3 hours 10 minutes
Hey, folks, welcome to Lesson three of intro to Security Onion on Carl. And in this lesson, we will be installing a standalone security onion server.
So for the agenda,
first we'll see how to download at the I s so image for security Onion. Next, we'll see how to set up a virtual machine to host our security onion instance. Once that's all set up, we'll go over installing the OS and configuring it as a standalone server.
And finally, we'll upgrade the system once it's all been configured
right before we jump into downloading and installing that has so image, let's review the requirements for the V. M.
You want to make sure you're VM has at least four CPU cores, eight gigabytes of memory and at least 10 gigabytes of storage. If you go below these numbers, especially on the memory and cores, you may have issues with your V M that you won't really want to fight.
In this demo. I will build the VM on my laptop to show you the process, but I won't be able to give it. All of the all of the needed resource is since my laptop isn't powerful enough
so I will move it to a virtual ization server later and bump up the resource is to make it usable.
All right, let's get started. The first thing that will want to do is download the Esso image from the security onion, Get home page here. Then after that, will want to create a virtual machine in your hyper visor of choice. You can do with a virtual boxer, VM where, player, They're both good options.
Then from there will install security onion, run through security scripts and update our system.
So I already have
this whips I pulled up here.
So this is the get help page that I linked in our slides. We can download our eyes. So image here.
We also have our signatures to make sure that our I s O image is
coming from the right source and nothing has been corrupted for the sake of this demonstration. We won't worry too much about that.
So we will jump right over to, uh,
the M where?
So we will open a V m. Where in this case I'm using VM wear workstation 14 player. We will create a new virtual machine.
You want to grab installer disk image. I s Oh, right now. Have you boo to selected.
We want to grab security. Onion.
In this case, I downloaded this on
ah, a couple months back. So almost four months, but should still be fine. We'll update the system.
Okay, So, virtual
mash, your VM wear excuse me could not detect the operating system, which is understandable. So we'll tell it that it's Lennox who boon to 64 bit because
security onion is built on a boon to
you name it
Security. Onion, cyber Eri
Well, say 20 gig
is fine. We'll split it into multiple files.
Let's customize our hardware
So Cabana likes. Technically, Cabana likes toe have eight gigs of memory to run properly,
but my laptop only has eight gigs, so
favor of not crashing my laptop will only give it for
and we'll just say, two processors through. To course, that's fine.
Now for a network adaptor. Will you just use in that
butts? That will be our management interface. We want to add a second network adapter
for our sniffing or playback interface.
For that, we will say host only,
all of our other settings are just fine.
Will say close.
It all looks final. Say finish.
And now we can play our virtual machine.
Okay. You can just ignore that
on this, eh?
But security onion,
as you can see here, if I want to return to my computer, you had control. Halt.
It's one of the
things to remember when you're working with virtual machines. If you get stuck and can't get back out, just
hit control, Holt and you get your mask back
red. It'll take just a moment to boot.
It'll automatically lug. And for us. There we go.
All right, we have our home screen.
And now, if you wanted to take security onion for ah, quick test drive,
run through the applications here.
We've got some of the system tools. Just
accessories. Play around with some of the stuff.
Ah, but to really get into it, we want to install security onion.
And we are getting this pop up down here, asking us if we want to install VM wear tools,
If you're going to be using your
security onion or just any virtual machine instance
decent amount, I'd recommend installing the tools. We won't cover it in here just because it's not really
ah necessary for what we're doing. But this will allow you to share clipboards. It'll allow you to recites the screen things like that so they can be pretty helpful.
So we have our install script here.
If you've ever installed a boon to before, it should be fairly familiar. So we choose English.
Yes, that is what I'm currently speaking,
say continue thinks for a minute.
So we won't worry about downloading in updates while installing. We won't install their party tools.
Third party tools mean more vulnerabilities, potentially
cable race disk. That's fine.
Don't think we'll need L V M, but
we'll select that anyway.
All right is asking if this is partition tables. Air fine will say OK,
so I live in Salt Lake,
so we'll say Denver is fine. That's the closest
big city that's recognized in my time zone.
All right, so we have English English.
This is kind of an annoying thing with out
running. The install script is you have to move the screen over the window over
because since we don't have any of the VM where tools installed we can't resize.
All right, so
my name is Carl
King. Security onions. I bury
We will pick a password.
So right now it is installing.
This will likely take a couple of minutes for everything to copy. Over. So
think we'll just skip to the end?
All right, So we skipped over all of the copying of files and installation. All told, it took about 15 minutes.
Typically, it should be a bit quicker than that, but my laptops getting a little bit old.
So you have installation complete. We can continue testing here. We didn't do much testing, so there's nothing really to continue, so here we will just restart.
Using Snort and Wireshark to Analyze Traffic
The Using Snort and Wireshark to Analyze Traffic virtual lab from CybrScore guides the student ...
The IDS Setup virtual lab from CybrScore guides the student through setting up an intrusion ...