Reviewing the virtualbox install guide

[id1010...@gmail.com]

I'm currently reviewing the installation guides listed on the github repo and am installing security on in production for the first time. I was hoping someone could offer me some clarity on a couple of things.

1. The Virtualbox guide for version 12 of Security Onion is quite thorough when compared the the 3 newer guides and it's the only on that specifies how to configure your hyper-visor and specifically your second network adapter (for sniffing traffic). It states you are to use "Internal Network", however I have previously had issues with that and was recommended on this mailing list to use the "Bridged Adapter" setting. What is the current line of thinking on this and why?

2. Are there plans to update the version 12 guide? From what -I- as a total noob can see, it only needs some minor tweaks to be complete again, and it is by far the most thorough introduction to initial configuration.

3. Virtualbox Guest Additions doesn't seem to be working with the instructions provided.It is possible there is an issue on my end with my host machine (Debian) but when I run the VBoxLinuxAdditions.run script (on SecurityOnion) it replies back with the following errors:

"The headers for the current running kernal were not found. If the following module comilation fails then this could be the reason."

"Building the shared folder support module ...fail!"
(Look at /var/log/vboxadd-install.log to find out what went wrong)
That file reads as: pastebin.com/aunP1wbb

"Warning: unknown version of the X Window System install. Not installing X Window System Drivers."

With all of that said, I am never given the option to properly size the windows. Which renders my system ineffective for analysis.

#makeTheVirtualboxWalkthroughGreatAgain

-Jay

[Wes]

Jay,

I would advise using Bridged Mode for your sniffing interface.

I'm planning on adding a guide for VMWare Workstation Pro 12 (should apply to most VMWare installs) and Security Onion 14.04 if that helps any.

I'm not too familiar with VirtualBox, so I can't offer much assistance with the issue you are experiencing with Guest Additions. Maybe try the following?

sudo apt-get install virtualbox-guest-dkms

Or have a look here:

https://linuxconfig.org/ubuntu-the-headers-for-the-current-running-kernel-were-not-found-solution

Thanks,
Wes

[id1010...@gmail.com]

Thanks for the reply Wes, I just tried applying both of your recommendations but neither seemed to work, but I'll note that is AFTER already running the VBOXLinuxAdditions.run script.

I'm going to try rebuilding the system again from initial setup, then applying your recommendations to see if that makes a difference.

[id1010...@gmail.com]

Alright, I tried stripping everything back to the base install but none of that seems to work.

[id1010...@gmail.com]

On Tuesday, January 31, 2017 at 10:01:17 PM UTC-5, id1010...@gmail.com wrote:

SOLVED!
This is a classic example of Ubuntus problem, Not SecOnions problem... I should have been searching for the solution as it pertained to Ubuntu 14.

Solution found at: http://www.binarytides.com/vbox-guest-additions-ubuntu-14-04/

I ended up rebuilding the SecOnion box to the point of needing to run the Setup Script, then I updated the system and ran the following (On the SecOnion Guest):

$ sudo apt-get install build-essential module-assistant
$ sudo m-a prepare
Then I ran the sh script at:
$ sudo /media/<username>/VBOXADDITIONS_4.3.10_93012

Rebooted the SecOnion Box and all was chill.

#makeTheVirtualboxWalkthroughGreatAgain

-Jay