Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

typo in nsm_sensor-ps-start #224

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 7 comments
Closed

typo in nsm_sensor-ps-start #224

GoogleCodeExporter opened this issue Mar 24, 2015 · 7 comments

Comments

@GoogleCodeExporter
Copy link


--- /root/tmp/nsm_sensor_ps-start~      2012-02-03 15:36:50.840856243 +0000
+++ /usr/local/sbin/nsm_sensor_ps-start 2012-02-10 13:36:29.818704324 +0000
@@ -248,7 +248,7 @@
                        SKIP_SNORT_AGENT=yes
                        ;;
                --skip-httpry-agent)
-                       SKIP_SNORT_AGENT=yes
+                       SKIP_HTTPRY_AGENT=yes
                        ;;
                --skip-pads-agent)
                        SKIP_PADS_AGENT=yes


Also, it would be useful to have the
INC="/etc/nsm/administration.conf"
. $INC

done after the variable initialisation so that one can override some (like 
SKIP_HTTPRY).

Original issue reported on code.google.com by Stephane...@gmail.com on 10 Feb 2012 at 1:40

@GoogleCodeExporter
Copy link
Author

Please ignore the part about initialisation, that's probably not a good idea as 
with --only-whatever, httpry would be started if you had SKIP_HTTPRY in 
/etc/nsm/administration.conf.

Original comment by Stephane...@gmail.com on 10 Feb 2012 at 1:57

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Original comment by doug.bu...@gmail.com on 28 Mar 2012 at 5:24

  • Changed state: Started
  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Fixed in securityonion-nsmnow-admin-scripts_20120329_i386.deb.

Original comment by doug.bu...@gmail.com on 28 Mar 2012 at 5:27

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Added the following to security-onion-upgrade.sh:

sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120326" ]; then
        NEW="20120329"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        for FILE in securityonion-nsmnow-admin-scripts_20120329_i386.deb; do
                echo -n "* Downloading $FILE..."                | $LOGGER
                wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
                if [ $? -eq 1 ]; then
                        echo "FAIL"     | $LOGGER
                        exit 1
                else
                        echo "OK"       | $LOGGER
                fi
        done

        echo -n "* Installing downloaded packages..." | $LOGGER
        dpkg -i *.deb                                           >> $LOG
        if [ $? -eq 1 ]; then
                echo "FAIL"     | $LOGGER
                exit 1
        else
                echo "OK"       | $LOGGER
        fi

        SENSORS=`grep -v "^#" /etc/nsm/sensortab |awk '{print $1}'`
        for SENSORNAME in $SENSORS; do
                echo "* Creating /etc/nsm/$SENSORNAME/bpf.conf if it doesn't already exist"       | $LOGGER
        touch /etc/nsm/"$SENSORNAME"/bpf.conf
        done

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 28 Mar 2012 at 5:28

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Turned over to testing:

Security Onion Testers,

Security Onion 20120328 is ready for testing!  This update should resolve the 
following issues:
http://code.google.com/p/security-onion/issues/detail?id=114
http://code.google.com/p/security-onion/issues/detail?id=224
http://code.google.com/p/security-onion/issues/detail?id=242
http://code.google.com/p/security-onion/issues/detail?id=243

Please only test on VMs that can be snapshotted.

Please test/verify the following:

- Start with a VM with the latest Security Onion and run Setup (choosing Snort 
- Suricata afpacket mode currently doesn't support bpf) so that we can simulate 
an in-place upgrade

- Run the in-place upgrade (should install new package and create 
/etc/nsm/HOSTNAME-INTERFACE/bpf.conf):
sudo -i "curl -L 
http://sourceforge.net/projects/security-onion/files/20120329/security-onion-upg
rade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

- Add a BPF to /etc/nsm/HOSTNAME-INTERFACE/bpf.conf like the following (for 
testmyids.com):
not host 217.160.51.31

- Run "sudo nsm_sensor_ps-restart" to restart Snort and daemonlogger

- Verify that snort doesn't alert on "curl http://testmyids.com" anymore and 
that daemonlogger didn't record any packets for that destination

- run Setup to simulate a new install

- Run the same test as above.

- Verify issues 224, 242, and 243 are fixed as well

- Anything else I didn't think of


Thanks in advance for your time and effort!

Original comment by doug.bu...@gmail.com on 28 Mar 2012 at 5:37

  • Changed state: Fixed
  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Tested by:
Craig Shannon
Scott Runnels

Original comment by doug.bu...@gmail.com on 29 Mar 2012 at 9:19

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

Published:
http://securityonion.blogspot.com/2012/03/security-onion-20120329-now-available.
html

Original comment by doug.bu...@gmail.com on 29 Mar 2012 at 10:03

  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant