I've packaged a new version of netsniff-ng that allows for dropping privileges to a non-root user and I've updated the NSM scripts to take advantage of that. These new packages fix the following issues:
Issue 310: Update netsniff-ng
Issue 320: Update NSM scripts so that nsm_sensor_ps-restart includes $PCAP_OPTIONS
Issue 311: Update NSM scripts to run netsniff-ng as non-root user
Issue 318: Update NSM scripts to force netsniff-ng to write to proper directory
Issue 303: Update NSM scripts so that sensor_cleandisk looks for unified2 files in proper directories
The new packages have been tested by the following (thanks!):
Heine Lysemose
Matt Gregory
David Zawdie
Updating
The new packages are now available in our stable repo. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgradeOnce the new packages are installed, you'll need to restart netsniff-ng to run the new binary as a non-root user:
sudo nsm_sensor_ps-restart --only-pcap
Screenshots
Update Process |
Restarting netsniff-ng |
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Help Wanted
If you or your organization has found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list and IRC channel. Thanks!
No comments:
Post a Comment