Time
3 hours 10 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
all right. And now we have our log in screen.
00:04
Put in the
00:05
credentials that I set up for. I can remember them.
00:13
And now we have a fully installed a security onion. Standalone server.
00:21
All right, so from here, we want to configure our system.
00:25
So we run our setup script on the dashboard,
00:32
but in our password,
00:37
first thing it'll ask is
00:39
we want to set up the following service's we say yes.
00:45
And
00:47
first step is we configure our network interfaces,
00:53
so we want 33
00:55
to be our management interface.
01:00
So since this is a V, m will just say the HCP, if you're running anything in production than static, is a much better idea.
01:08
But
01:11
th the P is fine for our
01:14
build.
01:15
We want to set apart sniffing interface, which will do E. N S 34.
01:21
It's great.
01:23
So we'll make those changes. And for those to be applied, needs to reboot. So we'll say reboot
01:36
should go pretty quickly because it's a V m. Yep.
01:45
All right. My name.
01:48
My password.
01:55
Oh, right. So now if you look here, our
01:59
wallpaper has changed. So run set up again to continue the second phase. All right, that's great.
02:07
Password again.
02:15
Okay, So what are?
02:17
First screen comes up, we'll configure the following service is yes.
02:23
So
02:24
here it says it looks like you've already set up your etc network interfaces.
02:30
Would you like a skip network configuration? We want to say yes because we already did that phase.
02:36
Now this is, ah, warning saying we only have four gigs of Ram allocated.
02:42
Um,
02:43
and it says properly
02:45
or for best performance, we wanna give it eight gigs of Ram.
02:47
Now my laptop only has eight gigs of RAM, so
02:53
I cannot give it all the resource is needed. But for a standalone instance, it should be fine.
03:00
I will say yes. Continue
03:01
so we can choose either evaluation mode or production mode. So evaluation mode, as you can see here, is recommended for first time users or stand alone v ems so
03:14
quickly evaluating security union.
03:16
It'll configure most of the details on your system. It doesn't give you too many options. It'll do snort and burrow.
03:23
And
03:24
as it says here, and as we've said before, this is not intended for production deployment.
03:30
He tried to dio standalone server as a production deployments, then you will probably break something.
03:38
So evaluation mode. Okay,
03:42
Which network interface should be monitored? We're monitoring 34.
03:49
So
03:51
we want to set up our first user account for Kid Bon A squirt and squeal.
04:00
In this case, I'm just gonna do Carl again.
04:10
When you're doing this in production mode, it's probably a good idea to have your
04:16
analyst user name, user and username difference than your route user and user name. In this case, I don't really care. Apparently, I don't know how to type.
04:30
Okay, let's try that again without talking.
04:35
There we go.
04:38
Okay, So this is all the changes we're going to make. Well said the OS time zone to you, T c,
04:44
that's Ah, general good practice when you're running security technologies or any log collecting technologies said to your time zone to you t c. That way,
04:55
everything is on the same times. Time zone.
04:59
Well, delete Any N SM configuration will create a squeal server named Security onion User named Carl Configure snort end spro to configure E. N s 34
05:12
single ideas process per interface
05:15
and single grow process per interface. And it'll configure elastic staff for us.
05:20
So if you've ever tried configuring any of these items by hand,
05:28
they
05:29
there's something of a challenge. So, for example, configuring snort,
05:33
Um,
05:36
you I I haven't
05:39
dared. I haven't tried. Do it doing get myself just I know how big of ah challenge it is. You need to compile it from the buying area if I recall,
05:48
um, and then just make sure everything's configured properly. It's It is not an easy process. So I very much appreciate that
05:58
business gooey interface that we just click through a couple of things
06:01
and it sets it all up for us.
06:06
All right, so
06:09
here
06:11
this is another paint drying episode, so we can probably just skip to the end of this.
06:24
All right, So
06:26
her configuration script just finished
06:30
on DDE.
06:31
Whenever the script finishes up, we have ah, couple of pop ups that come up.
06:36
So 1st 1
06:39
telling us that it's complete
06:41
our logs for the setup can be founded. Var log and S m s o set up that log. Say OK,
06:49
now we can
06:53
It's next one is Ah, little bit of information on how we can check the service is on our
07:00
instance
07:01
pseudo eso stats will give detail information about your sir
07:06
at your service is then we have quick and redacted.
07:13
Now all of our rules are stored in these various locations.
07:17
So there there is a cheat sheet that is put out by security onion solutions that has all of these locations written down on there. So you don't really need to remember these Take screenshots or anything because the
07:30
cheat sheet really helps on that.
07:35
All right, so
07:39
our local firewall has been locked down.
07:44
We need to change that. We do the pseudo eso allow. That is also on the cheat sheet.
07:48
We have any questions? We can go to security young ian dot net and find links to all of these.
07:57
Don't know if the IRC Channel is still a thing, but Stella still down here?
08:01
We need commercial supporter training. We can go to six security onion solutions,
08:07
and I do believe that is our last pop up.
08:13
All right, so our last step is to update this system.
08:18
If you've ever worked on a boon to you know you
08:22
to the pseudo happed get update and then upgrade.
08:26
In this case, there is a script
08:33
that is built into the OS. That does all of that for you. And it also checks the security onion
08:41
images to make sure everything is everything. Coming from the security onion team is up to date, and that is pseudo
08:50
so. Sue Preys do soup.
08:52
So soup is security. Onion updates or upgrade.
08:58
We wanna type in your password.
09:01
I don't know if I type it in. I detect that incorrect. Okay,
09:05
so, security onion update, er
09:09
so
09:11
just hit. Enter
09:15
will start checking for updates.
09:20
So this is another process that will take a moment to run through.
09:26
So
09:26
just pause and skip to the end,
09:30
and we are back. Our upgrade just finished. It was a pretty intense upgrade. It took about 20 minutes, but our I S O image was a couple months old, and
09:43
there's plenty of stuff to update it. Updated our doctor images. It updated.
09:48
Um,
09:50
all of the Lenox packages it It downloaded quite a few things. So from here, we can just hit enter,
09:58
and that will agree. Booed our machine. And once it
10:01
comes back up online, we will have our
10:05
fully functional standalone server of security onion
10:09
to review what we did in this lesson.
10:13
First we saw where to download the security onion I Esso image. Once we had that we created of'em wear instance on which we installed security.
10:22
Once that was installed, we configured it as a standalone server. And finally we updated. Updated A system with soup.
10:31
Thank you so much for watching this lesson in the next one. We will cover how to install a distributed environment. See you then.

Up Next

Security Onion

Security Onion is an open source Network Security Monitoring and log management Linux Distribution. In this course we will learn about the history, components, and architecture of the distro, and we will go over how to install and deploy single and multiple server architectures, as well as how to replay or sniff traffic.

Instructed By

Instructor Profile Image
Karl Hansen
Senior SOC Analyst
Instructor