virtualbox settings network

[vxzdeff fasfv]

what setting i need to make to network for security onion?

i mean i know i need 2 adapter which setting in the adapters i need to do?
1.NAT?
2.Bridged Adapter?
3.Internal Network?
and the Advanced setting
in the
Promiscuous Mode:
deny?
or
allow?

what i the installation i the start when i pick up the iso of security onion
which option i need to pick ?

1. live- boot the
2. xforcevens
3.install?
4.memtest?

[Matt Gregory]

There's this walk-through on the Security Onion wiki:  http://code.google.com/p/security-onion/wiki/IntroductionWalkthrough

I've also attached a VM configuration walk-through that covers settings setting up VirtualBox and ESXi, although I don't cover the actual installation of SO as the above link does.

Matt

--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/groups/opt_out.

[vxzdeff fasfv]

Why you guys don't make youtube video about installation ? :D

ok try this guide now.

[vxzdeff fasfv]

i want to change file snort.conf
192.168.0.0/24
i want modify to
192.168.1.0/24
how i can modify file?
i forgot how to do that,

[Doug Burks]

sudo leafpad /etc/nsm/HOSTNAME-INTERFACE/snort.conf

--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/groups/opt_out.

--
Doug Burks
http://securityonion.blogspot.com

[vxzdeff fasfv]

in virtulbox in network setting in adapter type which i need to pick up?

is work on my linux but not in my lan

[vxzdeff fasfv]

nevermind all work

what i did is 2 adapter with Bridged Adapter

in snort rules is there something i can add ?

i mean the snort rules works but is there something more simple rules?

like tcp scan .
malware alert
what i mean that the rules written ports scan etc.

[Matt Gregory]

I recommend "bridged networking" assuming you have the traffic you want to monitor going to the physical interface on your host machine.

On Sep 7, 2013 9:39 AM, "vxzdeff fasfv" <psdtoh...@gmail.com> wrote:

in virtulbox in network setting in adapter type which i need to pick up?

is work on my linux but not in my lan

[Doug Burks]

You have a few options for rulesets:
- Emerging Threats free ruleset
- Emerging Threats pro ruleset
- Sourcefire VRT ruleset
- Sourcefire Community ruleset
- combinations of the above

You can also add your own rules in /etc/nsm/rules/local.rules.

> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.