Monday, December 1, 2014

Snort 2.9.7 and Daq 2.0.4 now available!

Snort 2.9.7 and Daq 2.0.4 were recently released:
http://blog.snort.org/2014/10/snort-297-has-been-released.html

I've updated our packages:
securityonion-daq - 2.0.4-0ubuntu0securityonion2
securityonion-pfring-daq - 20121107-0ubuntu0securityonion9
securityonion-snort - 2.9.7.0-0ubuntu0securityonion4

These new packages should resolve the following issues:

Issue 636: Snort 2.9.7.0
https://code.google.com/p/security-onion/issues/detail?id=636

Issue 637: Snort DAQ 2.0.4
https://code.google.com/p/security-onion/issues/detail?id=637

Issue 648: Rebuild securityonion-pfring-daq for new DAQ
https://code.google.com/p/security-onion/issues/detail?id=648

The new packages have been tested by the following (thanks!):
Eddy Simons
Ronny Vaningh
David Zawdie

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

These updates will back up each of your existing snort.conf files to snort.conf.bak.  You'll then need to do the following:

  • re-apply any local customizations to your snort.conf files
  • update ruleset and restart Snort/Suricata as follows:
sudo rule-update
If you get an error like the following:
ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/chat.so" version 1.0 compiled with dynamic engine library version 2.1 isn't compatible with the current dynamic engine library "/usr/lib/snort_dynamicengine/libsf_engine.so" version 2.4.
then please see:
https://code.google.com/p/security-onion/wiki/FAQ#I_just_updated_Snort_and_it's_now_saying_'ERROR:_The_d

Screenshots
"sudo soup" will ask you to check/update your snort.conf file(s)

"sudo rule-update" will download the updated ruleset and restart Snort

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Need training?  Please see:
https://security-onion-class-20141215.eventbrite.com/

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

No comments:

Search This Blog

Featured Post

State of the Onion 2024

We usually have our State of the Onion at the annual Security Onion Conference, but we had to cancel the conference due to Hurricane Helene ...

Popular Posts

Blog Archive