Monday, December 12, 2011

Security Onion 20111213 now available!

Security Onion 20111213 is now available!  This resolves the following issues:
Issue 168: Suricata 1.1.1

If you are already using Suricata and have customized your suricata.yaml file, please note that it will be backed up to /nsm/backup/20111213/NAME-OF-SENSOR/ and then overwritten with the new config file.  Please copy any of your customizations (HOME_NET, etc.) from /nsm/backup/20111127/NAME-OF-SENSOR/suricata.yaml to the production copy /etc/nsm/NAME-OF-SENSOR/suricata.yaml.

As noted here, Suricata includes some anomaly detection in the form of decoder-events.rules and stream-events.rules.  These two rulesets have been disabled in this update.  You can manually re-enable them if desired.

New Users
New users can download and install the 20111103 ISO image using the instructions here.  The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L > ~/ && bash ~/"
Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).

Switching to Suricata
If you're currently running Snort and would like to switch to Suricata, use the following commands to stop Snort, change the ENGINE variable in the config file, and then run PulledPork to download the Suricata-specific ruleset (if running Emerging Threats rules):
sudo nsm_sensor_ps-stop --only-snort-alert
sudo sed -i 's|ENGINE=snort|ENGINE=suricata|g' /etc/nsm/securityonion.conf
sudo /usr/local/bin/ 

Upgrade Process

No comments:

Search This Blog

Featured Post

Sneak Peek: New Detections Feature coming in Security Onion 2.4.70!

Our latest video is a sneak peek at a NEW feature coming to our FREE and OPEN Security Onion platform in the upcoming 2.4.70 release! This n...

Popular Posts

Blog Archive