SecurityOnion 1st Time Configuration and Set-Up

January 23, 2017 | Views: 14099

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Estimated reading time: 2.5 minutes

Loading and setting up SecurityOnion

This tutorial is intended mostly for beginners or anyone who wants to set up their first network monitoring device with some pre-configured tools to test out but anyone is free to use it.

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. As a part of this demonstration, we’re going to be turning it into an IDS sensor. Later, we’ll be gathering logs from a host using HIDs and OSSEC.

First, we’re going to load the ISO into our VM emulator. I’m using VMware player and SecurityOnion for this demonstration as OSSEC is already installed. But you can really use any distro as long as you’re willing to install it from the website. After clicking on “create a new virtual machine,” select “installer disk image” and browse to the location you saved your downloaded ISO to.

Next, you’ll be prompted to configure the VM before creation is complete. We’re going to need to add another network adapter. SecurityOnion will use the first for management and the second for sniffing and capturing traffic in promiscuous mode. I recommend giving this machine a little more memory and CPU power for speed but that’s mostly preference.

After this is done we can begin installation of security onion. Choose to install, your language and then allow SO to download the third party software so we can get the full usage out of our evaluation copy. Clear the disk with the first option. Don’t worry as this is, in fact, the virtual hard disk we created with the VM that will be erased not your personal hard drive!

Once that’s complete you’ll be prompted to choose a location and keyboard layout. Select as applicable and afterward, you’ll generate an account. When that’s finished you can feel free to grab a snack and wait for the install. After you reboot select the first option and you’ll be met with a login terminal.

Upon logging in you should see some icons on the desktop. Click on setup and select yes for the following prompts. This will automatically establish a few values for you making things a little bit easier in the long run. Select DHCP for networking for now. Since we are only going to use SO in evaluation mode this isn’t a worry but normally you’d want to set this up with static IP settings. Afterward, you’ll be prompted to choose the interface you’ll be sniffing traffic on. Select eth1. Finally select evaluation mode and you’ll be prompted to set up more accounts. After that’s complete you’ll be asked to reboot and then we’re finished! The rest of the setup will give you information about how to check on running services (which can then be disabled or administered as you like.)

If there is any interest in this topic I will go over specific tools I’ve used after completing the OSSEC tutorial next.

Thanks for reading and feel free to leave comments and constructive criticism below.


You can download/install SecurityOnion from sourceforge.net, GitHub, or search for it somewhere else.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
8 Comments
  1. “If there is any interest in this topic I will go over specific tools I’ve used after completing the OSSEC tutorial next.”

    Yes, i would love to read more. 🙂

    lovely greetings ~

    • Thank you so much, Meta!!

      I have Security Onion on my list of things to check out after tonight’s finals and this will definitely help!! 🙂

      I’m all out of Cybytes or I would have tipped you…sorry about that!!

      …and YES!! I, too, would love to read more about tools and their use!! 🙂

      Have a great day and a wonderful weekend!!

      ladyhacker
      🙂

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel