Friday, January 13, 2012

Security Onion 20120113 now available!


Security Onion 20120113 is now available!  This resolves the following issues:
Issue 147: Bro 2.0 integration
Issue 185: Syntax error clearing sensor data

Note that this is just the initial integration of Bro. In the future, we'll switch Sguil's http_agent to use Bro's http.log and we'll also look at using Barnyard2 to send IDS alerts to Bro to give it a better understanding of your network.

New Users
New users can download and install the 20111103 ISO image using the instructions here.  The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).

Screenshots
Upgrade Process
sudo broctl status
Current Bro logs can be found in /nsm/bro/logs/current
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html

No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive