This repository has been archived by the owner on Apr 19, 2021. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
Showing
4 changed files
with
112 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
Description: <short summary of the patch> | ||
TODO: Put a short summary on the line above and replace this paragraph | ||
with a longer explanation of this change. Complete the meta-information | ||
with other relevant fields (see below for details). To make it easier, the | ||
information below has been extracted from the changelog. Adjust it or drop | ||
it. | ||
. | ||
securityonion-setup (20120912-0ubuntu0securityonion281) xenial; urgency=medium | ||
. | ||
* issues 1397 and 1395 | ||
Author: Doug Burks <doug.burks@gmail.com> | ||
|
||
--- | ||
The information above should follow the Patch Tagging Guidelines, please | ||
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here | ||
are templates for supplementary fields that you might want to add: | ||
|
||
Origin: <vendor|upstream|other>, <url of original patch> | ||
Bug: <url in upstream bugtracker> | ||
Bug-Debian: https://bugs.debian.org/<bugnumber> | ||
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber> | ||
Forwarded: <no|not-needed|url proving that it has been forwarded> | ||
Reviewed-By: <name and email of someone who approved the patch> | ||
Last-Update: <YYYY-MM-DD> | ||
|
||
--- securityonion-setup-20120912.orig/bin/sosetup | ||
+++ securityonion-setup-20120912/bin/sosetup | ||
@@ -1328,6 +1328,11 @@ for INTERFACE in $ALL_INTERFACES; do | ||
# Increment the Barnyard2 port number by 100 | ||
let BY2PORT=BY2PORT+100 | ||
|
||
+ # Skip over 9200-9600 as Elasticsearch uses 9200 & 9300 and Logstash uses 9600. | ||
+ if [ "$BY2PORT" == "9200" ]; then | ||
+ let BY2PORT=9700 | ||
+ fi | ||
+ | ||
# Copy our customized snort.conf (and associated files) into place | ||
cp /etc/nsm/templates/snort/attribute_table.dtd /etc/nsm/"$SENSORNAME"/ >> $LOG 2>&1 | ||
cp /etc/nsm/templates/snort/snort.conf /etc/nsm/"$SENSORNAME"/ >> $LOG 2>&1 | ||
--- securityonion-setup-20120912.orig/share/securityonion/sosetup-storage.conf | ||
+++ securityonion-setup-20120912/share/securityonion/sosetup-storage.conf | ||
@@ -42,7 +42,7 @@ DOMAIN='example.com' | ||
# For multiple interfaces, please separate them with spaces. | ||
# For example: | ||
# SNIFFING_INTERFACES='ens34 ens35' | ||
-SNIFFING_INTERFACES='ens34' | ||
+SNIFFING_INTERFACES='' | ||
|
||
################################ | ||
# Master Server | ||
@@ -139,7 +139,7 @@ SALT='yes' | ||
# SENSOR=1 | ||
# If set to 0, then this box will not run sensor components: | ||
# SENSOR=0 | ||
-SENSOR=0 | ||
+SENSOR=1 | ||
|
||
################################ | ||
# Enable/disable sensor services | ||
@@ -149,31 +149,31 @@ SENSOR=0 | ||
|
||
# BRO_ENABLED | ||
# Do you want to run Bro? yes/no | ||
-BRO_ENABLED='yes' | ||
+BRO_ENABLED='no' | ||
|
||
# IDS_ENGINE_ENABLED | ||
# Do you want to run an IDS engine (Snort/Suricata)? yes/no | ||
-IDS_ENGINE_ENABLED='yes' | ||
+IDS_ENGINE_ENABLED='no' | ||
|
||
# SNORT_AGENT_ENABLED | ||
# Do you want to run the Snort agent? yes/no | ||
# The Snort agent sends Snort IDS alerts to the Sguil database. | ||
-SNORT_AGENT_ENABLED='yes' | ||
+SNORT_AGENT_ENABLED='no' | ||
|
||
# BARNYARD2_ENABLED | ||
# Do you want to run Barnyard2? yes/no | ||
# Barnyard2 sends IDS alerts from Snort/Suricata to | ||
# Sguil's Snort agent and syslog (ELSA). | ||
-BARNYARD2_ENABLED='yes' | ||
+BARNYARD2_ENABLED='no' | ||
|
||
# PCAP_ENABLED | ||
# Do you want to run full packet capture? yes/no | ||
-PCAP_ENABLED='yes' | ||
+PCAP_ENABLED='no' | ||
|
||
# PCAP_AGENT_ENABLED | ||
# Do you want to run Sguil's pcap_agent? yes/no | ||
# The pcap_agent allows Sguil to access the pcap store. | ||
-PCAP_AGENT_ENABLED='yes' | ||
+PCAP_AGENT_ENABLED='no' | ||
|
||
# PRADS_ENABLED | ||
# Do you want to run Prads? yes/no |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters