Installation

Warning

Please make sure that your hostname is correct during installation. Setup generates certificates based on the hostname and we do not support changing the hostname after Setup.

Note

If you want to deploy in the cloud using one of our official cloud images, you can skip to the Amazon Cloud Image, Azure Cloud Image, or Google Cloud Image sections.

Having downloaded your desired ISO according to the Download section, it’s now time to install! There are separate sections below to walk you through installing using our Security Onion ISO image (based on Oracle Linux 9) or manually installing from another ISO and then installing our components on top.

Installation using Security Onion ISO Image

_images/01_grub.png

If you want to install using our Security Onion ISO image:

  1. Review the Hardware Requirements and Release Notes sections.

  2. Download and verify our Security Onion ISO image as shown in the Download section.

  3. Boot the ISO in a machine that meets the minimum hardware specs.

  4. Follow the prompts to complete the installation and reboot.

  5. You may need to eject the ISO image or change the boot order of the machine to boot from the newly installed OS.

  6. Login using the username and password you set in the installer.

  7. Security Onion Setup will automatically start. If for some reason you have to exit Setup and need to restart it, you can log out of your account and then log back in and it should automatically start. If that doesn’t work, you can manually run it as follows:

    sudo SecurityOnion/setup/so-setup iso

  8. Proceed to the Configuration section.

Manual Installation via other ISO image

If you want to install Security Onion via another ISO image (not using our Security Onion ISO image), follow the steps below.

  1. Review the Hardware Requirements and Release Notes sections.

  2. Download the ISO image for your desired x86-64 Operating System. Verify the ISO image and then boot from it.

  3. Follow the prompts in the installer. If you’re building a production deployment, you’ll probably want to use LVM and dedicate most of your disk space to /nsm as discussed in the Partitioning section.

  4. Reboot into your new installation.

  5. Login using the username and password you specified during installation.

  6. Install prerequisites. If you’re using a RHEL flavor like Oracle Linux 9:

    sudo dnf -y install git

    If you’re using a Debian flavor like Ubuntu:

    sudo apt -y install git curl ethtool

  7. Download our repo and start the Setup process:

    git clone -b 2.4/main https://github.com/Security-Onion-Solutions/securityonion
cd securityonion
sudo bash so-setup-network

  8. Proceed to the Configuration section.