A couple of days ago I exchanged a volley of tweets with the author of Snorby @Mephux about including Snorby in Security Onion. Doug Burks chimed in later and said he preferred a tarball or a DEB.
I thought I could help here because this is how we package Web Trisul , also a Ruby on Rails app. The end user does not have to install Ruby, Bundler, Rails, and the app. Everything including Ruby is packaged in a single tar.gz file. All the user does it unzip it and start the app. The downside is that this is platform dependent.
So here is a first attempt at tarballing Snorby for the Security Onion platform. I want the folks involved with the two projects to check it out.
Step 1 : Download the tarball from here (UPDATE: no longer available, follow instructions in this blog post and create your own tarball with the latest snorby sources)
Step 2 : Login to security onion and type
|
1 |
sudo tar xfz snorby-onion.tar.gz -C /usr/local/share |
Step 3 : Start Snorby
|
1 2 |
cd /usr/local/share/snorby ./thind start |
Step 4 : Login
Point browser to http://<host>:3000
Thats it !
—-
The setup is very simple.
- Used the excellent rbenv with RBENV_ROOT redefined to /usr/local/share/snorby/.rbenv
- Used ruby-build to install Ruby with prefix pointing to above
- Wrote a script called thind which will setup the paths and shims normally done by rbenv and invoke thin
- bundle exec – is the magic command that enables this
- Changed database.yml to point to securityonion-db
- Tarred the whole thing
Wait for the next blog post for instructions on how to make this tarball.
Here’s a screenshot – we tried on a brand new SO install.
