Security Onion 20111025 is now available! This resolves Issue 84 by updating Snort to version 2.9.1.2 and its DAQ to version 0.6.2. For more information about Snort 2.9.1.2, please see:
http://blog.snort.org/2011/10/snort-2912-has-been-posted.html
Please note that if you are using the Registered (30-day delay) VRT ruleset you will need to wait until the rules are released for Snort 2.9.1.2. For more information, please see:
http://blog.snort.org/2011/10/vrt-rule-release-for-10202011-snort.html
Please also note that the new snort.conf will overwrite your existing snort.conf. Your existing snort.conf will be backed up to /nsm/backup/20111025/NAME_OF_SENSOR/. Please copy any customizations (HOME_NET, etc.) from the backup copy to the production copy /etc/nsm/NAME_OF_SENSOR/snort.conf.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
 |
| Installing new packages |
 |
| Backing up config files and copying new files into place |
 |
| Running PulledPork to download new ruleset |
 |
| Stopping the old Snort and starting the new Snort |
 |
| snort -V |
No comments:
Post a Comment