Closed dougburks closed 6 years ago
submitted for testing: https://groups.google.com/d/topic/security-onion-testing/UajMzfe9LJM/discussion
ISO submitted for testing: https://groups.google.com/d/topic/security-onion-testing/TBKzfdr0psc/discussion
RC2 submitted for testing: https://groups.google.com/d/topic/security-onion-testing/-PUvZkUTlro/discussion
Security Onion 16.04.4.1 ISO image now available! https://blog.securityonion.net/2018/05/security-onion-160441-iso-image-now.html
[x] Ubuntu 16.04 Xenial PPA
enable-threads
todisable-threads
and adjust symbolsxenial
EXCEPT the following:[x] barnyard
data too long for column class
- adjust mysql mode in/etc/mysql/conf.d/securityonion-squert.cnf
[x] securityonion-all
[x] securityonion-capme
securityonion-elastic
package tosecurityonion-capme
package[x] securityonion-client
securityonion-argus-clients
dependency[x] securityonion-desktop-gnome
lightdm
andlightdm-gtk-greeter
Gnome Classic
desktop and set as defaultcompiz
environmentsglib-compile-schemas
is installed[x] securityonion-elastic
php-curl
andjq
to dependencies1001_preprocess_syslogng.conf
so-elastic-download
may be incorrectly settingINSTALLED
when components haven't been installed[x] securityonion-iso
securityonion-samples-bro
andsecurityonion-desktop-gnome
dependenciesopen-vm-tools
/etc/subuid
and/etc/subgid
debconf-set-selections
[x] securityonion-nsmnow-admin-scripts
/etc/systemd/system/securityonion.service
that callsso-start
service nsm stop
so-snorby-wipe
[x] securityonion-onionsalt
file ignore glob
andhash_type
warnings[x] securityonion-ossec-rules
securityonion_rules.xml
fromsecurityonion-elastic
package tosecurityonion-ossec-rules
package[x] securityonion-sensor
[x] securityonion-server
imagemagick
dependency[x] securityonion-setup
securityonion-elastic
package tosecurityonion-setup
packagesystemctl enable securityonion.service
timedatectl
minion_id
with hostnamesosetup.conf
files to reflect new network device naming conventionForward Node
thenCustom
results inDo you want to enable Elastic?
Elastic
toNO
to replicate GUIOSSEC_AGENT_ENABLED
on storage nodes[x] securityonion-sguil
securityonion-elastic
package tosecurityonion-sguil
packageLiberation
[x] securityonion-skel
Liberation
[x] securityonion-sostat
bc
Cross Cluster Search
sectionso-apt-check
and updatesostat
andsoup
to call it[x] securityonion-squert
securityonion-elastic
package tosecurityonion-squert
packagephp5
dependencies tophp
mysql
calls tomysqli
/etc/mysql/conf.d/securityonion-squert.cnf
ip2c.php
[x] securityonion-web-page
libapache2-mod-authnz-external
as dependency[x] so-* scripts
DOCKER_INTERFACE
if trying to bind toDOCKER_INTERFACE
so-elastic-status
- fix incorrect formattingso-import-pcap
- broken due to different output format in newcapinfos
[x] so-apache-auth-sguil
php5
tophp
[x] soup
[x] syslog-ng
/etc/syslog-ng/syslog-ng.conf
to reflect actual syslog-ng version - CANCELLING since we currently match syslog-ng.conf in the package