Time
3 hours 10 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
Hey, folks, welcome to Lesson three of intro to Security Onion on Carl. And in this lesson, we will be installing a standalone security onion server.
00:10
So for the agenda,
00:12
first we'll see how to download at the I s so image for security Onion. Next, we'll see how to set up a virtual machine to host our security onion instance. Once that's all set up, we'll go over installing the OS and configuring it as a standalone server.
00:27
And finally, we'll upgrade the system once it's all been configured
00:32
right before we jump into downloading and installing that has so image, let's review the requirements for the V. M.
00:39
You want to make sure you're VM has at least four CPU cores, eight gigabytes of memory and at least 10 gigabytes of storage. If you go below these numbers, especially on the memory and cores, you may have issues with your V M that you won't really want to fight.
00:54
In this demo. I will build the VM on my laptop to show you the process, but I won't be able to give it. All of the all of the needed resource is since my laptop isn't powerful enough
01:04
so I will move it to a virtual ization server later and bump up the resource is to make it usable.
01:11
All right, let's get started. The first thing that will want to do is download the Esso image from the security onion, Get home page here. Then after that, will want to create a virtual machine in your hyper visor of choice. You can do with a virtual boxer, VM where, player, They're both good options.
01:30
Then from there will install security onion, run through security scripts and update our system.
01:36
So I already have
01:40
this whips I pulled up here.
01:42
So this is the get help page that I linked in our slides. We can download our eyes. So image here.
01:48
We also have our signatures to make sure that our I s O image is
01:53
coming from the right source and nothing has been corrupted for the sake of this demonstration. We won't worry too much about that.
02:01
So we will jump right over to, uh,
02:06
the M where?
02:12
So we will open a V m. Where in this case I'm using VM wear workstation 14 player. We will create a new virtual machine.
02:22
You want to grab installer disk image. I s Oh, right now. Have you boo to selected.
02:29
We want to grab security. Onion.
02:30
In this case, I downloaded this on
02:35
ah, a couple months back. So almost four months, but should still be fine. We'll update the system.
02:43
Okay, So, virtual
02:46
mash, your VM wear excuse me could not detect the operating system, which is understandable. So we'll tell it that it's Lennox who boon to 64 bit because
02:57
security onion is built on a boon to
03:00
say next,
03:01
you name it
03:07
Security. Onion, cyber Eri
03:12
Well, say 20 gig
03:14
is fine. We'll split it into multiple files.
03:19
Fine.
03:20
Let's customize our hardware
03:23
So Cabana likes. Technically, Cabana likes toe have eight gigs of memory to run properly,
03:31
but my laptop only has eight gigs, so
03:36
in
03:38
favor of not crashing my laptop will only give it for
03:42
and we'll just say, two processors through. To course, that's fine.
03:47
Now for a network adaptor. Will you just use in that
03:52
butts? That will be our management interface. We want to add a second network adapter
04:00
for our sniffing or playback interface.
04:03
For that, we will say host only,
04:05
and
04:06
all of our other settings are just fine.
04:10
Will say close.
04:12
It all looks final. Say finish.
04:16
And now we can play our virtual machine.
04:21
Oh, right.
04:28
Okay. You can just ignore that
04:31
on this, eh?
04:35
But security onion,
04:41
as you can see here, if I want to return to my computer, you had control. Halt.
04:47
It's one of the
04:49
things to remember when you're working with virtual machines. If you get stuck and can't get back out, just
04:55
hit control, Holt and you get your mask back
05:04
red. It'll take just a moment to boot.
05:19
It'll automatically lug. And for us. There we go.
05:29
All right, we have our home screen.
05:31
And now, if you wanted to take security onion for ah, quick test drive,
05:36
you could
05:38
run through the applications here.
05:41
We've got some of the system tools. Just
05:43
accessories. Play around with some of the stuff.
05:45
Ah, but to really get into it, we want to install security onion.
06:02
And we are getting this pop up down here, asking us if we want to install VM wear tools,
06:09
huh?
06:11
If you're going to be using your
06:13
security onion or just any virtual machine instance
06:17
decent amount, I'd recommend installing the tools. We won't cover it in here just because it's not really
06:25
ah necessary for what we're doing. But this will allow you to share clipboards. It'll allow you to recites the screen things like that so they can be pretty helpful.
06:35
So we have our install script here.
06:39
If you've ever installed a boon to before, it should be fairly familiar. So we choose English.
06:45
Yes, that is what I'm currently speaking,
06:48
say continue thinks for a minute.
06:54
So we won't worry about downloading in updates while installing. We won't install their party tools.
07:00
Third party tools mean more vulnerabilities, potentially
07:09
cable race disk. That's fine.
07:12
Don't think we'll need L V M, but
07:14
we'll select that anyway.
07:29
All right is asking if this is partition tables. Air fine will say OK,
07:46
so I live in Salt Lake,
07:48
so we'll say Denver is fine. That's the closest
07:53
big city that's recognized in my time zone.
08:13
All right, so we have English English.
08:15
This is kind of an annoying thing with out
08:18
with
08:20
running. The install script is you have to move the screen over the window over
08:24
because since we don't have any of the VM where tools installed we can't resize.
08:31
All right, so
08:33
my name is Carl
08:43
King. Security onions. I bury
08:46
We will pick a password.
08:56
Oh, right.
09:03
So right now it is installing.
09:11
This will likely take a couple of minutes for everything to copy. Over. So
09:16
think we'll just skip to the end?
09:22
All right, So we skipped over all of the copying of files and installation. All told, it took about 15 minutes.
09:31
Typically, it should be a bit quicker than that, but my laptops getting a little bit old.
09:37
So you have installation complete. We can continue testing here. We didn't do much testing, so there's nothing really to continue, so here we will just restart.

Up Next

Security Onion

Security Onion is an open source Network Security Monitoring and log management Linux Distribution. In this course we will learn about the history, components, and architecture of the distro, and we will go over how to install and deploy single and multiple server architectures, as well as how to replay or sniff traffic.

Instructed By

Instructor Profile Image
Karl Hansen
Senior SOC Analyst
Instructor