Sunday, January 22, 2012

Security Onion 20120119 now available!


Security Onion 20120119 is now available!  This resolves the following issues:
Issue 154: Track pulledpork download status
Issue 160: PulledPork should be using https for ET and ETPRO downloads
Issue 198: Suricata 1.2.1
Issue 200: PulledPork isn't handling so_rules properly
Issue 201: snorby-db-fix is causing problems with large/busy snorby databases

For more information about Suricata 1.2.1, please see:
http://www.openinfosecfoundation.org/index.php/component/content/article/144-suricata-12-available
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Upgrading_Suricata_11_to_Suricata_12
http://www.suricata-ips.net/index.php/component/content/article/145-suricata-121-available

Please also note that the new suricata.yaml will overwrite your existing suricata.yaml.  Your existing suricata.yaml will be backed up to /nsm/backup/20120119/NAME_OF_SENSOR/.  Please copy any customizations (HOME_NET, etc.) from the backup copy to the production copy /etc/nsm/NAME_OF_SENSOR/suricata.yaml.


New Users
New users can download and install the 20111103 ISO image using the instructions here.  The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Screenshots
Upgrade begins
Upgrade runs pulledpork_update.sh to update rules
pulledpork_update.sh restarts barnyard2 and the IDS engine
Thanks
Thanks to the Suricata team for their hard work on Suricata 1.2.1!
Thanks to Scott Runnels for his assistance in testing this release!

Toolsmith Tool of the Year
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.