The following software was recently released:
Snort 2.9.5.5
http://blog.snort.org/2013/09/snort-2955-is-now-available-on-snortorg.html
I've packaged Snort 2.9.5.5 and also updated the NSM and sostat packages. The updated package versions are as follows:
securityonion-daq - 2.0.1-0ubuntu0securityonion2
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion62
securityonion-snort - 2.9.5.5-0ubuntu0securityonion1
securityonion-sostat - 20120722-0ubuntu0securityonion10
The new packages have been tested by the following (thanks!):
JP Bourget
David Zawdie
Matt Gregory
Issues Resolved
Issue 405: Optimize network buffers
https://code.google.com/p/security-onion/issues/detail?id=405
This update creates a new file called /etc/sysctl.d/10-securityonion.conf which increases some kernel network buffers. The settings will be applied at the next boot, or you can apply them immediately with "sudo sysctl -p /etc/sysctl.d/10-securityonion.conf"
Issue 407: Increase frequency of /etc/cron.d/sensor-clean
https://code.google.com/p/security-onion/issues/detail?id=407
/etc/cron.d/sensor-clean now runs every 5 minutes. This should help avoid the disk filling up between hourly purges for some users.
Issue 419: Delete Snorby pid file at boot
https://code.google.com/p/security-onion/issues/detail?id=419
/etc/init/securityonion.conf now deletes /opt/snorby/tmp/pids/delayed_job.pid before starting the Snorby worker to avoid issues in case the pid file was empty.
Issue 408: Add "broctl netstats" to sostat
https://code.google.com/p/security-onion/issues/detail?id=408
Issue 410: sostat should display the count of days archived in pcap and Bro logs
https://code.google.com/p/security-onion/issues/detail?id=410
Issue 417: sostat - remove $HOSTNAME-
https://code.google.com/p/security-onion/issues/detail?id=417
Issue 422: Bro average packet loss in sostat
https://code.google.com/p/security-onion/issues/detail?id=422
Issue 398: Snort 2.9.5.5
https://code.google.com/p/security-onion/issues/detail?id=398
Updating
The new packages are now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
The Snort update will back up each of your existing snort.conf files to snort.conf.bak. You'll then need to do the following:
- apply your local customizations to the new snort.conf
- update ruleset and restart Snort using "sudo rule-update"
Screenshots
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNjD7IUid9Tt6t0BSgTGpY8VgKD9N0a2U4LRfLOqOj1Gl64ErjXEs_BIQF52IVKYmggffyW6MVljqE57HVxKOmIJw_FXr8749xNua8m637j_cLJ19l7w-1fV_R3BCTPgIRAckeakR3eQQB/s640/Screen+Shot+2013-11-11+at+10.00.27+AM.png) |
"sudo soup" update process |
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB28jQGIRTDC3ABFFmXGg5DQYTdmLWKPIpiVFA1R7g6v7vEqkJP7N0PvAb68DBOABN9ULW3KltCJMeI3m9tudNZR0KMEdt4tAPinCdtQA5raDaIrlM3g_XbwkRvLL2kyrzx3r28zyJJqPG/s640/Screen+Shot+2013-11-11+at+10.01.41+AM.png) |
Snort 2.9.5.5 |
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWT6ttCwXvaRyT3cH-a0B7wZ33p9_osiKVT3Fpkm7MWuA6HZ-Xtn9ZvcJ6qrRM8JVXN9IA2kSvysJXbc1lJ0CtbrVvgCRyjDLmnziWApUAnyuAufG2Fbylsh0v7cjNWaqB1Os8ec8LryDj/s640/Screen+Shot+2013-11-11+at+10.02.25+AM.png) |
Updating ruleset and restarting Snort using "sudo rule-update" |
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list and IRC channel. Thanks!