Installation

Note

If you want to deploy in Amazon AWS using our AMI, you can skip to the AWS Cloud AMI section. If you want to deploy in Azure using our image, you can skip to the Azure Cloud Image section.

Having downloaded your desired ISO according to the Download section, it’s now time to install! There are separate sections below to walk you through installing using our Security Onion ISO image (based on CentOS 7) or installing standard CentOS 7 or Ubuntu 18.04 and then installing our components on top.

Tip

For most use cases, we recommend using our Security Onion ISO image as it’s the quickest and easiest method.

Installation using Security Onion ISO Image

If you want to install Security Onion using our ISO image:

  1. Review the Hardware Requirements and Release Notes sections.

  2. Download and verify our Security Onion ISO image.

  3. Boot the ISO in a machine that meets the minimum hardware specs.

  4. Follow the prompts to complete the installation and reboot. Please note that when creating your OS password, there is currently an issue with spaces and special characters like $ and !, so avoid those characters for now. This issue is scheduled to be resolved in Security Onion 2.3.60.

  5. You may need to eject the ISO image or change the boot order of the machine to boot from the newly installed OS.

  6. Login using the username and password you set in the installer.

  7. Security Onion Setup will automatically start. If for some reason you have to exit Setup and need to restart it, you can log out of your account and then log back in and it should automatically start. If that doesn’t work, you can manually run it as follows:

    sudo SecurityOnion/setup/so-setup iso
    
  8. Proceed to the Configuration section.

Installation on Ubuntu or CentOS

If you want to install Security Onion on CentOS 7 or Ubuntu 18.04 (not using our Security Onion ISO image), follow these steps:

  1. Review the Hardware Requirements and Release Notes sections.

  2. Download the ISO image for your preferred flavor of Ubuntu 18.04 64-bit or CentOS 7 64-bit, verify the ISO image, and boot from it.

  3. Follow the prompts in the installer. If you’re building a production deployment, you’ll probably want to use LVM and dedicate most of your disk space to /nsm as discussed in the Partitioning section.

  4. Reboot into your new installation.

  5. Login using the username and password you specified during installation.

  6. If you’re using CentOS 7 Minimal, you may need to install git:

    sudo yum -y install git
    
  7. Once you have git, then clone our repo and start the Setup process:

    git clone https://github.com/Security-Onion-Solutions/securityonion
    cd securityonion
    sudo bash so-setup-network
    
  8. Proceed to the Configuration section.

  9. NOTE: If any interfaces intended to be used for monitoring were automatically configured via DHCP during Ubuntu installation, setup will ask you to remove them from other network management tools. The following steps will be required to ensure the devices are managed by nmcli:

  • Remove monitor interface declarations from /etc/netplan/00-installer-config.yaml.
sudo netplan apply
sudo touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf
sudo service network-manager restart
  • Re-run setup.