Installation Security Onion
Author: Stefan Waldvogel
Security Onion 2 with Virtual Machine Manager
Overview
Setting up Security Onion is a large task and it might take hours to set it up.
What do you need?
- 4 cores
- 12 GB RAM
- 200 GB HDD
- two NICs
- a hypervisor
--> time, if you this the first time, you will need a couple of hours.
The installer checks for cores and RAM. You can install it with one NIC, but you will run into problems, later. For this task, I use Virtual Machine Manager but you can use any other hypervisor.
Download the iso and select CentOS as operating system. Add at least 12 GB RAM and 4 cores.
Setting up Security Onion is a large task and it might take hours to set it up.
What do you need?
- 4 cores
- 12 GB RAM
- 200 GB HDD
- two NICs
- a hypervisor
--> time, if you this the first time, you will need a couple of hours.
The installer checks for cores and RAM. You can install it with one NIC, but you will run into problems, later. For this task, I use Virtual Machine Manager but you can use any other hypervisor.
Download the iso and select CentOS as operating system. Add at least 12 GB RAM and 4 cores.
|
|
For the HDD you need about 200GB. As network, I picked my SPAN port. If you do this in a smaller and simpler lab, you need a bridged network so you can see all traffic.
|
|
Before you continue, you must add a second NIC (network card). Click "Customize configuration" and add one.
If you start the VM you see a installer. I pick the basic graphics mode to install it.
If you start the VM you see a installer. I pick the basic graphics mode to install it.
|
|
There is not much to do, wait until you get a reboot and log in. Select install.
|
|
The next step is important. We want a standalone version. Select it with SPACE and select OK. You can use TAB to navigate.
|
|
Accept the license. At the moment, we have one NIC, we add the second one later. Enter a host name and select the management NIC with a static IP.
|
|
Add the IP address. This IP address has to be a valid IP in your network. Add your gateway and DNS. 8.8.8.8 is fine and the given domain is fine, too. You do not need a proxy.
|
|
|
|
We use Zeek
|
|
Follow the next steps. Add wanted passwords and select BASIC components.
|
|
If you did everything right, use the given IP for the web browser and you get the login. If it does not work the first time, delete the disks and start over.
I had to do it three times to get a wanted result.
I had to do it three times to get a wanted result.
If you login you see the overview and all tool.
Right now, Security Onion and the other VMs are not full configured.
I seeing Security Onion the first time and it is overwhelming...
I seeing Security Onion the first time and it is overwhelming...
Install the Analyst mode GUI (optional)
Link: docs.securityonion.net/en/2.3/analyst-vm.html
Log into Security Onion
sudo so-analyst-install
Link: docs.securityonion.net/en/2.3/analyst-vm.html
Log into Security Onion
sudo so-analyst-install
You need internet access, it takes some minutes and you need a reboot.
Now, you have access to Wireshark and Network Miner.
© 2021. This work is licensed under a CC BY-SA 4.0 license