so-allow: add OSSEC/Wazuh registration service option #1506
https://github.com/Security-Onion-Solutions/security-onion/issues/1506
Setup: /etc/network/interfaces ethtool rx setting should be commented out by default #1508
https://github.com/Security-Onion-Solutions/security-onion/issues/1508
Discussion
Richard Bejtlich recently blogged about an issue with Virtualbox and /etc/network/interfaces:
https://taosecurity.blogspot.com/2019/04/troubleshooting-nsm-virtualization.html
We were able to duplicate the issue and determine that it had to do with the ethtool -G rx setting. Traditionally, our Setup script has used ethtool -g to determine the maximum rx setting and then ethtool -G to enforce that maximum rx setting. It seems as if VirtualBox 6.0.4 may have an issue whereby its virtual network interfaces report a maximum rx setting of 4096 but are unable to reliably be set to that value. Therefore, the safest option for widest compatibility is to keep the rx setting at its default value. Additionally, some folks are recommending lower rx values for better performance:
https://github.com/pevma/SEPTun/blob/master/SEPTun.rst
Our new Setup script continues to write the ethtool -G rx setting into /etc/network/interfaces but it is now commented out by default. If you need to modify this, you can certainly do so.
For more information, please see the Network Configuration page on our Documentation site:
https://securityonion.readthedocs.io/en/latest/network-configuration.html
Thanks
Thanks to Richard Bejtlich for reporting the /etc/network/interfaces issue!
Thanks to Dustin Lee for duplicating the /etc/network/interfaces issue!
Thanks to Wes Lambert for testing!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html
Training
We have a 4-day Security Onion Basic Training class coming up in Costa Mesa CA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com
Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html
Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs
Support
Need support? Please see:
https://securityonion.net/docs/Support
Thanks!
No comments:
Post a Comment