Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Snort 2.9.15.0 #1573

Closed
dougburks opened this issue Jul 18, 2019 · 6 comments
Assignees
Projects

Comments

@dougburks dougburks self-assigned this Jul 18, 2019
@dougburks

This comment has been minimized.

Copy link
Contributor Author

@dougburks dougburks commented Jul 25, 2019

Snort 2.9.14.0 has been temporarily removed from the website:
https://blog.snort.org/2019/07/snort-29140-has-been-temporarily.html

@dougburks dougburks changed the title Snort 2.9.14.0 Snort 2.9.14.1 Jul 25, 2019
@dougburks

This comment has been minimized.

Copy link
Contributor Author

@dougburks dougburks commented Aug 2, 2019

@dougburks dougburks added this to To do in 16.04.6.3 via automation Sep 12, 2019
@dougburks dougburks changed the title Snort 2.9.14.1 Snort 2.9.15.0 Oct 10, 2019
@dougburks

This comment has been minimized.

Copy link
Contributor Author

@dougburks dougburks commented Oct 10, 2019

@dougburks dougburks moved this from To do to In Testing in 16.04.6.3 Oct 22, 2019
@dougburks

This comment has been minimized.

Copy link
Contributor Author

@dougburks dougburks commented Oct 22, 2019

I've packaged Snort 2.9.15.0 and the following package is now available at ppa:securityonion/test:

securityonion-snort - 2.9.15.0-1ubuntu1securityonion1

Please test as follows:

  • install the latest ISO image in a VM, but do not run Setup yet

  • if possible, create a snapshot of the VM

  • run Setup in Evaluation mode (Snort with Emerging Threats ruleset)

  • add the test PPA:

sudo add-apt-repository -y ppa:securityonion/test
  • install updates:
sudo soup
  • the Snort package should back up your existing snort.conf,
    migrate your HOME_NET and EXTERNAL_NET variables, and tell you that
    you need to run sudo rule-update

  • verify that your snort.conf has been updated and shows:

VERSIONS : 2.9.15
  • verify the new Snort version number:
snort -V
  • Update your rules using PulledPork:
sudo rule-update
  • Verify that PulledPork downloaded rules properly

  • Create some traffic:

sudo so-test
  • Verify that Snort is generating alerts properly in Sguil, Squert, and Kibana

  • Increase Snort instances:

sudo so-sensor-stop
#increase IDS_LB_PROCS in /etc/nsm/HOSTNAME-INTERFACE/sensor.conf
sudo so-sensor-start
sudo so-test
  • Verify that Snort is generating alerts and load-balancing traffic via PF_RING

  • check sostat output for anything out of the ordinary (specifically, check the pf_ring and Snort sections for packet loss)

  • reboot and make sure everything still works properly

  • Re-run Setup and verify that Snort and PulledPork work properly on new installations

  • check log files for errors or anything else out of the ordinary

  • verify no regressions

  • anything else we missed?

Thanks in advance for your time and effort!

@weslambert

This comment has been minimized.

Copy link
Collaborator

@weslambert weslambert commented Oct 25, 2019

No issues found during my testing. 👍

@dougburks dougburks moved this from In Testing to Tested in 16.04.6.3 Oct 27, 2019
@dougburks

This comment has been minimized.

@dougburks dougburks closed this Oct 28, 2019
16.04.6.3 automation moved this from Tested to Done Oct 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
16.04.6.3
  
Done
2 participants
You can’t perform that action at this time.