Thursday 29 December 2016

Install Security Onion 14.04 into VirtualBox

Had some issues getting the guest additions working, but the following fixed it for me.

1. Make sure everything is up to date:

  • sudo apt update
  • sudo apt upgrade
  • sudo apt dist-upgrade
  • sudo apt-get autoremove
  • sudo apt-get autoclean
2. Make sure the correct Xorg is installed:
  • sudo apt install xserver-xorg-core
3. Install the guest utils and DKMS from the repo:
  • sudo apt install virtualbox-guest-utils virtualbox-guest-x11 virtualbox-guest-dkms dkms
4. Reboot and cleanup:
  • sudo reboot
  • sudo apt-get autoremove
  • sudo apt-get autoclean


Tuesday 27 December 2016

Snort\Barnyard2\Snorby running on x86 Ubuntu 14.04

I followed this basic guide:
http://www.ubuntu-howtodoit.com/?p=138

Step 5.2 I had to adjust the line:
./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu

To the following line as I am running an x86 install on this old server:
:~$ ./configure --with-mysql --with-mysql-libraries=/usr/lib/i386-linux-gnu

Step 7, I pulled the Upstart scripts from the following:
https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/090/original/Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf

This was due to Ubuntu 14.04 running Upstart rather than Systemd.

Section 8.12 - As I was running Nginx rather than Apache2, I followed this:
https://www.digitalocean.com/community/tutorials/how-to-deploy-a-rails-app-with-passenger-and-nginx-on-ubuntu-14-04

This page to configure Passenger:
https://www.phusionpassenger.com/library/install/nginx/install/oss/trusty/

The contents of /etc/nginx/passenger.conf that worked for me was:
passenger_root /usr/local/lib/ruby/gems/2.3.0/gems/passenger-5.1.1;
passenger_ruby /usr/local/bin/ruby;

I still have an issue with the web page comlaning that the snorby worker isn't running, yet it is running from an upstart script.

I'll look at that another day!