Open in app

Sign in

Write

Sign in

Installing Security Onion

Justin Mangaoang
5 min readOct 6, 2023

--

Now that we have installed pfSense, we can now turn our attention to the core aspect of the lab.

Security Onion is a Linux distribution that acts as a network security monitoring (NSM) platform. It provides a centralized system to analyze our network. Thanks to pre-configured tools, it saves us a lot of time and effort compared to having to manually set up and configure these tools individually. Some of the essential tools included in SecOnion are Suricata for IDS/IPS and the ELK stack for the SIEM and log management system.

Here are the specifications for my Security Onion VM:

16 GB RAM

4 processors

200 GB HD

2 network adapters (Host Only and VMnet2)

Take note of the MAC address of the Host Only adapter, we will be using it later.

Before we actually install Security Onion, we will need pfSense to configure static DHCP mapping. Login to pfSense > services > DHCP server > SOC > scroll down to the bottom and click add.

Enter the MAC address of the Host Only adapter > enter 172.16.1.3 as the IP address > change the hostname to Security-Onion > under description enter “static DHCP mapping for SecOnion” > scroll down to the bottom, click save and apply changes.

Once done, power up the VM so we can start the installation. Select “install security onion 2.4.10 in basic graphics mode” > type “yes” > enter your desired username and password.

After it finishes installing, press enter to reboot.

Login using your credentials > Yes > install > eval.

Type AGREE > standard > enter your desired hostname.

Select the NIC that corresponds to the MAC address of the Host Only adapter > static.

Enter 172.16.1.3/24 > 172.16.1.1 > 8.8.8.8,8.8.4.4.

Leave it at default.

Select direct > yes.

Press space to select the interface.

Type in an email address. This does not need to be an actual email. We will just need this to login to the web interface of Security Onion later.

Create your password for your “email account.”

Choose IP > yes.

We will just allow one IP address to access the SecOnion web interface. Enter 172.16.1.2.

Select Yes.

Wait for the installation to finish.

Access SecOnion’s web interface by typing 172.16.1.3 on your host machine’s browser.

Like what we did in pfSense, select advanced > accept risk and continue.

Login with your credentials.

We will be greeted with the SecOnion dashboard.

You can see the list of tools on the left-hand side menu. You can try exploring them. However, we will need to wait until we have the last two VMs set up so we can generate some logs.

Intro: Building a Cybersecurity Home Lab

Previous: Installing and Configuring pfSense

Next: Installing Kali

Homelab
Blue Team
Cybersecurity

--

--

Justin Mangaoang

Written by Justin Mangaoang

113 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams