New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setup: add comments to /etc/nsm/securityonion.conf #545

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
Copy link

GoogleCodeExporter commented Mar 24, 2015

Setup: add comments to /etc/nsm/securityonion.conf

Original issue reported on code.google.com by doug.bu...@gmail.com on 31 May 2014 at 9:56

@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

cat << EOF > $CONF
# /etc/nsm/securityonion.conf
# Generated by Security Onion Setup (sosetup) at $DATE

# Which IDS engine would you like to run?
ENGINE=$IDS_ENGINE_LOWER

# How many days would you like to keep in the Sguil database archive?
DAYSTOKEEP=$DAYSTOKEEP

# How many days worth of tables would you like to repair every day?
DAYSTOREPAIR=$DAYSTOREPAIR

# At what percentage of disk usage should the NSM scripts warn you?
WARN_DISK_USAGE=$WARN_DISK_USAGE

# At what percentage of disk usage should the NSM scripts begin purging old 
data?
CRIT_DISK_USAGE=$CRIT_DISK_USAGE

# Do you want to run Bro?  yes/no
BRO_ENABLED=$BRO_ENABLED

# The OSSEC agent sends OSSEC HIDS alerts into the Sguil database.
# Do you want to run the OSSEC Agent?  yes/no
OSSEC_AGENT_ENABLED=$OSSEC_AGENT_ENABLED

# Do you want to run the Snorby worker?  yes/no
SNORBY_ENABLED=yes

# Do you want to run Xplico?  yes/no
XPLICO_ENABLED=yes

# LOCAL_HIDS_RULE_TUNING
# If set to no (default), sensor will copy OSSEC rules from master server as-is 
(no changes).
# If set to yes, sensor will keep its own copy of the OSSEC rules.
LOCAL_HIDS_RULE_TUNING=no

# LOCAL_NIDS_RULE_TUNING
# The effect of this option is different depending on whether this box is a 
server or not.
# SERVER
# LOCAL_NIDS_RULE_TUNING=yes
# rule-update will operate on a local copy of the rules instead of downloading 
rules from the Internet
# LOCAL_NIDS_RULE_TUNING=no
# rule-update will try to download rules from the Internet
# SENSOR-ONLY
# LOCAL_NIDS_RULE_TUNING=yes
# rule-update will copy rules from master server and then try to run PulledPork 
locally for tuning
# LOCAL_NIDS_RULE_TUNING=no
# rule-update will copy rules from master server as-is (no changes)
EOF

Original comment by doug.bu...@gmail.com on 16 Jul 2014 at 8:41

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/my5dRuEsvBQ/discussion

Original comment by doug.bu...@gmail.com on 16 Jul 2014 at 9:04

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

GoogleCodeExporter commented Mar 24, 2015

Published:
http://blog.securityonion.net/2014/07/new-securityonion-setup-package.html

Original comment by doug.bu...@gmail.com on 22 Jul 2014 at 2:35

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment