diff --git a/debian/changelog b/debian/changelog index df75664..042c1a6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +securityonion-setup (20120912-0ubuntu0securityonion281) xenial; urgency=medium + + * issues 1397 and 1395 + + -- Doug Burks Wed, 26 Dec 2018 15:11:03 -0500 + securityonion-setup (20120912-0ubuntu0securityonion280) xenial; urgency=medium * fix securityonion_default.jpg filename diff --git a/debian/patches/issues-1397-and-1395 b/debian/patches/issues-1397-and-1395 new file mode 100644 index 0000000..afb3696 --- /dev/null +++ b/debian/patches/issues-1397-and-1395 @@ -0,0 +1,97 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-setup (20120912-0ubuntu0securityonion281) xenial; urgency=medium + . + * issues 1397 and 1395 +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: https://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- securityonion-setup-20120912.orig/bin/sosetup ++++ securityonion-setup-20120912/bin/sosetup +@@ -1328,6 +1328,11 @@ for INTERFACE in $ALL_INTERFACES; do + # Increment the Barnyard2 port number by 100 + let BY2PORT=BY2PORT+100 + ++ # Skip over 9200-9600 as Elasticsearch uses 9200 & 9300 and Logstash uses 9600. ++ if [ "$BY2PORT" == "9200" ]; then ++ let BY2PORT=9700 ++ fi ++ + # Copy our customized snort.conf (and associated files) into place + cp /etc/nsm/templates/snort/attribute_table.dtd /etc/nsm/"$SENSORNAME"/ >> $LOG 2>&1 + cp /etc/nsm/templates/snort/snort.conf /etc/nsm/"$SENSORNAME"/ >> $LOG 2>&1 +--- securityonion-setup-20120912.orig/share/securityonion/sosetup-storage.conf ++++ securityonion-setup-20120912/share/securityonion/sosetup-storage.conf +@@ -42,7 +42,7 @@ DOMAIN='example.com' + # For multiple interfaces, please separate them with spaces. + # For example: + # SNIFFING_INTERFACES='ens34 ens35' +-SNIFFING_INTERFACES='ens34' ++SNIFFING_INTERFACES='' + + ################################ + # Master Server +@@ -139,7 +139,7 @@ SALT='yes' + # SENSOR=1 + # If set to 0, then this box will not run sensor components: + # SENSOR=0 +-SENSOR=0 ++SENSOR=1 + + ################################ + # Enable/disable sensor services +@@ -149,31 +149,31 @@ SENSOR=0 + + # BRO_ENABLED + # Do you want to run Bro? yes/no +-BRO_ENABLED='yes' ++BRO_ENABLED='no' + + # IDS_ENGINE_ENABLED + # Do you want to run an IDS engine (Snort/Suricata)? yes/no +-IDS_ENGINE_ENABLED='yes' ++IDS_ENGINE_ENABLED='no' + + # SNORT_AGENT_ENABLED + # Do you want to run the Snort agent? yes/no + # The Snort agent sends Snort IDS alerts to the Sguil database. +-SNORT_AGENT_ENABLED='yes' ++SNORT_AGENT_ENABLED='no' + + # BARNYARD2_ENABLED + # Do you want to run Barnyard2? yes/no + # Barnyard2 sends IDS alerts from Snort/Suricata to + # Sguil's Snort agent and syslog (ELSA). +-BARNYARD2_ENABLED='yes' ++BARNYARD2_ENABLED='no' + + # PCAP_ENABLED + # Do you want to run full packet capture? yes/no +-PCAP_ENABLED='yes' ++PCAP_ENABLED='no' + + # PCAP_AGENT_ENABLED + # Do you want to run Sguil's pcap_agent? yes/no + # The pcap_agent allows Sguil to access the pcap store. +-PCAP_AGENT_ENABLED='yes' ++PCAP_AGENT_ENABLED='no' + + # PRADS_ENABLED + # Do you want to run Prads? yes/no diff --git a/debian/patches/series b/debian/patches/series index bb5c12c..031ace1 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -266,3 +266,4 @@ allowing-an-OSSEC-agent-should-allow-both-UDP-and-TCP-traffic-#1330 Setup:-ensure-Apache-SSO-config-is-enabled-#1355 issues-1368-1377-1378-1382 fix-securityonion_default.jpg-filename +issues-1397-and-1395 diff --git a/share/securityonion/sosetup-storage.conf b/share/securityonion/sosetup-storage.conf index f3a7aa1..f67c3a0 100644 --- a/share/securityonion/sosetup-storage.conf +++ b/share/securityonion/sosetup-storage.conf @@ -42,7 +42,7 @@ DOMAIN='example.com' # For multiple interfaces, please separate them with spaces. # For example: # SNIFFING_INTERFACES='ens34 ens35' -SNIFFING_INTERFACES='ens34' +SNIFFING_INTERFACES='' ################################ # Master Server @@ -139,7 +139,7 @@ SALT='yes' # SENSOR=1 # If set to 0, then this box will not run sensor components: # SENSOR=0 -SENSOR=0 +SENSOR=1 ################################ # Enable/disable sensor services @@ -149,31 +149,31 @@ SENSOR=0 # BRO_ENABLED # Do you want to run Bro? yes/no -BRO_ENABLED='yes' +BRO_ENABLED='no' # IDS_ENGINE_ENABLED # Do you want to run an IDS engine (Snort/Suricata)? yes/no -IDS_ENGINE_ENABLED='yes' +IDS_ENGINE_ENABLED='no' # SNORT_AGENT_ENABLED # Do you want to run the Snort agent? yes/no # The Snort agent sends Snort IDS alerts to the Sguil database. -SNORT_AGENT_ENABLED='yes' +SNORT_AGENT_ENABLED='no' # BARNYARD2_ENABLED # Do you want to run Barnyard2? yes/no # Barnyard2 sends IDS alerts from Snort/Suricata to # Sguil's Snort agent and syslog (ELSA). -BARNYARD2_ENABLED='yes' +BARNYARD2_ENABLED='no' # PCAP_ENABLED # Do you want to run full packet capture? yes/no -PCAP_ENABLED='yes' +PCAP_ENABLED='no' # PCAP_AGENT_ENABLED # Do you want to run Sguil's pcap_agent? yes/no # The pcap_agent allows Sguil to access the pcap store. -PCAP_AGENT_ENABLED='yes' +PCAP_AGENT_ENABLED='no' # PRADS_ENABLED # Do you want to run Prads? yes/no