Open in app

Sign in

Write

Sign in

Installing Security Onions

IMRAN NAJMIE
4 min readApr 22, 2024

--

Step installation Security Onion in NIC

We want to upload the security onions iso file into the NIC.Just create VM and upload its iso file and wait until its finish.

When prompted, specify our username and password:

Once installation is complete, we are prompted to reboot:

After rebooting, login using the username and password that we specified and then Setup will start automatically:

Perform a standard installation:

When prompted for installation type, select IMPORT:

If our Security Onion machine has full Internet access as described in the Firewall section, select Standard. Otherwise, select Airgap:

Review the license and agree:

Set the hostname:

If we use the default hostname of securityonion, we will see a warning:

Select our management interface:

Select static IP addressing (recommended) or DHCP:

Specify IP address and CIDR mask:

192.168.120.240

Set gateway address:

192.168.120.1

Enter DNS servers:

8.8.8.8.8.8.4.4

Configure DNS search domain:

searchdomain.local

If necessary, we can change the default Docker IP range:

If we are connected to the Internet, select whether it is direct or via proxy:

Create username for Security Onion Console (SOC):

imrannajmiie@gmail.com

Set password for Security Onion Console (SOC):

Confirm password for Security Onion Console (SOC):

Select how to access Security Onion Console (SOC):

Allow connections through the host-based firewall if necessary:

Specify an IP address or range to allow through the host-based firewall:

192.168.120.0/24

After that it will prompt the information.

Troubleshooting

Run this command to check our ip to see it is change or not

Sudo so-ip-update

Try again to gain access on this ip address’192.168.120.240’ on browser

But still doesn’t exist

Fix The Problem

We need to add firewall to our ip address.Run Command

Sudo so-firewall

We want to select ‘ — apply’ option to enable the firewall.Run command

Sudo so-firewall apply

Next,we want to gain access to the Security Onions Console.So we need to allow this ip and its subnet.So Run the command

So-firewall includehost analyst 192.168.120.0/24

After successful, open it on google and try the ip address again.Enter the email and password to login.

Finally,we are able to go into security onion interface.

This is overview dashboard of Security Onions.

REFFERENCES

  1. https://docs.securityonion.net/en/2.4/first-time-users.html
  2. https://medium.com/@itdanny/security-onion-part-1-installation-on-vmware-69201cf4eef8

--

--

IMRAN NAJMIE

Written by IMRAN NAJMIE

3 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams