Monday, March 19, 2012

Security Onion 20120312 now available!

Security Onion 20120312 is now available!  This resolves the following issues:

Issue 233: Snorby 2.5.0
Our original Snorby package was a good way of getting it deployed quickly.  However, the time has come to break the monolithic package up into separate packages:
1.  securityonion-ruby contains Ruby 1.9.2-p290 and replaces the existing system-wide Ruby 1.8 (/usr/bin/ruby).
2.  securityonion-snorby contains /usr/local/share/snorby (Snorby 2.5.0 and all required gems using "bundle install --deployment").
3.  securityonion-passenger allows us to run Snorby under Apache instead of using Ruby's "thin" web server.
These separate packages will make our Snorby implementation faster, more standardized, more secure, and more maintainable.  In addition, this update brings the newly-released Snorby 2.5.0, which has many features and bugfixes!

Issue 235: Need statistics/diagnostics script
/usr/bin/sostat is a simple bash script which collects details about your system and its processes.  When asking for help on the mailing list, we may ask you to run "sudo sostat" and copy the output to your email so that we can have some data to help us diagnose your issue.  We also recommend running sostat in a daily cronjob and having it send you an email for review.

New Users
New users can download and install the 20120125 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L > ~/ && bash ~/"

Upgrade Process
If you have any questions, please join our mailing list and ask away!

Thanks to Dustin Webber for his hard work on Snorby 2.5.0!
Thanks to the following for their help in testing this release!
Scott Runnels
Liam Randall
Eric Ooi
Heine Lysemose
Marshal Graham

Help Wanted
Security Onion needs help in the following areas:
  • assisting users on the mailing list and in IRC
  • quality assurance and testing new releases
  • documentation
  • package maintainers
If Security Onion has provided value to you and/or your organization, please consider giving back to the community by donating your time to the above needs!  If interested, please contact me via email.  Thanks!

Want to learn more about Intrusion Detection?
Doug Burks will be teaching SANS 503 Intrusion Detection In-Depth in Augusta, GA in June!  For more information, please see:

No comments:

Search This Blog

Featured Post

Registration Now Open for Augusta Cyber Week 2024!

Registration is now open for Augusta Cyber Week in beautiful Augusta GA from September 30, 2024 through October 5, 2024! This includes: 4-da...

Popular Posts

Blog Archive