Hi Luca, Is there any chance you'd be in a position to package the latest stable ntopng 3.x to work with PF_RING 6.4.1 which is the version of PF_RING that Security Onion systems have multiple dependencies on? We kicked this idea around last year, and I believe the details in this thread are still accurate other than the PF_RING version. I'd love to see the Security Onion community able to take advantage of your latest major version of ntopng. I'm sure we will love it.
Kevin On Wed, Jun 22, 2016 at 4:35 PM, Kevin Branch <[email protected] > wrote: > Hi Luca, > > I really appreciate your offer to make ntopng more accessible to the > Security Onion community. Below is what would be a big help in my > opinion. Doug, please comment if you see any red flags with this idea. > > - Your hosting of SO-compatible ntopng and ntopng-data debs for 14.04 > LTS x64 in an SO-specific repo would be fantastic, especially if they are > derived from your stable versions rather than daily builds. > - For now, those debs would need to be compatible with the PF_RING > 6.2.0 module and libraries but please remove the dependency on the package > called "pfring" because the pfring files are being supplied by the > securityonion-pfring-* packages which are already guaranteed to be present > on all Security Onion sensors. > - Also, if it would be at all possible, could you make the custom > ntopng deb additionally supply the following files that would normally be > supplied by your pfring deb? For some reason they are not part of the > securityonion-pfring-* > packages: > /usr/local/lib/libanic.so /usr/local/lib/libntapi.so > /usr/local/lib/libntos.so > /usr/local/lib/libsnf.so > > I believe if the above would be possible and reasonable for you to do, it > would make it possible for Security Onion sensors to install ntopng as > simply as this: > > - cat "PATH TO YOUR NTOPNG-SO REPO" > /etc/apt/sources.list.d/ > ntopng-securityonion.list > - apt-get update > - apt-get install ntopng ntopng-data > > and ntopng updates would automatically be included with runs of: > > - apt-get upgrade > > It would totally overcome the need for a script like mine to do any > special handling of the process. That would be awesome. > > Please let me know what you think. > > Sincerely, > Kevin Branch > > On Sat, Jun 18, 2016 at 3:16 AM, Luca Deri <[email protected]> wrote: > >> Kevin >> please correct me if I’m wrong. In essence an interim solution could be >> (limited to 14.04 LTS x64 [sorry we do not build for i386]) >> - I package PF_RING 6.2.0 and ntopng and put them somewhere in >> packages.ntop.org on a place that you can access independently from >> ntop’s stable >> - I can modify *your* ntopng package dependencies (tell me what you need) >> unless you’re happy to re-pack the ntopng binary >> - You will notify me if you want me to change PF_RING release in case you >> SecurityOnion moves to another release >> >> Will this be enough for you? >> >> Regards Luca >> >> On 17 Jun 2016, at 21:01, Kevin Branch <[email protected]> >> wrote: >> >> Hi Luca, >> >> Thanks for reaching out about our issue. Yes, Security Onion is built >> directly on 64 bit Ubuntu 14.04. Doug Burks is the lead developer of >> Security Onion and I appreciate his work greatly, as I do yours. I've >> copied in Doug on this discussion. I appreciate your interest in a more >> native level of ntopng support for Security Onion. I would be delighted to >> put my ntopng-for-securityonion solution to rest in favor of something that >> could track more closely with the latest stable releases of ntopng. >> >> Security Onion packages Snort, Suricata, and Bro IDS to use PF_RING for >> improved packet capture performance. These are the relevant deb packages: >> >> - securityonion-snort >> - securityonion-suricata >> - securityonion-bro >> >> which depend on Doug's packaging of PF_RING 6.2.0: >> >> - securityonion-pfring-daq - Snort DAQ >> for pfring >> - securityonion-pfring-daq:i386 - Snort DAQ >> for pfring >> - securityonion-pfring-devel - High-speed >> packet capture, filtering and analysis >> - securityonion-pfring-ld - Update >> LD_LIBRARY_PATH to include /opt/pfring/lib >> - securityonion-pfring-module - High-speed >> packet capture, filtering and analysis >> - securityonion-pfring-userland - Userland >> libraries for pfring >> - securityonion-pfring-userland:i386 - Userland >> libraries for pfring >> >> >> My script presently basically pulls the ntopng and ntopng-data deb stable >> packages from ntop.org and installs them, plus grabs the pf_ring deb >> from ntop.org and extracts a few files from it that ntopng depends on >> but that the securityonion-pfring packages do not include. It does not >> directly install the pf_ring package from ntop.org because it overlaps >> and conflicts with the securityonion-pfring packages. It does create and >> install a stub package called "pfring" just to keep the installs of the >> ntopng debs from barking about depending on "pfring". This works, but it >> would be much nicer if ntopng could get automatically updated with an >> apt-get upgrade instead of via the script. >> >> Perhaps you could advise us how to build securityonion-ntopng and >> securityonion-ntopng-data deb packages that we could maintain? Then we >> could always make sure it is in alignment with the Security Onion pfring >> packages. >> >> Thoughts? >> Kevin >> >> >> >> On Fri, Jun 17, 2016 at 2:43 AM, Luca Deri <[email protected]> wrote: >> >>> Hi Kevin >>> instead of doing all this, can we work together at providing you a >>> package for your distribution? What OS is Security Onion using? Is Ubuntu >>> 14.04 or something else? In essence I want to see if on our end we can >>> support your distro natively and thus better serve your community >>> >>> Regards Luca >>> >>> On 13 Jun 2016, at 23:59, Kevin Branch <[email protected]> >>> wrote: >>> >>> (Please pardon the cross-post. I should not have sent this to ntop-dev.) >>> >>> >>> Hi, I'm the maintainer of a script used by the Security Onion community >>> to >>> install ntopng onto Security Onion sensors (on Ubuntu 14.04): >>> >>> https://github.com/branchnetconsulting/so1404-ntopng-installer >>> >>> The script makes it possible to install ntopng from your apt-stable repo >>> onto Security Onion without causing conflicts between the >>> securityonion-pfring-* packages and your repo's pfring package. >>> >>> When the latest stable ntopng packages recently started depending on >>> pfring >>> 6.4 instead of 6.2, this solution stopped working. While I'd like to see >>> pfring 6.4 support get onto the Security Onion roadmap, I expect it will >>> be >>> some time before that will be ready. For now, it would be great if >>> Security Onion users could have access to the last stable version of >>> ntop-ng as it was before it was repackaged to use the newly released >>> pfring >>> 6.4. >>> >>> I am specifically requesting a copy of the latest stable ntopng and >>> ntopng-data deb packages for Ubuntu 14.04 that still depend on pfring >>> 6.2, >>> along with the matching pfring 6.2 deb package itself. If you like, I >>> would be happy to host them on my github page (clearly marked as hosting >>> an >>> OLD version of ntopng) and point my script to pull the packages from >>> there >>> until Security Onion starts supporting pfring 6.4. >>> >>> Thanks in advance for your assistance. We really appreciate the quality >>> product that ntopng has come to be. >>> >>> Kevin Branch >>> Branch Network Consulting, LLC >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
