Closed dougburks closed 4 years ago
Tested the new ISO in the following configurations: Standalone - Evaluation (No Issues) Standalone - Production (No Issues) Master w/ Heavy Node (No Issues) Master w/ Storage Node and Forward Node (No Issues)
Tested the new ISO in the following configurations with no issues: Standalone - Evaluation Master w/Forward Node
Tested 16.04.6.4 ISO Standalone - Evaluation w/No Issues
Thanks for testing @bryant-treacle @defensivedepth @Wilk4013 !
Hello testers!
Our Security Onion 16.04.6.4 ISO image is ready for testing! This image is based on Ubuntu 16.04.6 with the HWE stack (kernel and video drivers from 18.04) and the latest Ubuntu and Security Onion updates. It should include all updates from https://github.com/Security-Onion-Solutions/security-onion/projects/10 and should specifically resolve the following issues:
pinguybuilder: increment version to 16.04.6.4 #1701 https://github.com/Security-Onion-Solutions/security-onion/issues/1701
Build 16.04.6.4 ISO image #1704 https://github.com/Security-Onion-Solutions/security-onion/issues/1704
Please follow the download/verify instructions here: https://github.com/Security-Onion-Solutions/security-onion/blob/master/testing/Verify_ISO_16.04.6.4.md
Please note that we had previously moved from Github Releases to Backblaze for ISO image hosting. This ISO image is back under Github's 2GB threshold, so we're able to move back to Github for this release. Please let us know if you have any issues when downloading the ISO image.
Please verify that
/etc/apt/apt.conf.d/01autoremove
(and other files in that directory) exist on the installed operating system and that soup operates correctly.Please verify that the desktop wallpaper changes to prompt the user to run Setup when necessary.
Please verify that all services start correctly after a reboot.
Please verify that each and every ISO installation has unique ssl cert and key for Wazuh in
/var/ossec/etc/sslmanager*
.Please verify that the screensaver locks the screen after idle for a few minutes.
Please test in as many different combinations as possible:
Evaluation Mode vs Production Mode
standalone vs distributed deployments
heavy node deployments (local Elastic stack) vs forward-only node deployments (no local Elastic stack)
connected to the Internet vs not connected
physical hardware vs VMware vs VirtualBox vs other virtualization
EFI vs traditional BIOS
As always, please test using nmap or other port scanner to verify proper firewall config. Before you do that, however, you will want to whitelist your scanning IP address as follows:
Edit
/var/ossec/etc/ossec.conf
using vi or your favorite text editor:copy the existing
white_list
line and paste it directly underneath and changing the entry to your scanning IP addresssave the file and exit the editor (vi requires :wq! to save the file)
restart OSSEC:
Now that you've whitelisted your scanning IP, you can scan using an
nmap
command like this (watch out for line-wrapping and replace1.2.3.4
with the actual IP address of the Security Onion box you're testing):Run Setup on the Security Onion box.
On the scanning box, run
nmap
and it should only see port 22 open on the Security Onion box.Run
so-allow
on the Security Onion box and allow your scanning IP to access a port.so-allow
shows you the output ofufw status
and also the current contents of the DOCKER-USER chain. Also review/etc/ufw/after.rules
to see the new firewall rule that will be added at every reboot.Re-run
nmap
from your scanning box and verify that only proper ports are open.Reboot the Security Onion box.
Re-run
nmap
from your scanning box and verify that only proper ports are open.Anything else we missed?
Please record all test results via comments below.
Thanks in advance for your time and effort!