http://blog.securityonion.net/2014/09/bash-vulnerability.html
http://blog.securityonion.net/2014/09/bash-vulnerability-part-2.html
http://blog.securityonion.net/2014/09/bash-vulnerability-part-3.html
http://blog.securityonion.net/2014/09/bash-vulnerability-part-4-another.html
If you're running the Snort VRT ruleset, please read this post in its entirety.
The Snort VRT added some ShellShock rules to the Community ruleset:
http://blog.snort.org/2014/09/snort-community-ruleset-out-of-band.html
If you look at your current /etc/nsm/pulledpork/pulledpork.conf file, you'll see that the Snort Community ruleset line is not enabled (or missing altogether if it's been a while since you ran Setup). I've updated Setup so that when you run Setup and choose Snort VRT, it will also enable the Snort Community ruleset. If you've already run Setup, the new Setup package will check your existing pulledpork.conf file and add/enable the Snort Community ruleset if necessary.
I've submitted securityonion-setup - 20120912-0ubuntu0securityonion122 for testing:
https://groups.google.com/d/topic/security-onion-testing/W_R_ejUc-Z4/discussion
If you're not already a member of the security-onion-testing Google Group, please join the group and help us test this new package so we can get it released as quickly as possible.
Thanks!
Setup updating pulledpork.conf |
Snorby displaying ShellShock alert from Snort Community ruleset |
UPDATE 20140927 07:59
Please see:
http://blog.securityonion.net/2014/09/new-securityonion-bro-scripts.html
UPDATE 20140929 08:25
The new Setup package has been tested and published:
http://blog.securityonion.net/2014/09/new-setup-package-adds-snort-community.html
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.