Security Onion 20120312 is now available! This resolves the following issues:
Our original Snorby package was a good way of getting it deployed quickly. However, the time has come to break the monolithic package up into separate packages:
1. securityonion-ruby contains Ruby 1.9.2-p290 and replaces the existing system-wide Ruby 1.8 (/usr/bin/ruby).
2. securityonion-snorby contains /usr/local/share/snorby (Snorby 2.5.0 and all required gems using "bundle install --deployment").
3. securityonion-passenger allows us to run Snorby under Apache instead of using Ruby's "thin" web server.
These separate packages will make our Snorby implementation faster, more standardized, more secure, and more maintainable. In addition, this update brings the newly-released Snorby 2.5.0, which has many features and bugfixes!
/usr/bin/sostat is a simple bash script which collects details about your system and its processes. When asking for help on the mailing list, we may ask you to run "sudo sostat" and copy the output to your email so that we can have some data to help us diagnose your issue. We also recommend running sostat in a daily cronjob and having it send you an email for review.
New Users
New users can download and install the 20120125 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
Upgrade Process |
Feedback
If you have any questions, please join our mailing list and ask away!
Thanks
Thanks to Dustin Webber for his hard work on Snorby 2.5.0!
Thanks to the following for their help in testing this release!
Scott Runnels
Liam Randall
Eric Ooi
Heine Lysemose
Marshal Graham
Help Wanted
Security Onion needs help in the following areas:
- assisting users on the mailing list and in IRC
- quality assurance and testing new releases
- documentation
- package maintainers
If Security Onion has provided value to you and/or your organization, please consider giving back to the community by donating your time to the above needs! If interested, please contact me via email. Thanks!
Want to learn more about Intrusion Detection?
Doug Burks will be teaching SANS 503 Intrusion Detection In-Depth in Augusta, GA in June! For more information, please see:
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.