Thursday, April 28, 2016

securityonion-squert-cron - 20120722-0ubuntu0securityonion6 resolves 3 issues

securityonion-squert-cron - 20120722-0ubuntu0securityonion6 is now available and should resolve the following issues:

Issue 890: Squert ip2c cron job should sleep a random number of minutes
https://github.com/Security-Onion-Solutions/security-onion/issues/890

Issue 899: Squert ip2c cron job should run as a non-root user
https://github.com/Security-Onion-Solutions/security-onion/issues/899

Issue 903: Squert ip2c cron job should log to a log file
https://github.com/Security-Onion-Solutions/security-onion/issues/903

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, April 27, 2016

securityonion-setup - 20120912-0ubuntu0securityonion207 adds more debug info and input validation

Wes Lambert submitted a Pull Request to add additional debug info and input validation:
https://github.com/Security-Onion-Solutions/securityonion-setup/pull/11

I've merged this Pull Request and created a new package:
securityonion-setup - 20120912-0ubuntu0securityonion207

This package should resolve the following issue:
https://github.com/Security-Onion-Solutions/security-onion/issues/902

James Taylor tested this package.  Thanks, James!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, April 26, 2016

New ELSA packages resolve 2 issues

Martin Holste committed some fixes for ELSA email recently:
https://github.com/mcholste/elsa/commit/d6b57293ea2d83d35fc530e8d8071539013b3469
https://github.com/mcholste/elsa/commit/9ea0a9d6ed589297094b97c514f29e20eab0c567
https://github.com/mcholste/elsa/commit/6ad7966897a6c18573788d657cc6e28147dc9880

I've built a new ELSA package with all the latest fixes:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion7

Also, Harvii submitted a pull request to remove a non-ASCII character from securityonion-elsa-reset-archive:
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/16

I've merged the pull request and the new package is as follows:
securityonion-elsa-extras - 20151011-1ubuntu1securityonion28

These packages should resolve the following issues:

Issue 881: ELSA: remove non-ascii character from securityonion-elsa-reset-archive
https://github.com/Security-Onion-Solutions/security-onion/issues/881

Issue 882: ELSA: fix email
https://github.com/Security-Onion-Solutions/security-onion/issues/882

Wes Lambert tested these packages.  Thanks, Wes!

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, April 25, 2016

Suricata 3.0.1 now available for Security Onion!

Suricata 3.0.1 was recently released:
https://suricata-ids.org/2016/04/04/suricata-3-0-1-released/

I've packaged Suricata 3.0.1 and the new package version is:
securityonion-suricata - 3.0.1-1ubuntu1securityonion1

This resolves the following issue:

Issue 896: Suricata 3.0.1
https://github.com/Security-Onion-Solutions/security-onion/issues/896

Wes Lambert and wingmanjt tested this package.  Thanks, guys!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your snort.conf file(s)
  • update ruleset and restart Suricata as follows:
    sudo rule-update

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Snort 2.9.8.2 now available for Security Onion!

Snort 2.9.8.2 was recently released:
http://blog.snort.org/2016/03/snort-2982-has-been-released.html

I've packaged Snort 2.9.8.2 and the new package version is as follows:
securityonion-snort - 2.9.8.2-1ubuntu1securityonion1

This resolves the following issue:

Issue 893: Snort 2.9.8.2
https://github.com/Security-Onion-Solutions/security-onion/issues/893

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing snort.conf files to snort.conf.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

  • re-apply any other local customizations to your snort.conf file(s)
  • update ruleset and restart Snort as follows:
    sudo rule-update

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is coming up in a few weeks:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Tuesday, April 12, 2016

securityonion-rule-update - 20151201-1ubuntu1securityonion2 resolves an issue

David J. Bianco found an issue in the securityonion-rule-update package and submitted a Pull Request.  Thanks, David!

I merged the Pull Request and built a new package.  securityonion-rule-update - 20151201-1ubuntu1securityonion2 is now available and should resolve the following issue:

securityonion-rule-update: avoid su error #892
https://github.com/Security-Onion-Solutions/security-onion/issues/892

This package has been tested by Wes Lambert.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is in May:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Monday, April 11, 2016

securityonion-setup - 20120912-0ubuntu0securityonion206 resolves two issues

securityonion-setup - 20120912-0ubuntu0securityonion206 is now available and should resolve the following issues:

Issue 891: Setup: fix errors when sensors add firewall rules
https://github.com/Security-Onion-Solutions/security-onion/issues/891

Issue 894: Setup: remove old keyring files
https://github.com/Security-Onion-Solutions/security-onion/issues/894

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
We have an upcoming online class in May:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!