Security Onion is a Linux distro that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, scapy, hping, netcat, tcpreplay, and many other security tools.
Security Onion 20110909 is now available! This upgrade adds some new menu entries to make IDS tuning a little easier.
The "IDS Rules" menu now has a new entry called "Add Local Rules" which will open /etc/nsm/rules/local.rules for editing using the "mousepad" GUI editor. You can then add any rules that you want to maintain locally (outside of the downloaded VRT or Emerging Threats rulesets).
A new menu called "IDS Config" was added with a new menu entry called "Configure IDS engine(s)". This will list all of the IDS engines on your system and allow you to choose one to configure. It will then open the proper config file for whatever IDS engine you're running. After you save and close the config file, it will offer to restart the IDS engine for you.
Example #1
Suppose you're currently running Snort and you choose eth0. The program will open /etc/nsm/NAME_OF_YOUR_SENSOR-eth0/snort.conf for editing using the "mousepad" GUI editor.
Example #2
Suppose you're currently running Suricata and you choose eth1. The program will open /etc/nsm/NAME_OF_YOUR_SENSOR-eth1/suricata.yaml for editing using the "mousepad" GUI editor.
In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
For more info:
http://securityonion.blogspot.com/