Saturday, October 22, 2011

Security Onion 20111020 now available!


Security Onion 20111020 is now available!  This resolves Issue 133 by updating the NSM scripts to spawn daemonlogger (instead of snort) for full packet capture.  Since daemonlogger is simpler than snort and specifically designed for packet capture, it is more efficient and possibly more secure.

In addition, daemonlogger defaults to a snaplen of 65535, so this is a PARTIAL solution to the problem described here.  I emphasize that this only a partial solution because it only solves the full packet capture problem and not the packet reassembly problem.  NIC offloading should still be disabled to allow Snort to do proper target-based reassembly and thus minimize the likelihood of insertion/evasion attacks.  For more information, please see the Snort manual.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Screenshots
Upgrade Process

No comments:

Search This Blog

Featured Post

State of the Onion 2024

We usually have our State of the Onion at the annual Security Onion Conference, but we had to cancel the conference due to Hurricane Helene ...

Popular Posts

Blog Archive