Security Onion 20110909 is now available! This upgrade adds some new menu entries to make IDS tuning a little easier.
- The "IDS Rules" menu now has a new entry called "Add Local Rules" which will open /etc/nsm/rules/local.rules for editing using the "mousepad" GUI editor. You can then add any rules that you want to maintain locally (outside of the downloaded VRT or Emerging Threats rulesets).
- A new menu called "IDS Config" was added with a new menu entry called "Configure IDS engine(s)". This will list all of the IDS engines on your system and allow you to choose one to configure. It will then open the proper config file for whatever IDS engine you're running. After you save and close the config file, it will offer to restart the IDS engine for you.
- Example #1
- Suppose you're currently running Snort and you choose eth0. The program will open /etc/nsm/NAME_OF_YOUR_SENSOR-eth0/snort.conf for editing using the "mousepad" GUI editor.
- Example #2
- Suppose you're currently running Suricata and you choose eth1. The program will open /etc/nsm/NAME_OF_YOUR_SENSOR-eth1/suricata.yaml for editing using the "mousepad" GUI editor.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
New "Add Local Rules" menu entry under "IDS Rules"
Clicking the above menu entry opens /etc/nsm/rules/local.rules for editing
New "IDS Config" menu with "Configure IDS engine(s)" menu entry
"Configure IDS engine(s)" allows you to pick which engine to configure
Selecting an engine opens that engine's config file for editing
After saving and closing the config file, you will have the option to restart the engine