Security-Onion-Solutions/security-onion#1395

debian/changelog

@@ -1,3 +1,9 @@
+securityonion-setup (20120912-0ubuntu0securityonion281) xenial; urgency=medium
+
+  * issues 1397 and 1395 
+
+ -- Doug Burks <doug.burks@gmail.com>  Wed, 26 Dec 2018 15:11:03 -0500
+
 securityonion-setup (20120912-0ubuntu0securityonion280) xenial; urgency=medium
 
   * fix securityonion_default.jpg filename 

debian/patches/issues-1397-and-1395

@@ -0,0 +1,97 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-setup (20120912-0ubuntu0securityonion281) xenial; urgency=medium
+ .
+   * issues 1397 and 1395
+Author: Doug Burks <doug.burks@gmail.com>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-setup-20120912.orig/bin/sosetup
++++ securityonion-setup-20120912/bin/sosetup
+@@ -1328,6 +1328,11 @@ for INTERFACE in $ALL_INTERFACES; do
+ 	# Increment the Barnyard2 port number by 100
+ 	let BY2PORT=BY2PORT+100
+
++	# Skip over 9200-9600 as Elasticsearch uses 9200 & 9300 and Logstash uses 9600.
++	if [ "$BY2PORT" == "9200" ]; then
++		let BY2PORT=9700
++	fi
++
+         # Copy our customized snort.conf (and associated files) into place
+         cp /etc/nsm/templates/snort/attribute_table.dtd /etc/nsm/"$SENSORNAME"/ >> $LOG 2>&1
+         cp /etc/nsm/templates/snort/snort.conf /etc/nsm/"$SENSORNAME"/ >> $LOG 2>&1
+--- securityonion-setup-20120912.orig/share/securityonion/sosetup-storage.conf
++++ securityonion-setup-20120912/share/securityonion/sosetup-storage.conf
+@@ -42,7 +42,7 @@ DOMAIN='example.com'
+ # For multiple interfaces, please separate them with spaces.
+ # For example:
+ # SNIFFING_INTERFACES='ens34 ens35'
+-SNIFFING_INTERFACES='ens34'
++SNIFFING_INTERFACES=''
+
+ ################################
+ # Master Server
+@@ -139,7 +139,7 @@ SALT='yes'
+ # SENSOR=1
+ # If set to 0, then this box will not run sensor components:
+ # SENSOR=0
+-SENSOR=0
++SENSOR=1
+
+ ################################
+ # Enable/disable sensor services
+@@ -149,31 +149,31 @@ SENSOR=0
+
+ # BRO_ENABLED
+ # Do you want to run Bro?  yes/no
+-BRO_ENABLED='yes'
++BRO_ENABLED='no'
+
+ # IDS_ENGINE_ENABLED
+ # Do you want to run an IDS engine (Snort/Suricata)?  yes/no
+-IDS_ENGINE_ENABLED='yes'
++IDS_ENGINE_ENABLED='no'
+
+ # SNORT_AGENT_ENABLED
+ # Do you want to run the Snort agent?  yes/no
+ # The Snort agent sends Snort IDS alerts to the Sguil database.
+-SNORT_AGENT_ENABLED='yes'
++SNORT_AGENT_ENABLED='no'
+
+ # BARNYARD2_ENABLED
+ # Do you want to run Barnyard2?  yes/no
+ # Barnyard2 sends IDS alerts from Snort/Suricata to
+ # Sguil's Snort agent and syslog (ELSA).
+-BARNYARD2_ENABLED='yes'
++BARNYARD2_ENABLED='no'
+
+ # PCAP_ENABLED
+ # Do you want to run full packet capture?  yes/no
+-PCAP_ENABLED='yes'
++PCAP_ENABLED='no'
+
+ # PCAP_AGENT_ENABLED
+ # Do you want to run Sguil's pcap_agent?  yes/no
+ # The pcap_agent allows Sguil to access the pcap store.
+-PCAP_AGENT_ENABLED='yes'
++PCAP_AGENT_ENABLED='no'
+
+ # PRADS_ENABLED
+ # Do you want to run Prads?  yes/no

debian/patches/series

@@ -266,3 +266,4 @@ allowing-an-OSSEC-agent-should-allow-both-UDP-and-TCP-traffic-#1330
 Setup:-ensure-Apache-SSO-config-is-enabled-#1355
 issues-1368-1377-1378-1382
 fix-securityonion_default.jpg-filename
+issues-1397-and-1395

share/securityonion/sosetup-storage.conf

@@ -42,7 +42,7 @@ DOMAIN='example.com'
 # For multiple interfaces, please separate them with spaces.
 # For example:
 # SNIFFING_INTERFACES='ens34 ens35'
-SNIFFING_INTERFACES='ens34'
+SNIFFING_INTERFACES=''
 
 ################################
 # Master Server
@@ -139,7 +139,7 @@ SALT='yes'
 # SENSOR=1
 # If set to 0, then this box will not run sensor components:
 # SENSOR=0
-SENSOR=0
+SENSOR=1
 
 ################################
 # Enable/disable sensor services
@@ -149,31 +149,31 @@ SENSOR=0
 
 # BRO_ENABLED
 # Do you want to run Bro?  yes/no
-BRO_ENABLED='yes'
+BRO_ENABLED='no'
 
 # IDS_ENGINE_ENABLED
 # Do you want to run an IDS engine (Snort/Suricata)?  yes/no
-IDS_ENGINE_ENABLED='yes'
+IDS_ENGINE_ENABLED='no'
 
 # SNORT_AGENT_ENABLED
 # Do you want to run the Snort agent?  yes/no
 # The Snort agent sends Snort IDS alerts to the Sguil database.
-SNORT_AGENT_ENABLED='yes'
+SNORT_AGENT_ENABLED='no'
 
 # BARNYARD2_ENABLED
 # Do you want to run Barnyard2?  yes/no
 # Barnyard2 sends IDS alerts from Snort/Suricata to
 # Sguil's Snort agent and syslog (ELSA).
-BARNYARD2_ENABLED='yes'
+BARNYARD2_ENABLED='no'
 
 # PCAP_ENABLED
 # Do you want to run full packet capture?  yes/no
-PCAP_ENABLED='yes'
+PCAP_ENABLED='no'
 
 # PCAP_AGENT_ENABLED
 # Do you want to run Sguil's pcap_agent?  yes/no
 # The pcap_agent allows Sguil to access the pcap store.
-PCAP_AGENT_ENABLED='yes'
+PCAP_AGENT_ENABLED='no'
 
 # PRADS_ENABLED
 # Do you want to run Prads?  yes/no