Tuesday, December 31, 2013

New NSM and Setup packages available

I've updated our NSM and Setup packages to resolve a few issues:

Issue 429: nsm_server_clear needs latest Squert database updates

Issue 451: nsm_sensor_clean should purge old files in /nsm/bro/extracted

Issue 454: Disabling PADS agent blocks PRADS and results in no SANCP
records flowing
(thanks to Kevin Branch for the patch)

Issue 435: Setup should allow you to set PF_RING min_num_slots

Issue 446: Setup should delete /var/lib/sphinxsearch/data/binlog*

Issue 452: Setup phase 2 should populate sniffing interfaces from

Issue 439: /etc/cron.d/sensor-newday updates

Issue 440: BPF JIT addition to /etc/sysctl.d/10-securityonion.conf

The new packages are as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion66
securityonion-setup - 20120912-0ubuntu0securityonion92

They have been tested by the following (thanks!):
David Zawdie

Setup now selects interfaces based on /etc/network/interfaces
If you allow Setup to configure /etc/network/interfaces, then it will use that information later to automatically select the proper interface(s) for monitoring:

PF_RING min_num_slots
Setup now creates /etc/modprobe.d/pf_ring.conf to set parameters for the PF_RING kernel module.  If you run Quick Setup, it will just use the default value of 4096 for min_num_slots.  However, if you choose Advanced Setup, you will have the opportunity to change that default value.

If you've already run Setup and want to modify min_num_slots, you can manually create /etc/modprobe.d/pf_ring.conf.  For example, to increase min_num_slots to 65534, do the following:
echo "options pf_ring transparent_mode=0 min_num_slots=65534" | sudo tee /etc/modprobe.d/pf_ring.conf
After creating /etc/modprobe.d/pf_ring.conf, you'll need to reload the PF_RING module as follows (or just reboot):
sudo nsm_sensor_ps-stop
sudo rmmod pf_ring
sudo nsm_sensor_ps-start
The new package is now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our mailing list:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Registration Now Open for Augusta Cyber Week 2024!

Registration is now open for Augusta Cyber Week in beautiful Augusta GA from September 30, 2024 through October 5, 2024! This includes: 4-da...

Popular Posts

Blog Archive