« Previous 1 2 3
Centralized monitoring and intrusion detection
Alarm System
On the Desktop
The desktop version [16] of Security Onion (still labeled experimental) can be installed from the ISO image. It uses a heavily modified Gnome desktop on Oracle Linux 9.2. Besides the Chromium web browser, it only offers Wireshark and NetworkMiner as graphical tools for forensic work on the network.
You can set up the desktop version independently of the standard version. It only requires a minimum 50GB of free space on the local mass storage device. You can also install the desktop manually by typing
sudo so-desktop-install
at the prompt after completing the system configuration. The required packages are then preconfigured in your Security Onion installation.
After restarting and authenticating, you are taken to the graphical desktop where you can access the Security Onion Console in a web browser. The two graphical tools already mentioned are also available.
Conclusions
Security Onion is a powerful tool for data analysis and intrusion detection on the network. That said, Security Onion's complex structure means that the suite requires substantial hardware resources; deployment only makes sense in larger IT infrastructures. The developers therefore explicitly recommend purchasing new hardware for the security suite and offer their own appliances for customized application profiles in a web store.
Getting started with the system is quite complicated; Security Onion is not something for hobby admins. Although the extensive and very detailed documentation flattens out the learning curve, it will still take you some time. The rapid release cycle of new versions is also a point of criticism. The project publishes more-or-less complete versions on its GitHub page virtually every week, typically prompting the need for hotfixes just a few days later. It would make more sense for the developers to test their software more thoroughly before releasing it and to avoid annoying users with images and scripts that do not work properly.
Infos
- Security Onion: https://securityonionsolutions.com/
- Product overview: https://securityonionsolutions.com/software
- Wazuh: https://wazuh.com
- OSSEC: https://www.ossec.net
- Osquery: https://www.osquery.io
- Beats: https://www.elastic.co/beats
- OpenCanary: https://opencanary.readthedocs.io/en/latest/
- Stenographer: https://github.com/google/stenographer
- Strelka: https://target.github.io/strelka/#/
- Zeek: https://zeek.org
- Suricata: https://suricata.io
- Kibana: https://www.elastic.co/kibana
- Grafana: https://grafana.com
- Download: https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/main/DOWNLOAD_AND_VERIFY_ISO.md
- Hardware requirements: https://docs.securityonion.net/en/2.4/hardware.html
- Desktop variant: https://docs.securityonion.net/en/2.4/desktop.html
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.