Sunday, November 21, 2010

Security Onion: Update Manager Breaks Sguil

Sguil relies on older version of the tcl/tk packages, so upgrading to newer versions will break Sguil.  I was aware of this potential issue and used the following command to put the packages on hold to try to prevent them from being upgraded.
aptitude hold itcl3 itk3 iwidgets4 tcl8.3 tclx8.3 tclsh 
This seems to work in preventing aptitude from upgrading those packages, but it doesn't prevent Update Manager from upgrading them.  To prevent this, you can do the following.
aptitude -y install wajig 
wajig hold itcl3 itk3 iwidgets4 tcl8.3 tclx8.3 tclsh
If you've already run Update Manager and Sguil is currently broken, do the following to revert to the required versions.
aptitude remove tcl8.5 itcl3 tk8.5 itk3 iwidgets4
dpkg -i *.deb
aptitude -y install iwidgets4
If all went well, Sguil should launch correctly with no errors and Update Manager should be prevented from breaking Sguil again. 

This will be fixed in the next version of Security Onion.


Anonymous said...

I run security onion in virtualbox 3.2.12 on fedora 14. Updates break sguil client.
I follow yours tips to restore previous configuration, put update manager still propose me to download the new version of tcl and tk.

Doug Burks said...

Hi Anonymous,

Sorry you're having problems.

A new version of Security Onion is now available that fixes this problem and adds several new features. Please see:

Doug Burks

Anonymous said...

It's not a big problem. I was so happy to see that it works in a vm. I urge to try the new version.
Your work is a great work and save ti;e loosing for the impatients.

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive