Security onion still detected as hostname??

[CB]

Hi,

I have set the hostname of my security onion box as "SObox" and double checked this in the /etc/hosts file but for some reason when i look at local devices in my firewall it sees the device attached as "securityonion", why and how is this?

[Doug Burks]

Hi Craig,

How exactly did you set the hostname?

Did you update /etc/hostname?

Did you then run the hostname command with the new hostname like this?
sudo hostname SObox

What output do you get when you run "hostname"?

We can help you confirm that your hostname is set properly on the
Security Onion box itself, but your firewall is going to be beyond the
scope of this mailing list.

On Mon, Aug 24, 2015 at 4:32 PM, CB <cr...@advancedcybersecurity.co.uk> wrote:
> Hi,
>
> I have set the hostname of my security onion box as "SObox" and double checked this in the /etc/hosts file but for some reason when i look at local devices in my firewall it sees the device attached as "securityonion", why and how is this?
>
>
>

> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.



--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

[CB]

Hi Doug,

I set the appliance name during the inital setup as "SObox" and havent changed it since, i checked in etc/hostsname and etc/hosts and references are set to "SObox" as expected

if i run the command "hostname" i get "SObox"

The firewall identifies each device using the local IP and has a column named device that either has the hostname or MAC address of each device and i am very surprised to see it say "securityonion" - could this be related to IPv6? where can it get this information from?

[Doug Burks]

Did you install the box using our ISO image?  When you boot our ISO image, it boots into a Live desktop with hostname "securityonion". Perhaps that's where it came from. 

--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

[CB]

yes i started from the ISO image, strange it would still show up as this,is there any way to force update of the new name?

[Doug Burks]

On Tue, Aug 25, 2015 at 2:51 AM, CB <cr...@advancedcybersecurity.co.uk> wrote:
> yes i started from the ISO image, strange it would still show up as this,is there any way to force update of the new name?

I think this is more likely a function of your firewall/DHCP/DNS.

[CB]

yes - possibly the FW hanging on to the old hostname - Thanks

[CDS1]

When I do a scan of my SO appliance with Nexpose it shows an "Alias" of securityonion, the hostname of the box is not called this, I did use the standard setup but didnt scan this till after the appliance was built and renamed a few weeks before.

Did anyone figure out where external firewalls and scanners were able to get this "alias" of "securityonion" from?

[CDS1]

according to Nexpose "The name (alias) of an asset is dictated by the metadata discovered on an asset in the scanning process (DNS name resolution, NetBios, etc)"

[Wes Lambert]

Could it be due to an old reverse DNS record?

Thanks,
Wes

On Feb 15, 2017 6:56 AM, "CDS1" <cr...@connectds.com> wrote:

according to Nexpose "The name (alias) of an asset is dictated by the metadata discovered on an asset in the scanning process (DNS name resolution, NetBios, etc)"

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---

You received this message because you are subscribed to the Google Groups "security-onion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.

[Wes Lambert]

Also, in the future, please avoid commenting on older threads.  You can simply open a new one as described here:

https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists#start-a-new-thread-instead-of-replying-to-an-old-one

Thanks,
Wes

On Feb 15, 2017 7:23 AM, "Wes Lambert" <wlamb...@gmail.com> wrote:

Could it be due to an old reverse DNS record?

Thanks,
Wes

On Feb 15, 2017 6:56 AM, "CDS1" <cr...@connectds.com> wrote:

according to Nexpose "The name (alias) of an asset is dictated by the metadata discovered on an asset in the scanning process (DNS name resolution, NetBios, etc)"

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.

To post to this group, send email to securit...@googlegroups.com.