Security Onion 20111103 is now available! This resolves the following issues:
Issue 138 - Time for a new ISO image
Issue 136 - Setup script should automatically set OS timezone to UTC
Issue 137 - Bro 2.0 Beta
Please note that Bro 2.0 Beta installs to /usr/local/bro/.
For more information about Bro 2.0 Beta, please see:
New Users
New users can download and install the new 20111103 ISO image using the instructions here.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).
Screenshots
 |
| Upgrade Process |
 |
| Completing Upgrade |
 |
| Bro 2.0 Beta in /usr/local/bro/bin/bro |
6 comments:
Thanks for bringing bro on to the onion.
Small nitpick :
Isnt it better to put bro under /usr/local/bin/bro instead of /usr/local/bro/bin/bro ?
Hi Anonymous,
Security Onion already had Bro 1.5.1 and it was installed to /usr/local/bin/bro. I wanted to keep 1.5.1 in place for now and install Bro 2.0 Beta in a separate location, so I kept the 2.0Beta default installation prefix of /usr/local/bro/.
Thanks,
Doug
Hello,
In bro 2.0 Beta:
sudo ./bro -ieth0 tcp
error: can't open tcp
sudo ./bro -ieth0 smtp
error: can't open smtp
Best Regards,
Alfred,
Hi Alfred,
Are you trying to load the smtp policy file? Isn't it loaded by default?
Thanks,
Doug
Hi, Excellent work you have done, i was wondering which tools are use for testing the IDS, i currenly use idswakeup and tcpreplay, if you happen to know how to setup sguil client on windows 7 please let me know.
thanks
Hi Vik,
Thanks for your kind words!
I usually use tcpreplay for testing.
For running Sguil on Windows 7, I recommend running Security Onion in a VM. This gives you not only Sguil, but also Wireshark, Bro, Argus, and many other analysis tools.
Post a Comment