Issue 429: nsm_server_clear needs latest Squert database updates
https://code.google.com/p/security-onion/issues/detail?id=429
Issue 451: nsm_sensor_clean should purge old files in /nsm/bro/extracted
https://code.google.com/p/security-onion/issues/detail?id=451
Issue 454: Disabling PADS agent blocks PRADS and results in no SANCP
records flowing
https://code.google.com/p/security-onion/issues/detail?id=454
(thanks to Kevin Branch for the patch)
Issue 435: Setup should allow you to set PF_RING min_num_slots
https://code.google.com/p/security-onion/issues/detail?id=435
Issue 446: Setup should delete /var/lib/sphinxsearch/data/binlog*
https://code.google.com/p/security-onion/issues/detail?id=446
Issue 452: Setup phase 2 should populate sniffing interfaces from
/etc/network/interfaces
https://code.google.com/p/security-onion/issues/detail?id=452
Issue 439: /etc/cron.d/sensor-newday updates
https://code.google.com/p/security-onion/issues/detail?id=439
Issue 440: BPF JIT addition to /etc/sysctl.d/10-securityonion.conf
https://code.google.com/p/security-onion/issues/detail?id=440
The new packages are as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion66
securityonion-setup - 20120912-0ubuntu0securityonion92
They have been tested by the following (thanks!):
David Zawdie
Setup now selects interfaces based on /etc/network/interfaces
If you allow Setup to configure /etc/network/interfaces, then it will use that information later to automatically select the proper interface(s) for monitoring:
PF_RING min_num_slots
Setup now creates /etc/modprobe.d/pf_ring.conf to set parameters for the PF_RING kernel module. If you run Quick Setup, it will just use the default value of 4096 for min_num_slots. However, if you choose Advanced Setup, you will have the opportunity to change that default value.
echo "options pf_ring transparent_mode=0 min_num_slots=65534" | sudo tee /etc/modprobe.d/pf_ring.confAfter creating /etc/modprobe.d/pf_ring.conf, you'll need to reload the PF_RING module as follows (or just reboot):
sudo nsm_sensor_ps-stopUpdating
sudo rmmod pf_ring
sudo nsm_sensor_ps-start
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list and IRC channel. Thanks!
No comments:
Post a Comment