Wednesday, April 17, 2013

New netsniff-ng and NSM packages now available


I've packaged a new version of netsniff-ng that allows for dropping privileges to a non-root user and I've updated the NSM scripts to take advantage of that.  These new packages fix the following issues:
Issue 310: Update netsniff-ng
Issue 320: Update NSM scripts so that nsm_sensor_ps-restart includes $PCAP_OPTIONS
Issue 311: Update NSM scripts to run netsniff-ng as non-root user
Issue 318: Update NSM scripts to force netsniff-ng to write to proper directory
Issue 303: Update NSM scripts so that sensor_cleandisk looks for unified2 files in proper directories

The new packages have been tested by the following (thanks!):
Heine Lysemose
Matt Gregory
David Zawdie

Updating
The new packages are now available in our stable repo. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgrade
Once the new packages are installed, you'll need to restart netsniff-ng to run the new binary as a non-root user:
sudo nsm_sensor_ps-restart --only-pcap

Screenshots
Update Process

Restarting netsniff-ng

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you or your organization has found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive