Security Onion: rule-update

Showing posts with label rule-update. Show all posts

Monday, October 21, 2019

securityonion-rule-update - 20151201-1ubuntu1securityonion20 now available for Security Onion!

securityonion-rule-update - 20151201-1ubuntu1securityonion20 is now available for Security Onion! This package resolves the following issue:

Insufficient interactive session detection during rule update #1650
https://github.com/Security-Onion-Solutions/security-onion/issues/1650

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Documentation
We've got a new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes. We also offer online classes as well. For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support? Please see:
https://securityonion.net/docs/Support

Thanks!

Thursday, July 25, 2019

securityonion-rule-update - 20151201-1ubuntu1securityonion19 now available for Security Onion!

securityonion-rule-update - 20151201-1ubuntu1securityonion19 is now available for Security Onion! This package should resolve the following issues:

rule-update ossec backup local rules issue #1572
https://github.com/Security-Onion-Solutions/security-onion/issues/1572

rule-update: if non-master and salt is enabled, then just run state.highstate #1574
https://github.com/Security-Onion-Solutions/security-onion/issues/1574

rule-update: Add white_list.rules and black_list.rules to worker sync #1577
https://github.com/Security-Onion-Solutions/security-onion/issues/1577

Thanks
Thanks to Matt Svensson for submitting the following Pull Request:
https://github.com/Security-Onion-Solutions/securityonion-rule-update/pull/9

Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Registration is now open for Security Onion Conference 2019 on Friday, October 4, 2019!
https://socaugusta2019.eventbrite.com/

Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund!
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support? Please see:
https://securityonion.net/docs/Support

Thanks!

Tuesday, July 2, 2019

securityonion-sostat - 20120722-0ubuntu0securityonion128 now available for Security Onion!

securityonion-sostat - 20120722-0ubuntu0securityonion128 is now available for Security Onion! This package should resolve the following issues:

soup: if snort or suricata are updated, remind user to run rule-update #1536
https://github.com/Security-Onion-Solutions/security-onion/issues/1536

soup: if Wazuh is updated, remind user to review ossec.conf and update Wazuh agents #1544
https://github.com/Security-Onion-Solutions/security-onion/issues/1544

Thanks
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Conference
Please mark your calendar! Security Onion Conference 2019 will be on Friday, October 4, 2019 and registration will open July 18!
https://securityonion.net/conference

Documentation
We've got a brand new documentation site! Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
We have 4-day Security Onion Training classes coming up in Columbia MD and Augusta GA! If you can't make it to an onsite class, we have a new online training platform. For more information and other training options, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances! For more information, please see:
https://blog.securityonion.net/2018/10/introducing-security-onion-solutions.html

Support
Need support? Please see:
https://securityonion.net/docs/Support

Thanks!

Monday, May 14, 2018

securityonion-rule-update - 20151201-1ubuntu1securityonion13 now available for Security Onion!

The following package is now available:
securityonion-rule-update - 20151201-1ubuntu1securityonion13

This package should resolve the following issues:

rule-update: update distro in pulledpork.conf #1250
https://github.com/Security-Onion-Solutions/security-onion/issues/1250

Thanks
Thanks to ledingtech for notifying us of this issue!
Thanks to Wes Lambert for testing the new package!

Conference
Our annual Security Onion Conference will be Friday October 19, 2018:
https://securityonion.net/conference

Training
We offer onsite and online training:
https://securityonionsolutions.com

We have onsite classes scheduled in Columbia MD and Augusta GA with an Early Bird discount good until May 21!
https://blog.securityonion.net/2018/04/security-onion-basic-and-advanced.html

Support
Need support? Please see:
https://securityonion.net/wiki/Support

Thanks!

Wednesday, October 25, 2017

securityonion-rule-update - 20151201-1ubuntu1securityonion12 now available for Security Onion!

securityonion-rule-update - 20151201-1ubuntu1securityonion12 is now available and should resolve the following issues:

Issue 1153: rule-update: disable noisy Suricata events if Setup hasn't already
https://github.com/Security-Onion-Solutions/security-onion/issues/1153

Thanks
Thanks to Jon Little and Wes Lambert for testing the new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
We have a 4-day Security Onion training class coming up in San Antonio, Texas! For this and other training options, please see:
https://securityonionsolutions.com

Support
Need support? Please see:
https://securityonion.net/wiki/Support

Thanks!

Monday, October 23, 2017

securityonion-rule-update - 20151201-1ubuntu1securityonion11 now available for Security Onion!

securityonion-rule-update - 20151201-1ubuntu1securityonion11 is now available and should resolve the following issues:

Issue 1141: rule-update: enable Suricata events rules if necessary
https://github.com/Security-Onion-Solutions/security-onion/issues/1141

Issue 1069: rule-update: change labs.snort.org to talosintelligence.com
https://github.com/Security-Onion-Solutions/security-onion/issues/1069

Thanks
Thanks to Wes Lambert for submitting a pull request and testing the new package!

Updating
Please see the following page for full update instructions:
https://securityonion.net/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
We have a 4-day Security Onion training class coming up in San Antonio, Texas! For this and other training options, please see:
https://securityonionsolutions.com

Support
Need support? Please see:
https://securityonion.net/wiki/Support

Thanks!

Tuesday, January 10, 2017

securityonion-rule-update - 20151201-1ubuntu1securityonion10 resolves an issue

The following package is now available:
securityonion-rule-update - 20151201-1ubuntu1securityonion10

This new package should resolve the following issue:

Issue 1054: securityonion-rule-update: Restore stdout/stderr redirect in crontab
https://github.com/Security-Onion-Solutions/security-onion/issues/1054

This package has been tested by Wes Lambert. Thanks, Wes!

Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com

Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Wednesday, January 4, 2017

Pulledpork, rule-update, and several other updates available for Security Onion!

The following packages are now available:
securityonion-menu - 20121026-0ubuntu0securityonion2
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion153
securityonion-pulledpork - 0.7.2-1ubuntu1securityonion4
securityonion-rule-update - 20151201-1ubuntu1securityonion9
securityonion-setup - 20120912-0ubuntu0securityonion233
securityonion-sguild-add-user - 20120726-0ubuntu0securityonion3
securityonion-sostat - 20120722-0ubuntu0securityonion67
securityonion-squert-cron - 20120722-0ubuntu0securityonion11
securityonion-sudoers - 20161221-1ubuntu1securityonion3

These new packages should resolve the following issues:

Issue 1017: PulledPork 0.7.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1017

Issue 1034: securityonion-rule-update: update for PulledPork 0.7.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1034

Issue 1035: Setup: update for PulledPork 0.7.2
https://github.com/Security-Onion-Solutions/security-onion/issues/1035

Issue 1040: securityonion-sudoers: remove secure_path
https://github.com/Security-Onion-Solutions/security-onion/issues/1040

Issue 1043: NSM: create /usr/sbin/broctl
https://github.com/Security-Onion-Solutions/security-onion/issues/1043

Issue 1044: sostat: use full path for bro-cut
https://github.com/Security-Onion-Solutions/security-onion/issues/1044

Issue 1042: Move scripts from /usr/bin/ to /usr/sbin/
https://github.com/Security-Onion-Solutions/security-onion/issues/1042

These packages have been tested by Wes Lambert and Rob Bardo. Thanks!

Updating
These packages are now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Release Notes
If you're behind a proxy, you may need to pass the -W option to PulledPork:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Proxy#pulledpork

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com

Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

UPDATE 2017-01-09: Added Release Notes regarding PulledPork's -W option.

Thursday, September 29, 2016

securityonion-rule-update - 20151201-1ubuntu1securityonion7 resolves an issue

The following package is now available:
securityonion-rule-update - 20151201-1ubuntu1securityonion7

This new package should resolve the following issue:

Issue 985: rule-update should always log to /var/log/nsm/pulledpork.log
https://github.com/Security-Onion-Solutions/security-onion/issues/985

Updating
This package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Security Onion Solutions provides onsite, online, and on-demand training. For more information, please see:
https://securityonionsolutions.com

Support
Need support? Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

Monday, May 16, 2016

New rule-update, setup, and squert-cron packages resolve 9 issues

Tuesday, April 12, 2016

securityonion-rule-update - 20151201-1ubuntu1securityonion2 resolves an issue

David J. Bianco found an issue in the securityonion-rule-update package and submitted a Pull Request. Thanks, David!

I merged the Pull Request and built a new package. securityonion-rule-update - 20151201-1ubuntu1securityonion2 is now available and should resolve the following issue:

securityonion-rule-update: avoid su error #892
https://github.com/Security-Onion-Solutions/security-onion/issues/892

This package has been tested by Wes Lambert. Thanks, Wes!

Updating
This new package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Training
Our next round of online classes is in May:
http://blog.securityonion.net/2016/03/next-round-of-security-onion-online.html

Conference
Security Onion Conference will be on Friday September 9 and CFP is open!
http://blog.securityonion.net/2016/03/security-onion-conference-2016-cfp.html

Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Thanks!

Wednesday, August 19, 2015

New rule-update and Setup packages

You may have previously experienced intermittent issues when the daily cron job runs rule-update to update your NIDS ruleset. Because all Security Onion sensors around the world run their cron job at the same time, this was causing high load on the rule sites and some downloads would occasionally fail. I've modified rule-update to avoid this issue and the changes are as follows:

no changes when running interactively from a shell (sudo rule-update)
no changes for sensor-only installations that have salt enabled as they don't use rule-update anyway
when running from a cron job:

if running on a master server, rule-update will sleep for a random number of minutes (up to 50) to avoid overwhelming rule update sites
if running on a sensor with salt disabled, rule-update will sleep for 60 minutes to allow the master server time to download the rules so that the sensor can then scp them

Here are the updated packages:
securityonion-rule-update - 20120726-0ubuntu0securityonion29
securityonion-setup - 20120912-0ubuntu0securityonion156

These new packages resolve the following issues:

Issue 724: /etc/cron.d/rule-update should avoid overwhelming rule sites
https://github.com/Security-Onion-Solutions/security-onion/issues/724

Issue 791: sosetup: change rule-update verbiage
https://github.com/Security-Onion-Solutions/security-onion/issues/791

These new packages have been tested by Jeff Tehovnik (thanks!).

Updating
These new packages are now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training? Please see:
http://securityonionsolutions.com

Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

Tuesday, April 28, 2015

New securityonion-rule-update package

securityonion-rule-update - 20120726-0ubuntu0securityonion28 is now available and should resolve the following issue:

Issue 715: securityonion-rule-update: sensor-only boxes running salt shouldn't try to copy /etc/cron.d/rule-update
https://github.com/Security-Onion-Solutions/security-onion/issues/715

The new package has been tested by Ryan Peck (thanks!).

Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training? Please see:
http://securityonionsolutions.com

Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

Wednesday, April 22, 2015

New securityonion-rule-update package

securityonion-rule-update - 20120726-0ubuntu0securityonion27 is now available and should resolve the following issues:

Issue 681: rule-update: wipe snort_dynamicrules directory on sensor
https://github.com/Security-Onion-Solutions/security-onion/issues/681

Issue 677: rule-update: create /usr/local/lib/snort_dynamicrules/ if it doesn't already exist
https://github.com/Security-Onion-Solutions/security-onion/issues/677

Issue 678: rule-update: /etc/cron.d/rule-update should have 2>&1
https://github.com/Security-Onion-Solutions/security-onion/issues/678

Issue 697: rule-update: log snorby reference table update to barnyard2-snorby.log
https://github.com/Security-Onion-Solutions/security-onion/issues/697

Issue 679: rule-update: run pulledpork as unprivileged user
https://github.com/Security-Onion-Solutions/security-onion/issues/679

The new package has been tested by David Zawdie (thanks!).

Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training? Please see:
http://securityonionsolutions.com

Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

Monday, December 8, 2014

New version of securityonion-rule-update resolves two issues

I've updated the securityonion-rule-update package to resolve two issues:

Issue 639: rule-update should disable Suricata rules if running Snort
https://code.google.com/p/security-onion/issues/detail?id=639

Issue 650: rule-update: wipe snort_dynamicrules directory
https://code.google.com/p/security-onion/issues/detail?id=650

The new package version is as follows:

securityonion-rule-update - 20120726-0ubuntu0securityonion23

These new packages have been tested by the following (thanks!):
Eddy Simons
David Zawdie

Updating
The new packages are now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Need training? Please see:
https://security-onion-class-20141215.eventbrite.com/

Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Friday, July 25, 2014

New securityonion-rule-update package resolves an issue

I've built a new version of rule-update that resolves an issue. The updated package version is as follows:
securityonion-rule-update - 20120726-0ubuntu0securityonion22

This new package has been tested by the following (thanks!):
David Zawdie

Issues Resolved

Issue 560: rule-update: run PulledPork with -T option if ENGINE=suricata
https://code.google.com/p/security-onion/issues/detail?id=560

Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need training and/or commercial support? Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Tuesday, July 8, 2014

New securityonion-pulledpork and securityonion-rule-update packages

I've updated our securityonion-pulledpork package to PulledPork 0.7.0. I also applied a patch from Will Metcalf to allow PulledPork to request ET rules using the proper Suricata version number. Additionally, the new version of PulledPork required a slight change to rule-update.

The updated package versions are as follows:
securityonion-pulledpork - 0.7.0-0ubuntu0securityonion5
securityonion-rule-update - 20120726-0ubuntu0securityonion21

These new packages have been tested by the following (thanks!):
David Zawdie
Heine Lysemose
Mike Pilkington
Travis Schack

Issues Resolved

Issue 390: PulledPork 0.7.0
https://code.google.com/p/security-onion/issues/detail?id=390

Issue 425: PulledPork should request ET rules using proper Suricata version
https://code.google.com/p/security-onion/issues/detail?id=425

Issue 552: rule-update: run PulledPork with -P option to process tarball
https://code.google.com/p/security-onion/issues/detail?id=552

Updating
The new packages are now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Commercial Support/Training
Need commercial support/training? Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Monday, June 23, 2014

New securityonion-rule-update package resolves two issues

We recently released new barnyard2 and rule-update packages:
http://blog.securityonion.net/2014/06/new-barnyard2-nsm-rule-update-and.html

Some folks have reported a few issues since updating to these new packages, so we're releasing a new version of rule-update which should help with these issues.

The first issue is that rule-update takes longer now. Per the barnyard2 developers, all entries in the sig_reference table must be deleted when upgrading to this new version of barnyard2. rule-update then uses barnyard2 to re-populate this table. Depending on the size of your Snorby database, this may take a while. The new version of rule-update (released today) will only do a full delete of the sig_reference table once, so subsequent runs of rule-update should be much faster.

The second issue is that users running the Snort engine with the VRT ruleset are experiencing barnyard2 failing with errors like "Returned signature_id is not equal to updated signature_id". This is due to some wrong entries in the database left by the previous version of barnyard2. One of the barnyard2 developers wrote a MySQL script to fix these entries and I've packaged it into a shell script called so-snorby-fix-sigs and included it in today's rule-update package. If you're running the Snort engine with the VRT ruleset, please run so-snorby-fix-sigs and follow the directions (including shutting down all barnyard2 instances).

The updated package version is as follows:
securityonion-rule-update - 20120726-0ubuntu0securityonion20

This new package has been tested by the following (thanks!):
David Zawdie

Issues Resolved

Issue 556: rule-update: add so-snorby-fix-sigs script
https://code.google.com/p/security-onion/issues/detail?id=556

Issue 557: rule-update: only delete sig_reference table once
https://code.google.com/p/security-onion/issues/detail?id=557

Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion? Check out our 2-day training class:
http://blog.securityonion.net/p/training_2.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Monday, June 16, 2014

New Barnyard2, NSM, rule-update, and securityonion-server packages

You may have noticed previously that when barnyard2 started up, it would consume a large amount of CPU (on both the sensor and the server) for a while (more than a minute in some cases) while it updated Snorby's reference table. Multiply this by several barnyard instances per interface and several interfaces per physical sensor and you now have multiple instances fighting each other for scarce CPU resources.

To alleviate this, the barnyard2 folks introduced a new option called disable_signature_reference_table that allows you to disable the reference table update on all sensors, leaving just one barnyard2 instance on the server itself to update Snorby's reference table, avoiding the duplication of effort. I packaged the latest version of barnyard2 (version 2.1.13 Build 333) which contains this option and also updated the NSM scripts to add the new option to all barnyard2.conf files on all sensors. rule-update has been modified such that right after the master downloads new rules from the Internet, it will use barnyard2 to update Snorby's reference table. Finally, since we're now forcing the server to use barnyard2 to update Snorby's reference table, I updated the securityonion-server metapackage to require securityonion-barnyard2 as a dependency.

The updated package versions are as follows:
securityonion-barnyard2 - 20140531-0ubuntu0securityonion1
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion76
securityonion-rule-update - 20120726-0ubuntu0securityonion15
securityonion-server - 20120722-0ubuntu0securityonion11

These new packages have been tested by the following (thanks!):
Eddy Simons
David Zawdie
Kevin Branch

Issues Resolved
Issue 294: Barnyard2-1.13
https://code.google.com/p/security-onion/issues/detail?id=294

Issue 550: securityonion-server: add barnyard2 as a dependency
https://code.google.com/p/security-onion/issues/detail?id=550

Issue 411: NSM: have only one copy of barnyard2 that updates signature
reference table
https://code.google.com/p/security-onion/issues/detail?id=411

Issue 551: rule-update: have server use barnyard2 to update Snorby
reference table
https://code.google.com/p/security-onion/issues/detail?id=551

Issue 399: rule-update should allow LOCAL_NIDS_RULE_TUNING to be yes or true
https://code.google.com/p/security-onion/issues/detail?id=399

Issue 544: rule-update: notify user if LOCAL_NIDS_RULE_TUNING=true
https://code.google.com/p/security-onion/issues/detail?id=544

Updating
The new packages are now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to get the most out of your Security Onion deployment? Check out our 2-day training class:
http://blog.securityonion.net/p/training_2.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Tuesday, March 11, 2014

New securityonion-rule-update package

I've updated our securityonion-rule-update package to resolve an issue. The new package is securityonion-rule-update - 20120726-0ubuntu0securityonion12 and it has been tested by David Zawdie (thanks!).

Issues Resolved
Issue 505: rule-update: check to see if barnyard and IDS engine are enabled
https://code.google.com/p/security-onion/issues/detail?id=505

Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Want to learn more about Security Onion? Sign up for the new expanded 2-day class in Houston TX! For full details and to register, please see:
https://securityonion20140508.eventbrite.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Monday, October 21, 2019

Thursday, July 25, 2019

Tuesday, July 2, 2019

Monday, May 14, 2018

Wednesday, October 25, 2017

Monday, October 23, 2017

Tuesday, January 10, 2017

Wednesday, January 4, 2017

Thursday, September 29, 2016

Monday, May 16, 2016

Tuesday, April 12, 2016

Wednesday, August 19, 2015

Tuesday, April 28, 2015

Wednesday, April 22, 2015

Monday, December 8, 2014

Friday, July 25, 2014

Tuesday, July 8, 2014

Monday, June 23, 2014

Monday, June 16, 2014

Tuesday, March 11, 2014

Search This Blog

Featured Post

Popular Posts

Blog Archive