Ubuntu 16.04 Xenial Support

[dougburks]

• [x] Ubuntu 16.04 Xenial PPA

  • [x] rebuild tcl8.6 package - change enable-threads to disable-threads and adjust symbols
  • [x] rebuild ALL Security Onion packages for xenial EXCEPT the following:
  • [x] prads
  • [x] securityonion-argus-clients
  • [x] securityonion-argus-server
  • [x] securityonion-elsa
  • [x] securityonion-elsa-extras
  • [x] securityonion-elsa-node-perl
  • [x] securityonion-elsa-perl
  • [x] securityonion-elsa-web-perl
  • [x] securityonion-http-agent
  • [x] securityonion-libdata-serializable
  • [x] securityonion-ndpi
  • [x] securityonion-passenger
  • [x] securityonion-passenger-conf
  • [x] securityonion-snorby
  • [x] securityonion-wkhtmltopdf
  • [x] sphinxsearch
  • [x] xplico

• [x] barnyard

  • [x] data too long for column class - adjust mysql mode in /etc/mysql/conf.d/securityonion-squert.cnf

• [x] securityonion-all

  • [x] change ELSA to Elastic

• [x] securityonion-capme

  • [x] move capme files from securityonion-elastic package to securityonion-capme package
  • [x] SSO auth
  • [x] update mysql calls to mysqli

• [x] securityonion-client

  • [x] remove securityonion-argus-clients dependency

• [x] securityonion-desktop-gnome

  • [x] install lightdm and lightdm-gtk-greeter
  • [x] install Gnome Classic desktop and set as default
  • [x] remove compiz environments
  • [x] check to see if glib-compile-schemas is installed

• [x] securityonion-elastic

  • [x] add php-curl and jq to dependencies
  • [x] variables must be quoted when comparing
  • [x] new syslog-ng includes SEQNUM and ISODATE fields, remove them in 1001_preprocess_syslogng.conf
  • [x] so-elastic-download may be incorrectly setting INSTALLED when components haven't been installed
  • [x] if user chose Evaluation mode, set LS heap to 1600m and ES heap to 1000m
  • [x] add so-sensor-VERB scripts

• [x] securityonion-iso

  • [x] change ELSA to Elastic
  • [x] add securityonion-samples-bro and securityonion-desktop-gnome dependencies
  • [x] purge open-vm-tools
  • [x] remove build user from /etc/subuid and /etc/subgid
  • [x] remove build user debconf using debconf-set-selections

• [x] securityonion-nsmnow-admin-scripts

  • [x] add /etc/systemd/system/securityonion.service that calls so-start
  • [x] remove reference to service nsm stop
  • [x] remove so-snorby-wipe

• [x] securityonion-onionsalt

  • [x] change defaults to avoid file ignore glob and hash_type warnings

• [x] securityonion-ossec-rules

  • [x] move securityonion_rules.xml from securityonion-elastic package to securityonion-ossec-rules package

• [x] securityonion-sensor

  • [x] update dependencies

• [x] securityonion-server

  • [x] remove imagemagick dependency

• [x] securityonion-setup

  • [x] move so-allow scripts from securityonion-elastic package to securityonion-setup package
  • [x] systemctl enable securityonion.service
  • [x] set timezone to UTC using timedatectl
  • [x] update salt minion_id with hostname
  • [x] update sosetup.conf files to reflect new network device naming convention
  • [x] selecting Forward Node then Custom results in Do you want to enable Elastic?
  • [x] sosetup-forward.conf needs to set Elastic to NO to replicate GUI
  • [x] avoid duplicating OSSEC_AGENT_ENABLED on storage nodes

• [x] securityonion-sguil

  • [x] move Sguil changes from securityonion-elastic package to securityonion-sguil package
  • [x] change Sguil fonts to Liberation

• [x] securityonion-skel

  • [x] change Sguil fonts to Liberation

• [x] securityonion-sostat

  • [x] depend on bc
  • [x] fix master Cross Cluster Search section
  • [x] include so-apt-check and update sostat and soup to call it

• [x] securityonion-squert

  • [x] move Squert files from securityonion-elastic package to securityonion-squert package
  • [x] change php5 dependencies to php
  • [x] update mysql calls to mysqli
  • [x] SSO auth
  • [x] level2 function needs to output strings so frontend can read properly
  • [x] disable mysql strict mode in /etc/mysql/conf.d/securityonion-squert.cnf
  • [x] remove old web code from ip2c.php

• [x] securityonion-web-page

  • [x] remove references to ELSA
  • [x] add libapache2-mod-authnz-external as dependency

• [x] so-* scripts

  • [x] so-VERB should call so-autossh-VERB as well
  • [x] so-autossh-VERB should check to see if it's running on a master server and, if so, do nothing
  • [x] so-autossh-start should wait on DOCKER_INTERFACE if trying to bind to DOCKER_INTERFACE
  • [x] so-elastic-status - fix incorrect formatting
  • [x] so-import-pcap - broken due to different output format in new capinfos

• [x] so-apache-auth-sguil

  • [x] change php5 to php

• [x] soup

  • [x] stop checking for HWE

• [x] syslog-ng

  • [x] change syslog version in /etc/syslog-ng/syslog-ng.conf to reflect actual syslog-ng version - CANCELLING since we currently match syslog-ng.conf in the package

[dougburks]

submitted for testing: https://groups.google.com/d/topic/security-onion-testing/UajMzfe9LJM/discussion

[dougburks]

ISO submitted for testing: https://groups.google.com/d/topic/security-onion-testing/TBKzfdr0psc/discussion

[dougburks]

RC2 submitted for testing: https://groups.google.com/d/topic/security-onion-testing/-PUvZkUTlro/discussion

[dougburks]

Security Onion 16.04.4.1 ISO image now available! https://blog.securityonion.net/2018/05/security-onion-160441-iso-image-now.html