Just installed Security Onion, but its continously crashing, Please help
114 views
Skip to first unread message
tr...@yahoo.com
Jul 1, 2015, 1:33:26 PM7/1/15
to securit...@googlegroups.com
I just installed Security Onion on a VM machine, but its continuously crashing, I killed the machine and reinstalled it but still having the same issue.
I ran "sudo apt-get install -f" and got
Reading package lists... Done
Building dependency tree
Reading state information... Done
Correcting dependencies... Done
The following packages were automatically installed and are no longer required:
gir1.2-timezonemap-1.0 gir1.2-gstreamer-0.10 libtimezonemap1 gir1.2-json-1.0
libjson-glib-1.0-0 gir1.2-xkl-1.0
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
libcapture-tiny-perl
The following NEW packages will be installed:
libcapture-tiny-perl
0 upgraded, 1 newly installed, 0 to remove and 226 not upgraded.
3 not fully installed or removed.
Need to get 0 B/18.8 kB of archives.
After this operation, 80.9 kB of additional disk space will be used.
Do you want to continue [Y/n]? y
(Reading database ... 162912 files and directories currently installed.)
Unpacking libcapture-tiny-perl (from .../libcapture-tiny-perl_0.15-1_all.deb) ...
dpkg: error processing /var/cache/apt/archives/libcapture-tiny-perl_0.15-1_all.deb (--unpack):
trying to overwrite '/usr/share/man/man3/Capture::Tiny.3pm.gz', which is also in package securityonion-libcapture-tiny-perl 0.22-0ubuntu0securityonion0
Processing triggers for man-db ...
Errors were encountered while processing:
/var/cache/apt/archives/libcapture-tiny-perl_0.15-1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
I tried
sudo apt-get remove --purge Capture::Tiny.3pm.gz
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package Capture::Tiny.3pm.gz
E: Couldn't find any package by regex 'Capture::Tiny.3pm.gz'
but it did not help, can some please help me?
Thanks
I ran "sudo apt-get install -f" and got
Reading package lists... Done
Building dependency tree
Reading state information... Done
Correcting dependencies... Done
The following packages were automatically installed and are no longer required:
gir1.2-timezonemap-1.0 gir1.2-gstreamer-0.10 libtimezonemap1 gir1.2-json-1.0
libjson-glib-1.0-0 gir1.2-xkl-1.0
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
libcapture-tiny-perl
The following NEW packages will be installed:
libcapture-tiny-perl
0 upgraded, 1 newly installed, 0 to remove and 226 not upgraded.
3 not fully installed or removed.
Need to get 0 B/18.8 kB of archives.
After this operation, 80.9 kB of additional disk space will be used.
Do you want to continue [Y/n]? y
(Reading database ... 162912 files and directories currently installed.)
Unpacking libcapture-tiny-perl (from .../libcapture-tiny-perl_0.15-1_all.deb) ...
dpkg: error processing /var/cache/apt/archives/libcapture-tiny-perl_0.15-1_all.deb (--unpack):
trying to overwrite '/usr/share/man/man3/Capture::Tiny.3pm.gz', which is also in package securityonion-libcapture-tiny-perl 0.22-0ubuntu0securityonion0
Processing triggers for man-db ...
Errors were encountered while processing:
/var/cache/apt/archives/libcapture-tiny-perl_0.15-1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
I tried
sudo apt-get remove --purge Capture::Tiny.3pm.gz
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package Capture::Tiny.3pm.gz
E: Couldn't find any package by regex 'Capture::Tiny.3pm.gz'
but it did not help, can some please help me?
Thanks
Doug Burks
Jul 1, 2015, 1:36:29 PM7/1/15
to securit...@googlegroups.com
Hi trcns,
Replies inline.
On Wed, Jul 1, 2015 at 1:31 PM, trcns via security-onion
<securit...@googlegroups.com> wrote:
> I just installed Security Onion on a VM machine, but its continuously crashing
What exactly do you mean by crashing?
Have you installed any extra packages? X2Go perhaps?
https://github.com/Security-Onion-Solutions/security-onion/issues/728
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Replies inline.
On Wed, Jul 1, 2015 at 1:31 PM, trcns via security-onion
<securit...@googlegroups.com> wrote:
> I just installed Security Onion on a VM machine, but its continuously crashing
https://github.com/Security-Onion-Solutions/security-onion/issues/728
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
tr...@yahoo.com
Jul 1, 2015, 1:55:36 PM7/1/15
to securit...@googlegroups.com
Yes, X2Go.
tr...@yahoo.com
Jul 1, 2015, 2:00:43 PM7/1/15
to securit...@googlegroups.com
I get "Crash report detected"
An application has crashed on your system (now or in the past). Click on the notification icon to display details.
tr...@yahoo.com
Jul 1, 2015, 2:07:28 PM7/1/15
to securit...@googlegroups.com
I read the post
https://github.com/Security-Onion-Solutions/security-onion/issues/728
but does it mean I cannot use X2Go, if so what are the other possible solutions?
Doug Burks
Jul 2, 2015, 7:09:48 AM7/2/15
to securit...@googlegroups.com
On Wed, Jul 1, 2015 at 2:07 PM, trcns via security-onion
<securit...@googlegroups.com> wrote:
> I read the post
> https://github.com/Security-Onion-Solutions/security-onion/issues/728
>
> but does it mean I cannot use X2Go,
Per Issue 728, I'll be updating the securityonion-libcapture-tiny-perl
<securit...@googlegroups.com> wrote:
> I read the post
> https://github.com/Security-Onion-Solutions/security-onion/issues/728
>
> but does it mean I cannot use X2Go,
package to avoid this issue in the future. In the meantime, there may
be a way to manually workaround, but I haven't had time to test.
> if so what are the other possible solutions?
https://github.com/Security-Onion-Solutions/security-onion/wiki/FAQ#how-can-i-remote-control-my-security-onion-box
https://github.com/Security-Onion-Solutions/security-onion/wiki/ConnectingtoSguil
tr...@yahoo.com
Jul 2, 2015, 10:21:09 AM7/2/15
to securit...@googlegroups.com
tr...@yahoo.com
Jul 2, 2015, 10:24:59 AM7/2/15
to securit...@googlegroups.com
Doug: thanks for your reply and hopefully this issue will be addressed soon.
Now first how do I get rid of X2Go server installation, I tried
Sudo apt-get install -f
sudo apt-get upgrade
sudo apt-get remove --purge x2goserver
but nothing worked
This is the error I get
sudo apt-get install -f
11 not fully installed or removed.
Now first how do I get rid of X2Go server installation, I tried
Sudo apt-get install -f
sudo apt-get upgrade
sudo apt-get remove --purge x2goserver
but nothing worked
This is the error I get
sudo apt-get install -f
Reading package lists... Done
Building dependency tree
Reading state information... Done
Correcting dependencies... Done
The following packages were automatically installed and are no longer required:
gir1.2-timezonemap-1.0 gir1.2-gstreamer-0.10 libtimezonemap1 gir1.2-json-1.0
libjson-glib-1.0-0 gir1.2-xkl-1.0
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
libcapture-tiny-perl
The following NEW packages will be installed:
libcapture-tiny-perl
0 upgraded, 1 newly installed, 0 to remove and 215 not upgraded.
Building dependency tree
Reading state information... Done
Correcting dependencies... Done
The following packages were automatically installed and are no longer required:
gir1.2-timezonemap-1.0 gir1.2-gstreamer-0.10 libtimezonemap1 gir1.2-json-1.0
libjson-glib-1.0-0 gir1.2-xkl-1.0
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
libcapture-tiny-perl
The following NEW packages will be installed:
libcapture-tiny-perl
11 not fully installed or removed.
Need to get 0 B/18.8 kB of archives.
After this operation, 80.9 kB of additional disk space will be used.
Do you want to continue [Y/n]? y
(Reading database ... 162913 files and directories currently installed.)
After this operation, 80.9 kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Unpacking libcapture-tiny-perl (from .../libcapture-tiny-perl_0.15-1_all.deb) ...
dpkg: error processing /var/cache/apt/archives/libcapture-tiny-perl_0.15-1_all.deb (--unpack):
trying to overwrite '/usr/share/man/man3/Capture::Tiny.3pm.gz', which is also in package securityonion-libcapture-tiny-perl 0.22-0ubuntu0securityonion0
Processing triggers for man-db ...
Errors were encountered while processing:
/var/cache/apt/archives/libcapture-tiny-perl_0.15-1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second, I understand your recommendation of installing Security Onion Console on our local workstation, it is okay for 10 to 50 User Company but not a solution for a company of 300 employee’s with three or four security analysts, who want to monitor same console from their desks either at same time or in different schedules.
dpkg: error processing /var/cache/apt/archives/libcapture-tiny-perl_0.15-1_all.deb (--unpack):
trying to overwrite '/usr/share/man/man3/Capture::Tiny.3pm.gz', which is also in package securityonion-libcapture-tiny-perl 0.22-0ubuntu0securityonion0
Processing triggers for man-db ...
Errors were encountered while processing:
/var/cache/apt/archives/libcapture-tiny-perl_0.15-1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
Shane Castle
Jul 2, 2015, 10:40:27 AM7/2/15
to securit...@googlegroups.com
First, I think you want to run
sudo dpkg -r x2goserver
Second, how many different people do you expect to be accessing your
Security Onion system? And I suppose a network-accessible KVM switch is
out of the question? Or, if it is installed in a VM, using a virtual
console?
--
Shane Castle
sudo dpkg -r x2goserver
Second, how many different people do you expect to be accessing your
Security Onion system? And I suppose a network-accessible KVM switch is
out of the question? Or, if it is installed in a VM, using a virtual
console?
--
Shane Castle
tr...@yahoo.com
Jul 2, 2015, 4:08:22 PM7/2/15
to securit...@googlegroups.com
Shane I got your message but it was little late. Since it was a new install I end up reinstalling.
KMV is out of picture as computer room is not that close to our desks and the analyst are not next to each other. Total of three people may access same console at a time. Console is on VM.
Doug Burks
Jul 3, 2015, 6:59:14 AM7/3/15
to securit...@googlegroups.com
On Thu, Jul 2, 2015 at 4:08 PM, trcns via security-onion
<securit...@googlegroups.com> wrote:
> Shane I got your message but it was little late. Since it was a new install I end up reinstalling.
>
> KMV is out of picture as computer room is not that close to our desks and the analyst are not next to each other. Total of three people may access same console at a time. Console is on VM.
I'd recommend that the three of you install Security Onion in a VM on
<securit...@googlegroups.com> wrote:
> Shane I got your message but it was little late. Since it was a new install I end up reinstalling.
>
> KMV is out of picture as computer room is not that close to our desks and the analyst are not next to each other. Total of three people may access same console at a time. Console is on VM.
your local machines (run through the Ubuntu installer, but do not run
the Security Onion Setup wizard, as you won't need any sniffing
processes).
To administer your Security Onion server, use "ssh -X" to connect to
your server and run any commands you need to (even running graphical
programs using the X window forwarding).
To analyze your alerts/events, launch the local Sguil client inside of
your VM and change "localhost" to the IP address or hostname of your
Security Onion server. (Or you could keep "localhost" and forward
port 7734 over your SSH tunnel to sguild on the Security Onion
server.)
Reply all
Reply to author
Forward
0 new messages