Re: [security-onion] 32-bit version
253 views
Skip to first unread message
Scott Runnels
May 10, 2013, 6:10:52 AM5/10/13
to securit...@googlegroups.com
Hi Silvia,
I'd suggest doing a dist-upgrade first:
sudo apt-get dist-upgrade
then reboot.
sudo reboot
You should be able to add our ppa with
sudo add-apt-repository ppa:securityonion/stable
then do
sudo apt-get update
sudo apt-get install securityonion-all
and again, reboot.
then you can run /usr/bin/sosetup from the PC if it has X installed or remotely connect to it with ssh -X username@server and run sosetup.
Thanks
Scott
Scott Runnels
On Fri, May 10, 2013 at 5:22 AM, Silvia Fichera <fiche...@gmail.com> wrote:
Hi guys,
I'm new in using security onion.
I've already install it on a VM over my pc. Now I've a 32-bit pc with ubuntu already installed and I have to install sec. Onion over it. Where can I find the 32-bit version download?
Once I've downloaded this version what I hava to do?
Thank you for your answers
--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion?hl=en-US.
For more options, visit https://groups.google.com/groups/opt_out.
Heine Lysemose
May 14, 2013, 9:32:04 AM5/14/13
to securit...@googlegroups.com
Hi
Try this page, https://code.google.com/p/security-onion/wiki/Installation#If_you_want_to_quickly_evaluate_Security_Onion_on_your_preferred
Regards,
Lysemose
On May 14, 2013 2:05 PM, "Silvia Fichera" <fiche...@gmail.com> wrote:
Ok, thank you! I've done it!
And than? Does exist any guide to follow? I've found only instruction for the distro and not if you installed SO on your own ubuntu :(
Doug Burks
May 14, 2013, 8:06:31 AM5/14/13
to securit...@googlegroups.com
Hi Silvia,
Have you seen the Installation page on our Wiki? It has a section
dedicated to installing on your preferred flavor of Ubuntu:
https://code.google.com/p/security-onion/wiki/Installation#If_you_want_to_quickly_evaluate_Security_Onion_on_your_preferred
Hope that helps!
Thanks,
Doug
On Tue, May 14, 2013 at 8:03 AM, Silvia Fichera <fiche...@gmail.com> wrote:
> Ok, thank you! I've done it!
> And than? Does exist any guide to follow? I've found only instruction for the distro and not if you installed SO on your own ubuntu :(
>
>
> Il giorno venerdì 10 maggio 2013 12:10:52 UTC+2, Scott Runnels ha scritto:
--
Doug Burks
http://securityonion.blogspot.com
Have you seen the Installation page on our Wiki? It has a section
dedicated to installing on your preferred flavor of Ubuntu:
https://code.google.com/p/security-onion/wiki/Installation#If_you_want_to_quickly_evaluate_Security_Onion_on_your_preferred
Hope that helps!
Thanks,
Doug
On Tue, May 14, 2013 at 8:03 AM, Silvia Fichera <fiche...@gmail.com> wrote:
> Ok, thank you! I've done it!
> And than? Does exist any guide to follow? I've found only instruction for the distro and not if you installed SO on your own ubuntu :(
>
>
> Il giorno venerdì 10 maggio 2013 12:10:52 UTC+2, Scott Runnels ha scritto:
Doug Burks
http://securityonion.blogspot.com
Doug Burks
May 14, 2013, 10:40:29 AM5/14/13
to securit...@googlegroups.com
It sounds like either you didn't run Setup or it didn't complete successfully.
Did you follow all the steps in the Installation guide?
https://code.google.com/p/security-onion/wiki/Installation#If_you_want_to_quickly_evaluate_Security_Onion_on_your_preferred
Specifically, did you run Setup?
sudo sosetup
What options did you choose in Setup?
Did Setup complete successfully?
Were there any errors?
Please send the contents of the Setup log file /var/log/nsm/sosetup.log.
Thanks,
Doug
On Tue, May 14, 2013 at 9:58 AM, Silvia Fichera <fiche...@gmail.com> wrote:
> Done!
> Now my problems are:
> - I can't open Snorby (is it because I've lost my default network connection? So, I haven't internet on that pc... )
> -I try to login squert but it says to me "connection failed"
> - Where I can find the "sguild port"?
> - How to start elsa?
>
> I'm sorry if I'm bothering you. but it's my first time with these tools and I don't know how to start. Thank you for all your answers
Doug Burks
http://securityonion.blogspot.com
Did you follow all the steps in the Installation guide?
https://code.google.com/p/security-onion/wiki/Installation#If_you_want_to_quickly_evaluate_Security_Onion_on_your_preferred
Specifically, did you run Setup?
sudo sosetup
What options did you choose in Setup?
Did Setup complete successfully?
Were there any errors?
Please send the contents of the Setup log file /var/log/nsm/sosetup.log.
Thanks,
Doug
On Tue, May 14, 2013 at 9:58 AM, Silvia Fichera <fiche...@gmail.com> wrote:
> Done!
> Now my problems are:
> - I can't open Snorby (is it because I've lost my default network connection? So, I haven't internet on that pc... )
> -I try to login squert but it says to me "connection failed"
> - Where I can find the "sguild port"?
> - How to start elsa?
>
> I'm sorry if I'm bothering you. but it's my first time with these tools and I don't know how to start. Thank you for all your answers
http://securityonion.blogspot.com
Doug Burks
May 14, 2013, 11:14:50 AM5/14/13
to securit...@googlegroups.com
[1;34m [0;31mOOPS: The server "securityonion" already exists! [0;39m [0;39m
# Please wait while configuring firewall...
Skipping adding existing rule
Skipping adding existing rule (v6)
Skipping adding existing rule
Skipping adding existing rule (v6)
Skipping adding existing rule
Skipping adding existing rule (v6)
Skipping adding existing rule
Skipping adding existing rule (v6)
# Please wait while configuring Squert web interface to connect to
Sguil database...
ERROR 1049 (42000): Unknown database 'securityonion_db'
ERROR 1049 (42000): Unknown database 'securityonion_db'
# Please wait while adjusting Sguil rule locations...
# Please wait while creating Sguil sensor(s)...
# Please wait while creating Sguil sensor: lca1-ThinkPad-T60-eth0...
[1;34mCreating new sensor: lca1-ThinkPad-T60-eth0 [0;39m [0;39m
ln: failed to create symbolic link
`/nsm/server_data/securityonion/rules/lca1-ThinkPad-T60-eth0/rules':
File exists
ln: failed to create symbolic link
`/nsm/server_data/securityonion/rules/lca1-ThinkPad-T60-eth0-1/rules':
File exists
ln: failed to create symbolic link
`/nsm/server_data/securityonion/rules/lca1-ThinkPad-T60-eth0-2/rules':
File exists
These entries look strange. Did you run Setup multiple times? Was it
interrupted during one of the runs?
The quickest solution is probably to wipe the installation and start over.
Thanks,
Doug
On Tue, May 14, 2013 at 11:08 AM, Silvia Fichera <fiche...@gmail.com> wrote:
> Of course I followed that guide and I've executed sosetup.
>
> I've attached the file sosetup.log
> I've setted network option with an IP address for the listening port eth0 and all that is asked by the installation wizard. Than I rebooted and I restarted sosetup. I setted it in standalone mode, I gave username, email and password and that's all.
>
> Thanks for your help
# Please wait while configuring firewall...
Skipping adding existing rule
Skipping adding existing rule (v6)
Skipping adding existing rule
Skipping adding existing rule (v6)
Skipping adding existing rule
Skipping adding existing rule (v6)
Skipping adding existing rule
Skipping adding existing rule (v6)
# Please wait while configuring Squert web interface to connect to
Sguil database...
ERROR 1049 (42000): Unknown database 'securityonion_db'
ERROR 1049 (42000): Unknown database 'securityonion_db'
# Please wait while adjusting Sguil rule locations...
# Please wait while creating Sguil sensor(s)...
# Please wait while creating Sguil sensor: lca1-ThinkPad-T60-eth0...
[1;34mCreating new sensor: lca1-ThinkPad-T60-eth0 [0;39m [0;39m
ln: failed to create symbolic link
`/nsm/server_data/securityonion/rules/lca1-ThinkPad-T60-eth0/rules':
File exists
ln: failed to create symbolic link
`/nsm/server_data/securityonion/rules/lca1-ThinkPad-T60-eth0-1/rules':
File exists
ln: failed to create symbolic link
`/nsm/server_data/securityonion/rules/lca1-ThinkPad-T60-eth0-2/rules':
File exists
These entries look strange. Did you run Setup multiple times? Was it
interrupted during one of the runs?
The quickest solution is probably to wipe the installation and start over.
Thanks,
Doug
On Tue, May 14, 2013 at 11:08 AM, Silvia Fichera <fiche...@gmail.com> wrote:
> Of course I followed that guide and I've executed sosetup.
>
> I've attached the file sosetup.log
> I've setted network option with an IP address for the listening port eth0 and all that is asked by the installation wizard. Than I rebooted and I restarted sosetup. I setted it in standalone mode, I gave username, email and password and that's all.
>
> Thanks for your help
Doug Burks
May 14, 2013, 1:19:42 PM5/14/13
to securit...@googlegroups.com
Yes, please perform a new installation and make sure you follow all
the steps here:
https://code.google.com/p/security-onion/wiki/Installation#If_you_want_to_quickly_evaluate_Security_Onion_on_your_preferred
Thanks,
Doug
On Tue, May 14, 2013 at 11:33 AM, Silvia Fichera <fiche...@gmail.com> wrote:
> Yes, I've run it multiple times.
> So, I should remove and install it again?
>
> And in future when I will realize my network for some simulation do I have to install it again?
>
> It's a project with the university, so I will simulate a network with 2 host, configuring firewall, simulate attack, etc, everything with real devices...
the steps here:
https://code.google.com/p/security-onion/wiki/Installation#If_you_want_to_quickly_evaluate_Security_Onion_on_your_preferred
Thanks,
Doug
On Tue, May 14, 2013 at 11:33 AM, Silvia Fichera <fiche...@gmail.com> wrote:
> Yes, I've run it multiple times.
> So, I should remove and install it again?
>
> And in future when I will realize my network for some simulation do I have to install it again?
>
> It's a project with the university, so I will simulate a network with 2 host, configuring firewall, simulate attack, etc, everything with real devices...
Doug Burks
May 17, 2013, 11:05:56 PM5/17/13
to securit...@googlegroups.com
Replies inline.
On Fri, May 17, 2013 at 10:05 AM, Silvia Fichera <fiche...@gmail.com> wrote:
> Thanks for your advice Doug!
> I've installed again SO in 2 different laptops. One of them if working correctly, the other one doesn't show me the traffic in Snorby, I don't know why....
If you'd like to troubleshoot the second installation, please start a
new email thread and send the output of the following (redacting
sensitive info as necessary):
sudo sostat
> I have another question, I found here an answer but is too old (Nov-11, if i'm not wrong), so many things maybe are changed: about IPv6, is it supported by the tools or not yet?
For the most part, our sniffing processes have good support for IPv6.
The main problem is that both the standard Snort database schema (used
in Snorby) and the Sguil database schema are designed for IPv4 only.
However, ELSA doesn't rely on those database schemas, so you might try
logging into ELSA and seeing how well it supports the IPv6 traffic on
your network.
Thanks,
On Fri, May 17, 2013 at 10:05 AM, Silvia Fichera <fiche...@gmail.com> wrote:
> Thanks for your advice Doug!
> I've installed again SO in 2 different laptops. One of them if working correctly, the other one doesn't show me the traffic in Snorby, I don't know why....
If you'd like to troubleshoot the second installation, please start a
new email thread and send the output of the following (redacting
sensitive info as necessary):
sudo sostat
> I have another question, I found here an answer but is too old (Nov-11, if i'm not wrong), so many things maybe are changed: about IPv6, is it supported by the tools or not yet?
For the most part, our sniffing processes have good support for IPv6.
The main problem is that both the standard Snort database schema (used
in Snorby) and the Sguil database schema are designed for IPv4 only.
However, ELSA doesn't rely on those database schemas, so you might try
logging into ELSA and seeing how well it supports the IPv6 traffic on
your network.
Thanks,
Reply all
Reply to author
Forward
0 new messages