Snorby 2.5.0 #233

GoogleCodeExporter · 2015-03-24T20:21:18Z

https://github.com/Snorby/snorby/blob/master/ChangeLog.md

Original issue reported on code.google.com by doug.bu...@gmail.com on 4 Mar 2012 at 11:18

The text was updated successfully, but these errors were encountered:

GoogleCodeExporter · 2015-03-24T20:21:18Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:19Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:19Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:19Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:19Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:19Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:20Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:20Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:20Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:20Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:21Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:21Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:21Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:21Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:22Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:22Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:22Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:22Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:23Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:23Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:23Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:23Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:23Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:24Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:24Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:24Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:24Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:24Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:25Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:25Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:25Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:25Z

# system-wide Ruby installation, bundle install --deployment, fpm package of 
snorby dir containing snorby and all gems

# remove old ruby cruft
sudo apt-get -y remove ruby ri ri1.8 irb libdl-ruby libiconv-ruby libmysql-ruby 
libmysql-ruby1.8 libopenssl-ruby libopenssl-ruby1.8 libreadline-ruby 
libreadline-ruby1.8 libruby libruby1.8 libsqlite3-ruby libsqlite3-ruby1.8 
libyaml-ruby ruby1.8

# prepare working directory
cd ~
mkdir 20120312
cd 20120312

# compile proper ruby version and package using checkinstall
wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.2-p290.tar.gz
tar -xvzf ruby-1.9.2-p290.tar.gz
cd ruby-1.9.2-p290/
./configure --prefix=/usr
make
sudo checkinstall

# we need fpm for packaging and bundler to bundle the snorby gems
sudo gem install fpm bundler rack

# let's create packages for fpm and bundler to be deployed to users
mkdir gems
gem install --no-ri --no-rdoc --install-dir gems fpm bundler rack
mkdir deb
cd deb
find ../gems/cache -name '*.gem' | xargs -rn1 fpm -s gem -t deb
cd ..

# prereqs for Snorby bundle install
sudo apt-get -y install libxslt-dev libxml2-dev libmysqlclient16-dev 
libmagickcore-dev libmagickwand-dev

# download Snorby and install gems locally
cd /usr/local/share/
sudo mv snorby snorby.rbenv
sudo git clone git://github.com/Snorby/snorby.git
cd snorby
sudo bundle install --deployment

# configure Snorby
cd config
sudo cp database.example.yml database.yml
cat << EOF | sudo tee -a snorby_config.yml
production:
  domain: localhost
  wkhtmltopdf: /usr/bin/wkhtmltopdf
  mailer_sender: 'snorby@securityonion.local'
  geoip_uri: "http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz"
  rules:
    - "/etc/nsm/rules"
  authentication_mode: database
EOF
cd ..

# create db/seeds.rb.securityonion
cd db
sudo cp seeds.rb seeds.rb.securityonion
# Default user setup
User.create(:name => 'Administrator', :email => 'ReplaceWithDesiredEmail', 
:password => 'ReplaceWithDesiredPassword', :password_confirmation => 
'ReplaceWithDesiredPassword', :admin => true) if User.all.blank?
# Snorby General Settings
Setting.set(:company, 'Snorby.org') unless Setting.company?
Setting.set(:email, 'snorby@securityonion.local') unless Setting.email?
cd ..

# fix permissions
sudo chmod 777 log
sudo chmod 777 tmp
sudo chmod 777 public

# package snorby dir
cd ~/20120312/deb
/usr/bin/fpm -s dir -t deb -n securityonion-snorby -v 20120312 
/usr/local/share/snorby

# prereqs for passenger
sudo apt-get -y install libcurl4-openssl-dev apache2-prefork-dev libapr1-dev 
libaprutil1-dev

# download and compile passenger
cd /opt
wget http://rubyforge.org/frs/download.php/75548/passenger-3.0.11.tar.gz
tar zxvf passenger-3.0.11.tar.gz 
cd passenger-3.0.11
./bin/passenger-install-apache2-module

# Apache module conf
cat << EOF | sudo tee -a /etc/apache2/mods-available/passenger.load
LoadModule passenger_module /opt/passenger-3.0.11/ext/apache2/mod_passenger.so
EOF
cat << EOF | sudo tee -a /etc/apache2/mods-available/passenger.conf
   PassengerRoot /opt/passenger-3.0.11
   PassengerRuby /usr/bin/ruby
EOF
sudo a2enmod passenger

# Apache site conf
cd /etc/apache2/sites-available
sudo cp default-ssl snorby
# make the following changes
Listen 3000
NameVirtualHost *:3000
<IfModule mod_ssl.c>
<VirtualHost *:3000>
    ServerAdmin webmaster@localhost
    DocumentRoot /usr/local/share/snorby/public
    <Directory /usr/local/share/snorby/public>
        Allow from all
            Options -MultiViews
    </Directory>
    ErrorLog /var/log/apache2/snorby_error.log
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn
    CustomLog /var/log/apache2/snorby_access.log combined
sudo a2ensite snorby

# package passenger
cd ~/20120312/deb/
/usr/bin/fpm -s dir -t deb -n securityonion-passenger -v 20120312 
/opt/passenger-3.0.11 /etc/apache2/mods-available/passenger* 
/etc/apache2/mods-enabled/passenger*  /etc/apache2/sites-available/snorby 
/etc/apache2/sites-enabled/snorby
Delete comment

Original comment by doug.bu...@gmail.com on 19 Mar 2012 at 4:11

Changed state: Started
Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:21:26Z

Updated last line of /etc/init/securityonion.conf as follows:

#
#/etc/init/securityonion.conf
#
description     "Security Onion"
start on (net-device-up
            and remote-filesystems
            and runlevel [2345])
stop on runlevel [016]
script
    sleep 5
    # If this is a SLAVE, stop MySQL and start SSH tunnel
    SSH_DIR="/root/.ssh"
    SSH_CONF="$SSH_DIR/securityonion_ssh.conf"
    if [ -f $SSH_CONF ]
    then
            # We are a SLAVE
        # Stop MySQL
        service mysql stop
        # Establish persistent SSH tunnel to MASTER.
            KEY="$SSH_DIR/securityonion"
        # Upstart uses sh instead of bash so we can't use "source"
        SSH_USERNAME=`grep SSH_USERNAME $SSH_CONF | cut -d\= -f2`
        SERVERNAME=`grep SERVERNAME $SSH_CONF | cut -d\= -f2`
            /usr/bin/autossh -f -M 61234 -i "$KEY" -N -L 3306:127.0.0.1:3306 $SSH_USERNAME@$SERVERNAME
    fi
    # Both SLAVES and MASTERS need to start NSM services
    service nsm start
    # If this is a MASTER, then start Snorby
        [ -d /var/lib/mysql/snorby/ ] && su www-data -c "cd /usr/local/share/snorby; bundle exec rake snorby:update RAILS_ENV=production"
end script

Packaged:
/usr/bin/fpm -s dir -t deb -n securityonion-nsmnow-admin-scripts -v 20120312 
/etc/init.d/nsm* /usr/share/nsmnow/ /usr/local/sbin/nsm* /usr/local/lib/nsmnow/ 
/etc/cron.d/sensor-* /etc/init/securityonion.conf

Original comment by doug.bu...@gmail.com on 19 Mar 2012 at 4:16

Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:21:26Z

Updated /usr/local/bin/setup to run:
su www-data -c "cd /usr/local/share/snorby; bundle exec rake snorby:setup 
RAILS_ENV=production"

Packaged:
/usr/bin/fpm -s dir -t deb -n securityonion-setup -v 20120312 
/usr/local/bin/setup

Original comment by doug.bu...@gmail.com on 19 Mar 2012 at 4:16

Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:21:26Z

[deleted comment]

GoogleCodeExporter · 2015-03-24T20:21:26Z

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120229" ]; then
        NEW="20120312"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

    for FILE in securityonion-sostat_20120312_i386.deb securityonion-fpm_20120312_i386.deb securityonion-bundle_20120312_i386.deb securityonion-nsmnow-admin-scripts_20120312_i386.deb securityonion-setup_20120312_i386.deb rubygem-bundler_1.0.22_all.deb rubygem-json_1.6.5_i386.deb securityonion-passenger_20120312_i386.deb securityonion-snorby_20120312_i386.deb rubygem-fpm_0.3
.11_all.deb rubygem-rack_1.4.1_all.deb securityonion-ruby_20120312-1_i386.deb; 
do
        echo -n "* Downloading $FILE..."        | $LOGGER
        wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
        if [ $? -eq 1 ]; then
            echo "FAIL" | $LOGGER
            exit 1
        else
            echo "OK"   | $LOGGER
        fi
    done

        if [ -d /var/lib/mysql/snorby ]; then
                echo -n "* Stopping Snorby processes..."              | $LOGGER
                ps aux |grep "thi[n]" |awk '{print $2}'|xargs kill -9
                ps aux |grep "delayed_jo[b]" |awk '{print $2}'|xargs kill -9
        echo "OK"   | $LOGGER
        fi

    echo -n "* Backing up old files..."         | $LOGGER
    cp -a /usr/local/share/snorby/ $DIR
    if [ $? -eq 1 ]; then
        echo "FAIL" | $LOGGER
        exit 1
    else
        echo "OK"   | $LOGGER
    fi

    echo -n "* Removing old packages..."            | $LOGGER
    apt-get -y remove ruby ri ri1.8 irb libdl-ruby libiconv-ruby libmysql-ruby libmysql-ruby1.8 libopenssl-ruby libopenssl-ruby1.8 libreadline-ruby libreadline-ruby1.8 libruby libruby1.8 libsqlite3-ruby libsqlite3-ruby1.8 libyaml-ruby ruby1.8 securityonion-snorby securityonion-snorby-db-fix >> $LOG
    if [ $? -eq 1 ]; then
        echo "FAIL" | $LOGGER
        exit 1
    else
        echo "OK"   | $LOGGER
    fi

    echo -n "* Removing old files..."           | $LOGGER
    rm -rf /usr/local/share/snorby/
    if [ $? -eq 1 ]; then
        echo "FAIL" | $LOGGER
        exit 1
    else
        echo "OK"   | $LOGGER
    fi

    echo -n "* Installing downloaded packages..." | $LOGGER
    dpkg -i *.deb                       >> $LOG
    if [ $? -eq 1 ]; then
        echo "FAIL" | $LOGGER
        exit 1
    else
        echo "OK"   | $LOGGER
    fi

        if [ -d /var/lib/mysql/snorby ]; then
                echo -n "* Starting Snorby jobs..." | $LOGGER
        su www-data -c "cd /usr/local/share/snorby; bundle exec rake snorby:update RAILS_ENV=production" >> $LOG
        if [ $? -eq 1 ]; then
            echo "FAIL" | $LOGGER
        else
            echo "OK"   | $LOGGER
        fi
                echo -n "* Restarting Apache..." | $LOGGER
        /etc/init.d/apache2 restart >> $LOG 2>&1
        if [ $? -eq 1 ]; then
            echo "FAIL" | $LOGGER
        else
            echo "OK"   | $LOGGER
        fi
        fi

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 19 Mar 2012 at 4:23

Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:21:26Z

Tested by:
Scott Runnels
Liam Randall
Eric Ooi
Heine Lysemose
Marshal Graham

Original comment by doug.bu...@gmail.com on 19 Mar 2012 at 7:59

Changed state: Verified
Added labels: ****
Removed labels: ****

GoogleCodeExporter · 2015-03-24T20:21:27Z

Published:
http://securityonion.blogspot.com/2012/03/security-onion-20120312-now-available.
html

Original comment by doug.bu...@gmail.com on 19 Mar 2012 at 10:37

Added labels: ****
Removed labels: ****

GoogleCodeExporter added auto-migrated Type-Enhancement Priority-Low labels Mar 24, 2015

GoogleCodeExporter closed this as completed Mar 24, 2015

Snorby 2.5.0 #233

Snorby 2.5.0 #233

Comments

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015

GoogleCodeExporter commented Mar 24, 2015