Skip to content

Network Installation

Warning

Network installations are NOT supported and should only be used as a last resort in case there is some reason you can't use our official Security Onion images as shown in the Installation section.

Our official Security Onion images (ISO image and cloud images) are the ONLY supported installation method and you should use them if any of the following apply to you:

  • You are deploying in an enterprise environment.
  • You are deploying in an airgap environment.
  • You are performing a distributed deployment.
  • You want the quickest and easiest installation with the fewest issues.
  • You need any kind of support.

If NONE of the above apply to you, then you MAY be able to install Oracle Linux 9 and then perform a network installation.

Partitioning

Our official Security Onion images take care of partitioning for you. However, if you choose to perform a network installation then it's your responsibility to make sure that partitions are configured correctly to avoid filling up a partition.

Minimum Storage

As the Hardware section mentions, the MINIMUM requirement is 200GB storage. This is to allow 100GB for /nsm and 100GB for the rest of /.

LVM

You may want to consider Logical Volume Management (LVM) as it will allow you to more easily change your partitioning in the future if you need to.

/boot

You probably want a dedicated /boot partition of at least 1GB at the beginning of the drive.

/nsm

The vast majority of data will be written to /nsm, so you'll want to dedicate the vast majority of your disk space to that partition. You'll want at least 100GB.

/

/ (the root partition) currently contains /var/lib/docker/ (more on that below) and thus you'll want at least 100GB.

Docker

Docker images are stored in /var/lib/docker/. The current set of Docker images uses 30GB on disk. If you're planning a production deployment, you should plan on having enough space for another set of those Docker images for in-place updates.

Other

The OS installer may try to dedicate a large amount of space to /home. You may need to adjust this to ensure that it is not overly large and wasting valuable disk space.

Example

Here's an example of how our current ISO image partitions a 1TB disk:

  • 1GB /boot partition at the beginning of the drive

  • the remainder of the drive is an LVM volume that is then partitioned as follows:

  • 630GB /nsm

  • 300GB /
  • 2GB /tmp
  • 8GB swap

Installing via the network

Warning

Please keep in mind that network installations are NOT supported and should only be used as a last resort.

If you understand all of the warnings above and still want to perform a network installation, then you can follow the steps below.

  • Review the Hardware and Release Notes sections.
  • Download the ISO image for your desired x86-64 operating system. Verify the ISO image and then boot from it.
  • Follow the prompts in the installer. If you're building a production deployment, you'll probably want to use LVM and dedicate most of your disk space to /nsm as discussed in the Partitioning section above.
  • Reboot into your new installation.
  • Login using the username and password you specified during installation.
  • Install prerequisites:
sudo dnf -y install git
  • Download our repo and start the Setup process:
git clone -b 3/main https://github.com/Security-Onion-Solutions/securityonion
cd securityonion
sudo bash so-setup-network