Monday, August 19, 2013

New securityonion-bro-scripts package fixes a race condition

A new version of our securityonion-bro-scripts package is now available that fixes a possible race condition.

This update resolves the following issue:
Issue 374: Update hostname.bro and interface.bro

Thanks
Thanks to Jon Siwek for the new Bro scripts!
Thanks to the following for testing the new packages!
Matt Gregory
David Zawdie

Upgrading
The new packages are now available in our stable repo.  Please see our Upgrade page for full upgrade instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

After installing the new packages, you'll need to restart Bro:
sudo broctl restart

Screenshots
Under certain conditions, the old Bro scripts would fail to determine the hostname and interface...

...resulting in Bro's conn.log containing an invalid "sensorname" field (should be hostname-interface)

Installing new securityonion-bro-scripts package

Restarting Bro

Bro now properly determines hostname and interface resulting in...
...conn.log having the correct sensorname (hostname-interface)


Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive