Thursday, April 25, 2013

Ubuntu MySQL Updates

Ubuntu recently released updated MySQL packages.  As a reminder, please follow the instructions at the following link to avoid any issues with MySQL updates:
https://code.google.com/p/security-onion/wiki/MySQLUpdates

Wednesday, April 17, 2013

New netsniff-ng and NSM packages now available


I've packaged a new version of netsniff-ng that allows for dropping privileges to a non-root user and I've updated the NSM scripts to take advantage of that.  These new packages fix the following issues:
Issue 310: Update netsniff-ng
Issue 320: Update NSM scripts so that nsm_sensor_ps-restart includes $PCAP_OPTIONS
Issue 311: Update NSM scripts to run netsniff-ng as non-root user
Issue 318: Update NSM scripts to force netsniff-ng to write to proper directory
Issue 303: Update NSM scripts so that sensor_cleandisk looks for unified2 files in proper directories

The new packages have been tested by the following (thanks!):
Heine Lysemose
Matt Gregory
David Zawdie

Updating
The new packages are now available in our stable repo. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgrade
Once the new packages are installed, you'll need to restart netsniff-ng to run the new binary as a non-root user:
sudo nsm_sensor_ps-restart --only-pcap

Screenshots
Update Process

Restarting netsniff-ng

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you or your organization has found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

Tuesday, April 2, 2013

Snort 2.9.4.1 packages now available

Snort 2.9.4.1 was recently released:
http://blog.snort.org/2013/03/snort-2941-has-been-released.html

I've packaged Snort 2.9.4.1 and DAQ 2.0.0 and the new packages have been tested by the following (thanks!):
Heine Lysemose
David Zawdie

The new packages are now available in our stable repo. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgrade
Please note that, if you normally use the Registered User VRT Ruleset, you are on a 30-day delay and rules may not be available for Snort 2.9.4.1 yet.

Install Process

The Snort update will do the following:

  • back up each of your existing snort.conf file(s) to snort.conf.bak
  • update Snort to 2.9.4.1

If you're running Snort in production, then you'll need to do the following:

  • apply your local customizations to the new snort.conf file(s)
  • update ruleset and restart Snort as follows:
sudo rule-update
sudo apt-get update && sudo apt-get dist-upgrade

snort -V

Apply any local customizations to snort.conf and then run "sudo rule-update"

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists