Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

Rename bro workers #226

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 4 comments
Closed

Rename bro workers #226

GoogleCodeExporter opened this issue Mar 24, 2015 · 4 comments
Labels
auto-migrated Priority-Low Type-Enhancement

Comments

@GoogleCodeExporter
Copy link 

/usr/local/bin/setup
change:
# cluster config
                cp /usr/local/etc/node.cfg.securityonion /usr/local/etc/node.cfg
                NUM=1
                IP=`ifconfig |grep "inet addr" | awk '{print $2}' |cut -d\: -f2 |grep -v "127.0.0.1" |head -1`
                sed -i "s|host=localhost|host=$IP|g" /usr/local/etc/node.cfg
                grep -v "^#" /etc/nsm/sensortab | awk '{print $4}' |while read INTERFACE
                do
                        echo "* Configuring Bro to monitor $INTERFACE" | tee -a $LOG
                        cat << EOF >> /usr/local/etc/node.cfg
[worker-$NUM]   
type=worker
host=$IP
interface=$INTERFACE

EOF
                        let NUM=NUM+1
                done
        fi
to:
# cluster config
                cp /usr/local/etc/node.cfg.securityonion /usr/local/etc/node.cfg
                IP=`ifconfig |grep "inet addr" | awk '{print $2}' |cut -d\: -f2 |grep -v "127.0.0.1" |head -1`
                sed -i "s|host=localhost|host=$IP|g" /usr/local/etc/node.cfg
                grep -v "^#" /etc/nsm/sensortab | awk '{print $1}' |while read SENSOR
                do
                        INTERFACE=`grep $SENSOR /etc/nsm/sensortab|awk '{print $4}'`
                        echo "* Configuring Bro to monitor $INTERFACE" | tee -a $LOG
                        cat << EOF >> /usr/local/etc/node.cfg
[$SENSOR]   
type=worker
host=$IP
interface=$INTERFACE

EOF
                done
        fi


In-place upgrade will need to:
broctl stop
modify /usr/local/etc/node.cfg as follows:
worker-1 --> hostname-eth0
worker-2 --> hostname-eth1
broctl install
broctl start

Original issue reported on code.google.com by doug.bu...@gmail.com on 17 Feb 2012 at 8:11
@GoogleCodeExporter
Copy link
Author 

Packaged /usr/local/bin/setup:

/usr/bin/fpm -s dir -t deb -n securityonion-setup -v 20120412 
/usr/local/bin/setup

Original comment by doug.bu...@gmail.com on 13 Apr 2012 at 11:13

  • Changed state: Started
  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120405" ]; then
        NEW="20120412"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

        for FILE in securityonion-setup_20120412_i386.deb securityonion-nsmnow-admin-scripts_20120412_i386.deb; do
                echo -n "* Downloading $FILE..."                | $LOGGER
                wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
                if [ $? -eq 1 ]; then
                        echo "FAIL"     | $LOGGER
                        exit 1
                else
                        echo "OK"       | $LOGGER
                fi
        done

        echo -n "* Installing downloaded packages..." | $LOGGER
        dpkg -i *.deb                                           >> $LOG
        if [ $? -eq 1 ]; then
                echo "FAIL"     | $LOGGER
                exit 1
        else
                echo "OK"       | $LOGGER
        fi

    if [ `grep -v "^#" /etc/nsm/sensortab|wc -l` -lt 2 ]
    then
        echo "* Less than two sensor interfaces, so no changes necessary." | $LOGGER
    else
        broctl stop                 | $LOGGER
                cp /usr/local/etc/node.cfg $DIR/node.cfg
                cp /usr/local/etc/node.cfg.securityonion /usr/local/etc/node.cfg
                IP=`ifconfig |grep "inet addr" | awk '{print $2}' |cut -d\: -f2 |grep -v "127.0.0.1" |head -1`
                sed -i "s|host=localhost|host=$IP|g" /usr/local/etc/node.cfg
                grep -v "^#" /etc/nsm/sensortab | awk '{print $1}' |while read SENSOR
                do
                        INTERFACE=`grep $SENSOR /etc/nsm/sensortab|awk '{print $4}'`
                        echo "* Configuring Bro to monitor $INTERFACE" | tee -a $LOG
                        cat << EOF >> /usr/local/etc/node.cfg
[$SENSOR]   
type=worker
host=$IP
interface=$INTERFACE

EOF
                done
        broctl install                  | $LOGGER
        broctl start                    | $LOGGER
        fi

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 13 Apr 2012 at 11:14

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Tested by:
Scott Burkhart
David Zawdie

Original comment by doug.bu...@gmail.com on 13 Apr 2012 at 11:17

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author 

Published:
http://securityonion.blogspot.com/2012/04/security-onion-20120412-now-available.
html

Original comment by doug.bu...@gmail.com on 13 Apr 2012 at 11:36

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
auto-migrated Priority-Low Type-Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter