Tuesday, July 31, 2018

MySQL Upgrade Errors

Ubuntu released new MySQL packages for Ubuntu 16.04 on July 30, 2018:
https://usn.ubuntu.com/3725-1/

If you have a Security Onion 16.04 installation and run soup to install these new MySQL packages, you may see a few error messages. We'll be releasing a new version of soup that will avoid these issues for future MySQL upgrades.  In the meantime, please see the following for more information and workarounds:
https://securityonion.net/wiki/MySQL-Upgrade-Errors

Tuesday, July 24, 2018

Suricata 4.0.5 now available for Security Onion!

Suricata 4.0.5 was released recently:
https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/

We've packaged Suricata 4.0.5 and the following packages are now available:
securityonion-suricata - 4.0.5-1ubuntu1securityonion1 (16.04)
securityonion-suricata - 4.0.5-1ubuntu1securityonion2 (14.04)

These packages should resolve the following issue:

Suricata 4.0.5 #1281
https://github.com/Security-Onion-Solutions/security-onion/issues/1281

Thanks
Thanks to the Suricata team for Suricata 4.0.5!
Thanks to Wes Lambert for testing these packages!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Security Onion 16.04.4.3 now available!

Security Onion 16.04.4.3 is now available!



Issues Resolved

16.04.4.3 ISO image #1278
https://github.com/Security-Onion-Solutions/security-onion/issues/1278

Release Notes

For more information about this release, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/16.04.4.3

Security Onion 14.04 EOL Notice
As a reminder, all new development is now on Security Onion 16.04 and Security Onion 14.04 will reach EOL on November 30, 2018:
https://blog.securityonion.net/2018/06/6-month-eol-notice-for-security-onion.html

After that date, we will not provide any support for Security Onion 14.04.  Please plan to upgrade or replace any existing 14.04 systems before that date.

Installation Guide
We've updated the Installation guide to reflect the download locations for the new ISO image:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation

Existing Deployments
If you have existing 16.04 installations, there is no need to download the new ISO image.  You can simply continue using our standard update process to install updated packages as they are made available:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

If you have existing installations of Security Onion 14.04, you can upgrade from 14.04 to 16.04:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrading-from-14.04-to-16.04

Want us to upgrade your deployment for you?  Please contact Security Onion Solutions for pricing and scheduling:
https://securityonionsolutions.com

Thanks
Thanks to Wes Lambert for testing this new ISO image!

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

pinguybuilder - 20180514-1ubuntu1securityonion8 now available for Security Onion 16.04!

pinguybuilder - 20180514-1ubuntu1securityonion8 is now available for Security Onion 16.04 and should resolve the following issues:

pinguybuilder: some installs are missing /etc/apt #1273
https://github.com/Security-Onion-Solutions/security-onion/issues/1273

Thanks
Thanks to Wes Lambert for testing this package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

securityonion-samples-mta - 20150103-0ubuntu0securityonion3 now available for Security Onion 16.04!

securityonion-samples-mta - 20150103-0ubuntu0securityonion3 is now available for Security Onion 16.04 and should resolve the following issues:

securityonion-samples-mta: Add 2018 samples #1279
https://github.com/Security-Onion-Solutions/security-onion/issues/1279

Thanks
Thanks to Brad Duncan for providing the pcap samples!
Thanks to David Szili and Wes Lambert for testing this package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  If you can't make it to any of these onsite classes, we have a new online training platform!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Thursday, July 12, 2018

Introducing our new Security Onion Solutions online training platform!

We've just finished updating our online training based on our latest 16.04.4.2 release (including the Elastic Stack).  These new classes are now available on our new online training platform!
https://onlinetraining.securityonionsolutions.com

Use the following coupon code for 10% off!
10OFF-15193

Please act fast as this coupon expires 7/13/2018 at 11:55 PM!

Thanks!

Monday, July 9, 2018

securityonion-squert - 20161212-1ubuntu1securityonion42 now available for Security Onion 16.04!

securityonion-squert - 20161212-1ubuntu1securityonion42 is now available for Security Onion 16.04 and should resolve the following issues:

Squert: Priority counts incorrect #1277
https://github.com/Security-Onion-Solutions/security-onion/issues/1277

Thanks
Thanks to Wes Lambert for testing this package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Thursday, July 5, 2018

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion177 now available for Security Onion 16.04!

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion177 is now available for Security Onion 16.04 and should resolve the following issues:

NSM: improper confirmation of password should throw an error #1271
https://github.com/Security-Onion-Solutions/security-onion/issues/1271

Thanks
Thanks to Wes Lambert for his work on this package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

securityonion-setup - 20120912-0ubuntu0securityonion273 now available for Security Onion 16.04!

securityonion-setup - 20120912-0ubuntu0securityonion273 is now available for Security Onion 16.04 and should resolve the following issues:

sosetup -w not writing answer file correctly in some cases #1270
https://github.com/Security-Onion-Solutions/security-onion/issues/1270

sosetup: move elasticsearch and logstash jvm.options out of the way and write new ones #1272
https://github.com/Security-Onion-Solutions/security-onion/issues/1272

Thanks
Thanks to Steve Baker for testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, July 2, 2018

securityonion-pfring-module - 20121107-0ubuntu0securityonion31 now available for Security Onion 16.04!

securityonion-pfring-module - 20121107-0ubuntu0securityonion31 is now available for Security Onion 16.04 and should resolve the following issues:

securityonion-pfring-module: compile on kernel 4.15 #1274
https://github.com/Security-Onion-Solutions/security-onion/issues/1274

Thanks
Thanks to Wes Lambert for testing this new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Training
We have 4-day Security Onion training classes coming up in Maryland and Georgia!  For more information and other training options, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Ubuntu 16.04 with HWE and PF_RING

Introduction
This blog post only applies to you if you installed our Security Onion 16.04 ISO images OR if you installed Ubuntu 16.04 with the HWE stack:
https://wiki.ubuntu.com/Kernel/LTSEnablementStack
https://wiki.ubuntu.com/Kernel/RollingLTSEnablementStack

As of this morning, it appears that Ubuntu has rolled the Ubuntu 16.04 HWE stack to 18.04 which means a 4.15 Linux kernel.

Problem
Our current PF_RING module will not compile on kernel 4.15.  If you upgrade to 4.15, you will have a failed PF_RING module and services that use PF_RING such as Snort, Suricata, and Bro, may not work properly.

Solution
We will be building new PF_RING packages to ensure compatibility with this new HWE stack.  In the meantime, please use the following guidance.

If you haven't already updated, we recommend avoiding updates until we have the new PF_RING packages available. 

If you've already updated, you can boot your machine(s) to the previous kernel by choosing "Advanced options" at the grub boot menu and then selecting the 4.13 kernel.

Updated 2018/07/02 12:27 PM Eastern
We've released an updated securityonion-pfring-module package that should resolve this issue, so you should now be able to install updates normally.
https://blog.securityonion.net/2018/07/securityonion-pfring-module-20121107.html