Friday, April 20, 2012

Security Onion 20120418 now available!


Security Onion 20120418 is now available!  This resolves the following issue:
Issue 254: tcpflow 1.1.1 connection counter breaks Sguil's transcript window

Notes
This update installs the new tcpflow 1.2.6 at /usr/local/bin/tcpflow and a shim at /usr/bin/tcpflow.  The shim is just a bash script that runs the following:
/usr/local/bin/tcpflow -T%A.%a-%B.%b $@

The new version of tcpflow has a new output format so we execute the shim to call tcpflow with the correct -T options to produce the original tcpflow format that Sguil is expecting.

New Users
New users can download and install the 20120125 ISO image using the instructions here. The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the proxy page of our FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Screenshots
Upgrade Process
Feedback
If you have any questions, please join our mailing list and ask away!
http://groups.google.com/group/security-onion

Thanks!
Thanks to Simson Garfinkel for the updated tcpflow!
Thanks to the following for their help in testing this release!
Sunil Gupta
Heine Lysemose
Tom De Vries

Help Wanted!
Security Onion needs you!  Please see the new Team Members page on the wiki!

Want to learn more about Intrusion Detection?
Doug Burks will be teaching SANS 503 Intrusion Detection In-Depth in Augusta, GA in June!  For more information, please see:
http://securityonion.blogspot.com/2012/03/sans-is-coming-to-augusta-ga-in-june.html

No comments:

Search This Blog

Featured Post

Security Onion Documentation printed book now updated for Security Onion 2.4.60!

We've been offering our Security Onion documentation in book form on Amazon for a few years and it's now been updated for the recent...

Popular Posts

Blog Archive