securityonion-nsmnow-admin-scripts
securityonion-setup
Issues Resolved
Issue 376: netsniff-ng: specify ring buffer size
When running Setup and choosing Advanced Setup, you can now specify netsniff-ng's ring buffer size.
https://code.google.com/p/security-onion/issues/detail?id=376
Issue 400: Add option to Advanced Setup to enable netsniff-ng mmap I/O
When running Setup and choosing Advanced Setup, you can now enable mmap I/O for netsniff-ng.
https://code.google.com/p/security-onion/issues/detail?id=400
Issue 394: syslog-ng memory leak
/etc/cron.d/sensor-newday was doing "syslog-ng reload" which was causing a memory leak. It now does a full "syslog-ng restart" to avoid the memory leak.
https://code.google.com/p/security-onion/issues/detail?id=394
Issue 391: Setup should write log file to /tmp and then copy to /var/log/nsm/sosetup.log when done
While Setup is running, you can monitor /tmp/sosetup.log. After Setup has completed, you can find the log at /var/log/nsm/sosetup.log.
https://code.google.com/p/security-onion/issues/detail?id=391
Issue 377: Move Argus config to argus.conf so that users can change without modifying NSM scripts
Each sensor will now have its own argus.conf at /etc/nsm/HOSTNAME-INTERFACE/argus.conf that you can use to customize your Argus configuration.
https://code.google.com/p/security-onion/issues/detail?id=377
Issue 401: ossec_agent.conf should set DAEMON to 0
The default ossec_agent.conf had DAEMON set to 1, but our NSM scripts expect spawned processes to NOT daemonize. The NSM scripts now set DAEMON to 0 in ossec_agent.conf to avoid this.
https://code.google.com/p/security-onion/issues/detail?id=401
Screenshots
netsniff-ng ring buffer |
netsniff-ng mmap I/O |
Thanks
Thanks to Jon Schipp for his work on the netsniff-ng configuration!
Thanks to David Edelman for his work on the Argus configuration!
Thanks to JP Bourget and David Zawdie for testing the new packages!
Upgrading
The new packages are now available in our stable repo. Please see our Upgrade page for full upgrade instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list and IRC channel. Thanks!
Training
Want to learn more about Log Management? Join me for SANS SEC434 Log Management In-Depth in Memphis TN on October 16th and 17th! This class is being held in conjunction with University of Memphis Center for Information Assurance Cyber Security Expo taking place October 18, 2013 at the FedEx Institute of Technology. Your paid tuition for this SANS course includes registration for the Cyber Security Expo when you register with Discount Code "ISC-Memphis":
http://www.sans.org/community/event/sec434-memphis-16oct2013-doug-burks
Want to learn more about Security Onion? Sign up for the upcoming 8-hour class in Augusta GA! Be one of the first 10 students to sign up and you can register at the discounted Early Bird price! For full details and to register, please see:
https://securityonion20131026.eventbrite.com/
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.