality assurance and testing new releases
- package maintainers
If Security Onion has provided value to you and/or your organization, please consider giving back to the community by donating your time to the above needs! If interested, please contact me via email. Thanks!
Want to learn more about Intrusion Detection?
Doug Burks will be teaching SANS 503 Intrusion Detection In-Depth in Augusta, GA in June! For more information, please see: