- choosing Quick Setup still defaults to enabling Snorby automatically. It will automatically set SNORBY_ENABLED=yes in /etc/nsm/securityonion.conf and enable the snorby output in /etc/nsm/HOSTNAME-INTERFACE/barnyard2-1.conf.
- choosing Advanced Setup and then Server will ask if you want to enable or disable Snorby. If you choose yes, it will set SNORBY_ENABLED=yes in /etc/nsm/securityonion.conf. Otherwise, it will set SNORBY_ENABLED=no.
- choosing Advanced Setup and then Standalone will ask if you want to enable or disable Snorby. If you choose yes, it will set SNORBY_ENABLED=yes in /etc/nsm/securityonion.conf and enable the snorby output in all /etc/nsm/*/barnyard*.conf files. If you instead choose no, it will set SNORBY_ENABLED=no and disable (comment out) the snorby output in all /etc/nsm/*/barnyard*.conf files.
- choosing Sensor will check /etc/nsm/securityonion.conf on the master server to see if SNORBY_ENABLED=no and, if so, disable (comment out) the Snorby output in all /etc/nsm/*/barnyard*.conf files.
Snorby is going away in the future and so you should begin transitioning to Squert, Sguil, and/or ELSA. If you'd like to disable Snorby in your existing deployment, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/DisablingProcesses#disabling-snorby
The new package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion155
Issues Resolved
Issue 769: sosetup: allow user to enable/disable Snorby
https://github.com/Security-Onion-Solutions/security-onion/issues/769
Issue 596: sosetup: sensor should stop/disable Apache and Snorby worker
https://github.com/Security-Onion-Solutions/security-onion/issues/596
Issue 693: sosetup: improve input validation for email address
https://github.com/Security-Onion-Solutions/security-onion/issues/693
Issue 764: sosetup: fix typo in sosetup.conf
https://github.com/Security-Onion-Solutions/security-onion/issues/764
Issue 605: sosetup: replace tmp with mktemp
https://github.com/Security-Onion-Solutions/security-onion/issues/605
Issue 771: sosetup: comment out 2 examples in top.sls
https://github.com/Security-Onion-Solutions/security-onion/issues/771
Updating
This new package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists
Training
Need training? Please see:
http://securityonionsolutions.com
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers
Thanks!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.