Snort 2.9.13.0 and PulledPork 0.7.3 now available for Security Onion!

Snort 2.9.13.0 was recently released:
https://blog.snort.org/2019/04/snort-29130-has-been-released.html

We've packaged Snort 2.9.13.0 and the new version of PulledPork required for this new Snort version.  The new package versions are as follows:

securityonion-snort - 2.9.13.0-1ubuntu1securityonion3
securityonion-pulledpork - 0.7.3-1ubuntu1securityonion3

These packages should resolve the following issues:

Snort 2.9.13.0 #1142
https://github.com/Security-Onion-Solutions/security-onion/issues/1142

PulledPork 0.7.3 #1143
https://github.com/Security-Onion-Solutions/security-onion/issues/1143

Snort 2.9.13.0

PulledPork 0.7.3

Thanks
Thanks to the Snort team for Snort 2.9.13.0!
Thanks to the PulledPork team for PulledPork 0.7.3!
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18! CFP is open now and we want to hear from you!
https://blog.securityonion.net/2019/04/security-onion-conference-2019-cfp.html

Training
We have 4-day Security Onion Training classes coming up in Columbia MD!  Use promotional code earlybird for 10% off the ADVANCED class for a limited time.  If you can't make it to an onsite class, we have a new online training platform.  For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Documentation
We've got a brand new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Thanks!

securityonion-rule-update - 20151201-1ubuntu1securityonion13 now available for Security Onion!

The following package is now available:
securityonion-rule-update - 20151201-1ubuntu1securityonion13

This package should resolve the following issues:

rule-update: update distro in pulledpork.conf #1250
https://github.com/Security-Onion-Solutions/security-onion/issues/1250

Thanks
Thanks to ledingtech for notifying us of this issue!
Thanks to Wes Lambert for testing the new package!

Conference
Our annual Security Onion Conference will be Friday October 19, 2018:
https://securityonion.net/conference

Training
We offer onsite and online training:
https://securityonionsolutions.com

We have onsite classes scheduled in Columbia MD and Augusta GA with an Early Bird discount good until May 21!
https://blog.securityonion.net/2018/04/security-onion-basic-and-advanced.html

Support
Need support?  Please see:
https://securityonion.net/wiki/Support

Thanks!

Pulledpork, rule-update, and several other updates available for Security Onion!

The following packages are now available:
securityonion-menu - 20121026-0ubuntu0securityonion2
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion153
securityonion-pulledpork - 0.7.2-1ubuntu1securityonion4
securityonion-rule-update - 20151201-1ubuntu1securityonion9
securityonion-setup - 20120912-0ubuntu0securityonion233
securityonion-sguild-add-user - 20120726-0ubuntu0securityonion3
securityonion-sostat - 20120722-0ubuntu0securityonion67
securityonion-squert-cron - 20120722-0ubuntu0securityonion11
securityonion-sudoers - 20161221-1ubuntu1securityonion3

These new packages should resolve the following issues:

Issue 1017: PulledPork 0.7.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1017

Issue 1034: securityonion-rule-update: update for PulledPork 0.7.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1034

Issue 1035: Setup: update for PulledPork 0.7.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1035

Issue 1040: securityonion-sudoers: remove secure_path
https://github.com/Security-Onion-Solutions/security-onion/issues/1040

Issue 1043: NSM: create /usr/sbin/broctl
https://github.com/Security-Onion-Solutions/security-onion/issues/1043

Issue 1044: sostat: use full path for bro-cut
https://github.com/Security-Onion-Solutions/security-onion/issues/1044

Issue 1042: Move scripts from /usr/bin/ to /usr/sbin/
https://github.com/Security-Onion-Solutions/security-onion/issues/1042

These packages have been tested by Wes Lambert and Rob Bardo.  Thanks!

Updating
These packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
If you're behind a proxy, you may need to pass the -W option to PulledPork:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Proxy#pulledpork

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training.  For more information, please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

UPDATE 2017-01-09: Added Release Notes regarding PulledPork's -W option.

securityonion-pulledpork - 0.7.0-0ubuntu0securityonion6 resolves an issue

securityonion-pulledpork - 0.7.0-0ubuntu0securityonion6 is now available and should resolve the following issue:

Issue 832: pulledpork.pl refinement
https://github.com/Security-Onion-Solutions/security-onion/issues/832

Wes Lambert tested this package.  Thanks, Wes!

Updating
This new package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
The next round of online training sessions starts in just a few days:
http://blog.securityonion.net/2016/02/next-round-of-security-onion-online_26.html

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

New securityonion-pulledpork and securityonion-rule-update packages

I've updated our securityonion-pulledpork package to PulledPork 0.7.0.  I also applied a patch from Will Metcalf to allow PulledPork to request ET rules using the proper Suricata version number.  Additionally, the new version of PulledPork required a slight change to rule-update.

The updated package versions are as follows:
securityonion-pulledpork - 0.7.0-0ubuntu0securityonion5
securityonion-rule-update - 20120726-0ubuntu0securityonion21

These new packages have been tested by the following (thanks!):
David Zawdie
Heine Lysemose
Mike Pilkington
Travis Schack

Issues Resolved

Issue 390: PulledPork 0.7.0
https://code.google.com/p/security-onion/issues/detail?id=390

Issue 425: PulledPork should request ET rules using proper Suricata version
https://code.google.com/p/security-onion/issues/detail?id=425

Issue 552: rule-update: run PulledPork with -P option to process tarball
https://code.google.com/p/security-onion/issues/detail?id=552

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need commercial support/training?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Security Onion 20120119 now available!

Security Onion 20120119 is now available!  This resolves the following issues:
Issue 154: Track pulledpork download status
Issue 160: PulledPork should be using https for ET and ETPRO downloads
Issue 198: Suricata 1.2.1
Issue 200: PulledPork isn't handling so_rules properly
Issue 201: snorby-db-fix is causing problems with large/busy snorby databases

For more information about Suricata 1.2.1, please see:
http://www.openinfosecfoundation.org/index.php/component/content/article/144-suricata-12-available
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Upgrading_Suricata_11_to_Suricata_12
http://www.suricata-ips.net/index.php/component/content/article/145-suricata-121-available

Please also note that the new suricata.yaml will overwrite your existing suricata.yaml.  Your existing suricata.yaml will be backed up to /nsm/backup/20120119/NAME_OF_SENSOR/.  Please copy any customizations (HOME_NET, etc.) from the backup copy to the production copy /etc/nsm/NAME_OF_SENSOR/suricata.yaml.


New Users
New users can download and install the 20111103 ISO image using the instructions here.  The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):

sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Screenshots

Upgrade begins

Upgrade runs pulledpork_update.sh to update rules

pulledpork_update.sh restarts barnyard2 and the IDS engine

Thanks
Thanks to the Suricata team for their hard work on Suricata 1.2.1!
Thanks to Scott Runnels for his assistance in testing this release!

Toolsmith Tool of the Year
If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html

Security Onion 20111201 now available!

Security Onion 20111201 is now available!  This resolves the following issues:

Issue 157: Update pulledpork.conf.master with new local_rules declaration

Issue 159: NSM scripts are storing initial Sguil credentials in /etc/nsm/securityonion/server.conf

New Users

New users can download and install the 20111103 ISO image using the instructions here.  The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade

Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):

sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).

Screenshots

Upgrade Process

Security Onion 20110714 now available

Security Onion 20110714 is now available!  This release completes the PulledPork reconfiguration to ignore a new Emerging Threats BLOCK category released on 7/8/2011.

Existing Security Onion users can perform an in-place upgrade to version 20110714 using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):

sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Security Onion 20110709 now available

Security Onion 20110709 is now available!  This release configures PulledPork to ignore a new Emerging Threats BLOCK category released on 7/8/2011.

Existing Security Onion users can perform an in-place upgrade to version 20110709 using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):

sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Security Onion 20110614

Security Onion 20110614 is now available!  This upgrade fixes a few issues with downloading rules and adds some new menu entries to make rule editing a little easier.  For more information, please see Issue 111.


In-place Upgrade
Existing Security Onion users can perform an in-place upgrade to version 20110614 using the following commands:

wget http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh
sudo bash security-onion-upgrade.sh

Screenshots

New menu entries

Clicking "Disable Downloaded Rules" opens disablesid.conf in a text editor

Clicking "Rule update" will run PulledPork and restart Barnyard2/Snort

Security Onion LiveCD 20090613

A new version of the Security Onion LiveCD is now available! Here's the changelog:

-All Xubuntu 9.04 updates as of 2009/06/13.

-Added JJ Cummings's pulledpork as an alternative to oinkmaster. All pulledpork files are in:
/usr/local/bin/pulledpork/

-Added Leon Ward's dumbpig for checking custom Snort rules:
/usr/local/bin/dumbpig.pl

-Added Bro IDS for Marcus J. Carey. All Bro files are in:
/usr/local/bro/

The Security Onion LiveCD can be downloaded from the following location:
http://distro.ibiblio.org/pub/linux/distributions/security-onion/

UPDATE: Some ibiblio mirrors are showing an index page which contains no links. Here are the direct links to the ISO and MD5 file:
http://distro.ibiblio.org/pub/linux/distributions/security-onion/security-onion-livecd-20090613.iso
http://distro.ibiblio.org/pub/linux/distributions/security-onion/security-onion-livecd-20090613.md5