14.04 :: sosetup :: prads, argus, http_agent

[Wes]

I noticed after upgrading from a fully updated 12.04 to 14.04, if I try to re-run setup to enable prads, argus, and/or http_agent on a standalone (for research purposes), the services do not get configured/enabled. Re-running sosetup to achieve this worked previously in 12.04.

/etc/nsm/sensorname/sensor.conf shows these options as not enabled:

PRADS_ENABLED="no"
SANSCP_AGENT ENABLED="no"
PADS_AGENT ENABLED="no"
ARGUS_ENABLED="no"
HTTP_AGENT_ENABLED="no"

...and of course, they do not show up when running "sudo service nsm status".

I have verified this both the recent 14.04 ISO release and through the 14.04 in-place upgrade.

Note, enabling these services does work via the following:

#Editing the sosetup.conf to enable the above mentioned services and #passing it to sosetup:

sudo sosetup -f ~/sosetup.conf

I may be missing something--maybe not enough coffee.

Thanks,
Wes

[Wes]

To add, I have also confirmed running debug that the response provided for the various services to sosetup is "yes" ( "DEBUG:Clicked Yes").

Thanks,
Wes

[Doug Burks]

Hi Wes,

The new version of Setup now follows Best Practices by default:

https://github.com/Security-Onion-Solutions/security-onion/wiki/Best-Practices

--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

[Wes]

Doug,

I'm a little confused. So this applies even when selecting Production >> Standalone >> Custom >> and selecting "Yes" for each option? When I choose this option, it allows me to configure whether or not I would like the services to be enabled/disabled.

Thanks,
Wes

[Wes]

I apologize if I left it out in the initial question, but this is happening when I choose "Custom" and select to enable http_agent, prads, and argus. I choose to enable them, it seems the results do not get passed to sensor.conf, and the services are not enabled.

Thanks,
Wes

[Doug Burks]

On Sat, Jan 23, 2016 at 11:50 AM, Wes <wlamb...@gmail.com> wrote:
> I'm a little confused. So this applies even when selecting Production >> Standalone >> Custom >> and selecting "Yes" for each option? When I choose this option, it allows me to configure whether or not I would like the services to be enabled/disabled.

Ahh, I see the issue.

I've created Issue 845 for this:
https://github.com/Security-Onion-Solutions/security-onion/issues/845

[Doug Burks]

I've committed a fix:
https://github.com/Security-Onion-Solutions/securityonion-setup/commit/c92e861d1a7954f8b15636655f7bff469cf7e598

securityonion-setup - 20120912-0ubuntu0securityonion192 contains this
fix and is building now.

[Wes]

Awesome, thanks!

[Doug Burks]

Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/tE9xOjZuwog/discussion

> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.

[Wes Lambert]

Thanks--will test and post the results when I get a chance.

Wes

[Doug Burks]

Thanks, Wes!

[Doug Burks]

securityonion-setup - 20120912-0ubuntu0securityonion192 is copying to
ppa:securityonion/stable now.

Thanks, Wes!

[Doug Burks]

Published:
http://blog.securityonion.net/2016/01/securityonion-setup-20120912_23.html