Friday, January 6, 2012

Security Onion 20120106 now available!


Security Onion 20120106 is now available!  This resolves the following issues:
Issue 152: etherape
Issue 158: whois
Issue 178: nsm_sensor_ps-status shouldn't delete stale PID files
Issue 179: NSM watchdog should put timestamps in log file
Issue 180: vim
Issue 181: nsm_sensor_ps-restart should rotate current log file to TIMESTAMP
Issue 182: Setup needs to make sure MySQL is running if user chooses Server
Issue 183: Need to periodically remove invalid data from snorby database

New Users
New users can download and install the 20111103 ISO image using the instructions here.  The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).

Screenshots
Upgrade Process

If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html

2 comments:

  1. Cannot find a design document. Issues include: hardware required for a sensor- this is obviously speed of the interface (amount of raw capture) based. Storage is discussed but not CPU requirements. Hardware required for a server having one or more sensors reporting to it. We have multiple GB+ interfaces to the Internet and really, really wanting to save raw data for analysis (love those demos). Is there a method to offload complete captures and recall them for analysis?

    ReplyDelete
  2. Hi Peter,

    The short answer is: hardware is cheap, buy as much a you can afford ;)

    If you'd like to discuss further, please send an email to our mailing list.

    Thanks,
    Doug

    ReplyDelete

Note: Only a member of this blog may post a comment.