Been using Security Onion for a while now. A very good OS for analysis and getting IDS alerts on the go without installing expensive hardware. But recently, due to some updates been facing some issue with regards to internet connections.
Not sure what the Network-Manager updates do but while installing Security Onion if you select “Install Updates while Downloading” for some reason network-manager shows attitude and internet connection just gets lost after setting up the management and monitoring interfaces.
Have searched lot on the forums and multiple ideas. This worked to get the internet start.
“sudo service network-manager restart” and also deleting interface details from /etc/network/interfaces
This does started internet but somehow monitoring on the interfaces doesn’t work.
Also, realised that the machine gets slower for some reason regardless of it being a VM or Security Onion as host operating system.
Than tried not to select the updates during installation and Lock the Version of Network-Manager from Synaptic Package Manager. Than updated the system and rebooted.
Internet was working. Checked Sguil and but no alerts for testmyids.com. tcpdump does shows traffic.
Did a reboot and wallah….all working properly. Can see alerts on Snorby and Sguil.
” Than tried not to select the updates during installation and Lock the Version of Network-Manager from Synaptic Package Manager. Than updated the system and rebooted.”
Hi can u give more information on the above step of yours. as without update selection, SO doesnt work at all and also in VNC not able to obtain option for locking Version of Network-Manager from Synaptic Package Manager. we tried in XRDP which is similar to VNC and although the present there and we lock it but not able to proceed further in security onioin