Security Onion 20120312 now available!

Security Onion 20120312 is now available!  This resolves the following issues:

Issue 233: Snorby 2.5.0

Our original Snorby package was a good way of getting it deployed quickly.  However, the time has come to break the monolithic package up into separate packages:

1.  securityonion-ruby contains Ruby 1.9.2-p290 and replaces the existing system-wide Ruby 1.8 (/usr/bin/ruby).

2.  securityonion-snorby contains /usr/local/share/snorby (Snorby 2.5.0 and all required gems using "bundle install --deployment").

3.  securityonion-passenger allows us to run Snorby under Apache instead of using Ruby's "thin" web server.

These separate packages will make our Snorby implementation faster, more standardized, more secure, and more maintainable.  In addition, this update brings the newly-released Snorby 2.5.0, which has many features and bugfixes!

Issue 235: Need statistics/diagnostics script

/usr/bin/sostat is a simple bash script which collects details about your system and its processes.  When asking for help on the mailing list, we may ask you to run "sudo sostat" and copy the output to your email so that we can have some data to help us diagnose your issue.  We also recommend running sostat in a daily cronjob and having it send you an email for review.

New Users

New users can download and install the 20120125 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade

Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):

sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Screenshots

Upgrade Process

Feedback

If you have any questions, please join our mailing list and ask away!

http://groups.google.com/group/security-onion

Thanks

Thanks to Dustin Webber for his hard work on Snorby 2.5.0!

Thanks to the following for their help in testing this release!

Scott Runnels

Liam Randall

Eric Ooi

Heine Lysemose

Marshal Graham

Help Wanted

Security Onion needs help in the following areas:

• assisting users on the mailing list and in IRC
• quality assurance and testing new releases
• documentation
• package maintainers

If Security Onion has provided value to you and/or your organization, please consider giving back to the community by donating your time to the above needs!  If interested, please contact me via email.  Thanks!

Want to learn more about Intrusion Detection?

Doug Burks will be teaching SANS 503 Intrusion Detection In-Depth in Augusta, GA in June!  For more information, please see:

http://securityonion.blogspot.com/2012/03/sans-is-coming-to-augusta-ga-in-june.html