Thursday, November 3, 2011

Security Onion 20111103 now available!


Security Onion 20111103 is now available!  This resolves the following issues:
Issue 138 - Time for a new ISO image
Issue 136 - Setup script should automatically set OS timezone to UTC
Issue 137 - Bro 2.0 Beta

Please note that Bro 2.0 Beta installs to /usr/local/bro/.

For more information about Bro 2.0 Beta, please see:
http://blog.bro-ids.org/2011/10/public-beta-of-bro-20-released.html
http://bro-ids.org/documentation-beta/quickstart.bro.html
http://bro-ids.org/documentation-beta/index.html

New Users
New users can download and install the new 20111103 ISO image using the instructions here.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).

Screenshots

Upgrade Process

Completing Upgrade

Bro 2.0 Beta in /usr/local/bro/bin/bro


at

6 comments:

  1. AnonymousNovember 3, 2011 at 10:13 AM

    Thanks for bringing bro on to the onion.

    Small nitpick :

    Isnt it better to put bro under /usr/local/bin/bro instead of /usr/local/bro/bin/bro ?

    ReplyDelete
  2. Doug BurksNovember 3, 2011 at 10:15 AM

    Hi Anonymous,

    Security Onion already had Bro 1.5.1 and it was installed to /usr/local/bin/bro. I wanted to keep 1.5.1 in place for now and install Bro 2.0 Beta in a separate location, so I kept the 2.0Beta default installation prefix of /usr/local/bro/.

    Thanks,
    Doug

    ReplyDelete
  3. AnonymousNovember 4, 2011 at 4:31 AM

    Hello,

    In bro 2.0 Beta:

    sudo ./bro -ieth0 tcp
    error: can't open tcp

    sudo ./bro -ieth0 smtp
    error: can't open smtp

    Best Regards,
    Alfred,

    ReplyDelete
  4. Doug BurksNovember 4, 2011 at 9:54 PM

    Hi Alfred,

    Are you trying to load the smtp policy file? Isn't it loaded by default?

    Thanks,
    Doug

    ReplyDelete
  5. vikNovember 10, 2011 at 2:31 PM

    Hi, Excellent work you have done, i was wondering which tools are use for testing the IDS, i currenly use idswakeup and tcpreplay, if you happen to know how to setup sguil client on windows 7 please let me know.

    thanks

    ReplyDelete
  6. Doug BurksNovember 11, 2011 at 5:10 PM

    Hi Vik,

    Thanks for your kind words!

    I usually use tcpreplay for testing.

    For running Sguil on Windows 7, I recommend running Security Onion in a VM. This gives you not only Sguil, but also Wireshark, Bro, Argus, and many other analysis tools.

    ReplyDelete

Note: Only a member of this blog may post a comment.