Tuesday, December 31, 2013

New NSM and Setup packages available

I've updated our NSM and Setup packages to resolve a few issues:

Issue 429: nsm_server_clear needs latest Squert database updates
https://code.google.com/p/security-onion/issues/detail?id=429

Issue 451: nsm_sensor_clean should purge old files in /nsm/bro/extracted
https://code.google.com/p/security-onion/issues/detail?id=451

Issue 454: Disabling PADS agent blocks PRADS and results in no SANCP
records flowing
https://code.google.com/p/security-onion/issues/detail?id=454
(thanks to Kevin Branch for the patch)

Issue 435: Setup should allow you to set PF_RING min_num_slots
https://code.google.com/p/security-onion/issues/detail?id=435

Issue 446: Setup should delete /var/lib/sphinxsearch/data/binlog*
https://code.google.com/p/security-onion/issues/detail?id=446

Issue 452: Setup phase 2 should populate sniffing interfaces from
/etc/network/interfaces
https://code.google.com/p/security-onion/issues/detail?id=452

Issue 439: /etc/cron.d/sensor-newday updates
https://code.google.com/p/security-onion/issues/detail?id=439

Issue 440: BPF JIT addition to /etc/sysctl.d/10-securityonion.conf
https://code.google.com/p/security-onion/issues/detail?id=440

The new packages are as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion66
securityonion-setup - 20120912-0ubuntu0securityonion92

They have been tested by the following (thanks!):
David Zawdie

Setup now selects interfaces based on /etc/network/interfaces
If you allow Setup to configure /etc/network/interfaces, then it will use that information later to automatically select the proper interface(s) for monitoring:

PF_RING min_num_slots
Setup now creates /etc/modprobe.d/pf_ring.conf to set parameters for the PF_RING kernel module.  If you run Quick Setup, it will just use the default value of 4096 for min_num_slots.  However, if you choose Advanced Setup, you will have the opportunity to change that default value.

If you've already run Setup and want to modify min_num_slots, you can manually create /etc/modprobe.d/pf_ring.conf.  For example, to increase min_num_slots to 65534, do the following:
echo "options pf_ring transparent_mode=0 min_num_slots=65534" | sudo tee /etc/modprobe.d/pf_ring.conf
After creating /etc/modprobe.d/pf_ring.conf, you'll need to reload the PF_RING module as follows (or just reboot):
sudo nsm_sensor_ps-stop
sudo rmmod pf_ring
sudo nsm_sensor_ps-start
Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive