Security Onion: July 2016

Thursday, July 28, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion59 resolves an issue

Wes Lambert submitted some pull requests for sostat:
https://github.com/Security-Onion-Solutions/securityonion-sostat/pull/7
https://github.com/Security-Onion-Solutions/securityonion-sostat/pull/8

I've merged these pull requests and the following package is now available:
securityonion-sostat - 20120722-0ubuntu0securityonion59

This new package should resolve the following issue:

Issue 963: sostat: improve formatting
https://github.com/Security-Onion-Solutions/security-onion/issues/963

Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training? Please see:
https://securityonionsolutions.com

Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, July 20, 2016

Suricata 3.1.1 now available for Security Onion!

Suricata 3.1.1 was recently released:
https://suricata-ids.org/2016/07/13/suricata-3-1-1-released/

I've packaged it and the following package is now available:
securityonion-suricata - 3.1.1-1ubuntu1securityonion1

This new package should resolve the following issue:

Issue 945: Suricata 3.1.1
https://github.com/Security-Onion-Solutions/security-onion/issues/945

This package has been tested by Wes Lambert. Thanks, Wes!

Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables. You'll then need to do the following:

re-apply any other local customizations to your suricata.yaml file(s)
update ruleset and restart Suricata as follows:
sudo rule-update

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training? Please see:
https://securityonionsolutions.com

Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Snort 2.9.8.3 now available for Security Onion!

Snort 2.9.8.3 was recently released:
http://blog.snort.org/2016/06/snort-2983-has-been-released.html

I've packaged it and the following packages are now available:
securityonion-snort 2.9.8.3-1ubuntu1securityonion1
securityonion-daq 2.0.6-0ubuntu0securityonion5

These new packages should resolve the following issue:

Issue 946: Snort 2.9.8.3
https://github.com/Security-Onion-Solutions/security-onion/issues/946

These packages have been tested by Wes Lambert. Thanks, Wes!

Updating
These packages are now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

This update will back up each of your existing snort.conf files to snort.conf.bak and migrate your HOME_NET and EXTERNAL_NET variables. You'll then need to do the following:

re-apply any other local customizations to your snort.conf file(s)
update ruleset and restart Snort as follows:
sudo rule-update

PF_RING 6.4.1 now available for Security Onion!

PF_RING 6.4.1 was recently released:
http://www.ntop.org/pf_ring/pf_ring-6-4-just-released/
https://github.com/ntop/PF_RING/releases

I've packaged PF_RING 6.4.1 and backported some fixes for recent Ubuntu kernels:
https://github.com/ntop/PF_RING/commit/f5fbb56f70a737399f62300bbbfae3bc5adbcbe9
https://github.com/ntop/PF_RING/commit/0e4738d563cbb39e1ce88c116278a390ccc6d0a7
https://github.com/ntop/PF_RING/commit/e40b06114251cfa8f4a5713eb25a9c8a0ef98308
https://github.com/ntop/PF_RING/commit/7677ce2961c6ceab96824460c471ea3c2e3f4f56

The following packages are now available:
securityonion-pfring-daq 20121107-0ubuntu0securityonion13
securityonion-pfring-devel 20121107-0ubuntu0securityonion10
securityonion-pfring-ld 20120827-0ubuntu0securityonion10
securityonion-pfring-module 20121107-0ubuntu0securityonion28
securityonion-pfring-userland 20160708-1ubuntu1securityonion1

These new packages should resolve the following issue:

Issue 941: PF_RING 6.4.1
https://github.com/Security-Onion-Solutions/security-onion/issues/941

These packages have been tested by Wes Lambert. Thanks, Wes!

Updating
These packages are now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training? Please see:
https://securityonionsolutions.com

Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, July 19, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion138 resolves several issues

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion138 is now available and should resolve the following issues:

Issue 944: NSM: backup scripts should not prompt when run with --force-yes
https://github.com/Security-Onion-Solutions/security-onion/issues/944

Issue 561: NSM: nsm_server_backup-config should check FORCE_YES
https://github.com/Security-Onion-Solutions/security-onion/issues/561

Issue 937: NSM: remove sguild DEBUG 1 from postinst
https://github.com/Security-Onion-Solutions/security-onion/issues/937

Issue 943: NSM: add nsm_server_user-list
https://github.com/Security-Onion-Solutions/security-onion/issues/943

This package has been tested by Phil Plantamura and Wes Lambert. Thanks!

Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training? Please see:
https://securityonionsolutions.com

Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, July 18, 2016

securityonion-setup - 20120912-0ubuntu0securityonion222 resolves several issues

Wes Lambert submitted some Pull Requests for Setup. Thanks, Wes!

I've packaged Wes's changes and securityonion-setup - 20120912-0ubuntu0securityonion222 should resolve the following issues:

Issue 925: Setup: ask user for MTU of sniffing interface(s) and allow VLAN tags
https://github.com/Security-Onion-Solutions/security-onion/issues/925

Issue 926: Setup: ask user for HOME_NET
https://github.com/Security-Onion-Solutions/security-onion/issues/926

Issue 948: Setup: configure email
https://github.com/Security-Onion-Solutions/security-onion/issues/948

Issue 949: Setup: change http links to https
https://github.com/Security-Onion-Solutions/security-onion/issues/949

Issue 953: Setup: change "Emerging Threats GPL" to "Emerging Threats Open"
https://github.com/Security-Onion-Solutions/security-onion/issues/953

Issue 955: Setup: Nonstandard interface names not being detected
https://github.com/Security-Onion-Solutions/security-onion/issues/955

Issue 304: Setup: support unique interface names
https://github.com/Security-Onion-Solutions/security-onion/issues/304

Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training? Please see:
https://securityonionsolutions.com

Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Security Onion Remote Training

Last week's Security Onion online training went very well. For those of you who missed it and would like to purchase access to the recordings, please see:
https://securityonionsolutions.com/ondemandtraining

The next round of online training sessions will be held Monday September 12 through Thursday September 15. For more information and to register, please see:
https://securityonionsolutions.com/onlinetraining

Thursday, July 7, 2016

securityonion-sostat - 20120722-0ubuntu0securityonion57 resolves two issues

Wes Lambert submitted some Pull Requests for sostat. Thanks, Wes!

I've packaged Wes's changes and securityonion-sostat - 20120722-0ubuntu0securityonion57 should resolve the following issues:

Issue 951: sostat: group packet loss stats into one section
https://github.com/Security-Onion-Solutions/security-onion/issues/951

Issue 960: sostat: output when current monitoring interval has not completed
https://github.com/Security-Onion-Solutions/security-onion/issues/960

Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes is next week!
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, July 6, 2016

securityonion-capme - 20121213-0ubuntu0securityonion60 resolves an issue

Wes Lambert submitted a patch for CapMe to resolve an issue (thanks, Wes!):

Issue 956: CapMe: only close transcript when 'close' button is clicked
https://github.com/Security-Onion-Solutions/security-onion/issues/956

I've updated the following package:

securityonion-capme - 20121213-0ubuntu0securityonion60

Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes is next week!
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, July 4, 2016

securityonion-web-page - 20141015-0ubuntu0securityonion60 resolves 2 issues

I've updated the following package:

securityonion-web-page - 20141015-0ubuntu0securityonion60

It should resolve the following issues:

Issue 952: securityonion-web-page: add FTP Data query to FTP category:
https://github.com/Security-Onion-Solutions/security-onion/issues/952

With the current FTP queries in ELSA, if you pivot to full packet capture, you only see the FTP control channel (you don't see actual files being transferred). This update add a new query to the FTP category to help users to find the FTP data channel where files are actually transferred.

Issue 957: securityonion-web-page: change public site hyperlinks to https
https://github.com/Security-Onion-Solutions/security-onion/issues/957

Our public websites for the Security Onion project and for Security Onion Solutions now default to https, so we're changing all hyperlinks from http to https.

Wes Lambert tested this package. Thanks, Wes!

Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online classes is next week!
https://attendee.gototraining.com/9z73w/catalog/8119062504158470144

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Security Onion