Sguil relies on older version of the tcl/tk packages, so upgrading to newer versions will break Sguil. I was aware of this potential issue and used the following command to put the packages on hold to try to prevent them from being upgraded.
aptitude hold itcl3 itk3 iwidgets4 tcl8.3 tclx8.3 tclshThis seems to work in preventing aptitude from upgrading those packages, but it doesn't prevent Update Manager from upgrading them. To prevent this, you can do the following.
aptitude -y install wajig
wajig hold itcl3 itk3 iwidgets4 tcl8.3 tclx8.3 tclshIf you've already run Update Manager and Sguil is currently broken, do the following to revert to the required versions.
aptitude remove tcl8.5 itcl3 tk8.5 itk3 iwidgets4
wget http://mirrors.kernel.org/ubuntu/pool/universe/i/itcl3/ itk3_3.2.1-3.1_i386.deb
wget http://mirrors.kernel.org/ubuntu/pool/universe/i/itcl3/ itcl3_3.2.1-3.1_i386.deb
wget http://mirrors.kernel.org/ubuntu/pool/universe/t/tclx8. 3/tclx8.3_8.3.5-6_i386.deb
dpkg -i *.deb
aptitude -y install iwidgets4If all went well, Sguil should launch correctly with no errors and Update Manager should be prevented from breaking Sguil again.
This will be fixed in the next version of Security Onion.
I run security onion in virtualbox 3.2.12 on fedora 14. Updates break sguil client.
ReplyDeleteI follow yours tips to restore previous configuration, put update manager still propose me to download the new version of tcl and tk.
Hi Anonymous,
ReplyDeleteSorry you're having problems.
A new version of Security Onion is now available that fixes this problem and adds several new features. Please see:
http://securityonion.blogspot.com/2011/01/security-onion-20110101.html
Thanks,
Doug Burks
It's not a big problem. I was so happy to see that it works in a vm. I urge to try the new version.
ReplyDeleteYour work is a great work and save ti;e loosing for the impatients.
Thk