Friday, May 18, 2012

Security Onion 20120518 now available!


Security Onion 20120518 is now available!  This resolves the following issues:

Issue 261: Add Mark Baggett's reassembler.py
http://code.google.com/p/security-onion/issues/detail?id=261

Look for an upcoming blog post by Mark Baggett (@MarkBaggett) talking about reassembler.py and what it can show you.

UPDATE: Mark's blog post has been posted to the Internet Storm Center:
http://isc.sans.edu/diary.html?storyid=13282

New Users
New users can download and install the 20120125 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the Proxy page of our FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Screenshots
Upgrade Process
Feedback
If you have any questions, please join our mailing list and ask away!
http://groups.google.com/group/security-onion

Thanks
Thanks to Mark Baggett for reassembler.py!
Thanks to the following for their help in testing this release!
Joe Stevensen
Mark Hillick

Help Wanted!
Security Onion needs you!  Please see the new Team Members page on the wiki!

Want to learn more about Intrusion Detection?
Doug Burks will be teaching SANS 503 Intrusion Detection In-Depth in Augusta, GA in June!  For more information, please see:
http://securityonion.blogspot.com/2012/03/sans-is-coming-to-augusta-ga-in-june.html

Monday, May 14, 2012

Security Onion at DC404 in Atlanta GA this Saturday 5/19

I'll be presenting Security Onion at the DC404 meeting this Saturday 5/19!

Brad Shoop will also be there presenting his Splunk app for Security Onion!

For more information, please see:
http://dc404.org/


Want to learn more about Intrusion Detection?
Doug Burks will be teaching SANS 503 Intrusion Detection In-Depth in Augusta, GA in June!  For more information, please see:
http://securityonion.blogspot.com/2012/03/sans-is-coming-to-augusta-ga-in-june.html

Thursday, May 10, 2012

Security Onion 20120511 now available!


Security Onion 20120511 is now available!  This resolves the following issues:

Issue 205:      Bro's http.log needs to be per-interface
http://code.google.com/p/security-onion/issues/detail?id=205

Issue 264:      NSM package is missing the bro cron job
http://code.google.com/p/security-onion/issues/detail?id=264

Issue 265:      Upgrade httpry_agent to http_agent to support Bro logs
http://code.google.com/p/security-onion/issues/detail?id=265

Issue 266:      Remove httpry from NSM scripts
http://code.google.com/p/security-onion/issues/detail?id=266

In summary, this update migrates from the combination of httpry/httpry_agent to Bro/http_agent.  As noted in http://securityonion.blogspot.com/2012/02/security-onion-20120224-now-available.html, this means that networks with VLAN tags will now get HTTP logs in Sguil.

New Users
New users can download and install the 20120125 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the Proxy page of our FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Screenshots
Upgrade Process
Feedback
If you have any questions, please join our mailing list and ask away!
http://groups.google.com/group/security-onion

Thanks
Thanks to Paul Halliday for adding Bro http.log support to http_agent!
Thanks to Seth Hall for the security-onion.bro script for splitting Bro's http.log when necessary!
Thanks to the following for their help in testing this release!
Scott Runnels
Tom De Vries
David Zawdie

Help Wanted!
Security Onion needs you!  Please see the new Team Members page on the wiki!

Want to learn more about Intrusion Detection?
Doug Burks will be teaching SANS 503 Intrusion Detection In-Depth in Augusta, GA in June!  For more information, please see:
http://securityonion.blogspot.com/2012/03/sans-is-coming-to-augusta-ga-in-june.html

Tuesday, May 8, 2012

Security Onion 20120508 now available!


Security Onion 20120508 is now available!  This resolves the following issue:
Issue 239: autossh tunnel from sensor to server needs to be more robust

Please note that the update does NOT automatically restart the running ssh tunnel.  If you have sensors reporting to servers, please schedule a time to reboot them to get the new tunnel settings.

New Users
New users can download and install the 20120125 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the Proxy page of our FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Screenshots
Upgrade Process
Feedback
If you have any questions, please join our mailing list and ask away!
http://groups.google.com/group/security-onion

Thanks
Thanks to the following for their help in testing this release!
Tom De Vries
Jason Boss
David Zawdie
Mark Hillick
Liam Randall

Help Wanted!
Security Onion needs you!  Please see the new Team Members page on the wiki!

Want to learn more about Intrusion Detection?
Doug Burks will be teaching SANS 503 Intrusion Detection In-Depth in Augusta, GA in June!  For more information, please see:
http://securityonion.blogspot.com/2012/03/sans-is-coming-to-augusta-ga-in-june.html