Security Onion 20120119 is now available! This resolves the following issues:
Issue 154: Track pulledpork download status
Issue 160: PulledPork should be using https for ET and ETPRO downloads
Issue 198: Suricata 1.2.1
Issue 200: PulledPork isn't handling so_rules properly
Issue 201: snorby-db-fix is causing problems with large/busy snorby databases
For more information about Suricata 1.2.1, please see:
http://www.openinfosecfoundation.org/index.php/component/content/article/144-suricata-12-available
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Upgrading_Suricata_11_to_Suricata_12
http://www.suricata-ips.net/index.php/component/content/article/145-suricata-121-available
Please also note that the new suricata.yaml will overwrite your existing suricata.yaml. Your existing suricata.yaml will be backed up to /nsm/backup/20120119/NAME_OF_SENSOR/. Please copy any customizations (HOME_NET, etc.) from the backup copy to the production copy /etc/nsm/NAME_OF_SENSOR/suricata.yaml.
New Users
New users can download and install the 20111103 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
Upgrade begins |
Upgrade runs pulledpork_update.sh to update rules |
pulledpork_update.sh restarts barnyard2 and the IDS engine |
Thanks to the Suricata team for their hard work on Suricata 1.2.1!
Thanks to Scott Runnels for his assistance in testing this release!
Toolsmith Tool of the Year
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.