OnionSalt

Welcome to the OnionSalt git repo. OnionSalt is a tool created to manage multiple Security Onion sensors.

For more details on using OnionSalt in your Security Onion deployment, please see the Security Onion wiki.

Resources

• Mike Reeves (TOoSmOotH) BSides August 2014 Talk - Scaling Security Onion to the Enterprise
• Security Onion Blog and the related OnionSalt Blog Posts

Changelog

Version 1.1.7:

- Migrate from Precise to Trusty
- use /etc/sudoers.d/ instead of directly editing /etc/sudoers

Version 1.1.6:

- Create /usr/local/lib/snort_dynamicrules if it doesn't already exist

Version 1.1.5:

- Sync Snort VRT .so files from /usr/local/lib/snort_dynamicrules

Version 1.1.4:

- Minor modification to how the bpf management gets a list of interfaces to
  use - see opt/onionsalt/salt/sensor/bpf/init.sls

Version 1.1.3:

- Sync OSSEC's agent.conf and local_decoder.xml
- /opt/bro/share/bro/intel/ is now added by securityonion-bro-scripts package
- Bro restart is now commented out by default

Version 1.1.2:

    - Enabled the Bro Intel Framework
    - Fixed the restart process for Bro when a policy changes
    

Version 1.1.1:

- Renamed files from .orig to .template
- Fixed some spelling errors in the code

Version 1.1.0:

- Added support for latest version of Saltstack 2014.1.4
- Adopted the new method of giving each item a - name: instead of leading with the file to manage
- Added initial support for the Bro Intel Framework. This needs tested more so it is commented out by default

Version 1.0.0

- Initial Release.