Tuesday, January 6, 2015

New NSM and Setup packages resolve several issues

I've updated the NSM and Setup packages to resolve several issues.  The new packages are as follows:

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion99
securityonion-setup - 20120912-0ubuntu0securityonion127

These new packages should resolve the following issues:

Issue 658: NSM: fix umask on Snort unified2 output
https://code.google.com/p/security-onion/issues/detail?id=658

Issue 548: NSM: run barnyard2 as non-root user
https://code.google.com/p/security-onion/issues/detail?id=548

Issue 649: nsm_all_del_quick: check for /etc/nsm/servertab and /etc/nsm/sensortab before trying to read
https://code.google.com/p/security-onion/issues/detail?id=649

Issue 598: so-snorby-wipe
https://code.google.com/p/security-onion/issues/detail?id=598

Issue 610: NSM: ossec_agent alert level should be configurable
https://code.google.com/p/security-onion/issues/detail?id=610

Issue 660: Setup: add OSSEC_AGENT_LEVEL to /etc/nsm/securityonion.conf
https://code.google.com/p/security-onion/issues/detail?id=660


These new packages have been tested by David Zawdie (thanks!).

Screenshots
Run "sudo nsm_sensor_ps-restart" to restart ossec_agent, snort, and barnyard2

/etc/nsm/securityonion.conf now contains OSSEC_AGENT_LEVEL

Snort unified2 output now has proper permissions

Barnyard2 is now running as a non-root user
 
If you need to wipe the alerts in the Snorby database, you can now use so-snorby-wipe

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support
Need training and/or commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

Thanks!

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive