We’ve all been there, either standing over a spare computer or staring at a virtual machine thinking, “I want to build an IDS” but not wanting to embark on the painful process of installation and configuration. Indeed, this has been the desire of many since the earliest days of open-source IDS, and for the brave who are willing to follow pages of instructions for installation and management it is the first step of many towards standing up a brand spanking new IDS. Thankfully, the pain has been removed from that process by a new Linux distribution called Security Onion.
Security Onion is a free Xubuntu based Linux distribution for Intrusion Detection (IDS), Network Security Monitoring, and other security tools. The Linux distro, which was created by Doug Burks, drastically simplifies the installation and management of a myriad of security tools, not the least of which is IDS, or in the case of this series Snort. Granted, there have been many efforts to simplify the installation of Snort but this distribution is really in a league of its own. This post will provide a review of Security Onion as well as a walk through for the initial installation and setup of Snort via Security Onion.
Before I dive directly into my tutorial here, please be aware that Irongeek has posted a great video tutorial here.
Step 1: Download Security Onion
In order to install Security Onion, first download the iso image which can be found at:
Step 2: Install Security Onion on a Spare or Virtual Machine
Either burn the ISO image to a disk and boot your machine from that disk or utilize the ISO directly for installation in a virtual instance. In either case, boot your machine from the ISO (for virtual machines creating a default VM is typically fine).
Step 3: Select an Installation Type
Once at the Grub Menu select “Install – Start the Installer Directly” this will launch a typical Ubuntu installation which really does not need much explanation. Here I’m going to make the fundamental assumption that anyone reading this site can figure out how to get Linux installed and skip a couple of steps (fully acknowledging that one should really never skip steps in a tutorial).
Step 4(ish): Update Your New Security Onion Install
Once the Linux installation has finished, reboot and login via the username and password you setup during the Linux installation. Next open a terminal and input the command #sudo apt-get update; sudo apt-get dist-upgrade
Step 5: Update Security Onion
At this point Security Onion has been successfully installed and the Operating System (OS) has been updated/upgraded. Now it is time to update Security Onion itself. In order to do this, open up Firefox and navigate to https://securityonion.blogspot.com under the “In-place Upgrade” section there is a command that one can copy and paste in a terminal. At the time of this writing, the command is
#sudo -i “curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh”