securityonion icon indicating copy to clipboard operation
securityonion copied to clipboard

Published 20 hours ago verified publisher icon Security-Onion-Solutions

Ubuntu 18.04 installer breaks networking

Open lruppert opened this issue 3 years ago • 4 comments

Using the so-setup script the installer does not offer an option to avoid reconfiguring the networking. This breaks the connection if connected remotely, and when connected locally it botches it to the point where no connections can be made. There should be an option to avoid this foolishness and keep the networking configuration already in place. Or it should work without destroying the configuration senselessly.

lruppert avatar Jun 10 '21 15:06 lruppert

It appears that it is disabling ipv6, so if the sensor has ipv6 enabled, as it should if it's going to be on an ipv6 network, neither ipv6 nor ipv4 networking will start. It would be better if the software installer worried about installing its software and didn't silently try to impose architectural constraints on the system itself.

lruppert avatar Jun 10 '21 15:06 lruppert

... didn't silently try to impose architectural constraints ...

I agree wholeheartedly. The SO installer concentrates too much on installation to a completely unconfigured system, and tramples all over basic system files, like /etc/hosts, /etc/hostname, and others that should not be meddled with. It tries too hard to make it easy for someone who is not a real sys-admin to install, and in doing so, trips up us real sys-admins that have already taken care of some of the fundamental installation steps.

SO devs, please stop ignoring our pleas on matters such as this!

petiepooo avatar Jun 22 '21 19:06 petiepooo

The main constraint here is making a repeatable process to successfully install SO2 on a myriad of configurations. Security Onion has always been designed for someone who is not a real sysadmin. "Ignoring our pleas" would be just closing this issue straight away but we feel there is more that we can do to improve the process. IPv6 was disabled due to installation consistency issues around different IPv6 implementations.

If this was a simple issue to tackle this would already have been addressed. My thoughts on a solution here are to have a switch in the installer that skips all the network/hostname business for more "advanced" users. Our focus, for now, is to deliver 2.3.60 which introduces quite a bit of new features that benefit all of our users. When we start our next sprint planning we will see where refactoring the install fits.

TOoSmOotH avatar Jun 23 '21 12:06 TOoSmOotH

Understood, and thank you. A switch to skip network/hostname configuration would be excellent, and a relatively quick fix, I would hope. Anything I can do to help make it so?

petiepooo avatar Jun 23 '21 19:06 petiepooo