Wednesday, November 13, 2013

New Snort, NSM, and sostat packages available

The following software was recently released:

Snort 2.9.5.5
http://blog.snort.org/2013/09/snort-2955-is-now-available-on-snortorg.html

I've packaged Snort 2.9.5.5 and also updated the NSM and sostat packages.  The updated package versions are as follows:
securityonion-daq - 2.0.1-0ubuntu0securityonion2
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion62
securityonion-snort - 2.9.5.5-0ubuntu0securityonion1
securityonion-sostat - 20120722-0ubuntu0securityonion10

The new packages have been tested by the following (thanks!):
JP Bourget
David Zawdie
Matt Gregory

Issues Resolved

Issue 405: Optimize network buffers
https://code.google.com/p/security-onion/issues/detail?id=405
This update creates a new file called /etc/sysctl.d/10-securityonion.conf which increases some kernel network buffers.  The settings will be applied at the next boot, or you can apply them immediately with "sudo sysctl -p /etc/sysctl.d/10-securityonion.conf"

Issue 407: Increase frequency of /etc/cron.d/sensor-clean
https://code.google.com/p/security-onion/issues/detail?id=407
/etc/cron.d/sensor-clean now runs every 5 minutes.  This should help avoid the disk filling up between hourly purges for some users.

Issue 419: Delete Snorby pid file at boot
https://code.google.com/p/security-onion/issues/detail?id=419
/etc/init/securityonion.conf now deletes /opt/snorby/tmp/pids/delayed_job.pid before starting the Snorby worker to avoid issues in case the pid file was empty.

Issue 408: Add "broctl netstats" to sostat
https://code.google.com/p/security-onion/issues/detail?id=408

Issue 410: sostat should display the count of days archived in pcap and Bro logs
https://code.google.com/p/security-onion/issues/detail?id=410

Issue 417: sostat - remove $HOSTNAME-
https://code.google.com/p/security-onion/issues/detail?id=417

Issue 422: Bro average packet loss in sostat
https://code.google.com/p/security-onion/issues/detail?id=422

Issue 398: Snort 2.9.5.5
https://code.google.com/p/security-onion/issues/detail?id=398

Updating

The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

The Snort update will back up each of your existing snort.conf files to snort.conf.bak.  You'll then need to do the following:
  • apply your local customizations to the new snort.conf
  • update ruleset and restart Snort using "sudo rule-update"
Screenshots

"sudo soup" update process

Snort 2.9.5.5

Updating ruleset and restarting Snort using "sudo rule-update"
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Security Onion Documentation printed book now updated for Security Onion 2.4.110!

We've been offering our Security Onion documentation in book form on Amazon for a few years and it's now been updated for the recent...

Popular Posts

Blog Archive