Security Onion 20120113 is now available! This resolves the following issues:
Note that this is just the initial integration of Bro. In the future, we'll switch Sguil's http_agent to use Bro's http.log and we'll also look at using Barnyard2 to send IDS alerts to Bro to give it a better understanding of your network.
New Users
New users can download and install the 20111103 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).
Upgrade Process |
sudo broctl status |
Current Bro logs can be found in /nsm/bro/logs/current |
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.