How to install security onion sensor in a already installed MySQL Database Server.

288 views
Skip to first unread message

Rajitha Karunarathne

unread,
Mar 24, 2016, 12:46:16 AM3/24/16
to security-onion
Hi,

I want to install the security onion sensor in our MySQL Database server. But when I ran the installation using PPA it fails.

Could you please guide me on how to do this or is there any alternative way to achieve this.

Thanks & Regards
Rajitha

Rajitha Karunarathne

unread,
Mar 24, 2016, 3:04:15 AM3/24/16
to security-onion

Following was the error given,

sudo apt-get -y install securityonion-all syslog-ng-core
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
securityonion-all : Depends: securityonion-server but it is not going to be installed
Depends: securityonion-elsa but it is not going to be installed
Depends: securityonion-elsa-extras but it is not going to be installed
E: Unable to correct problems, you have held broken packages.


Wes

unread,
Mar 24, 2016, 6:28:00 AM3/24/16
to security-onion

Rajitha,

What type/version server are you trying to install this on?

Did you make sure to follow all the steps here?
https://github.com/Security-Onion-Solutions/security-onion/wiki/ProductionDeployment

Are you able to duplicate the issue on a fresh OS install?

Thanks,
Wes

Rajitha Karunarathne

unread,
Mar 24, 2016, 11:27:50 AM3/24/16
to security-onion
Hi Wes,

Thanks for replying.

My scenario is like this.I already have a MySQL installed Ubuntu 14.04 server.

I want to place a Security Onion Sensor with in that.For that I have followed the guide to install Security Onion on your preferred flavor of Ubuntu 14.04 32-bit/64-bit (not using there ISO image).

Followed the below link as well,
https://github.com/Security-Onion-Solutions/security-onion/wiki/ProductionDeployment

Is it possible to place a Security onion Sensor in a already installed MySQL server?. If so what steps do I need to follow.Please guide me on this.

Thanks & Regards
Rajitha

Wes Lambert

unread,
Mar 24, 2016, 11:54:14 AM3/24/16
to securit...@googlegroups.com

Rajitha,

What specific requirements do you have around keeping the current mysql database? 

I would recommend that you don't do this, as you would get the best results from a fresh install.  Also, supporting it in the future could potentially be more difficult.  

If you have other services running on the machine you intend to be a sensor, then again I would recommend that you start with a fresh OS install, as sensor are typically meant to perform a single purpose and to be as efficient as possible.

If you still wish to do this, you could try take a a look at the sosetup script and of course of mysql is configure during the installation phase.  I don't think the error you provided initially is the related to mysql in any way (I could be wrong), but there could be some other kind of conflict with your current installation.

Again, are you able to duplicate the issue on a fresh installation?

Thanks,

Wes


--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

Rajitha Karunarathne

unread,
Mar 24, 2016, 12:09:44 PM3/24/16
to security-onion
Hi Wes,

I was able to install and configure the Security Onion Sensor without any issue on a fresh Ubuntu 14.04 server.

This happens only when I try to install in a server with MySQL already installed.

The problem is like this I want to place a security onion sensor in our production database server so that I can monitor it with via a Security onion server which I have already installed and configure seperately.

Seems like placing a sensor in a MySQl database server is not possible.

Thanks & Regards
Rajitha

Kevin Branch

unread,
Mar 24, 2016, 12:23:30 PM3/24/16
to securit...@googlegroups.com
In hopes of getting more detail about why the install fails, what happens if you run just
sudo apt-get -y install securityonion-server
That is only a subset of what you want, but it might produce more specific errors explaining why it does not want to install securityonion-server.

Kevin


Rajitha Karunarathne

unread,
Mar 25, 2016, 1:44:36 AM3/25/16
to security-onion
Hi Kevin,

The command "sudo apt-get -y install securityonion-server" has given the following error,

"
root@ip-172-31-65-98:/home/ubuntu# sudo apt-get -y install securityonion-server


Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:

securityonion-server : Depends: securityonion-squert but it is not going to be installed
Depends: securityonion-squert-cron but it is not going to be installed


E: Unable to correct problems, you have held broken packages."

However I've been able to proceed the installation with below command.

"sudo apt-get -y install securityonion-sensor"

Thanks & Regards
Rajitha

Rajitha Karunarathne

unread,
Mar 25, 2016, 1:47:50 AM3/25/16
to security-onion

But after the installation now I cant start the MySQL server.

Doug Burks

unread,
Mar 25, 2016, 7:08:29 AM3/25/16
to securit...@googlegroups.com
On Thu, Mar 24, 2016 at 12:09 PM, Rajitha Karunarathne
<rajith...@gmail.com> wrote:
> Hi Wes,
>
> I was able to install and configure the Security Onion Sensor without any issue on a fresh Ubuntu 14.04 server.
>
> This happens only when I try to install in a server with MySQL already installed.
>
> The problem is like this I want to place a security onion sensor in our production database server so that I can monitor it with via a Security onion server which I have already installed and configure seperately.

If you want to monitor your production database server, you don't need
to install Security Onion directly on your production database server.

If you want to monitor the network traffic from your production
database server, simply collect the network traffic via tap or span
port and monitor that network traffic on a separate Security Onion
box.

If you want to monitor host activity on your production database
server, you may want to consider installing an OSSEC agent on it to
collect host logs and send those to your separate Security Onion box
for analysis.

--
Doug Burks

Rajitha Karunarathne

unread,
Mar 25, 2016, 12:21:43 PM3/25/16
to security-onion

Hi Doug,

Thanks a lot for your explanation. I'll proceed with OSSEC agent installation.

Thanks & Regards
Rajitha

Reply all
Reply to author
Forward
0 new messages