Ubuntu Hardware Enablement (HWE) Stacks

Summary

If you installed Security Onion using our ISO image, then you should be running the original 3.2 kernel which should be fully supported until April 2017.  However, if you installed Ubuntu and then added our PPA and packages, you may be running a Hardware Enablement (HWE) Stack that has reached End-of-life.  If this is the case, then you'll need to update to a newer HWE Stack that will continue to be supported.

Checking Your System using hwe-support-status
To check your system, run the following command:

hwe-support-status tool --verbose

For example, in the following screenshot, I'm running the command on a machine that was installed from the Security Onion ISO image.  If this is what you get, then you can disregard the rest of this blog post.

If, on the other hand, you receive output similar to the following screenshot (taken from a machine that was installed from an Ubuntu ISO image), then you'll need to update to a newer HWE Stack.

WARNING! Do NOT run the do-release-upgrade command as this will upgrade to Ubuntu 14.04, which is incompatible with our packages.  We'll be using the second "apt-get install" option to update the HWE stack.

Updating your HWE Stack
Before you update your HWE stack, make sure that you've installed all updates so that you have the new PF_RING packages that support Linux kernel 3.13:
http://blog.securityonion.net/2014/08/new-pfring-snort-suricata-bro-packages.html

You can verify that you have the new PF_RING 6.0.2 with "cat /proc/net/pf_ring/info":

Then run the apt-get command shown in *your* output of hwe-support-status.  In the hwe-support-status screenshot above, we were requested to run the following because we were just running Ubuntu Server (no GUI):

sudo apt-get install linux-generic-lts-trusty linux-image-generic-lts-trusty

Depending on how your system was installed, hwe-support-status may ask you to install additional packages.  For example, you may also be requested to update your xserver packages.  Run whatever command hwe-support-status recommends for you.

If the new HWE stack installed successfully, then reboot your system:

After rebooting and logging in, verify that you're running the new 3.13 kernel with the "uname -a" command:

You can also verify that the PF_RING kernel module got built and loaded correctly for the new 3.13 kernel:

Finally, run the hwe-support-status tool again to verify that your HWE stack is supported until April 2017:

For more information about Ubuntu HWE Stacks, please see:

https://wiki.ubuntu.com/Kernel/LTSEnablementStack

https://wiki.ubuntu.com/1204_HWE_EOL

Feedback

If you have any questions or problems, please use our security-onion mailing list:

https://code.google.com/p/security-onion/wiki/MailingLists

Conference

Less than 30 seats left for the Security Onion conference in Augusta GA! Reserve your seat today!

https://securityonionconference2014.eventbrite.com

Commercial Support/Training

Need training and/or commercial support?  Please see:

http://securityonionsolutions.com

Help Wanted

If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:

http://groups.google.com/group/security-onion

We also need help testing new packages:

http://groups.google.com/group/security-onion-testing

Thanks!