Monday, July 2, 2018

Ubuntu 16.04 with HWE and PF_RING

Introduction
This blog post only applies to you if you installed our Security Onion 16.04 ISO images OR if you installed Ubuntu 16.04 with the HWE stack:
https://wiki.ubuntu.com/Kernel/LTSEnablementStack
https://wiki.ubuntu.com/Kernel/RollingLTSEnablementStack

As of this morning, it appears that Ubuntu has rolled the Ubuntu 16.04 HWE stack to 18.04 which means a 4.15 Linux kernel.

Problem
Our current PF_RING module will not compile on kernel 4.15.  If you upgrade to 4.15, you will have a failed PF_RING module and services that use PF_RING such as Snort, Suricata, and Bro, may not work properly.

Solution
We will be building new PF_RING packages to ensure compatibility with this new HWE stack.  In the meantime, please use the following guidance.

If you haven't already updated, we recommend avoiding updates until we have the new PF_RING packages available. 

If you've already updated, you can boot your machine(s) to the previous kernel by choosing "Advanced options" at the grub boot menu and then selecting the 4.13 kernel.

Updated 2018/07/02 12:27 PM Eastern
We've released an updated securityonion-pfring-module package that should resolve this issue, so you should now be able to install updates normally.
https://blog.securityonion.net/2018/07/securityonion-pfring-module-20121107.html

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.