Ubuntu 16.04 Xenial Support

[dougburks]

• Ubuntu 16.04 Xenial PPA

  • rebuild tcl8.6 package - change enable-threads to disable-threads and adjust symbols
  • rebuild ALL Security Onion packages for xenial EXCEPT the following:
    • prads
    • securityonion-argus-clients
    • securityonion-argus-server
    • securityonion-elsa
    • securityonion-elsa-extras
    • securityonion-elsa-node-perl
    • securityonion-elsa-perl
    • securityonion-elsa-web-perl
    • securityonion-http-agent
    • securityonion-libdata-serializable
    • securityonion-ndpi
    • securityonion-passenger
    • securityonion-passenger-conf
    • securityonion-snorby
    • securityonion-wkhtmltopdf
    • sphinxsearch
    • xplico

• barnyard

  • data too long for column class - adjust mysql mode in /etc/mysql/conf.d/securityonion-squert.cnf

• securityonion-all

  • change ELSA to Elastic

• securityonion-capme

  • move capme files from securityonion-elastic package to securityonion-capme package
  • SSO auth
  • update mysql calls to mysqli

• securityonion-client

  • remove securityonion-argus-clients dependency

• securityonion-desktop-gnome

  • install lightdm and lightdm-gtk-greeter
  • install Gnome Classic desktop and set as default
  • remove compiz environments
  • check to see if glib-compile-schemas is installed

• securityonion-elastic

  • add php-curl and jq to dependencies
  • variables must be quoted when comparing
  • new syslog-ng includes SEQNUM and ISODATE fields, remove them in 1001_preprocess_syslogng.conf
  • so-elastic-download may be incorrectly setting INSTALLED when components haven't been installed
  • if user chose Evaluation mode, set LS heap to 1600m and ES heap to 1000m
  • add so-sensor-VERB scripts

• securityonion-iso

  • change ELSA to Elastic
  • add securityonion-samples-bro and securityonion-desktop-gnome dependencies
  • purge open-vm-tools
  • remove build user from /etc/subuid and /etc/subgid
  • remove build user debconf using debconf-set-selections

• securityonion-nsmnow-admin-scripts

  • add /etc/systemd/system/securityonion.service that calls so-start
  • remove reference to service nsm stop
  • remove so-snorby-wipe

• securityonion-onionsalt

  • change defaults to avoid file ignore glob and hash_type warnings

• securityonion-ossec-rules

  • move securityonion_rules.xml from securityonion-elastic package to securityonion-ossec-rules package

• securityonion-sensor

  • update dependencies

• securityonion-server

  • remove imagemagick dependency

• securityonion-setup

  • move so-allow scripts from securityonion-elastic package to securityonion-setup package
  • systemctl enable securityonion.service
  • set timezone to UTC using timedatectl
  • update salt minion_id with hostname
  • update sosetup.conf files to reflect new network device naming convention
  • selecting Forward Node then Custom results in Do you want to enable Elastic?
  • sosetup-forward.conf needs to set Elastic to NO to replicate GUI
  • avoid duplicating OSSEC_AGENT_ENABLED on storage nodes

• securityonion-sguil

  • move Sguil changes from securityonion-elastic package to securityonion-sguil package
  • change Sguil fonts to Liberation

• securityonion-skel

  • change Sguil fonts to Liberation

• securityonion-sostat

  • depend on bc
  • fix master Cross Cluster Search section
  • include so-apt-check and update sostat and soup to call it

• securityonion-squert

  • move Squert files from securityonion-elastic package to securityonion-squert package
  • change php5 dependencies to php
  • update mysql calls to mysqli
  • SSO auth
  • level2 function needs to output strings so frontend can read properly
  • disable mysql strict mode in /etc/mysql/conf.d/securityonion-squert.cnf
  • remove old web code from ip2c.php

• securityonion-web-page

  • remove references to ELSA
  • add libapache2-mod-authnz-external as dependency

• so-* scripts

  • so-VERB should call so-autossh-VERB as well
  • so-autossh-VERB should check to see if it's running on a master server and, if so, do nothing
  • so-autossh-start should wait on DOCKER_INTERFACE if trying to bind to DOCKER_INTERFACE
  • so-elastic-status - fix incorrect formatting
  • so-import-pcap - broken due to different output format in new capinfos

• so-apache-auth-sguil

  • change php5 to php

• soup

  • stop checking for HWE

• syslog-ng

  • change syslog version in /etc/syslog-ng/syslog-ng.conf to reflect actual syslog-ng version - CANCELLING since we currently match syslog-ng.conf in the package

[dougburks]

submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/UajMzfe9LJM/discussion

[dougburks]

ISO submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/TBKzfdr0psc/discussion

[dougburks]

RC2 submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/-PUvZkUTlro/discussion

[dougburks]

Security Onion 16.04.4.1 ISO image now available!
https://blog.securityonion.net/2018/05/security-onion-160441-iso-image-now.html