/security-onion

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rename bro workers #226

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 4 comments

Comments

Assignees
No one assigned
Labels
Priority-Low Type-Enhancement auto-migrated
Projects
None yet
Milestone
No milestone
1 participant
@GoogleCodeExporter
@GoogleCodeExporter
Copy link

GoogleCodeExporter commented Mar 24, 2015 

/usr/local/bin/setup
change:
# cluster config
                cp /usr/local/etc/node.cfg.securityonion /usr/local/etc/node.cfg
                NUM=1
                IP=`ifconfig |grep "inet addr" | awk '{print $2}' |cut -d\: -f2 |grep -v "127.0.0.1" |head -1`
                sed -i "s|host=localhost|host=$IP|g" /usr/local/etc/node.cfg
                grep -v "^#" /etc/nsm/sensortab | awk '{print $4}' |while read INTERFACE
                do
                        echo "* Configuring Bro to monitor $INTERFACE" | tee -a $LOG
                        cat << EOF >> /usr/local/etc/node.cfg
[worker-$NUM]   
type=worker
host=$IP
interface=$INTERFACE

EOF
                        let NUM=NUM+1
                done
        fi
to:
# cluster config
                cp /usr/local/etc/node.cfg.securityonion /usr/local/etc/node.cfg
                IP=`ifconfig |grep "inet addr" | awk '{print $2}' |cut -d\: -f2 |grep -v "127.0.0.1" |head -1`
                sed -i "s|host=localhost|host=$IP|g" /usr/local/etc/node.cfg
                grep -v "^#" /etc/nsm/sensortab | awk '{print $1}' |while read SENSOR
                do
                        INTERFACE=`grep $SENSOR /etc/nsm/sensortab|awk '{print $4}'`
                        echo "* Configuring Bro to monitor $INTERFACE" | tee -a $LOG
                        cat << EOF >> /usr/local/etc/node.cfg
[$SENSOR]   
type=worker
host=$IP
interface=$INTERFACE

EOF
                done
        fi


In-place upgrade will need to:
broctl stop
modify /usr/local/etc/node.cfg as follows:
worker-1 --> hostname-eth0
worker-2 --> hostname-eth1
broctl install
broctl start

Original issue reported on code.google.com by doug.bu...@gmail.com on 17 Feb 2012 at 8:11

@GoogleCodeExporter GoogleCodeExporter added auto-migrated Type-Enhancement Priority-Low labels Mar 24, 2015

@GoogleCodeExporter

This comment has been minimized.

Sign in to view
Copy link

GoogleCodeExporter commented Mar 24, 2015 

Packaged /usr/local/bin/setup:

/usr/bin/fpm -s dir -t deb -n securityonion-setup -v 20120412 
/usr/local/bin/setup

Original comment by doug.bu...@gmail.com on 13 Apr 2012 at 11:13

  • Changed state: Started
  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Sign in to view
Copy link

GoogleCodeExporter commented Mar 24, 2015 

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120405" ]; then
        NEW="20120412"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        for FILE in securityonion-setup_20120412_i386.deb securityonion-nsmnow-admin-scripts_20120412_i386.deb; do
                echo -n "* Downloading $FILE..."                | $LOGGER
                wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
                if [ $? -eq 1 ]; then
                        echo "FAIL"     | $LOGGER
                        exit 1
                else
                        echo "OK"       | $LOGGER
                fi
        done

        echo -n "* Installing downloaded packages..." | $LOGGER
        dpkg -i *.deb                                           >> $LOG
        if [ $? -eq 1 ]; then
                echo "FAIL"     | $LOGGER
                exit 1
        else
                echo "OK"       | $LOGGER
        fi

    if [ `grep -v "^#" /etc/nsm/sensortab|wc -l` -lt 2 ]
    then
        echo "* Less than two sensor interfaces, so no changes necessary." | $LOGGER
    else
        broctl stop                 | $LOGGER
                cp /usr/local/etc/node.cfg $DIR/node.cfg
                cp /usr/local/etc/node.cfg.securityonion /usr/local/etc/node.cfg
                IP=`ifconfig |grep "inet addr" | awk '{print $2}' |cut -d\: -f2 |grep -v "127.0.0.1" |head -1`
                sed -i "s|host=localhost|host=$IP|g" /usr/local/etc/node.cfg
                grep -v "^#" /etc/nsm/sensortab | awk '{print $1}' |while read SENSOR
                do
                        INTERFACE=`grep $SENSOR /etc/nsm/sensortab|awk '{print $4}'`
                        echo "* Configuring Bro to monitor $INTERFACE" | tee -a $LOG
                        cat << EOF >> /usr/local/etc/node.cfg
[$SENSOR]   
type=worker
host=$IP
interface=$INTERFACE

EOF
                done
        broctl install                  | $LOGGER
        broctl start                    | $LOGGER
        fi

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 13 Apr 2012 at 11:14

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter GoogleCodeExporter closed this Mar 24, 2015

@GoogleCodeExporter

This comment has been minimized.

Sign in to view
Copy link

GoogleCodeExporter commented Mar 24, 2015 

Tested by:
Scott Burkhart
David Zawdie

Original comment by doug.bu...@gmail.com on 13 Apr 2012 at 11:17

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Sign in to view
Copy link

GoogleCodeExporter commented Mar 24, 2015 

Published:
http://securityonion.blogspot.com/2012/04/security-onion-20120412-now-available.
html

Original comment by doug.bu...@gmail.com on 13 Apr 2012 at 11:36

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment