Thursday, February 13, 2014

New securityonion-elsa-extras package properly randomizes apikey on master server

Scott Runnels has updated the securityonion-elsa-extras package to properly randomize the ELSA apikey on the master server.  Thanks, Scott!

The updated package version is securityonion-elsa-extras - 20131117-1ubuntu0securityonion36 and it has been tested by the following (thanks!):
Michal Purzynski
David Zawdie

Issues Resolved
Issue 478: securityonion-elsa-extras: randomize API key in master's elsa_web.conf

Release Notes
When the new package installs, it will check /etc/elsa_web.conf to see if you have an apikey set to the default of "1".  If so, it will automatically replace that default apikey with a properly randomized apikey.  You'll then need to restart Apache to make the change take effect:
sudo service apache2 restart

Please be reminded that the management interface of your master server (where the ELSA web interface runs) should be connected to a dedicated management network or locked down via firewall rules to only accept connections from analyst IP addresses:

BEFORE new package - apikey defaulted to 1

Installing new package, which will automatically check for default apikey and randomize if necessary

AFTER new package - apikey is now properly randomized 
Restarting Apache to make change in /etc/elsa_web.conf take effect

The new package is now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our security-onion mailing list:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list:

We also need help testing new packages:


No comments:

Search This Blog

Featured Post

Security Onion 2.3 has reached End Of Life

On 10/6/2023, we announced a 6-month EOL notice for Security Onion 2.3:

Popular Posts

Blog Archive