Installation

Warning

Please make sure that your hostname is correct during installation. Setup generates certificates based on the hostname and we do not support changing the hostname after Setup.

Note

If you want to deploy in Amazon AWS using our AMI, you can skip to the AWS Cloud AMI section. If you want to deploy in Azure using our image, you can skip to the Azure Cloud Image section.

Having downloaded your desired ISO according to the Download section, it’s now time to install! There are separate sections below to walk you through installing using our Security Onion ISO image (based on CentOS 7) or installing standard CentOS 7, Ubuntu 18.04, or Ubuntu 20.04 and then installing our components on top.

Warning

For most use cases, we recommend using our Security Onion ISO image as it’s the quickest, easiest, and most consistent method. If you’re not going to use our Security Onion ISO image and you’re building a distributed deployment, then we recommend keeping the base OS consistent across all nodes in the deployment. For example, there are known issues when trying to run Ubuntu 18.04 on the manager and Ubuntu 20.04 on the sensor.

Installation using Security Onion ISO Image

If you want to install Security Onion using our ISO image:

  1. Review the Hardware Requirements and Release Notes sections.

  2. Download and verify our Security Onion ISO image.

  3. Boot the ISO in a machine that meets the minimum hardware specs.

  4. Follow the prompts to complete the installation and reboot.

  5. You may need to eject the ISO image or change the boot order of the machine to boot from the newly installed OS.

  6. Login using the username and password you set in the installer.

  7. Security Onion Setup will automatically start. If for some reason you have to exit Setup and need to restart it, you can log out of your account and then log back in and it should automatically start. If that doesn’t work, you can manually run it as follows:

    sudo SecurityOnion/setup/so-setup iso
    
  8. Proceed to the Configuration section.

Installation on Ubuntu or CentOS

If you want to install Security Onion on CentOS 7, Ubuntu 18.04, or Ubuntu 20.04 (not using our Security Onion ISO image), follow these steps:

  1. Review the Hardware Requirements and Release Notes sections.

  2. Download the ISO image for your preferred flavor of 64-bit CentOS 7, Ubuntu 18.04, or Ubuntu 20.04. Verify the ISO image and then boot from it.

  3. Follow the prompts in the installer. If you’re building a production deployment, you’ll probably want to use LVM and dedicate most of your disk space to /nsm as discussed in the Partitioning section.

  4. Reboot into your new installation.

  5. Login using the username and password you specified during installation.

  6. Install prerequisites. If you’re using CentOS 7:

    sudo yum -y install git
    

    If you’re using Ubuntu 18.04 or Ubuntu 20.04:

    sudo apt -y install git curl
    
  7. Download our repo and start the Setup process:

    git clone https://github.com/Security-Onion-Solutions/securityonion
    cd securityonion
    sudo bash so-setup-network
    
  8. Proceed to the Configuration section.

  9. NOTE: If any interfaces intended to be used for monitoring were automatically configured via DHCP during Ubuntu installation, setup will ask you to remove them from other network management tools. The following steps will be required to ensure the devices are managed by nmcli:

  • Remove monitor interface declarations from /etc/netplan/00-installer-config.yaml and then run:
sudo netplan apply
sudo touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf
sudo service network-manager restart
  • Re-run setup.