cat << EOF > $CONF
# /etc/nsm/securityonion.conf
# Generated by Security Onion Setup (sosetup) at $DATE

# Which IDS engine would you like to run?
ENGINE=$IDS_ENGINE_LOWER

# How many days would you like to keep in the Sguil database archive?
DAYSTOKEEP=$DAYSTOKEEP

# How many days worth of tables would you like to repair every day?
DAYSTOREPAIR=$DAYSTOREPAIR

# At what percentage of disk usage should the NSM scripts warn you?
WARN_DISK_USAGE=$WARN_DISK_USAGE

# At what percentage of disk usage should the NSM scripts begin purging old 
data?
CRIT_DISK_USAGE=$CRIT_DISK_USAGE

# Do you want to run Bro?  yes/no
BRO_ENABLED=$BRO_ENABLED

# The OSSEC agent sends OSSEC HIDS alerts into the Sguil database.
# Do you want to run the OSSEC Agent?  yes/no
OSSEC_AGENT_ENABLED=$OSSEC_AGENT_ENABLED

# Do you want to run the Snorby worker?  yes/no
SNORBY_ENABLED=yes

# Do you want to run Xplico?  yes/no
XPLICO_ENABLED=yes

# LOCAL_HIDS_RULE_TUNING
# If set to no (default), sensor will copy OSSEC rules from master server as-is 
(no changes).
# If set to yes, sensor will keep its own copy of the OSSEC rules.
LOCAL_HIDS_RULE_TUNING=no

# LOCAL_NIDS_RULE_TUNING
# The effect of this option is different depending on whether this box is a 
server or not.
# SERVER
# LOCAL_NIDS_RULE_TUNING=yes
# rule-update will operate on a local copy of the rules instead of downloading 
rules from the Internet
# LOCAL_NIDS_RULE_TUNING=no
# rule-update will try to download rules from the Internet
# SENSOR-ONLY
# LOCAL_NIDS_RULE_TUNING=yes
# rule-update will copy rules from master server and then try to run PulledPork 
locally for tuning
# LOCAL_NIDS_RULE_TUNING=no
# rule-update will copy rules from master server as-is (no changes)
EOF

Submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/my5dRuEsvBQ/discussion

Published:
http://blog.securityonion.net/2014/07/new-securityonion-setup-package.html