Only 2 days left to vote for 2011 Toolsmith Tool of the Year! If you're a fan of Security Onion, please vote!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
Saturday, January 28, 2012
Thursday, January 26, 2012
Security Onion 20120125 now available!
Security Onion 20120125 is now available! This resolves the following issues:
Issue 203: New users should have a more sensible default for Sguil client fonts
Issue 204: /usr/local/sbin/nsm_server_del: line 192: [: eq: binary operator expected
Issue 206: /usr/local/sbin/nsm_sensor_clean should purge old Bro logs
Issue 207: Re-install /etc/skel/.bashrc to enable bash coloring
Issue 208: Need a new ISO for NoVA Hackers presentation
New Users
New users can download and install the 20120125 ISO image using the instructions here.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
 |
| Upgrade Process |
If you have any questions, please join our mailing list and ask away!
http://groups.google.com/group/security-onion
Toolsmith Tool of the Year
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
Upcoming Security Onion Presentations
I'll be giving a Shmoocon Firetalk on Saturday 1/28 at 7:40 PM:
http://www.novainfosecportal.com/2012/01/25/shmoocon-2012-firetalks-%E2%80%93-update-5-schedule/
I'll also be presenting Security Onion at the NoVA Hackers Shmoocon Epilogue on Monday 1/30 at 8:00 PM:
http://novahackers.blogspot.com/2012/01/shmoocon-epilogue-speakers-and-location.html
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
Monday, January 23, 2012
Security Onion Success Stories 2012
Last year, I received a few success stories from satisfied Security Onion users:
http://securityonion.blogspot.com/2011/05/security-onion-success-stories.html
Please share your Security Onion success story in the comments below!
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
http://securityonion.blogspot.com/2011/05/security-onion-success-stories.html
Please share your Security Onion success story in the comments below!
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
Security Onion 20120124 now available!
Security Onion 20120124 is now available! This resolves the following issue:
Issue 140: OSSEC agent needs to be integrated into NSM scripts
New Users
New users can download and install the 20111103 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
 |
| Upgrade Process |
 |
| sudo service nsm status |
If you have any questions, please join our mailing list and ask away!
http://groups.google.com/group/security-onion
Toolsmith Tool of the Year
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
Sunday, January 22, 2012
Security Onion 20120123 now available!
Security Onion 20120123 is now available! This resolves the following issues:
Issue 191: Update NSM scripts to control Bro
Issue 202: If user selects only one interface, configure Bro as standalone
Notes
If you're only monitoring a single network interface, this update will configure Bro for standalone mode which will greatly increase performance!
New Users
New users can download and install the 20111103 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
 |
| Upgrade Process |
 |
| NSM scripts now control Bro |
Thanks
Thanks to Seth Hall of the Bro project for his tuning suggestion!
Thanks to Richard Bejtlich for his suggestion of updating the NSM scripts to control Bro!
Feedback
If you have any questions, please join our mailing list and ask away!
http://groups.google.com/group/security-onion
Toolsmith Tool of the Year
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
Security Onion 20120119 now available!
Security Onion 20120119 is now available! This resolves the following issues:
Issue 154: Track pulledpork download status
Issue 160: PulledPork should be using https for ET and ETPRO downloads
Issue 198: Suricata 1.2.1
Issue 200: PulledPork isn't handling so_rules properly
Issue 201: snorby-db-fix is causing problems with large/busy snorby databases
For more information about Suricata 1.2.1, please see:
http://www.openinfosecfoundation.org/index.php/component/content/article/144-suricata-12-available
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Upgrading_Suricata_11_to_Suricata_12
http://www.suricata-ips.net/index.php/component/content/article/145-suricata-121-available
Please also note that the new suricata.yaml will overwrite your existing suricata.yaml. Your existing suricata.yaml will be backed up to /nsm/backup/20120119/NAME_OF_SENSOR/. Please copy any customizations (HOME_NET, etc.) from the backup copy to the production copy /etc/nsm/NAME_OF_SENSOR/suricata.yaml.
New Users
New users can download and install the 20111103 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
 |
| Upgrade begins |
 |
| Upgrade runs pulledpork_update.sh to update rules |
 |
| pulledpork_update.sh restarts barnyard2 and the IDS engine |
Thanks to the Suricata team for their hard work on Suricata 1.2.1!
Thanks to Scott Runnels for his assistance in testing this release!
Toolsmith Tool of the Year
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
Wednesday, January 18, 2012
Security Onion Presentation at NoVA Hackers
I'll be presenting Security Onion at the NoVA Hackers Shmoocon Epilogue:
http://novahackers.blogspot.com/2012/01/shmoocon-epilogue-speakers-and-location.html
http://novahackers.blogspot.com/2012/01/shmoocon-epilogue-speakers-and-location.html
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
Monday, January 16, 2012
Security Onion 20120116 now available!
Security Onion 20120116 is now available! This resolves the following issue:
For more information about Snort 2.9.2, please see:
Please note that if you are using the Registered (30-day delay) VRT ruleset you may need to wait until the rules are released for Snort 2.9.2.
Please also note that the new snort.conf will overwrite your existing snort.conf. Your existing snort.conf will be backed up to /nsm/backup/20120116/NAME_OF_SENSOR/. Please copy any customizations (HOME_NET, etc.) from the backup copy to the production copy /etc/nsm/NAME_OF_SENSOR/snort.conf.
New Users
New users can download and install the 20111103 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
 |
| Upgrade script installs Snort 2.9.2 and launches PulledPork |
 |
| Once PulledPork completes, barnyard2 and Snort are restarted |
Thanks
Thanks to the Snort team for their hard work on Snort 2.9.2!
Thanks to Scott Runnels for his assistance in testing this release!
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
Friday, January 13, 2012
Security Onion 20120114 now available!
Security Onion 20120114 is now available! This resolves the following issue:
New Users
New users can download and install the 20111103 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
Security Onion 20120113 now available!
Security Onion 20120113 is now available! This resolves the following issues:
Note that this is just the initial integration of Bro. In the future, we'll switch Sguil's http_agent to use Bro's http.log and we'll also look at using Barnyard2 to send IDS alerts to Bro to give it a better understanding of your network.
New Users
New users can download and install the 20111103 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).
 |
| Upgrade Process |
 |
| sudo broctl status |
 |
| Current Bro logs can be found in /nsm/bro/logs/current |
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
Friday, January 6, 2012
Security Onion 20120107 now available!
Security Onion 20120107 is now available! This resolves the following issue:
New Users
New users can download and install the 20111103 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
New users can download and install the 20111103 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).
 |
| Upgrade Process |
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
Security Onion 20120106 now available!
Security Onion 20120106 is now available! This resolves the following issues:
New Users
New users can download and install the 20111103 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).
 |
| Upgrade Process |
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html