Tuesday, January 21, 2014

Snort 2.9.5.6 and Suricata 1.4.7 packages now available!

The following software was recently released:

Snort 2.9.5.6
http://blog.snort.org/2013/11/snort-2956-is-now-available-on-snortorg.html

Suricata 1.4.7
http://www.openinfosecfoundation.org/index.php/component/content/article/1-latest-news/184--suricata-147-released

I've packaged these new releases and the new packages have been tested by JP Bourget and David Zawdie.  Thanks, guys!

Upgrading
The new packages are now available in our stable repo.  Please see our Upgrade page for full upgrade instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

These updates will do the following:


  • back up each of your existing snort.conf files to snort.conf.bak
  • update Snort
  • back up each of your existing suricata.yaml files to suricata.yaml.bak
  • update Suricata


You'll then need to do the following:


  • apply your local customizations to the new snort.conf or suricata.yaml files
  • update ruleset and restart Snort/Suricata as follows:
    sudo rule-update

Release Notes
Snort is now compiled with --enable-sourcefire.

Screenshots
"sudo soup" upgrade process
Snort 2.9.5.6 and Suricata 1.4.7

Updating ruleset and restarting Snort/Suricata using "sudo rule-update"
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

2 comments:

  1. For future reference, when is the "sudo rule-update" required, only for specific SO updates, or when Snort is updated to newer version? Thanks!

    ReplyDelete
  2. Hi William,

    "sudo rule-update" is required when updating Snort to ensure that you get the updated rules specific to your new version of Snort.

    If you have further questions, please use our mailing list.

    ReplyDelete

Note: Only a member of this blog may post a comment.