In short, security onion is Linux based IDS and NSM (Network Security Monitoring), which is an open source.
about security onion
Here is how to install security onion within Ubuntu 13.10 KVM host
I downloaded security-onion-12.04.3-20130904.iso.
install security onion within KVM.
KVM host
root@ubuntu:~# tail -1 /etc/lsb-release ;uname -ri
DISTRIB_DESCRIPTION="Ubuntu 13.10"
3.11.0-12-generic x86_64
root@ubuntu:~# qemu-system-x86_64 --version
QEMU emulator version 1.5.0 (Debian 1.5.0+dfsg-3ubuntu5), Copyright (c) 2003-2008 Fabrice Bellard
|
Create a virtual machine.
Security onion 12.04 is Xubuntu 12.04 64bit based linux, so I specified Ubuntu 12.04 as guest OS type.
Here is VM’s definition file.
# virsh dumpxml onion-vm1
<domain type='kvm' id='2'>
<name>onion-vm1</name>
<uuid>uuid</uuid>
<memory unit='KiB'>1048576</memory>
<currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64' machine='pc-i440fx-1.5'>hvm</type>
<boot dev='cdrom'/>
<bootmenu enable='yes'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/kvm-spice</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/onion-vm1.qcow2'/>
<target dev='vda' bus='virtio'/>
<alias name='virtio-disk0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<source file='/home/hattori/securityonion-12.04.3-20130904.iso'/>
<target dev='hdc' bus='ide'/>
<readonly/>
<alias name='ide0-1-0'/>
<address type='drive' controller='0' bus='1' target='0' unit='0'/>
</disk>
<controller type='usb' index='0'>
<alias name='usb0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'>
<alias name='pci0'/>
</controller>
<controller type='ide' index='0'>
<alias name='ide0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<interface type='network'>
<mac address='mac address'/>
<source network='default'/>
<target dev='vnet0'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<source path='/dev/pts/3'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
<console type='pty' tty='/dev/pts/3'>
<source path='/dev/pts/3'/>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='5900' autoport='yes' listen='127.0.0.1'>
<listen type='address' address='127.0.0.1'/>
</graphics>
<video>
<model type='vga' vram='9216' heads='1'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
<seclabel type='none'/>
</domain>
|
boot security onion by using ISO image and then click “Install Security Oninon 12.04” icon.
The installation is very easy, just click “OK” or “Next”.
finish the installation. reboot the VM to boot the OS from its local storage(vHDD)
booting..
after the login
to access to the VM via “virsh console”,
create ttyS0.conf file under /etc/init directory
root@onion-vm1:~# cat /etc/init/ttyS0.conf
# tty6 - getty
#
# This service maintains a getty on tty6 from the point the system is
# started until it is shut down again.
start on runlevel [23] and not-container
stop on runlevel [!23]
respawn
exec /sbin/getty -8 115200 ttyS0
|
edit /etc/default/grub.(add red line)
# egrep -v ^# /etc/default/grub | grep -v ^$
GRUB_DEFAULT=0
GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=10
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash console=ttyS0,115200"
GRUB_CMDLINE_LINUX=""
|
update grub.conf
root@onion-vm1:~# grub-mkconfig -o /boot/grub/grub.cfg
|
reboot the VM to reflect the setting.
you will login to the VM via virsh console.
virsh # console 2
ドメイン onion-vm1 に接続しました
エスケープ文字は ^] です
Ubuntu 12.04.3 LTS onion-vm1 ttyS0
onion-vm1 login: root
Password:
Last login: Thu Oct 31 02:20:26 JST 2013 on ttyS0
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-52-generic x86_64)
* Documentation: https://help.ubuntu.com/
0 packages can be updated.
0 updates are security updates.
root@onion-vm1:~#
|