3.2 Security Onion Download and Installation Part 2

Video Activity

Join over 3 million cybersecurity professionals advancing their career

Required fields are marked with an *

View all SSO options

Already have an account? Sign In »

Security Onion

Course

Time

3 hours 10 minutes

Difficulty

Beginner

CEU/CPE

Video Transcription

00:00

all right. And now we have our log in screen.

00:04

Put in the

00:05

credentials that I set up for. I can remember them.

00:13

And now we have a fully installed a security onion. Standalone server.

00:21

All right, so from here, we want to configure our system.

00:25

So we run our setup script on the dashboard,

00:32

but in our password,

00:37

first thing it'll ask is

00:39

we want to set up the following service's we say yes.

00:45

And

00:47

first step is we configure our network interfaces,

00:53

so we want 33

00:55

to be our management interface.

01:00

So since this is a V, m will just say the HCP, if you're running anything in production than static, is a much better idea.

01:08

But

01:11

th the P is fine for our

01:14

build.

01:15

We want to set apart sniffing interface, which will do E. N S 34.

01:21

It's great.

01:23

So we'll make those changes. And for those to be applied, needs to reboot. So we'll say reboot

01:36

should go pretty quickly because it's a V m. Yep.

01:45

All right. My name.

01:48

My password.

01:55

Oh, right. So now if you look here, our

01:59

wallpaper has changed. So run set up again to continue the second phase. All right, that's great.

02:07

Password again.

02:15

Okay, So what are?

02:17

First screen comes up, we'll configure the following service is yes.

02:23

02:24

here it says it looks like you've already set up your etc network interfaces.

02:30

Would you like a skip network configuration? We want to say yes because we already did that phase.

02:36

Now this is, ah, warning saying we only have four gigs of Ram allocated.

02:42

Um,

02:43

and it says properly

02:45

or for best performance, we wanna give it eight gigs of Ram.

02:47

Now my laptop only has eight gigs of RAM, so

02:53

I cannot give it all the resource is needed. But for a standalone instance, it should be fine.

03:00

I will say yes. Continue

03:01

so we can choose either evaluation mode or production mode. So evaluation mode, as you can see here, is recommended for first time users or stand alone v ems so

03:14

quickly evaluating security union.

03:16

It'll configure most of the details on your system. It doesn't give you too many options. It'll do snort and burrow.

03:23

And

03:24

as it says here, and as we've said before, this is not intended for production deployment.

03:30

He tried to dio standalone server as a production deployments, then you will probably break something.

03:38

So evaluation mode. Okay,

03:42

Which network interface should be monitored? We're monitoring 34.

03:49

03:51

we want to set up our first user account for Kid Bon A squirt and squeal.

04:00

In this case, I'm just gonna do Carl again.

04:10

When you're doing this in production mode, it's probably a good idea to have your

04:16

analyst user name, user and username difference than your route user and user name. In this case, I don't really care. Apparently, I don't know how to type.

04:30

Okay, let's try that again without talking.

04:35

There we go.

04:38

Okay, So this is all the changes we're going to make. Well said the OS time zone to you, T c,

04:44

that's Ah, general good practice when you're running security technologies or any log collecting technologies said to your time zone to you t c. That way,

04:55

everything is on the same times. Time zone.

04:59

Well, delete Any N SM configuration will create a squeal server named Security onion User named Carl Configure snort end spro to configure E. N s 34

05:12

single ideas process per interface

05:15

and single grow process per interface. And it'll configure elastic staff for us.

05:20

So if you've ever tried configuring any of these items by hand,

05:28

they

05:29

there's something of a challenge. So, for example, configuring snort,

05:33

Um,

05:36

you I I haven't

05:39

dared. I haven't tried. Do it doing get myself just I know how big of ah challenge it is. You need to compile it from the buying area if I recall,

05:48

um, and then just make sure everything's configured properly. It's It is not an easy process. So I very much appreciate that

05:58

business gooey interface that we just click through a couple of things

06:01

and it sets it all up for us.

06:06

All right, so

06:09

here

06:11

this is another paint drying episode, so we can probably just skip to the end of this.

06:24

All right, So

06:26

her configuration script just finished

06:30

on DDE.

06:31

Whenever the script finishes up, we have ah, couple of pop ups that come up.

06:36

So 1st 1

06:39

telling us that it's complete

06:41

our logs for the setup can be founded. Var log and S m s o set up that log. Say OK,

06:49

now we can

06:53

It's next one is Ah, little bit of information on how we can check the service is on our

07:00

instance

07:01

pseudo eso stats will give detail information about your sir

07:06

at your service is then we have quick and redacted.

07:13

Now all of our rules are stored in these various locations.

07:17

So there there is a cheat sheet that is put out by security onion solutions that has all of these locations written down on there. So you don't really need to remember these Take screenshots or anything because the

07:30

cheat sheet really helps on that.

07:35

All right, so

07:39

our local firewall has been locked down.

07:44

We need to change that. We do the pseudo eso allow. That is also on the cheat sheet.

07:48

We have any questions? We can go to security young ian dot net and find links to all of these.

07:57

Don't know if the IRC Channel is still a thing, but Stella still down here?

08:01

We need commercial supporter training. We can go to six security onion solutions,

08:07

and I do believe that is our last pop up.

08:13

All right, so our last step is to update this system.

08:18

If you've ever worked on a boon to you know you

08:22

to the pseudo happed get update and then upgrade.

08:26

In this case, there is a script

08:33

that is built into the OS. That does all of that for you. And it also checks the security onion

08:41

images to make sure everything is everything. Coming from the security onion team is up to date, and that is pseudo

08:50

so. Sue Preys do soup.

08:52

So soup is security. Onion updates or upgrade.

08:58

We wanna type in your password.

09:01

I don't know if I type it in. I detect that incorrect. Okay,

09:05

so, security onion update, er

09:09

09:11

just hit. Enter

09:15

will start checking for updates.

09:20

So this is another process that will take a moment to run through.

09:26

just pause and skip to the end,

09:30

and we are back. Our upgrade just finished. It was a pretty intense upgrade. It took about 20 minutes, but our I S O image was a couple months old, and

09:43

there's plenty of stuff to update it. Updated our doctor images. It updated.

09:48

Um,

09:50

all of the Lenox packages it It downloaded quite a few things. So from here, we can just hit enter,

09:58

and that will agree. Booed our machine. And once it

10:01

comes back up online, we will have our

10:05

fully functional standalone server of security onion