The new packages are as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion114
securityonion-sguil-agent-ossec - 20120726-0ubuntu0securityonion7
These new packages should resolve the following issues:
Issue 684: NSM: nsm_server_ps-start needs to create /var/log/sguild/ if it doesn't already exist
https://code.google.com/p/security-onion/issues/detail?id=684
https://code.google.com/p/security-onion/issues/detail?id=686
Issue 687: NSM: nsm_sensor_ps-start should set permissions on /var/log/nsm/HOSTNAME-INTERFACE/ properly
https://code.google.com/p/security-onion/issues/detail?id=687
https://code.google.com/p/security-onion/issues/detail?id=689
Issue 688: ossec_agent: add option to disable DNS lookups
https://code.google.com/p/security-onion/issues/detail?id=688
These new packages have been tested by David Zawdie (thanks!).
Release Notes
After updating to the new packages, the next time that the NSM scripts start ossec_agent.tcl, they will add a new USE_DNS option to /etc/nsm/ossec/ossec_agent.conf and default it to 0 (disabled). This results in much better performance for ossec_agent.tcl.
If you need to revert to the previous behavior of DNS lookups enabled and don't mind the additional lookup delay, you can change USE_DNS to 1 (enabled) and then restart ossec_agent.tcl:
sudo nsm_sensor_ps-restart --only-ossec-agentAlso note that these packages move ossec_agent.tcl to /usr/bin/.
Updating
The new packages are now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Commercial Support
Need training and/or commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are now available in our CafePress store!
http://www.cafepress.com/securityonion/11820053
Thanks!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.