Tuesday, December 31, 2013

New NSM and Setup packages available

I've updated our NSM and Setup packages to resolve a few issues:

Issue 429: nsm_server_clear needs latest Squert database updates

Issue 451: nsm_sensor_clean should purge old files in /nsm/bro/extracted

Issue 454: Disabling PADS agent blocks PRADS and results in no SANCP
records flowing
(thanks to Kevin Branch for the patch)

Issue 435: Setup should allow you to set PF_RING min_num_slots

Issue 446: Setup should delete /var/lib/sphinxsearch/data/binlog*

Issue 452: Setup phase 2 should populate sniffing interfaces from

Issue 439: /etc/cron.d/sensor-newday updates

Issue 440: BPF JIT addition to /etc/sysctl.d/10-securityonion.conf

The new packages are as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion66
securityonion-setup - 20120912-0ubuntu0securityonion92

They have been tested by the following (thanks!):
David Zawdie

Setup now selects interfaces based on /etc/network/interfaces
If you allow Setup to configure /etc/network/interfaces, then it will use that information later to automatically select the proper interface(s) for monitoring:

PF_RING min_num_slots
Setup now creates /etc/modprobe.d/pf_ring.conf to set parameters for the PF_RING kernel module.  If you run Quick Setup, it will just use the default value of 4096 for min_num_slots.  However, if you choose Advanced Setup, you will have the opportunity to change that default value.

If you've already run Setup and want to modify min_num_slots, you can manually create /etc/modprobe.d/pf_ring.conf.  For example, to increase min_num_slots to 65534, do the following:
echo "options pf_ring transparent_mode=0 min_num_slots=65534" | sudo tee /etc/modprobe.d/pf_ring.conf
After creating /etc/modprobe.d/pf_ring.conf, you'll need to reload the PF_RING module as follows (or just reboot):
sudo nsm_sensor_ps-stop
sudo rmmod pf_ring
sudo nsm_sensor_ps-start
The new package is now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our mailing list:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Top 5 Reasons to Sign Up for our 4-day Security Onion Fundamentals for Analysts & Admins Class in June 2024

Security Onion Solutions has been teaching Security Onion classes since 2014. Since that time, we've taught students around the globe to...

Popular Posts

Blog Archive