Friday, November 15, 2013

New sostat package available

I found and fixed a couple of bugs in the recent sostat package.  The updated package version is:
securityonion-sostat - 20120722-0ubuntu0securityonion11

Issues Resolved
Issue 423: Bugs in broctl netstats percentage calculation

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:

Feedback
If you have any questions or problems, please use our mailing list:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

Wednesday, November 13, 2013

New Snort, NSM, and sostat packages available

The following software was recently released:

Snort 2.9.5.5
http://blog.snort.org/2013/09/snort-2955-is-now-available-on-snortorg.html

I've packaged Snort 2.9.5.5 and also updated the NSM and sostat packages.  The updated package versions are as follows:
securityonion-daq - 2.0.1-0ubuntu0securityonion2
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion62
securityonion-snort - 2.9.5.5-0ubuntu0securityonion1
securityonion-sostat - 20120722-0ubuntu0securityonion10

The new packages have been tested by the following (thanks!):
JP Bourget
David Zawdie
Matt Gregory

Issues Resolved

Issue 405: Optimize network buffers
https://code.google.com/p/security-onion/issues/detail?id=405
This update creates a new file called /etc/sysctl.d/10-securityonion.conf which increases some kernel network buffers.  The settings will be applied at the next boot, or you can apply them immediately with "sudo sysctl -p /etc/sysctl.d/10-securityonion.conf"

Issue 407: Increase frequency of /etc/cron.d/sensor-clean
https://code.google.com/p/security-onion/issues/detail?id=407
/etc/cron.d/sensor-clean now runs every 5 minutes.  This should help avoid the disk filling up between hourly purges for some users.

Issue 419: Delete Snorby pid file at boot
https://code.google.com/p/security-onion/issues/detail?id=419
/etc/init/securityonion.conf now deletes /opt/snorby/tmp/pids/delayed_job.pid before starting the Snorby worker to avoid issues in case the pid file was empty.

Issue 408: Add "broctl netstats" to sostat
https://code.google.com/p/security-onion/issues/detail?id=408

Issue 410: sostat should display the count of days archived in pcap and Bro logs
https://code.google.com/p/security-onion/issues/detail?id=410

Issue 417: sostat - remove $HOSTNAME-
https://code.google.com/p/security-onion/issues/detail?id=417

Issue 422: Bro average packet loss in sostat
https://code.google.com/p/security-onion/issues/detail?id=422

Issue 398: Snort 2.9.5.5
https://code.google.com/p/security-onion/issues/detail?id=398

Updating

The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

The Snort update will back up each of your existing snort.conf files to snort.conf.bak.  You'll then need to do the following:
  • apply your local customizations to the new snort.conf
  • update ruleset and restart Snort using "sudo rule-update"
Screenshots

"sudo soup" update process

Snort 2.9.5.5

Updating ruleset and restarting Snort using "sudo rule-update"
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

Search This Blog

Featured Post

Security Onion 2.4.111 now available!

In October, we released version 2.4.110: https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html Last week, Surica...

Popular Posts

Blog Archive