Wednesday, August 31, 2016

securityonion-setup - 20120912-0ubuntu0securityonion228 resolves an issue

A new setup package is now available:
securityonion-setup - 20120912-0ubuntu0securityonion228

This new package should resolve the following issue:

Issue 986: Setup: use default MTU
https://github.com/Security-Onion-Solutions/security-onion/issues/986

Thanks
Thanks to Wes Lambert for testing this package!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration closes on Friday September 2!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, August 24, 2016

securityonion-setup - 20120912-0ubuntu0securityonion226 resolves an issue

A new setup package is now available:
securityonion-setup - 20120912-0ubuntu0securityonion226

This new package should resolve the following issue:

Issue 981: sosetup-network: bug when configuring management interface only
https://github.com/Security-Onion-Solutions/security-onion/issues/981

Thanks
Thanks to Wes Lambert for testing this package!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration closes on Friday September 2!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

securityonion-web-page - 20141015-0ubuntu0securityonion68 resolves an issue

Tom Webb recently posted to the Internet Storm Center about checking HTTP status codes:
https://isc.sans.edu/forums/diary/522+Error+Code+for+the+Win/21377/

I've added a new HTTP Top Status Code query to the ELSA hunting menu and built a new package:
securityonion-web-page - 20141015-0ubuntu0securityonion68

This new package should resolve the following issue:

Issue 984: securityonion-web-page: add HTTP top status code
https://github.com/Security-Onion-Solutions/security-onion/issues/984

Thanks
Thanks to Wes Lambert for testing this package!

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration closes on Friday September 2!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, August 23, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion141 resolves an issue

Wes Lambert submitted a Pull Request which should automatically start Snort with a calculated snaplen setting passed via the --snaplen command-line option:
https://github.com/Security-Onion-Solutions/securityonion-nsmnow-admin-scripts/pull/8

I've merged the Pull Request and built a new package:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion141

This new package should resolve the following issue:

Issue 975: NSM: configure Snort snaplen via command line argument
https://github.com/Security-Onion-Solutions/security-onion/issues/975

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration closes on Friday September 2!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, August 22, 2016

securityonion-elsa-extras - 20151011-1ubuntu1securityonion37 resolves 2 issues

James Taylor and Josh Brower submitted updates for some ELSA patterns.  I've merged their pull requests and built a new package:
securityonion-elsa-extras - 20151011-1ubuntu1securityonion37

This new package has been tested by James Taylor, Josh Brower, and Wes Lambert (thanks!) and should resolve the following issues:

Issue 979: securityonion-elsa-extras: additional patterns for Sysmon 4 and 4.11
https://github.com/Security-Onion-Solutions/security-onion/issues/979

Issue 983: securityonion-elsa-extras: add "AR-LOG" header to autoruns pattern
https://github.com/Security-Onion-Solutions/security-onion/issues/983

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration closes on Friday September 2!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Thursday, August 11, 2016

securityonion-setup - 20120912-0ubuntu0securityonion225 resolves an issue

I've updated the Setup package and the new package version is:
securityonion-setup - 20120912-0ubuntu0securityonion225

This new package has been tested by Wes Lambert (thanks!) and should resolve the following issue:

Setup: sosetup.conf SGUIL_CLIENT_USERNAME alphanumeric only #980
https://github.com/Security-Onion-Solutions/security-onion/issues/980

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration closes in just a few weeks!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, August 10, 2016

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion140 resolves an issue

I've updated the NSM scripts to wipe Suricata's stats.log when starting/restarting Suricata.  The new package is:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion140

This new package has been tested by Wes Lambert (thanks!) and should resolve the following issue:

Issue 968: NSM: wipe stats.log when restarting Suricata
https://github.com/Security-Onion-Solutions/security-onion/issues/968

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration closes in just a few weeks!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, August 9, 2016

securityonion-sguil-db-purge - 20120722-0ubuntu0securityonion17 resolves 3 issues

Wes Lambert submitted a pull request for sguil-db-purge:
https://github.com/Security-Onion-Solutions/securityonion-sguil-db-purge/pull/1

I merged the pull request and also did the following:

  • refactored mysql calls to use mysql defaults-file
  • added check for root privileges

This new package should resolve the following issues:

Issue 971: securityonion-sguil-db-purge: add command line options
https://github.com/Security-Onion-Solutions/security-onion/issues/971

Issue 972: securityonion-sguil-db-purge: update mysql calls
https://github.com/Security-Onion-Solutions/security-onion/issues/972

Issue 974: securityonion-sguil-db-purge: check for privileges
https://github.com/Security-Onion-Solutions/security-onion/issues/974

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, August 8, 2016

New ELSA packages resolve several issues

I've merged several pull requests:
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/10
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/15
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/17
https://github.com/Security-Onion-Solutions/securityonion-elsa-extras/pull/18
https://github.com/Security-Onion-Solutions/securityonion-web-page/pull/5

Martin Holste merged several pull requests in his ELSA repo:
https://github.com/mcholste/elsa/pull/16
https://github.com/mcholste/elsa/pull/40
https://github.com/mcholste/elsa/pull/39
https://github.com/mcholste/elsa/pull/37

I've built new packages including all of these changes and the new
package versions are as follows:
securityonion-elsa - 1205chartsjsd3-1ubuntu1securityonion9
securityonion-elsa-extras - 20151011-1ubuntu1securityonion35
securityonion-web-page - 20141015-0ubuntu0securityonion67

These new packages should resolve the following issues:

Issue 950: ELSA: change Help link to point to ELSA Github
https://github.com/Security-Onion-Solutions/security-onion/issues/950

Issue 827: securityonion-elsa-extras: merge additional patterns including DNP3 and Modbus
https://github.com/Security-Onion-Solutions/security-onion/issues/827

Issue 970: securityonion-web-page: add queries for autoruns, dnp3, and modbus
https://github.com/Security-Onion-Solutions/security-onion/issues/970

Issue 973: securityonion-web-page: Apache ServerName localhost
https://github.com/Security-Onion-Solutions/security-onion/issues/973

Issue 964: securityonion-web-page: add "bottom" queries for long tail analysis
https://github.com/Security-Onion-Solutions/security-onion/issues/964

Issue 976: securityonion-web-page: additional protections in securityonion.conf
https://github.com/Security-Onion-Solutions/security-onion/issues/976

These packages have been tested by the following (thanks!):
Phil Plantamura
Josh Brower
Wes Lambert
James Taylor

Screenshots
DNP3 - Top SRC IPs 
DNP3 - Top DST IPs 
DNP3 - Top DST Ports 
DNP3 - Top Requests 
DNP3 - Top Replies

Modbus - Top SRC IPs

Modbus - Top DST IPs

Modbus - Top DST Ports

Modbus - Top Functions

Modbus - Top Exceptions

Autoruns Queries
 
DNS - Bottom Requests (Long Tail Analysis)
Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Tuesday, August 2, 2016

securityonion-squert - 20141015-0ubuntu0securityonion19 resolves XSS issue and disables Apache autoindex module

Manuel Mancera discovered a XSS issue in Squert:
https://github.com/int13h/squert/issues/76
https://groups.google.com/d/topic/security-onion/-x_PQQwm4bQ/discussion

securityonion-squert - 20141015-0ubuntu0securityonion19 resolves this XSS issue and also disables the Apache autoindex module:

Issue 967: Squert: Parameter not escaped in ip2c.php
https://github.com/Security-Onion-Solutions/security-onion/issues/967

Issue 969: Squert: prevent directory listing for subdirectories
https://github.com/Security-Onion-Solutions/security-onion/issues/969

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, August 1, 2016

securityonion-setup - 20120912-0ubuntu0securityonion224 resolves an issue

Wes Lambert submitted a pull request for sosetup:
https://github.com/Security-Onion-Solutions/securityonion-setup/pull/22

I've merged this pull request and the following package is now available:
securityonion-setup - 20120912-0ubuntu0securityonion224

This new package should resolve the following issues:

Issue 966: Setup: sosetup.conf needs to include MTU
https://github.com/Security-Onion-Solutions/security-onion/issues/966

Issue 592: sosetup: add -y option
https://github.com/Security-Onion-Solutions/security-onion/issues/592

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Search This Blog

Featured Post

State of the Onion 2024

We usually have our State of the Onion at the annual Security Onion Conference, but we had to cancel the conference due to Hurricane Helene ...

Popular Posts

Blog Archive