Closed dougburks closed 4 years ago
bryant-treacle
commented
4 years ago Tested the new ISO in the following configurations: Standalone - Evaluation (No Issues) Standalone - Production (No Issues) Master w/ Heavy Node (No Issues) Master w/ Storage Node and Forward Node (No Issues)
defensivedepth
commented
4 years ago Tested the new ISO in the following configurations with no issues: Standalone - Evaluation Master w/Forward Node
Wilk4013
commented
4 years ago Tested 16.04.6.4 ISO Standalone - Evaluation w/No Issues
dougburks
commented
4 years ago Thanks for testing @bryant-treacle @defensivedepth @Wilk4013 !
dougburks
commented
4 years ago
Hello testers!
Our Security Onion 16.04.6.4 ISO image is ready for testing! This image is based on Ubuntu 16.04.6 with the HWE stack (kernel and video drivers from 18.04) and the latest Ubuntu and Security Onion updates. It should include all updates from https://github.com/Security-Onion-Solutions/security-onion/projects/10 and should specifically resolve the following issues:
pinguybuilder: increment version to 16.04.6.4 #1701 https://github.com/Security-Onion-Solutions/security-onion/issues/1701
Build 16.04.6.4 ISO image #1704 https://github.com/Security-Onion-Solutions/security-onion/issues/1704
Please follow the download/verify instructions here: https://github.com/Security-Onion-Solutions/security-onion/blob/master/testing/Verify_ISO_16.04.6.4.md
Please note that we had previously moved from Github Releases to Backblaze for ISO image hosting. This ISO image is back under Github's 2GB threshold, so we're able to move back to Github for this release. Please let us know if you have any issues when downloading the ISO image.
Please verify that
/etc/apt/apt.conf.d/01autoremove(and other files in that directory) exist on the installed operating system and that soup operates correctly.Please verify that the desktop wallpaper changes to prompt the user to run Setup when necessary.
Please verify that all services start correctly after a reboot.
Please verify that each and every ISO installation has unique ssl cert and key for Wazuh in
/var/ossec/etc/sslmanager*.Please verify that the screensaver locks the screen after idle for a few minutes.
Please test in as many different combinations as possible:
Evaluation Mode vs Production Mode
standalone vs distributed deployments
heavy node deployments (local Elastic stack) vs forward-only node deployments (no local Elastic stack)
connected to the Internet vs not connected
physical hardware vs VMware vs VirtualBox vs other virtualization
EFI vs traditional BIOS
As always, please test using nmap or other port scanner to verify proper firewall config. Before you do that, however, you will want to whitelist your scanning IP address as follows:
Edit
/var/ossec/etc/ossec.confusing vi or your favorite text editor:copy the existing
white_listline and paste it directly underneath and changing the entry to your scanning IP addresssave the file and exit the editor (vi requires :wq! to save the file)
restart OSSEC:
Now that you've whitelisted your scanning IP, you can scan using an
nmapcommand like this (watch out for line-wrapping and replace1.2.3.4with the actual IP address of the Security Onion box you're testing):Run Setup on the Security Onion box.
On the scanning box, run
nmapand it should only see port 22 open on the Security Onion box.Run
so-allowon the Security Onion box and allow your scanning IP to access a port.so-allowshows you the output ofufw statusand also the current contents of the DOCKER-USER chain. Also review/etc/ufw/after.rulesto see the new firewall rule that will be added at every reboot.Re-run
nmapfrom your scanning box and verify that only proper ports are open.Reboot the Security Onion box.
Re-run
nmapfrom your scanning box and verify that only proper ports are open.Anything else we missed?
Please record all test results via comments below.
Thanks in advance for your time and effort!