2013

January 2013 Issue 285 : Fix pkill bug in Setup script Issue 286 : Update Snorby to 2.5.4 Issue 288 : Fix bugs in Setup script when selecting Server-Only Issue 293 : Update Snorby to 2.5.6 February 2013 Issue 292 : cronjob to reload syslog-ng at midnight Issue 295 : Increase sleep value in /etc/init/securityonion.conf Issue 296 : Run snort as non-root user Issue 297 : Run snort/suricata with unique PF_RING cluster-id per interface March 2013 Issue 302 : PF_RING 5.5.2 Issue 301 : sosetup bug in /etc/network/interfaces config when configuring server-only (no sniffing interfaces) Issue 305 : /etc/init/securityonion.conf should only sleep at boot and not during Setup Issue 306 : Consolidate two sleeps in /etc/init/securityonion.conf into one that runs regardless of server/sensor Issue 309 : Update PRADS Issue 308 : Suricata 1.4.1 Issue 188 : NSM watchdog should also check/restart sguild April 2013 Issue 269 : Update Snort to 2.9.4.1 Issue 175 : Add SCADA variables to snort.conf for ETPRO ruleset Issue 310 : Update netsniff-ng Issue 320 : Update NSM scripts so that nsm_sensor_ps-restart includes $PCAP_OPTIONS Issue 311 : Update NSM scripts to run netsniff-ng as non-root user Issue 318 : Update NSM scripts to force netsniff-ng to write to proper directory Issue 303 : Update NSM scripts so that sensor_cleandisk looks for unified2 files in proper directories May 2013 Issue 298 : Build new sphinx package with --enable-id64 compile-time option Issue 324 : sphinx should check for proper permissions before starting Issue 299 : sphinx.conf - swap "3307" with "9312" Issue 289 : ELSA - include YUI library Issue 290 : Update ELSA to 713 Issue 300 : /etc/elsa_web.conf needs 127.0.0.1 to have ports defined as well Issue 317 : Setup should disable Bro's PF_RING config when monitoring multiple NICs Issue 332 : Update pcap samples Issue 319 : Snort 2.9.4.6 Issue 321 : Snorby 2.6.2 Issue 334 : Sguil agents intermittently failing to reconnect to sguild Issue 335 : Enabling ELSA should configure OSSEC to send alerts to local syslog Issue 333 : PF_RING 5.5.3 Issue 337 : Suricata 1.4.2 June 2013 Issue 339 : PF_RING 5.5.4 pf_ring.c from svn Issue 316 : Security Onion 12.04.1 ISO image Issue 340 : rule-update needs to copy /usr/local/lib/snort_dynamicrules/ Issue 355 : Add "Copy IP Address" to Sguil client's right-click context menu Issue 342 : Allow more granular rule tuning (per physical sensor) Issue 325 : rule-update needs to check for privileges Issue 326 : rule-update needs to check for /etc/nsm/rules/backup/ Issue 349 : rule-update needs to copy OSSEC local_rules.xml from master to sensor Issue 353 : rule-update should remove unneeded messages from PulledPork? output July 2013 Issue 341 : nsm_sensor_ps-start needs "sleep 5s" between netsniff-ng and pcap_agent Issue 314 : Update NSM scripts so that netsniff-ng pcap size is configurable by user Issue 354 : Suricata 1.4.3 Issue 315 : Update NSM scripts so that WARN_DISK_USAGE and CRIT_DISK_USAGE are configurable by user Issue 358 : Update Setup so that Advanced Setup asks about CRIT_DISK_USAGE Issue 359 : nsm_server_ps-restart --if-stale leaves orphaned sguild processes Issue 348 : Update CapME with a new option to query Bro conn.log via ELSA Issue 312 : Update NSM scripts to allow $SERVICE=yes/no in securityonion.conf and/or sensor.conf Issue 313 : Update Setup so that Advanced Setup asks about enabling/disabling individual services Issue 268 : Update NSM scripts so that OSSEC and Bro sections respect --sensor-name option Issue 351 : Update /etc/init/securityonion.conf to start Xplico (controlled by user in /etc/nsm/securityonion.conf) Issue 347 : New Sguil client transcript option to run through tcpudpflow.bro Issue 367 : CapMe? should use the new Bro transcript option Issue 344 : Security Onion 12.04.2 ISO image August 2013 Issue 368 : /usr/bin/rule-update should check for "Suricata" Issue 372 : NetworkMiner? 1.5 Issue 365 : CapMe? color coding Issue 364 : Remove "after 1000" from CapMe?'s cliscript.tcl Issue 370 : soup: a script to handle Ubuntu/SO updates properly (mysql-server and pfring) Issue 323 : Create sguild-passwd-user script Issue 363 : netsniff-ng: log and print statistics Issue 375 : Update CapMe? so that the user can choose between tcpflow and Bro for transcript rendering Issue 374 : Update hostname.bro and interface.bro Issue 366 : Setup doesn't need to prompt if there is no Internet connection Issue 381 : Update Setup so that if no Internet access, run pulledpork -n Issue 373 : Setup doesn't correctly configure VRT+ETNOGPL Issue 371 : sosetup-network should require the user to choose static/DHCP for management interface Issue 380 : Update securityonion-et-rules package and include tarball Issue 240 : Squert 1.1 September 2013 Issue 384 : PF_RING 5.6.1 Issue 357 : Snort 2.9.5.3 Issue 360 : Suricata 1.4.5 Issue 386 : Initial integration of onionsalt configuration management Issue 345 : Security Onion 12.04.3 ISO image October 2013 Issue 376 : netsniff-ng: specify ring buffer size Issue 400 : Add option to Advanced Setup to enable netsniff-ng mmap I/O Issue 394 : syslog-ng memory leak Issue 391 : Setup should write log file to /tmp and then copy to /var/log/nsm/sosetup.log when done Issue 377 : Move Argus config to argus.conf so that users can change without modifying NSM scripts Issue 401 : ossec_agent.conf should set DAEMON to 0 Issue 397 : Suricata 1.4.6 Issue 402 : Create sostat-redacted to automatically redact IPv4 addresses from sostat output Issue 387 : Squert 1.1.5 November 2013 Issue 405 : Optimize network buffers Issue 407 : Increase frequency of /etc/cron.d/sensor-clean Issue 419 : Delete Snorby pid file at boot Issue 408 : Add "broctl netstats" to sostat Issue 410 : sostat should display the count of days archived in pcap and Bro logs Issue 417 : sostat - remove $HOSTNAME- Issue 422 : Enhancement: Bro average packet loss in sostat Issue 398 : Snort 2.9.5.5 Issue 423 : Bug in broctl netstats percentage calculation December 2013 Issue 362 : sguil-db-purge - add DAYSTOREPAIR option Issue 395 : Bro 2.2 Issue 426 : Update http_agent for Bro 2.2 Issue 420 : Setup should no longer disable Bro PF_RING since it should work in 2.2 Issue 424 : Setup should write out changes to /etc/network/interfaces and then prompt for reboot Issue 415 : Setup should ask user about DAYSTOKEEP and DAYSTOREPAIR Issue 396 : Setup should give the option of enabling file extraction in Bro Issue 433 : Setup should configure Snorby to pivot from an IP address to ELSA Issue 431 : Update APT1 scripts for Bro 2.2 Issue 350 : Modify Sguil client to allow pivoting directly to ELSA query Issue 346 : New ELSA packages Issue 343 : Add more Bro logs to ELSA Issue 434 : nsm_sensor_ps-start shouldn't call sensor_cleandisk anymore Issue 430 : Update wiki for Bro 2.2 Issue 438 : /etc/cron.d/elsa updates Issue 442 : securityonion-elsa-extras: fix BRO_NOTICE parsers Issue 444 : securityonion-elsa-extras: wrong mysql directory in /etc/elsa_node.conf Issue 436 : sosetup-network: replace ifconfig with iproute2's ip tool Issue 441 : sosetup-network shouldn't stop network-manager Issue 437 : sostat: more detailed interface stats via ip(8) Issue 457 : sostat: add /proc/net/pf_ring/info Issue 458 : sostat: include pf_ring Slots Issue 459 : sostat: netsniff-ng loss output incorrect when running BPF Issue 429 : nsm_server_clear needs latest Squert database updates Issue 451 : nsm_sensor_clean should purge old files in /nsm/bro/extracted Issue 454 : Disabling PADS agent blocks PRADS and results in no SANCP records flowing Issue 439 : /etc/cron.d/sensor-newday updates Issue 440 : BPF JIT addition to /etc/sysctl.d/10-securityonion.conf Issue 435 : Setup should allow you to set PF_RING min_num_slots Issue 446 : Setup should delete /var/lib/sphinxsearch/data/binlog* Issue 452 : Setup phase 2 should populate sniffing interfaces from /etc/network/interfaces