Can not install Packages 404 not found.

[bxyify]

Hello

I downloaded the ISO from the website:

~# strings securityonion.iso |head
CD001
LINUX SecurityOnion 12.04.5.1 20150205
GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM 2015020510060000

But it says it's ubuntu 10 not 12

root@bla:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 10.04.4 LTS
Release: 10.04
Codename: lucid

I Installed the ISO but all I got is a minimal Ubuntu.

~# sosetup
No command 'sosetup' found, did you mean:
Command 'losetup' from package 'mount' (main)
Command 'losetup' from package 'loop-aes-utils' (universe)
Command 'svsetup' from package 'svtools' (multiverse)
sosetup: command not found

Trying to add the packages:

~# add-apt-repository ppa:securityonion/stable
gpg: keyring `/tmp/tmpKOp7zu/secring.gpg' created
gpg: keyring `/tmp/tmpKOp7zu/pubring.gpg' created
gpg: requesting key 23F386C7 from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpKOp7zu/trustdb.gpg: trustdb created
gpg: key 23F386C7: public key "Launchpad PPA for Security Onion" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK

~# apt-get update
...
Err http://ppa.launchpad.net lucid/main Packages
404 Not Found
W: Failed to fetch http://ppa.launchpad.net/securityonion/stable/ubuntu/dists/lucid/main/binary-amd64/Packages.gz 404 Not Found

E: Some index files failed to download, they have been ignored, or old ones used instead.

[Heine Lysemose]

Hi

Did you download it from here, http://sourceforge.net/projects/security-onion/files/12.04.5.1/, and remeber to do a chechsum after the download completes.

You can follow the installation from here, https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation

Regards,

Lysemose

--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

[bxyify]

Yes, I downloaded it from sourceforge.

[Doug Burks]

Did you use the 12.04.5.1 ISO image to create a bootable DVD/USB? Or
did you boot the ISO directly in a VM?

If VM, are you sure you configured the VM to boot from the correct ISO image?

Have you tried creating a new VM and configuring it to boot from the
12.04.5.1 ISO image?

On Wed, May 20, 2015 at 6:44 AM, 'bxyify' via security-onion
<securit...@googlegroups.com> wrote:
> Yes, I downloaded it from sourceforge.
>

> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.

--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

[bxyify]

Yeah the problem was that I had the wrong version of ubuntu installed. Had to use netinstall and got the wrong kernel. I was planning to run a server on xen and a sensor external. I setup both now but on both I get the error

This will take a moment to complete ...
ERROR 1049 (42000): Unknown database 'securityonion_db'

when starting sostat-quick. I ran sosetup on both machines (server first).

[bxyify]

Additionally on the server I get this error

Processing ...
/usr/bin/sostat: line 240: /root/.ssh/securityonion_ssh.conf: No such file or directory
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]

I thought ssh is only needed for the sensor that connects via ssh to the server, and why does this thing look for .ssh in /root?

On Wednesday, 20 May 2015 12:06:31 UTC+2, bxyify wrote:

[Doug Burks]

On Fri, May 22, 2015 at 6:08 AM, 'bxyify' via security-onion
<securit...@googlegroups.com> wrote:
> Yeah the problem was that I had the wrong version of ubuntu installed. Had to use netinstall and got the wrong kernel. I was planning to run a server on xen and a sensor external. I setup both now but on both I get the error
>
> This will take a moment to complete ...
> ERROR 1049 (42000): Unknown database 'securityonion_db'
>
> when starting sostat-quick. I ran sosetup on both machines (server first).

Did you follow this guide?
https://github.com/Security-Onion-Solutions/security-onion/wiki/ProductionDeployment

What options did you choose when running sosetup?

Did you get any errors during sosetup?

Are there any errors in /var/log/nsm/sosetup.log?

[bxyify]

sosetup ran without any errors as far as I can tell.

I started everything on the sensor (including bro, elsa, prads and so on, even when I don't really need all these services, I just want to test first and then disable these I don't need to have).

The sensor has 3 interfaces, I configured eth0 as manager and eth1 and 2 as monitor if. /etc/network/interfaces shows them configured accordingly (eth0 dhcp and 1 and 2 manual with promisc).

sosetup.log shows a few warnings:
using config file '/etc/sphinxsearch/sphinx.conf'...
indexing index 'permanent'...
WARNING: attribute 'attr_s0' not found - IGNORING
WARNING: attribute 'attr_s1' not found - IGNORING
WARNING: attribute 'attr_s2' not found - IGNORING
WARNING: attribute 'attr_s3' not found - IGNORING
WARNING: attribute 'attr_s4' not found - IGNORING
WARNING: attribute 'attr_s5' not found - IGNORING
(this appears on the server too)

But only one error, on the sensor:

Syntax error on line 31 of /etc/apache2/sites-enabled/098-xplico:
SSLCertificateKeyFile: file '/etc/ssl/private/ssl-cert-snakeoil.key' does not exist or is empty
Action 'configtest' failed.

However that does not seem to be related with securityonion_db missing, or?

[bxyify]

BTW I just ran the setup on the server again to check if I forgot about errors that been shown and yes there was an error during setup:

~$ sudo sosetup

ERROR 1049 (42000): Unknown database 'securityonion_db'

I thought setup would create that database

mysql is open without password so the setup should have access:

$ sudo mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1127
Server version: 5.5.43-0ubuntu0.12.04.1 (Ubuntu)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

On Friday, 22 May 2015 12:41:40 UTC+2, Doug Burks wrote:

[Doug Burks]

On Fri, May 22, 2015 at 7:52 AM, 'bxyify' via security-onion
<securit...@googlegroups.com> wrote:
> BTW I just ran the setup on the server again to check if I forgot about errors that been shown and yes there was an error during setup:
>
> ~$ sudo sosetup
> ERROR 1049 (42000): Unknown database 'securityonion_db'
>
> I thought setup would create that database

Yes, sosetup should create that database if it has permissions to do so.

Did you follow this Installation Guide?
https://github.com/Security-Onion-Solutions/security-onion/wiki/ProductionDeployment

Specifically, did you run this command before installing MySQL?
echo "debconf debconf/frontend select noninteractive" | sudo
debconf-set-selections

Can you provide your entire sosetup.log (redacting sensitive info as necessary)?

[katw...@yahoo.de]

I did this line when originally setting up the server on xen from netinstall. However I did it again explecitely before running sosetup

~$ echo "debconf debconf/frontend select noninteractive" | sudo debconf-set-selections 

~$ sudo sosetup

ERROR 1049 (42000): Unknown database 'securityonion_db'

~$ 

--
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/FahJxF09dQ4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onion+unsub...@googlegroups.com.

[bxyify]

Does anyone have a solution on this?

On Wednesday, 20 May 2015 12:06:31 UTC+2, bxyify wrote:

[Heine Lysemose]

Hi

I think you should start over to get the right kernel/version of Ubuntu, 12.04 LTS.

Please follow this guide, https://github.com/Security-Onion-Solutions/security-onion/wiki/Installation

Regards,

Lysemose

--
You received this message because you are subscribed to the Google Groups "security-onion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.

[bxyify]

I have the correct kernel see sosetup

[Heine Lysemose]

Yes, maybe... but the apt-get update pulls updates for Lucid (10.04).

I still suggest to start over with the right ISO/medium

/Lysemose