Doug Burks edited this page Mar 25, 2015 · 5 revisions

January 2013
Issue 285 : Fix pkill bug in Setup script
Issue 286 : Update Snorby to 2.5.4
Issue 288 : Fix bugs in Setup script when selecting Server-Only
Issue 293 : Update Snorby to 2.5.6
February 2013
Issue 292 : cronjob to reload syslog-ng at midnight
Issue 295 : Increase sleep value in /etc/init/securityonion.conf
Issue 296 : Run snort as non-root user
Issue 297 : Run snort/suricata with unique PF_RING cluster-id per interface
March 2013
Issue 302 : PF_RING 5.5.2
Issue 301 : sosetup bug in /etc/network/interfaces config when configuring server-only (no sniffing interfaces)
Issue 305 : /etc/init/securityonion.conf should only sleep at boot and not during Setup
Issue 306 : Consolidate two sleeps in /etc/init/securityonion.conf into one that runs regardless of server/sensor
Issue 309 : Update PRADS
Issue 308 : Suricata 1.4.1
Issue 188 : NSM watchdog should also check/restart sguild
April 2013
Issue 269 : Update Snort to 2.9.4.1
Issue 175 : Add SCADA variables to snort.conf for ETPRO ruleset
Issue 310 : Update netsniff-ng
Issue 320 : Update NSM scripts so that nsm_sensor_ps-restart includes $PCAP_OPTIONS
Issue 311 : Update NSM scripts to run netsniff-ng as non-root user
Issue 318 : Update NSM scripts to force netsniff-ng to write to proper directory
Issue 303 : Update NSM scripts so that sensor_cleandisk looks for unified2 files in proper directories
May 2013
Issue 298 : Build new sphinx package with --enable-id64 compile-time option
Issue 324 : sphinx should check for proper permissions before starting
Issue 299 : sphinx.conf - swap "3307" with "9312"
Issue 289 : ELSA - include YUI library
Issue 290 : Update ELSA to 713
Issue 300 : /etc/elsa_web.conf needs 127.0.0.1 to have ports defined as well
Issue 317 : Setup should disable Bro's PF_RING config when monitoring multiple NICs
Issue 332 : Update pcap samples
Issue 319 : Snort 2.9.4.6
Issue 321 : Snorby 2.6.2
Issue 334 : Sguil agents intermittently failing to reconnect to sguild
Issue 335 : Enabling ELSA should configure OSSEC to send alerts to local syslog
Issue 333 : PF_RING 5.5.3
Issue 337 : Suricata 1.4.2
June 2013
Issue 339 : PF_RING 5.5.4 pf_ring.c from svn
Issue 316 : Security Onion 12.04.1 ISO image
Issue 340 : rule-update needs to copy /usr/local/lib/snort_dynamicrules/
Issue 355 : Add "Copy IP Address" to Sguil client's right-click context menu
Issue 342 : Allow more granular rule tuning (per physical sensor)
Issue 325 : rule-update needs to check for privileges
Issue 326 : rule-update needs to check for /etc/nsm/rules/backup/
Issue 349 : rule-update needs to copy OSSEC local_rules.xml from master to sensor
Issue 353 : rule-update should remove unneeded messages from PulledPork? output
July 2013
Issue 341 : nsm_sensor_ps-start needs "sleep 5s" between netsniff-ng and pcap_agent
Issue 314 : Update NSM scripts so that netsniff-ng pcap size is configurable by user
Issue 354 : Suricata 1.4.3
Issue 315 : Update NSM scripts so that WARN_DISK_USAGE and CRIT_DISK_USAGE are configurable by user
Issue 358 : Update Setup so that Advanced Setup asks about CRIT_DISK_USAGE
Issue 359 : nsm_server_ps-restart --if-stale leaves orphaned sguild processes
Issue 348 : Update CapME with a new option to query Bro conn.log via ELSA
Issue 312 : Update NSM scripts to allow $SERVICE=yes/no in securityonion.conf and/or sensor.conf
Issue 313 : Update Setup so that Advanced Setup asks about enabling/disabling individual services
Issue 268 : Update NSM scripts so that OSSEC and Bro sections respect --sensor-name option
Issue 351 : Update /etc/init/securityonion.conf to start Xplico (controlled by user in /etc/nsm/securityonion.conf)
Issue 347 : New Sguil client transcript option to run through tcpudpflow.bro
Issue 367 : CapMe? should use the new Bro transcript option
Issue 344 : Security Onion 12.04.2 ISO image
August 2013
Issue 368 : /usr/bin/rule-update should check for "Suricata"
Issue 372 : NetworkMiner? 1.5
Issue 365 : CapMe? color coding
Issue 364 : Remove "after 1000" from CapMe?'s cliscript.tcl
Issue 370 : soup: a script to handle Ubuntu/SO updates properly (mysql-server and pfring)
Issue 323 : Create sguild-passwd-user script
Issue 363 : netsniff-ng: log and print statistics
Issue 375 : Update CapMe? so that the user can choose between tcpflow and Bro for transcript rendering
Issue 374 : Update hostname.bro and interface.bro
Issue 366 : Setup doesn't need to prompt if there is no Internet connection
Issue 381 : Update Setup so that if no Internet access, run pulledpork -n
Issue 373 : Setup doesn't correctly configure VRT+ETNOGPL
Issue 371 : sosetup-network should require the user to choose static/DHCP for management interface
Issue 380 : Update securityonion-et-rules package and include tarball
Issue 240 : Squert 1.1
September 2013
Issue 384 : PF_RING 5.6.1
Issue 357 : Snort 2.9.5.3
Issue 360 : Suricata 1.4.5
Issue 386 : Initial integration of onionsalt configuration management
Issue 345 : Security Onion 12.04.3 ISO image
October 2013
Issue 376 : netsniff-ng: specify ring buffer size
Issue 400 : Add option to Advanced Setup to enable netsniff-ng mmap I/O
Issue 394 : syslog-ng memory leak
Issue 391 : Setup should write log file to /tmp and then copy to /var/log/nsm/sosetup.log when done
Issue 377 : Move Argus config to argus.conf so that users can change without modifying NSM scripts
Issue 401 : ossec_agent.conf should set DAEMON to 0
Issue 397 : Suricata 1.4.6
Issue 402 : Create sostat-redacted to automatically redact IPv4 addresses from sostat output
Issue 387 : Squert 1.1.5
November 2013
Issue 405 : Optimize network buffers
Issue 407 : Increase frequency of /etc/cron.d/sensor-clean
Issue 419 : Delete Snorby pid file at boot
Issue 408 : Add "broctl netstats" to sostat
Issue 410 : sostat should display the count of days archived in pcap and Bro logs
Issue 417 : sostat - remove $HOSTNAME-
Issue 422 : Enhancement: Bro average packet loss in sostat
Issue 398 : Snort 2.9.5.5
Issue 423 : Bug in broctl netstats percentage calculation
December 2013
Issue 362 : sguil-db-purge - add DAYSTOREPAIR option
Issue 395 : Bro 2.2
Issue 426 : Update http_agent for Bro 2.2
Issue 420 : Setup should no longer disable Bro PF_RING since it should work in 2.2
Issue 424 : Setup should write out changes to /etc/network/interfaces and then prompt for reboot
Issue 415 : Setup should ask user about DAYSTOKEEP and DAYSTOREPAIR
Issue 396 : Setup should give the option of enabling file extraction in Bro
Issue 433 : Setup should configure Snorby to pivot from an IP address to ELSA
Issue 431 : Update APT1 scripts for Bro 2.2
Issue 350 : Modify Sguil client to allow pivoting directly to ELSA query
Issue 346 : New ELSA packages
Issue 343 : Add more Bro logs to ELSA
Issue 434 : nsm_sensor_ps-start shouldn't call sensor_cleandisk anymore
Issue 430 : Update wiki for Bro 2.2
Issue 438 : /etc/cron.d/elsa updates
Issue 442 : securityonion-elsa-extras: fix BRO_NOTICE parsers
Issue 444 : securityonion-elsa-extras: wrong mysql directory in /etc/elsa_node.conf
Issue 436 : sosetup-network: replace ifconfig with iproute2's ip tool
Issue 441 : sosetup-network shouldn't stop network-manager
Issue 437 : sostat: more detailed interface stats via ip(8)
Issue 457 : sostat: add /proc/net/pf_ring/info
Issue 458 : sostat: include pf_ring Slots
Issue 459 : sostat: netsniff-ng loss output incorrect when running BPF
Issue 429 : nsm_server_clear needs latest Squert database updates
Issue 451 : nsm_sensor_clean should purge old files in /nsm/bro/extracted
Issue 454 : Disabling PADS agent blocks PRADS and results in no SANCP records flowing
Issue 439 : /etc/cron.d/sensor-newday updates
Issue 440 : BPF JIT addition to /etc/sysctl.d/10-securityonion.conf
Issue 435 : Setup should allow you to set PF_RING min_num_slots
Issue 446 : Setup should delete /var/lib/sphinxsearch/data/binlog*
Issue 452 : Setup phase 2 should populate sniffing interfaces from /etc/network/interfaces

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.