@jobstfel wrote:
How to run Security Onion in VIRL topology
This tutorial will show you how to install and configure the Security Onion distribution (for intrusion detection, network security monitoring, and log management) to run in VIRL topology.
Learn more about Security Onion here
Prerequisities
- VIRL installed
- Virtualization software such as VMWare, VirtualBox or other
- Connection to the internet
Guide
Follow Security Onion guide to download and install the Security Onion Xubuntu 12.04 64-bit image.
Important: When installing, do not allow updates.
- Consider your memory needs when creating your VM (min 3GB recommended)
- Provide at least 1vCPU
- Provide at least 9GB disk space. Recommend using a larger disk if possible
- VMware may provide the option to split the disk over multiple files. This should be disabled. The option is typically an 'advanced settings'.
- Boot your virtual machine and click the 'Install SecurityOnion' icon on the desktop.
Once the installation has completed, reboot.
Download the attached installation script security-onion-install.zip (188.0 KB)and place it into the Security Onion VM. Unpack it and run it as superuser as follows:
cd ~/Downloads unzip ./security-onion-install.zip cd ./security-onion-install sudo sh ./security-onion-install.shImportant: When prompted to configure cloud-init data sources, select the one named ConfigDrive. No other data sources should be enabled! You will need to scroll down in order to see all of the other data sources that are offered.
- Power off the machine
- Identify the location of the Security Onion .vmdk file.
- Due to the size of the VM image it is highly recommended that you copy the .vmdk file to your VIRL server using 'sftp'.
- In VIRL, log in to the User Workspace Management interface as 'uwmadmin' and select 'Node Resources' / 'Images'.
- Click 'Add' and select 'security-onion' from the subtypes drop-down list.
- Set the 'Name/Version' field to read 'security-onion'.
- Select the 'Source' as 'File on server' and provide path to the Security Onion .vmdk file that you have copied to your VIRL server.
- Press 'Create' and wait!
In your topologies
- Select 'security onion' icon from the 'Nodes' palette in VM Maestro.
- Click to add to your topology.
- Select the 'security onion' host in your topology. Set the 'VM Image' by pressing the 'Browse' button for the Node property 'VM image' and selecting 'server-security-onion' from the list.
- Set the 'VM Flavor' to 'm1.medium'.
- Press the 'Build initial configurations' to create the configuration for the Security Onion instance.
- Start your simulation.
- The Security Onion server will take some time to boot, so be patient.
- Connect to you Security Onion server using either 'ssh' or 'VNC' options.
NOTE
The terminal window in VNC is hard to use - open the terminal window and enter 'xterm &' to get a usable window.Enjoy Security Onion!
Example topology .VIRL file attached.security-onion-topology.virl (4.0 KB)
Posts: 1
Participants: 1