Monday, June 13, 2011

Security Onion 20110607 featuring Sguil 0.8, Squert 0.8.3, and more polish!

Update:  Looks like the Security Onion 20110607 files haven't fully replicated to all Sourceforge mirrors yet. If you're having trouble downloading, please try later today.


Update 2011/06/14 6:00 AM: Sourceforge is reporting that the Security Onion 20110607 files have replicated to at least 15 mirrors now.

Security Onion 20110607 is now available!  New features in this release are as follows:

  • Sguil 0.8 (now with more shininess and anti-aliased fonts!)
  • Squert 0.8.3 (now with user authentication!)
  • new tcl/tk packages (resolves a scaling issue when running in VMWare and allows for the anti-aliased fonts mentioned above)
  • httpry
  • a new Setup script (adds support for Sguil 0.8 and Squert 0.8.3 and also provides more information once Setup completes)


New Users
New users can download the latest ISO image from here.  It should be noted that pentest tools have been removed from this ISO.  This includes metasploit, john, ophcrack, and steghide.  For more information, please see Issue 106.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade to version 20110607 using the following commands:
wget http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh
sudo bash security-onion-upgrade.sh
It will then upgrade your box to the latest tcl/tk, Sguil, Squert, and Setup script.  If you have an existing Sguil database, it will run the Sguil DB upgrade, which will ask:
Do you want to continue? y
Database password: Press Enter to accept the default of "null" (unless you've changed the MySQL root password)
DB schema needs to be updated: Press Enter to accept the default of "y"
Path to update...Press Enter to accept the default
Please test the upgrade on test machines before upgrading your production machines.

Screenshots

Upgrade process



 Sguil login window

Squert login window 
at

6 comments:

  1. AnonymousJune 13, 2011 at 8:33 AM

    Doug you rock thanks a ton for all your work on Security Onion !!

    ReplyDelete
  2. AnonymousJune 18, 2011 at 8:37 AM

    Does anyone know the squert login? i've got the sguil working but cant seem to login into squert. Do i have to create a user in the mysql database?

    ReplyDelete
  3. Doug BurksJune 18, 2011 at 9:55 AM

    Hi Anonymous,

    Thanks for using Security Onion!

    Squert authenticates against the Sguil user database, so you should be able to login to Squert using the same username/password you use to login to Sguil.

    Please let me know whether or not that helps.

    Thanks,
    Doug Burks

    ReplyDelete
  4. AnonymousJune 18, 2011 at 5:57 PM

    Yeah it worked! Done great job on Security Onion!
    I'm thinking about deploying it on a production network with a lot of traffic, do you think it'll be stable enough?

    ReplyDelete
  5. Doug BurksJune 18, 2011 at 9:01 PM

    Glad that worked for you!

    Security Onion is used on many production networks and with lots of traffic. It's more a function of your hardware and how much you tune your ruleset.

    Please let me know how it goes!

    ReplyDelete
  6. AnonymousJune 19, 2011 at 8:27 AM

    Thanks for that!
    It'll be a high end server with 4 GB RAM, Xeon processor and 1 TB hdd with RAID array. Would that be sufficient?
    Anyway, i'll test it for a week and let you know how it goes.
    Thanks again!!

    ReplyDelete

Note: Only a member of this blog may post a comment.