The following software was recently released:
Snort 2.9.5.5
http://blog.snort.org/2013/09/snort-2955-is-now-available-on-snortorg.html
I've packaged Snort 2.9.5.5 and also updated the NSM and sostat packages. The updated package versions are as follows:
securityonion-daq - 2.0.1-0ubuntu0securityonion2
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion62
securityonion-snort - 2.9.5.5-0ubuntu0securityonion1
securityonion-sostat - 20120722-0ubuntu0securityonion10
The new packages have been tested by the following (thanks!):
JP Bourget
David Zawdie
Matt Gregory
Issues Resolved
Issue 405: Optimize network buffers
https://code.google.com/p/security-onion/issues/detail?id=405
This update creates a new file called /etc/sysctl.d/10-securityonion.conf which increases some kernel network buffers. The settings will be applied at the next boot, or you can apply them immediately with "sudo sysctl -p /etc/sysctl.d/10-securityonion.conf"
Issue 407: Increase frequency of /etc/cron.d/sensor-clean
https://code.google.com/p/security-onion/issues/detail?id=407
/etc/cron.d/sensor-clean now runs every 5 minutes. This should help avoid the disk filling up between hourly purges for some users.
Issue 419: Delete Snorby pid file at boot
https://code.google.com/p/security-onion/issues/detail?id=419
/etc/init/securityonion.conf now deletes /opt/snorby/tmp/pids/delayed_job.pid before starting the Snorby worker to avoid issues in case the pid file was empty.
Issue 408: Add "broctl netstats" to sostat
https://code.google.com/p/security-onion/issues/detail?id=408
Issue 410: sostat should display the count of days archived in pcap and Bro logs
https://code.google.com/p/security-onion/issues/detail?id=410
Issue 417: sostat - remove $HOSTNAME-
https://code.google.com/p/security-onion/issues/detail?id=417
Issue 422: Bro average packet loss in sostat
https://code.google.com/p/security-onion/issues/detail?id=422
Issue 398: Snort 2.9.5.5
https://code.google.com/p/security-onion/issues/detail?id=398
Updating
The new packages are now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
The Snort update will back up each of your existing snort.conf files to snort.conf.bak. You'll then need to do the following:
- apply your local customizations to the new snort.conf
- update ruleset and restart Snort using "sudo rule-update"
Screenshots
|
"sudo soup" update process |
|
Snort 2.9.5.5 |
|
Updating ruleset and restarting Snort using "sudo rule-update" |
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list and IRC channel. Thanks!