-
Notifications
You must be signed in to change notification settings - Fork 521
2013
January 2013
Issue 285 : Fix pkill bug in Setup script
Issue 286 : Update Snorby to 2.5.4
Issue 288 : Fix bugs in Setup script when selecting Server-Only
Issue 293 : Update Snorby to 2.5.6
February 2013
Issue 292 : cronjob to reload syslog-ng at midnight
Issue 295 : Increase sleep value in /etc/init/securityonion.conf
Issue 296 : Run snort as non-root user
Issue 297 : Run snort/suricata with unique PF_RING cluster-id per interface
March 2013
Issue 302 : PF_RING 5.5.2
Issue 301 : sosetup bug in /etc/network/interfaces config when configuring server-only (no sniffing interfaces)
Issue 305 : /etc/init/securityonion.conf should only sleep at boot and not during Setup
Issue 306 : Consolidate two sleeps in /etc/init/securityonion.conf into one that runs regardless of server/sensor
Issue 309 : Update PRADS
Issue 308 : Suricata 1.4.1
Issue 188 : NSM watchdog should also check/restart sguild
April 2013
Issue 269 : Update Snort to 2.9.4.1
Issue 175 : Add SCADA variables to snort.conf for ETPRO ruleset
Issue 310 : Update netsniff-ng
Issue 320 : Update NSM scripts so that nsm_sensor_ps-restart includes $PCAP_OPTIONS
Issue 311 : Update NSM scripts to run netsniff-ng as non-root user
Issue 318 : Update NSM scripts to force netsniff-ng to write to proper directory
Issue 303 : Update NSM scripts so that sensor_cleandisk looks for unified2 files in proper directories
May 2013
Issue 298 : Build new sphinx package with --enable-id64 compile-time option
Issue 324 : sphinx should check for proper permissions before starting
Issue 299 : sphinx.conf - swap "3307" with "9312"
Issue 289 : ELSA - include YUI library
Issue 290 : Update ELSA to 713
Issue 300 : /etc/elsa_web.conf needs 127.0.0.1 to have ports defined as well
Issue 317 : Setup should disable Bro's PF_RING config when monitoring multiple NICs
Issue 332 : Update pcap samples
Issue 319 : Snort 2.9.4.6
Issue 321 : Snorby 2.6.2
Issue 334 : Sguil agents intermittently failing to reconnect to sguild
Issue 335 : Enabling ELSA should configure OSSEC to send alerts to local syslog
Issue 333 : PF_RING 5.5.3
Issue 337 : Suricata 1.4.2
June 2013
Issue 339 : PF_RING 5.5.4 pf_ring.c from svn
Issue 316 : Security Onion 12.04.1 ISO image
Issue 340 : rule-update needs to copy /usr/local/lib/snort_dynamicrules/
Issue 355 : Add "Copy IP Address" to Sguil client's right-click context menu
Issue 342 : Allow more granular rule tuning (per physical sensor)
Issue 325 : rule-update needs to check for privileges
Issue 326 : rule-update needs to check for /etc/nsm/rules/backup/
Issue 349 : rule-update needs to copy OSSEC local_rules.xml from master to sensor
Issue 353 : rule-update should remove unneeded messages from PulledPork? output
July 2013
Issue 341 : nsm_sensor_ps-start needs "sleep 5s" between netsniff-ng and pcap_agent
Issue 314 : Update NSM scripts so that netsniff-ng pcap size is configurable by user
Issue 354 : Suricata 1.4.3
Issue 315 : Update NSM scripts so that WARN_DISK_USAGE and CRIT_DISK_USAGE are configurable by user
Issue 358 : Update Setup so that Advanced Setup asks about CRIT_DISK_USAGE
Issue 359 : nsm_server_ps-restart --if-stale leaves orphaned sguild processes
Issue 348 : Update CapME with a new option to query Bro conn.log via ELSA
Issue 312 : Update NSM scripts to allow $SERVICE=yes/no in securityonion.conf and/or sensor.conf
Issue 313 : Update Setup so that Advanced Setup asks about enabling/disabling individual services
Issue 268 : Update NSM scripts so that OSSEC and Bro sections respect --sensor-name option
Issue 351 : Update /etc/init/securityonion.conf to start Xplico (controlled by user in /etc/nsm/securityonion.conf)
Issue 347 : New Sguil client transcript option to run through tcpudpflow.bro
Issue 367 : CapMe? should use the new Bro transcript option
Issue 344 : Security Onion 12.04.2 ISO image
August 2013
Issue 368 : /usr/bin/rule-update should check for "Suricata"
Issue 372 : NetworkMiner? 1.5
Issue 365 : CapMe? color coding
Issue 364 : Remove "after 1000" from CapMe?'s cliscript.tcl
Issue 370 : soup: a script to handle Ubuntu/SO updates properly (mysql-server and pfring)
Issue 323 : Create sguild-passwd-user script
Issue 363 : netsniff-ng: log and print statistics
Issue 375 : Update CapMe? so that the user can choose between tcpflow and Bro for transcript rendering
Issue 374 : Update hostname.bro and interface.bro
Issue 366 : Setup doesn't need to prompt if there is no Internet connection
Issue 381 : Update Setup so that if no Internet access, run pulledpork -n
Issue 373 : Setup doesn't correctly configure VRT+ETNOGPL
Issue 371 : sosetup-network should require the user to choose static/DHCP for management interface
Issue 380 : Update securityonion-et-rules package and include tarball
Issue 240 : Squert 1.1
September 2013
Issue 384 : PF_RING 5.6.1
Issue 357 : Snort 2.9.5.3
Issue 360 : Suricata 1.4.5
Issue 386 : Initial integration of onionsalt configuration management
Issue 345 : Security Onion 12.04.3 ISO image
October 2013
Issue 376 : netsniff-ng: specify ring buffer size
Issue 400 : Add option to Advanced Setup to enable netsniff-ng mmap I/O
Issue 394 : syslog-ng memory leak
Issue 391 : Setup should write log file to /tmp and then copy to /var/log/nsm/sosetup.log when done
Issue 377 : Move Argus config to argus.conf so that users can change without modifying NSM scripts
Issue 401 : ossec_agent.conf should set DAEMON to 0
Issue 397 : Suricata 1.4.6
Issue 402 : Create sostat-redacted to automatically redact IPv4 addresses from sostat output
Issue 387 : Squert 1.1.5
November 2013
Issue 405 : Optimize network buffers
Issue 407 : Increase frequency of /etc/cron.d/sensor-clean
Issue 419 : Delete Snorby pid file at boot
Issue 408 : Add "broctl netstats" to sostat
Issue 410 : sostat should display the count of days archived in pcap and Bro logs
Issue 417 : sostat - remove $HOSTNAME-
Issue 422 : Enhancement: Bro average packet loss in sostat
Issue 398 : Snort 2.9.5.5
Issue 423 : Bug in broctl netstats percentage calculation
December 2013
Issue 362 : sguil-db-purge - add DAYSTOREPAIR option
Issue 395 : Bro 2.2
Issue 426 : Update http_agent for Bro 2.2
Issue 420 : Setup should no longer disable Bro PF_RING since it should work in 2.2
Issue 424 : Setup should write out changes to /etc/network/interfaces and then prompt for reboot
Issue 415 : Setup should ask user about DAYSTOKEEP and DAYSTOREPAIR
Issue 396 : Setup should give the option of enabling file extraction in Bro
Issue 433 : Setup should configure Snorby to pivot from an IP address to ELSA
Issue 431 : Update APT1 scripts for Bro 2.2
Issue 350 : Modify Sguil client to allow pivoting directly to ELSA query
Issue 346 : New ELSA packages
Issue 343 : Add more Bro logs to ELSA
Issue 434 : nsm_sensor_ps-start shouldn't call sensor_cleandisk anymore
Issue 430 : Update wiki for Bro 2.2
Issue 438 : /etc/cron.d/elsa updates
Issue 442 : securityonion-elsa-extras: fix BRO_NOTICE parsers
Issue 444 : securityonion-elsa-extras: wrong mysql directory in /etc/elsa_node.conf
Issue 436 : sosetup-network: replace ifconfig with iproute2's ip tool
Issue 441 : sosetup-network shouldn't stop network-manager
Issue 437 : sostat: more detailed interface stats via ip(8)
Issue 457 : sostat: add /proc/net/pf_ring/info
Issue 458 : sostat: include pf_ring Slots
Issue 459 : sostat: netsniff-ng loss output incorrect when running BPF
Issue 429 : nsm_server_clear needs latest Squert database updates
Issue 451 : nsm_sensor_clean should purge old files in /nsm/bro/extracted
Issue 454 : Disabling PADS agent blocks PRADS and results in no SANCP records flowing
Issue 439 : /etc/cron.d/sensor-newday updates
Issue 440 : BPF JIT addition to /etc/sysctl.d/10-securityonion.conf
Issue 435 : Setup should allow you to set PF_RING min_num_slots
Issue 446 : Setup should delete /var/lib/sphinxsearch/data/binlog*
Issue 452 : Setup phase 2 should populate sniffing interfaces from /etc/network/interfaces
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs