Ubuntu recently released updated MySQL packages. As a reminder, please follow the instructions at the following link to avoid any issues with MySQL updates:
https://code.google.com/p/security-onion/wiki/MySQLUpdates
Thursday, April 25, 2013
Wednesday, April 17, 2013
New netsniff-ng and NSM packages now available
I've packaged a new version of netsniff-ng that allows for dropping privileges to a non-root user and I've updated the NSM scripts to take advantage of that. These new packages fix the following issues:
Issue 310: Update netsniff-ng
Issue 320: Update NSM scripts so that nsm_sensor_ps-restart includes $PCAP_OPTIONS
Issue 311: Update NSM scripts to run netsniff-ng as non-root user
Issue 318: Update NSM scripts to force netsniff-ng to write to proper directory
Issue 303: Update NSM scripts so that sensor_cleandisk looks for unified2 files in proper directories
The new packages have been tested by the following (thanks!):
Heine Lysemose
Matt Gregory
David Zawdie
Updating
The new packages are now available in our stable repo. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgradeOnce the new packages are installed, you'll need to restart netsniff-ng to run the new binary as a non-root user:
sudo nsm_sensor_ps-restart --only-pcap
Screenshots
 |
| Update Process |
 |
| Restarting netsniff-ng |
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Help Wanted
If you or your organization has found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list and IRC channel. Thanks!
Tuesday, April 2, 2013
Snort 2.9.4.1 packages now available
Snort 2.9.4.1 was recently released:
http://blog.snort.org/2013/03/snort-2941-has-been-released.html
I've packaged Snort 2.9.4.1 and DAQ 2.0.0 and the new packages have been tested by the following (thanks!):
Heine Lysemose
David Zawdie
The new packages are now available in our stable repo. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
Install Process
The Snort update will do the following:
If you're running Snort in production, then you'll need to do the following:
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
http://blog.snort.org/2013/03/snort-2941-has-been-released.html
I've packaged Snort 2.9.4.1 and DAQ 2.0.0 and the new packages have been tested by the following (thanks!):
Heine Lysemose
David Zawdie
The new packages are now available in our stable repo. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgrade
Please note that, if you normally use the Registered User VRT Ruleset, you are on a 30-day delay and rules may not be available for Snort 2.9.4.1 yet.
The Snort update will do the following:
- back up each of your existing snort.conf file(s) to snort.conf.bak
- update Snort to 2.9.4.1
If you're running Snort in production, then you'll need to do the following:
- apply your local customizations to the new snort.conf file(s)
- update ruleset and restart Snort as follows:
sudo rule-update
 |
| sudo apt-get update && sudo apt-get dist-upgrade |
 |
| snort -V |
 |
| Apply any local customizations to snort.conf and then run "sudo rule-update" |
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists