Thursday, February 13, 2014

New securityonion-elsa-extras package properly randomizes apikey on master server

Scott Runnels has updated the securityonion-elsa-extras package to properly randomize the ELSA apikey on the master server.  Thanks, Scott!

The updated package version is securityonion-elsa-extras - 20131117-1ubuntu0securityonion36 and it has been tested by the following (thanks!):
Michal Purzynski
David Zawdie

Issues Resolved
Issue 478: securityonion-elsa-extras: randomize API key in master's elsa_web.conf
https://code.google.com/p/security-onion/issues/detail?id=478

Release Notes
When the new package installs, it will check /etc/elsa_web.conf to see if you have an apikey set to the default of "1".  If so, it will automatically replace that default apikey with a properly randomized apikey.  You'll then need to restart Apache to make the change take effect:
sudo service apache2 restart

Please be reminded that the management interface of your master server (where the ELSA web interface runs) should be connected to a dedicated management network or locked down via firewall rules to only accept connections from analyst IP addresses:
https://code.google.com/p/security-onion/wiki/Firewall

Screenshots
BEFORE new package - apikey defaulted to 1

Installing new package, which will automatically check for default apikey and randomize if necessary

AFTER new package - apikey is now properly randomized 
Restarting Apache to make change in /etc/elsa_web.conf take effect

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

No comments:

Search This Blog

Featured Post

Security Onion Documentation printed book now updated for Security Onion 2.4.60!

We've been offering our Security Onion documentation in book form on Amazon for a few years and it's now been updated for the recent...

Popular Posts

Blog Archive