rename interfaces?
207 views
Skip to first unread message
Curtis
Oct 27, 2016, 5:40:58 PM10/27/16
to security-onion
Hey guys,
I'm in the process of mapping out my setup (production deployment with 1 master/sensor and 3 slave sensors), and am curious if it's possible to rename my interfaces to be able to tell what each is monitoring at a glance. Example: I would like to change <hostname-eth1> to <hostname-eth1-mgmt>, or something to that effect. Is this possible, and will this affect any other configurations?
Thanks!
Kevin Branch
Oct 27, 2016, 6:03:32 PM10/27/16
to securit...@googlegroups.com
Hi Curtis,
You can rename the actual monitoring interfaces by carefully editing /etc/udev/rules.d/70-persistent-net.rules and rebooting.
Then before before your run sosetup, do this patch to sosetup and sosetup-network so that the custom interface names will be tolerated by SO.
sudo sed -i 's/egrep "(eth|bond|wlan|br|ath|bge|mon|fe|em|p\[0-5\]p)\[0-9\]+"/egrep -v "(Transmit|multicast| lo:|\\.[0-9])"/' /usr/bin/sosetup /usr/bin/sosetup-network
I recommend keeping the interface names alphanumeric only and short. I've used names like trutr, dmz2, wifi, ofc, etc... without any trouble on SO for a long time now. Do be careful not to rename your interfaces in such a way that one interface name is a substring of another interface name (like 'dmz' and 'dmz2') as this does cause a problem.
If you apply this unsupported mod, understand that you will want to run that sed command directly before any future runs of sosetup or sosetup-network, as soup updates will likely overwrite the patch eventually.
Kevin
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Doug Burks
Oct 27, 2016, 6:10:24 PM10/27/16
to securit...@googlegroups.com
Hi Kevin,
I don't think that patch is necessary with current versions of Setup
(securityonion-setup - 20120912-0ubuntu0securityonion222 or newer):
https://github.com/Security-Onion-Solutions/security-onion/issues/955
http://blog.securityonion.net/2016/07/securityonion-setup-20120912.html
>> email to security-onio...@googlegroups.com.
>> To post to this group, send email to securit...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
Doug Burks
I don't think that patch is necessary with current versions of Setup
(securityonion-setup - 20120912-0ubuntu0securityonion222 or newer):
https://github.com/Security-Onion-Solutions/security-onion/issues/955
http://blog.securityonion.net/2016/07/securityonion-setup-20120912.html
>> To post to this group, send email to securit...@googlegroups.com.
>> Visit this group at https://groups.google.com/group/security-onion.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups
> "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security-onio...@googlegroups.com.
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups
> "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
> For more options, visit https://groups.google.com/d/optout.
Doug Burks
Kevin Branch
Oct 27, 2016, 10:10:08 PM10/27/16
to securit...@googlegroups.com
Cool, I missed that one. Thanks!
Kevin
>> email to security-onion+unsubscribe@googlegroups.com.
>> To post to this group, send email to security-onion@googlegroups.com.
>> Visit this group at https://groups.google.com/group/security-onion.
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups
> "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security-onion+unsubscribe@googlegroups.com.
> To post to this group, send email to security-onion@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Curtis
Oct 28, 2016, 10:47:57 AM10/28/16
to security-onion
Thank you Kevin, very helpful!
Reply all
Reply to author
Forward
0 new messages