Tuesday, October 25, 2011

Security Onion 20111025 now available!


Security Onion 20111025 is now available!  This resolves Issue 84 by updating Snort to version 2.9.1.2 and its DAQ to version 0.6.2.  For more information about Snort 2.9.1.2, please see:
http://blog.snort.org/2011/10/snort-2912-has-been-posted.html

Please note that if you are using the Registered (30-day delay) VRT ruleset you will need to wait until the rules are released for Snort 2.9.1.2.  For more information, please see:
http://blog.snort.org/2011/10/vrt-rule-release-for-10202011-snort.html

Please also note that the new snort.conf will overwrite your existing snort.conf.  Your existing snort.conf will be backed up to /nsm/backup/20111025/NAME_OF_SENSOR/.  Please copy any customizations (HOME_NET, etc.) from the backup copy to the production copy /etc/nsm/NAME_OF_SENSOR/snort.conf.


In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Screenshots

Installing new packages
Backing up config files and copying new files into place
Running PulledPork to download new ruleset
Stopping the old Snort and starting the new Snort
snort -V

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.