securityonion-bro - 2.3-0ubuntu0securityonion10
securityonion-bro-scripts - 20121004-0ubuntu0securityonion26
securityonion-daq - 2.0.2-0ubuntu0securityonion5
securityonion-elsa-extras - 20131117-1ubuntu0securityonion43
securityonion-pfring-daq - 20121107-0ubuntu0securityonion7
securityonion-pfring-devel - 20121107-0ubuntu0securityonion7
securityonion-pfring-ld - 20120827-0ubuntu0securityonion7
securityonion-pfring-module - 20121107-0ubuntu0securityonion23
securityonion-pfring-userland - 20140805-0ubuntu0securityonion3
securityonion-snort - 2.9.6.2-0ubuntu0securityonion7
securityonion-suricata - 2.0.3-0ubuntu0securityonion2
These new packages have been tested by the following (thanks!):
Ronny Vaningh
Andrea De Pasquale
Pete Nelson
Pietro Delsante
David Zawdie
Heine Lysemose
Eddy Simons
Issues Resolved
Issue 535: PF_RING 6.0.2 SVN
https://code.google.com/p/security-onion/issues/detail?id=535
Issue 462: Snort 2.9.6.2
https://code.google.com/p/security-onion/issues/detail?id=462
Issue 567: Snort Daq 2.0.2
https://code.google.com/p/security-onion/issues/detail?id=567
Issue 465: Suricata 2.0.3
https://code.google.com/p/security-onion/issues/detail?id=465
Issue 445: Bro 2.3
https://code.google.com/p/security-onion/issues/detail?id=445
Issue 484: securityonion-bro-scripts: update APT1 scripts with Seth's changes for certificate matching
https://code.google.com/p/security-onion/issues/detail?id=484
Issue 414: Bro script should lookup interface in /etc/nsm/sensortab to obtain sensorname
https://code.google.com/p/security-onion/issues/detail?id=414
Issue 577: ELSA: update parsers for Bro 2.3 log changes
https://code.google.com/p/security-onion/issues/detail?id=577
Updating
The new packages are now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
These updates will do the following:
- back up your Bro configuration
- back up each of your existing snort.conf files to snort.conf.bak
- back up each of your existing suricata.yaml files to suricata.yaml.bak
- re-apply any local customizations to the Bro/Snort/Suricata config
- restart Bro as follows:
sudo nsm_sensor_ps-restart --only-bro
- update ruleset and restart Snort/Suricata as follows:
sudo rule-update
Screenshots
 |
| Run "sudo soup" which first installs the new PF_RING kernel module |
 |
| DKMS compiles the new kernel module |
 |
| Soup then installs the remaining packages |
 |
| Bro, Snort, and Suricata notify you that config files have been updated and you'll need to add back any local customizations |
 |
| After adding back any local Bro customizations, restart Bro using "sudo nsm_sensor_ps-restart --only-bro" |
 |
| After adding back any local snort.conf or suricata.yaml customizations, run "sudo rule-update" to download the latest ruleset for the new IDS engine |
 |
| rule-update then restarts Barnyard2 and the IDS engine |
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Conference
Less than 30 seats left for the Security Onion conference in Augusta GA! Reserve your seat today!
https://securityonionconference2014.eventbrite.com
Commercial Support/Training
Need training and/or commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
No comments:
Post a Comment