3 hours 10 minutes
all right. And now we have our log in screen.
Put in the
credentials that I set up for. I can remember them.
And now we have a fully installed a security onion. Standalone server.
All right, so from here, we want to configure our system.
So we run our setup script on the dashboard,
but in our password,
first thing it'll ask is
we want to set up the following service's we say yes.
first step is we configure our network interfaces,
so we want 33
to be our management interface.
So since this is a V, m will just say the HCP, if you're running anything in production than static, is a much better idea.
th the P is fine for our
We want to set apart sniffing interface, which will do E. N S 34.
So we'll make those changes. And for those to be applied, needs to reboot. So we'll say reboot
should go pretty quickly because it's a V m. Yep.
All right. My name.
Oh, right. So now if you look here, our
wallpaper has changed. So run set up again to continue the second phase. All right, that's great.
Okay, So what are?
First screen comes up, we'll configure the following service is yes.
here it says it looks like you've already set up your etc network interfaces.
Would you like a skip network configuration? We want to say yes because we already did that phase.
Now this is, ah, warning saying we only have four gigs of Ram allocated.
and it says properly
or for best performance, we wanna give it eight gigs of Ram.
Now my laptop only has eight gigs of RAM, so
I cannot give it all the resource is needed. But for a standalone instance, it should be fine.
I will say yes. Continue
so we can choose either evaluation mode or production mode. So evaluation mode, as you can see here, is recommended for first time users or stand alone v ems so
quickly evaluating security union.
It'll configure most of the details on your system. It doesn't give you too many options. It'll do snort and burrow.
as it says here, and as we've said before, this is not intended for production deployment.
He tried to dio standalone server as a production deployments, then you will probably break something.
So evaluation mode. Okay,
Which network interface should be monitored? We're monitoring 34.
we want to set up our first user account for Kid Bon A squirt and squeal.
In this case, I'm just gonna do Carl again.
When you're doing this in production mode, it's probably a good idea to have your
analyst user name, user and username difference than your route user and user name. In this case, I don't really care. Apparently, I don't know how to type.
Okay, let's try that again without talking.
There we go.
Okay, So this is all the changes we're going to make. Well said the OS time zone to you, T c,
that's Ah, general good practice when you're running security technologies or any log collecting technologies said to your time zone to you t c. That way,
everything is on the same times. Time zone.
Well, delete Any N SM configuration will create a squeal server named Security onion User named Carl Configure snort end spro to configure E. N s 34
single ideas process per interface
and single grow process per interface. And it'll configure elastic staff for us.
So if you've ever tried configuring any of these items by hand,
there's something of a challenge. So, for example, configuring snort,
you I I haven't
dared. I haven't tried. Do it doing get myself just I know how big of ah challenge it is. You need to compile it from the buying area if I recall,
um, and then just make sure everything's configured properly. It's It is not an easy process. So I very much appreciate that
business gooey interface that we just click through a couple of things
and it sets it all up for us.
All right, so
this is another paint drying episode, so we can probably just skip to the end of this.
All right, So
her configuration script just finished
Whenever the script finishes up, we have ah, couple of pop ups that come up.
So 1st 1
telling us that it's complete
our logs for the setup can be founded. Var log and S m s o set up that log. Say OK,
now we can
It's next one is Ah, little bit of information on how we can check the service is on our
pseudo eso stats will give detail information about your sir
at your service is then we have quick and redacted.
Now all of our rules are stored in these various locations.
So there there is a cheat sheet that is put out by security onion solutions that has all of these locations written down on there. So you don't really need to remember these Take screenshots or anything because the
cheat sheet really helps on that.
All right, so
our local firewall has been locked down.
We need to change that. We do the pseudo eso allow. That is also on the cheat sheet.
We have any questions? We can go to security young ian dot net and find links to all of these.
Don't know if the IRC Channel is still a thing, but Stella still down here?
We need commercial supporter training. We can go to six security onion solutions,
and I do believe that is our last pop up.
All right, so our last step is to update this system.
If you've ever worked on a boon to you know you
to the pseudo happed get update and then upgrade.
In this case, there is a script
that is built into the OS. That does all of that for you. And it also checks the security onion
images to make sure everything is everything. Coming from the security onion team is up to date, and that is pseudo
so. Sue Preys do soup.
So soup is security. Onion updates or upgrade.
We wanna type in your password.
I don't know if I type it in. I detect that incorrect. Okay,
so, security onion update, er
just hit. Enter
will start checking for updates.
So this is another process that will take a moment to run through.
just pause and skip to the end,
and we are back. Our upgrade just finished. It was a pretty intense upgrade. It took about 20 minutes, but our I S O image was a couple months old, and
there's plenty of stuff to update it. Updated our doctor images. It updated.
all of the Lenox packages it It downloaded quite a few things. So from here, we can just hit enter,
and that will agree. Booed our machine. And once it
comes back up online, we will have our
fully functional standalone server of security onion
to review what we did in this lesson.
First we saw where to download the security onion I Esso image. Once we had that we created of'em wear instance on which we installed security.
Once that was installed, we configured it as a standalone server. And finally we updated. Updated A system with soup.
Thank you so much for watching this lesson in the next one. We will cover how to install a distributed environment. See you then.
Using Snort and Wireshark to Analyze Traffic
The Using Snort and Wireshark to Analyze Traffic virtual lab from CybrScore guides the student ...
The IDS Setup virtual lab from CybrScore guides the student through setting up an intrusion ...