Wednesday, January 27, 2021

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo

Yesterday, Qualys announced the discovery of a vulnerability in sudo:
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Updated sudo packages are now available and we recommend that users install them as soon as possible. Please note that some Linux distributions may backport patches without incrementing the version number, so "sudo --version" may return the same version number even after you install the updated package.

Security Onion 16.04

If you're still running Security Onion 16.04, an updated sudo package is now available for Ubuntu 16.04 and you can install it with the standard update command:

sudo soup

As a reminder, please keep in mind that Security Onion 16.04 reaches End of Life in less than 3 months:
https://blog.securityonion.net/2021/01/3-month-eol-notice-for-security-onion.html

Security Onion 2

Updated sudo packages are now available for both Ubuntu 18.04 and CentOS 7. If you accepted the default option of automatic OS patching, then your installation has likely already updated. If you did not accept the automatic OS patch schedule, then you can manually install the update using the standard distribution update mechanism as follows.

If you installed using our Security Onion 2 ISO image or manually installed on CentOS 7:

sudo yum -y update 

If you manually installed on Ubuntu 18.04:

sudo apt update && sudo apt dist-upgrade


Thursday, January 21, 2021

3 month EOL notice for Security Onion 16.04

On 10/16/2020, we released Security Onion 2 and announced a 6-month EOL notice for Security Onion 16.04:
https://blog.securityonion.net/2020/10/security-onion-2-has-reached-general.html

Ubuntu 16.04 reaches EOL in April 2021 and so therefore Security Onion 16.04 does as well. We will not provide any support for Security Onion 16.04 after April 16, 2021.  Please plan to upgrade or replace any existing 16.04 systems before then. If you have existing installations of Security Onion 16.04, you can upgrade to Security Onion 2:
https://docs.securityonion.net/en/2.3/appendix.html

Tuesday, January 19, 2021

Security Onion Documentation printed book now available for Security Onion 2!

Many folks have asked for a printed version of our official online documentation and we're excited to provide that!  Whether you work on airgapped networks or simply want a portable reference that doesn't require an Internet connection or batteries, this is what you've been asking for.

Thanks to Richard Bejtlich for writing the inspiring foreword!

Proceeds go to the Rural Technology Fund!

This 20210107 edition has been updated for Security Onion 2 and includes a 30% discount code for our on-demand training!






This book covers the following Security Onion topics:

  • Getting Started
  • Security Onion Console (SOC)
  • Analyst VM
  • Network Visibility
  • Host Visibility
  • Logs
  • Updating
  • Accounts
  • Services
  • Customizing for Your Environment
  • Tuning
  • Tricks and Tips
  • Utilities

Q&A

What is the difference between this book and the online documentation?

This book is the online documentation formatted specifically for print.  It also includes an inspiring foreword by Richard Bejtlich that is not available anywhere else!  Proceeds go to the Rural Technology Fund!  Finally, the printed book includes a 30% discount code for our on-demand training.

Who should get this book?

You should get this book if you work on airgapped networks or simply want a portable reference that doesn't require an Internet connection or batteries! Also anyone who wants to donate to a worthy cause like Rural Technology Fund!

What is the difference between this edition and the previous edition?

This edition has been updated for Security Onion 2!

Where do we get it?

The following URL will always take you to the latest version of the printed book at Amazon:

https://securityonion.net/book

Friday, January 15, 2021

Upcoming Elastic Licensing Changes

On Thursday 1/14/2021, Elastic announced some upcoming license changes:

https://www.elastic.co/blog/licensing-change

https://www.elastic.co/pricing/faq/licensing

On Tuesday 1/19/2021, Elastic released this additional information:

https://www.elastic.co/blog/license-change-clarification

https://www.elastic.co/blog/why-license-change-AWS

We are currently waiting for Elastic to finalize their changes to the Elastic license. We will provide more information when we have it.

Search This Blog

Featured Post

Security Onion 2.4.111 now available!

In October, we released version 2.4.110: https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html Last week, Surica...

Popular Posts

Blog Archive