Optional PADS or PRADS #109

GoogleCodeExporter · 2015-03-24T20:17:34Z

I would like to see PADS/PRADS (as an option e.g. checkbox)in the securityonion 
package


http://www.gamelinux.org/?p=83
http://gamelinux.github.com/prads/

Original issue reported on code.google.com by karolis....@gmail.com on 12 Jun 2011 at 9:31

The text was updated successfully, but these errors were encountered:

GoogleCodeExporter · 2015-03-24T20:17:35Z

I have integrated PADS into SO

1. download/upload script to SO box
2. sudo su
3. chmod +x ./pads_integration_into_SO.sh
4. run script ./pads_integration_into_SO.sh
5. install sensor (run setup from desktop)

script also solves http://code.google.com/p/security-onion/issues/detail?id=115

Karolis

Original comment by karolis....@gmail.com on 28 Dec 2011 at 1:41

Added labels: ****
Removed labels: ****

Attachments:

pads_integration_into_SO.sh

GoogleCodeExporter · 2015-03-24T20:17:35Z

Thanks, Karolis!  Working on this now.

Original comment by doug.bu...@gmail.com on 28 Dec 2011 at 4:58

Changed state: Accepted
Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:17:35Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:17:36Z

Integrated changes from Karolis.  Nice work, Karolis!  Thanks again!

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:41

Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:17:36Z

Packaged pads using checkinstall.

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:41

Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:17:36Z

Existing sensors doing an in-place upgrade need template files so I created 
them in /etc/pads and created new package pads-config:
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-pads-config -v 20111229 /etc/pads/pads_agent.conf 
/etc/pads/pads.conf.securityonion

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:41

Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:17:36Z

Created new nsm package:
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-nsmnow-admin-scripts -v 20111229 /etc/init.d/nsm* 
/usr/share/nsmnow/ /usr/local/sbin/nsm* /usr/local/lib/nsmnow/ 
/etc/cron.d/sensor-* /etc/cron.d/nsm* /etc/init/securityonion.conf

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:41

Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:17:36Z

Packaged pads_agent.tcl:
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-pads-agent -v 20111229 /usr/local/bin/pads_agent.tcl

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:43

Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:17:37Z

Added the following to security-onion-upgrade.sh:

sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20111228" ]; then
        NEW="20111229"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

    echo "* Removing old PADS"              | $LOGGER
    apt-get -y remove pads >/dev/null

    echo "* Installing new PADS"                | $LOGGER
    FILE=securityonion-pads_"$NEW"-1_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing PADS_agent.tcl"          | $LOGGER
    FILE=securityonion-pads-agent_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing PADS template files"         | $LOGGER
    FILE=securityonion-pads-config_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing new NSM scripts"         | $LOGGER
    FILE=securityonion-nsmnow-admin-scripts_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER
    service cron restart

        # Update any sensors with the new config files
        awk '{print $1}' /etc/nsm/sensortab |grep -v "#" |while read SENSOR
        do
                echo "* Updating $SENSOR with new config files for PADS" | $LOGGER
        cp /etc/pads/pads_agent.conf /etc/nsm/$SENSOR/  | $LOGGER
        cp /etc/pads/pads.conf.securityonion /etc/nsm/$SENSOR/pads.conf | $LOGGER
                SERVER_HOST=`grep SERVER_HOST /etc/nsm/$SENSOR/snort_agent.conf |awk '{print $3}'`
        INTERFACE=`grep $SENSOR /etc/nsm/sensortab |awk '{print $4}'`
                sed -i "s|YOUR_SERVER_HOST|$SERVER_HOST|g" /etc/nsm/$SENSOR/pads_agent.conf | $LOGGER
                sed -i "s|YOUR_HOSTNAME|$SENSOR|g" /etc/nsm/$SENSOR/pads_agent.conf | $LOGGER
                sed -i "s|YOUR_NET_GROUP|$SENSOR|g" /etc/nsm/$SENSOR/pads_agent.conf | $LOGGER
                sed -i "s|YOUR_LOG_DIR|/nsm/sensor_data/$SENSOR|g" /etc/nsm/$SENSOR/pads_agent.conf | $LOGGER
                sed -i "s|YOUR_LOG_DIR|/nsm/sensor_data/$SENSOR|g" /etc/nsm/$SENSOR/pads.conf | $LOGGER
                sed -i "s|YOUR_INTERFACE|$INTERFACE|g" /etc/nsm/$SENSOR/pads.conf | $LOGGER
        echo "PADS_CONFIG=\"/etc/nsm/$SENSOR/pads.conf\"" >> /etc/nsm/$SENSOR/sensor.conf
        echo "PADS_AGENT_CONFIG=\"/etc/nsm/$SENSOR/pads_agent.conf\"" >> /etc/nsm/$SENSOR/sensor.conf
        done
    nsm_sensor_ps-start --only-pads
    nsm_sensor_ps-start --only-pads-agent

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 12:44

Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:17:37Z

Published:
http://securityonion.blogspot.com/2011/12/security-onion-20111229-now-available.
html

Original comment by doug.bu...@gmail.com on 29 Dec 2011 at 1:11

Changed state: Verified
Added labels: ****
Removed labels: ****

GoogleCodeExporter added auto-migrated Type-Enhancement Priority-Low labels Mar 24, 2015

GoogleCodeExporter closed this as completed Mar 24, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Optional PADS or PRADS #109

Optional PADS or PRADS #109

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

Optional PADS or PRADS #109

Optional PADS or PRADS #109

Comments

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015