Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Optional PADS or PRADS #109

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 10 comments
Closed

Optional PADS or PRADS #109

GoogleCodeExporter opened this issue Mar 24, 2015 · 10 comments

Comments

@GoogleCodeExporter
Copy link

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

I would like to see PADS/PRADS (as an option e.g. checkbox)in the securityonion 
package


http://www.gamelinux.org/?p=83
http://gamelinux.github.com/prads/

Original issue reported on code.google.com by karolis....@gmail.com on 12 Jun 2011 at 9:31

@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

I have integrated PADS into SO

1. download/upload script to SO box
2. sudo su
3. chmod +x ./pads_integration_into_SO.sh
4. run script ./pads_integration_into_SO.sh
5. install sensor (run setup from desktop)

script also solves http://code.google.com/p/security-onion/issues/detail?id=115

Karolis

Original comment by karolis....@gmail.com on 28 Dec 2011 at 1:41

  • Added labels: ****
  • Removed labels: ****

Attachments:

@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Thanks, Karolis!  Working on this now.

Original comment by doug.bu...@gmail.com on 28 Dec 2011 at 4:58

  • Changed state: Accepted
  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

[deleted comment]
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Integrated changes from Karolis.  Nice work, Karolis!  Thanks again!

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:41

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Packaged pads using checkinstall.

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:41

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Existing sensors doing an in-place upgrade need template files so I created 
them in /etc/pads and created new package pads-config:
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-pads-config -v 20111229 /etc/pads/pads_agent.conf 
/etc/pads/pads.conf.securityonion

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:41

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Created new nsm package:
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-nsmnow-admin-scripts -v 20111229 /etc/init.d/nsm* 
/usr/share/nsmnow/ /usr/local/sbin/nsm* /usr/local/lib/nsmnow/ 
/etc/cron.d/sensor-* /etc/cron.d/nsm* /etc/init/securityonion.conf

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:41

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Packaged pads_agent.tcl:
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-pads-agent -v 20111229 /usr/local/bin/pads_agent.tcl

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:43

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Added the following to security-onion-upgrade.sh:

sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20111228" ]; then
        NEW="20111229"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

    echo "* Removing old PADS"              | $LOGGER
    apt-get -y remove pads >/dev/null

    echo "* Installing new PADS"                | $LOGGER
    FILE=securityonion-pads_"$NEW"-1_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing PADS_agent.tcl"          | $LOGGER
    FILE=securityonion-pads-agent_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing PADS template files"         | $LOGGER
    FILE=securityonion-pads-config_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing new NSM scripts"         | $LOGGER
    FILE=securityonion-nsmnow-admin-scripts_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER
    service cron restart

        # Update any sensors with the new config files
        awk '{print $1}' /etc/nsm/sensortab |grep -v "#" |while read SENSOR
        do
                echo "* Updating $SENSOR with new config files for PADS" | $LOGGER
        cp /etc/pads/pads_agent.conf /etc/nsm/$SENSOR/  | $LOGGER
        cp /etc/pads/pads.conf.securityonion /etc/nsm/$SENSOR/pads.conf | $LOGGER
                SERVER_HOST=`grep SERVER_HOST /etc/nsm/$SENSOR/snort_agent.conf |awk '{print $3}'`
        INTERFACE=`grep $SENSOR /etc/nsm/sensortab |awk '{print $4}'`
                sed -i "s|YOUR_SERVER_HOST|$SERVER_HOST|g" /etc/nsm/$SENSOR/pads_agent.conf | $LOGGER
                sed -i "s|YOUR_HOSTNAME|$SENSOR|g" /etc/nsm/$SENSOR/pads_agent.conf | $LOGGER
                sed -i "s|YOUR_NET_GROUP|$SENSOR|g" /etc/nsm/$SENSOR/pads_agent.conf | $LOGGER
                sed -i "s|YOUR_LOG_DIR|/nsm/sensor_data/$SENSOR|g" /etc/nsm/$SENSOR/pads_agent.conf | $LOGGER
                sed -i "s|YOUR_LOG_DIR|/nsm/sensor_data/$SENSOR|g" /etc/nsm/$SENSOR/pads.conf | $LOGGER
                sed -i "s|YOUR_INTERFACE|$INTERFACE|g" /etc/nsm/$SENSOR/pads.conf | $LOGGER
        echo "PADS_CONFIG=\"/etc/nsm/$SENSOR/pads.conf\"" >> /etc/nsm/$SENSOR/sensor.conf
        echo "PADS_AGENT_CONFIG=\"/etc/nsm/$SENSOR/pads_agent.conf\"" >> /etc/nsm/$SENSOR/sensor.conf
        done
    nsm_sensor_ps-start --only-pads
    nsm_sensor_ps-start --only-pads-agent

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:44

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Published:
http://securityonion.blogspot.com/2011/12/security-onion-20111229-now-available.
html

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 1:11

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.