Thursday, October 10, 2013

New NSM/Setup Packages now available

New versions of the following packages are now available!
securityonion-nsmnow-admin-scripts
securityonion-setup

Issues Resolved

Issue 376: netsniff-ng: specify ring buffer size
When running Setup and choosing Advanced Setup, you can now specify netsniff-ng's ring buffer size.
https://code.google.com/p/security-onion/issues/detail?id=376

Issue 400: Add option to Advanced Setup to enable netsniff-ng mmap I/O
When running Setup and choosing Advanced Setup, you can now enable mmap I/O for netsniff-ng.
https://code.google.com/p/security-onion/issues/detail?id=400

Issue 394: syslog-ng memory leak
/etc/cron.d/sensor-newday was doing "syslog-ng reload" which was causing a memory leak.  It now does a full "syslog-ng restart" to avoid the memory leak.
https://code.google.com/p/security-onion/issues/detail?id=394

Issue 391: Setup should write log file to /tmp and then copy to /var/log/nsm/sosetup.log when done
While Setup is running, you can monitor /tmp/sosetup.log.  After Setup has completed, you can find the log at /var/log/nsm/sosetup.log.
https://code.google.com/p/security-onion/issues/detail?id=391

Issue 377: Move Argus config to argus.conf so that users can change without modifying NSM scripts
Each sensor will now have its own argus.conf at /etc/nsm/HOSTNAME-INTERFACE/argus.conf that you can use to customize your Argus configuration.
https://code.google.com/p/security-onion/issues/detail?id=377

Issue 401: ossec_agent.conf should set DAEMON to 0
The default ossec_agent.conf had DAEMON set to 1, but our NSM scripts expect spawned processes to NOT daemonize.  The NSM scripts now set DAEMON to 0 in ossec_agent.conf to avoid this.
https://code.google.com/p/security-onion/issues/detail?id=401

Screenshots

netsniff-ng ring buffer

netsniff-ng mmap I/O

Thanks
Thanks to Jon Schipp for his work on the netsniff-ng configuration!
Thanks to David Edelman for his work on the Argus configuration!
Thanks to JP Bourget and David Zawdie for testing the new packages!

Upgrading
The new packages are now available in our stable repo.  Please see our Upgrade page for full upgrade instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

Training
Want to learn more about Log Management?  Join me for SANS SEC434 Log Management In-Depth in Memphis TN on October 16th and 17th!  This class is being held in conjunction with University of Memphis Center for Information Assurance Cyber Security Expo taking place October 18, 2013 at the FedEx Institute of Technology.  Your paid tuition for this SANS course includes registration for the Cyber Security Expo when you register with Discount Code "ISC-Memphis":
http://www.sans.org/community/event/sec434-memphis-16oct2013-doug-burks

Want to learn more about Security Onion?  Sign up for the upcoming 8-hour class in Augusta GA!  Be one of the first 10 students to sign up and you can register at the discounted Early Bird price!  For full details and to register, please see:
https://securityonion20131026.eventbrite.com/

No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive