Thursday, March 29, 2012

Security Onion 20120329 now available!

Security Onion 20120329 is now available!  This resolves the following issues:

Issue 114: Provide single location for configuring BPF filters
Issue 224: typo in nsm_sensor-ps-start
Issue 242: Set Suricata runmode to autofp
Issue 243: Remove VLAN setting from pcap_agent.conf

As you can see in the screenshot below, this update will create a bpf.conf file for each sensor interface on your system.  For example, if you have two sensor interfaces (eth0 and eth1), you'll now have two bpf.conf files:

The NSM scripts now pass the "-F /etc/nsm/$HOSTNAME-$INTERFACE/bpf.conf" to Snort and Suricata and "-f /etc/nsm/$HOSTNAME-$INTERFACE/bpf.conf" to daemonlogger.  However, Suricata's afpacket mode currently doesn't support bpf.  I've created Suricata feature request #440 for this.

New Users
New users can download and install the 20120125 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L > ~/ && bash ~/"

Upgrade Process
If you have any questions, please join our mailing list and ask away!

Thanks to the following for their help in testing this release!
Craig Shannon
Scott Runnels

Help Wanted!
Security Onion needs you!  Please see the new Team Members page on the wiki!

Want to learn more about Intrusion Detection?
Doug Burks will be teaching SANS 503 Intrusion Detection In-Depth in Augusta, GA in June!  For more information, please see:

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive