Skip to content
This repository has been archived by the owner. It is now read-only.

Upgrade Suricata to 1.1 #134

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 4 comments
Closed

Upgrade Suricata to 1.1 #134

GoogleCodeExporter opened this issue Mar 24, 2015 · 4 comments

Comments

@GoogleCodeExporter
Copy link

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

https://redmine.openinfosecfoundation.org/projects/suricata/roadmap

OISF is targetting a release date of 11/10

Original issue reported on code.google.com by doug.bu...@gmail.com on 23 Oct 2011 at 3:18

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

[deleted comment]

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

[deleted comment]

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Created securityonion-suricata_1.1-1_i386.deb as follows:
Downloaded tarball
tar zxvf $tarball
cd $dir
./configure --enable-af-packet --disable-gccmarch-native
make
sudo checkinstall

Created securityonion-suricata-config_20111127_i386.deb as follows:
Copy config files to /etc/suricata:
cp *.config /etc/suricata/
cp suricata.yaml /etc/suricata/
Modify suricata.yaml:
 - remove all rules files and replace with downloaded and local
  # alert output for use with Barnyard2
  - unified2-alert:
      enabled: yes
      filename: snort.unified2
/var/lib/gems/1.8/bin/fpm -s dir -t deb -n securityonion-suricata-config -v 
20111127 /etc/suricata/

Created securityonion-suricata-rules_20111127_i386.deb as follows:
Copied decoder-events.rules and stream-events.rules to /etc/nsm/rules/
/var/lib/gems/1.8/bin/fpm -s dir -t deb -n securityonion-suricata-rules -v 
20111127 /etc/nsm/rules/decoder-events.rules /etc/nsm/rules/stream-events.rules

Created securityonion-nsmnow-admin-scripts_20111127_i386.deb as follows:
Changed /usr/local/sbin/nsm_sensor_ps-start and 
/usr/local/sbin/nsm_sensor_ps-restart as follows:
suricata" "--user $SENSOR_USER --group $SENSOR_GROUP -c 
/etc/nsm/$SENSOR/suricata.yaml --af-packet=$SENSOR_INTERFACE_SHORT -l 
$SENSOR_LOG_DIR
/var/lib/gems/1.8/bin/fpm -s dir -t deb -n securityonion-nsmnow-admin-scripts 
-v 20111127 /etc/init.d/nsm* /usr/share/nsmnow/ /usr/local/sbin/nsm* 
/usr/local/lib/nsmnow/ /etc/cron.d/sensor-newday

Also see:
http://code.google.com/p/security-onion/issues/detail?id=153

Added the following to security-onion-upgrade.sh:
sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20111118" ]; then
    NEW="20111127"
    echo "**********************************************"   | $LOGGER
    echo "* Upgrading from $VERSION to $NEW."       | $LOGGER
    echo "**********************************************"   | $LOGGER
    DIR="/nsm/backup/$NEW"
    mkdir -p $DIR                       | $LOGGER
    cd $DIR

    echo "* Installing new Suricata"            | $LOGGER
    FILE=securityonion-suricata_1.1-1_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing new Suricata config"         | $LOGGER
    FILE=securityonion-suricata-config_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing new Suricata rules"          | $LOGGER
    FILE=securityonion-suricata-rules_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing new NSM scripts"         | $LOGGER
    FILE=securityonion-nsmnow-admin-scripts_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing PulledPork fix"          | $LOGGER
    FILE=securityonion-pulledpork_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER
    sed -i 's|local_rules=/etc/nsm/rules/local.rules|local_rules=/etc/nsm/rules/local.rules,/et
c/nsm/rules/decoder-events.rules,/etc/nsm/rules/stream-events.rules|g' 
/etc/pulledpork/pulledpork.c
onf

    echo "* Copying suricata.yaml to sensor directories"    | $LOGGER
    grep -v "^#" /etc/nsm/sensortab |awk '{print $1}' |while read SENSOR
    do 
        mkdir -p $DIR/"$SENSOR"/
        cp /etc/nsm/"$SENSOR"/suricata.yaml $DIR/"$SENSOR"/
        cp /etc/suricata/suricata.yaml /etc/nsm/"$SENSOR"/
    done

    if grep -i "suricata" /etc/nsm/securityonion.conf >/dev/null
    then
        nsm_sensor_ps-restart --only-snort-alert    | $LOGGER
    fi

    sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF    | $LOGGER
        echo "* Upgrade to $NEW complete."          | $LOGGER
    echo 
fi

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 1:30

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Published:
http://securityonion.blogspot.com/2011/11/security-onion-20111127-now-available.
html

Original comment by doug.bu...@gmail.com on 28 Nov 2011 at 2:47

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant