Installing Security Onion 16.04 in my hacking rig. @securityonion #opensource @Elasticsearch #zeek #kibana #squert #snort @BHinfoSecurity @debthedeb

Hi, now after some other installations in my “lab” it is time to look at logging. I got really inspired by webinars from BlackHills, so a big shout out to them. They are doing great work to spread there knowledge to others!
And soon I WILL get my backdoor and breaches card game!

I do not why, but I downloaded an old image of Security Onion so I need to do this twice now. Your learn from your mistakes I have heard. And I am doing my labs at night so that can be a factor also.

SecurityOnion as the installation goes, they have made it soooooo easy. But as always , you need to learn the applications inside this great solution. RTFM is something that I will do this time. I really want to dig deep in this. Because logging is important, but more important is that you understand whats inside these logs. So back to school after this. In the future a post that can teach you how to use it and not just the installation.

I downloaded from:
https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md

Next post I will be downloading from this site:
https://github.com/Security-Onion-Solutions/securityonion

We start with a picture as always:

Virtual Enviroment

When I created the onion machine I added 2 network cards. Even if they are on the same network or not. We need one Management and one sniff card.

Attach the onion cd to the machine and boot up! Go for the Setup,

Then start the setup again after the reboot!

I did choose production, becuase I wanted to know what I am installing.

You can have distributed installation of SecurityOnion, but in my case i do not have that so New it is.

We also need a user that have access to the applications on this server.

And a password….dahhh

I did not try Custom, so I do not know what that is. Best Practices seemd ok to me.

No subscriber here…..

As the text says, choose the correct one.

Yes we want to enable this so we can capture all the data on the wire

I added two network card, choose the second card that you have on the machine for the sniffing!

Start Page of Security Onion

https://onion/cyberchef/cyberchef.htm
https://onion/squert/
https://onion/app/kibana


Security Onion Cheat Sheet

Page1
Page 2

Surf to the adress: https://onion/app/kibana#

Kibana view

Kibana

We can now see in a simple way what connections is going on

View and categorize NIDS/HIDS alerts under Squert

That was the installation of the old version of SecurityOnion. See you next time with a newer installation guide for SecurityOnion latest and greatest!

1 Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.