Thursday, July 23, 2020

Security Update for Security Onion 2.0 RC1

We recently released Security Onion 2.0 RC1:

Some community members quickly reported some issues (including 2 security issues) and we've released fixes:

Security Fix 1067: variables.txt from ISO install stays on disk for 10 days

Security Fix 1068: Remove user values from static.sls

Issue 1059: Fix distributed deployment sensor interval issue allowing PCAP

Issue 1058: Support for passwords that start with special characters

Thanks to Max Diorio and Reddit user TungstenCLXI for reporting these issues!

UPDATE 2020/07/23 4:53 PM
Looks like the sensor interval fix for distributed deployments introduced a regression for other installation types. We're working on this issue now:
https://github.com/Security-Onion-Solutions/securityonion/issues/1089

UPDATE 2020/07/24 12:14 PM
We've fixed the regression in 2.0.2:
https://blog.securityonion.net/2020/07/security-onion-202-rc1-available-for.html

Existing Installations
If you have an existing 2.0 RC1 installation, you'll want to run "sudo soup" as soon as possible. soup will then update itself and ask you to run soup again. On the second run, soup will update salt and your Docker images. Salt will then remove variables.txt and update static.sls.

Please note that Docker images may still show 2.0.0 (instead of 2.0.1) as they have simply been re-tagged.

For more information, please see the soup page on our documentation site:

New Installations
If you're doing a new installation and you download our ISO image, you'll get the new 2.0.1 ISO image that already contains these fixes. 

Otherwise, if you install a standard CentOS7 or Ubuntu 18.04 ISO and then perform a network installation, you'll get the latest code that contains the fixes.

For more information, please see the download page on our documentation site:

Feedback
If you have questions or problems, please reach out to our community:

Thanks!

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive