adric.net

SensorInstall
Login

install, reboot, network, reboot, patch, reboot, vmtools, reboot, sosetup

  1. Make a new VM guest Ubuntu Linux 64bit
  2. Boot to SecurityOnion ISO image and start the installer.
  3. Follow Ubuntu installer prompts. Use custom partitioning.
    • system disk on /
    • data disk on /nsm
  4. Reboot when prompted
  5. Log in and run setup from the icon (sosetup).
  6. Log in and get all the Ubuntu updates available, including kernels. Reboot
  7. Optionally install VMWare tools, openvm-tools, Virtual Box Guest Additions, etc and reboot.
  8. Log in and run sosetup again. Skip network configuration (already done). Take the advanced path and select Sensor.
  9. Input the IP or hostname of the SO server to slave to.
  10. Enable or disable IDS, Bro, and other services as desired. If you enable ELSA it will prompt to update the ELSA (master) web server which will disrupt open searches.
  11. Confirm configured services started with sostat. Setup logs to /var/log/nsm/sosetup.log

which can all be abbreviated as: 

install, reboot, network, reboot, patch, reboot, vmtools, reboot, sosetup