New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade Suricata to 1.1 #134

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 4 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
Copy link

GoogleCodeExporter commented Mar 24, 2015

https://redmine.openinfosecfoundation.org/projects/suricata/roadmap

OISF is targetting a release date of 11/10

Original issue reported on code.google.com by doug.bu...@gmail.com on 23 Oct 2011 at 3:18

@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

[deleted comment]
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

[deleted comment]
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

Created securityonion-suricata_1.1-1_i386.deb as follows:
Downloaded tarball
tar zxvf $tarball
cd $dir
./configure --enable-af-packet --disable-gccmarch-native
make
sudo checkinstall

Created securityonion-suricata-config_20111127_i386.deb as follows:
Copy config files to /etc/suricata:
cp *.config /etc/suricata/
cp suricata.yaml /etc/suricata/
Modify suricata.yaml:
 - remove all rules files and replace with downloaded and local
  # alert output for use with Barnyard2
  - unified2-alert:
      enabled: yes
      filename: snort.unified2
/var/lib/gems/1.8/bin/fpm -s dir -t deb -n securityonion-suricata-config -v 
20111127 /etc/suricata/

Created securityonion-suricata-rules_20111127_i386.deb as follows:
Copied decoder-events.rules and stream-events.rules to /etc/nsm/rules/
/var/lib/gems/1.8/bin/fpm -s dir -t deb -n securityonion-suricata-rules -v 
20111127 /etc/nsm/rules/decoder-events.rules /etc/nsm/rules/stream-events.rules

Created securityonion-nsmnow-admin-scripts_20111127_i386.deb as follows:
Changed /usr/local/sbin/nsm_sensor_ps-start and 
/usr/local/sbin/nsm_sensor_ps-restart as follows:
suricata" "--user $SENSOR_USER --group $SENSOR_GROUP -c 
/etc/nsm/$SENSOR/suricata.yaml --af-packet=$SENSOR_INTERFACE_SHORT -l 
$SENSOR_LOG_DIR
/var/lib/gems/1.8/bin/fpm -s dir -t deb -n securityonion-nsmnow-admin-scripts 
-v 20111127 /etc/init.d/nsm* /usr/share/nsmnow/ /usr/local/sbin/nsm* 
/usr/local/lib/nsmnow/ /etc/cron.d/sensor-newday

Also see:
http://code.google.com/p/security-onion/issues/detail?id=153

Added the following to security-onion-upgrade.sh:
sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20111118" ]; then
    NEW="20111127"
    echo "**********************************************"   | $LOGGER
    echo "* Upgrading from $VERSION to $NEW."       | $LOGGER
    echo "**********************************************"   | $LOGGER
    DIR="/nsm/backup/$NEW"
    mkdir -p $DIR                       | $LOGGER
    cd $DIR

    echo "* Installing new Suricata"            | $LOGGER
    FILE=securityonion-suricata_1.1-1_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing new Suricata config"         | $LOGGER
    FILE=securityonion-suricata-config_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing new Suricata rules"          | $LOGGER
    FILE=securityonion-suricata-rules_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing new NSM scripts"         | $LOGGER
    FILE=securityonion-nsmnow-admin-scripts_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing PulledPork fix"          | $LOGGER
    FILE=securityonion-pulledpork_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER
    sed -i 's|local_rules=/etc/nsm/rules/local.rules|local_rules=/etc/nsm/rules/local.rules,/et
c/nsm/rules/decoder-events.rules,/etc/nsm/rules/stream-events.rules|g' 
/etc/pulledpork/pulledpork.c
onf

    echo "* Copying suricata.yaml to sensor directories"    | $LOGGER
    grep -v "^#" /etc/nsm/sensortab |awk '{print $1}' |while read SENSOR
    do 
        mkdir -p $DIR/"$SENSOR"/
        cp /etc/nsm/"$SENSOR"/suricata.yaml $DIR/"$SENSOR"/
        cp /etc/suricata/suricata.yaml /etc/nsm/"$SENSOR"/
    done

    if grep -i "suricata" /etc/nsm/securityonion.conf >/dev/null
    then
        nsm_sensor_ps-restart --only-snort-alert    | $LOGGER
    fi

    sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF    | $LOGGER
        echo "* Upgrade to $NEW complete."          | $LOGGER
    echo 
fi

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 1:30

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

Published:
http://securityonion.blogspot.com/2011/11/security-onion-20111127-now-available.
html

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 2:47

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment