February 2015

0

Stamus Networks is proud to announce the availability of SELKS 1.2 stable release. SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. Stamus Networks is a proud member of the Open Source community and SELKS is released under GPLv3 license.

New features:

  • Suricata 2.1beta3  – Lua support for Stats output and Modbus parsing and matching as additional main features
  • Scirius 1.0-rc2 rule manager
  • Elasticsearch 1.4.3  – upgrade from 1.1.2
  • New Desktop icons – easy access to Dashboards and Scirius
  • Conkya free, light-weight system monitor for X, that displays any information on your desktop.”

 

system-status-scirius

Desktop-SELKS1.2

Desktop icons and Conky

You can download SELKS 1.2 from Stamus Networks’ open source page. Happy users of SELKS 1.1 can upgrade to SELKS 1.2 by using the traditional apt-get update && apt-get dist-upgrade. Please note that default login/password for HTTPS access (Dashboards or Scirius icons) is selks-user/selks-user.

NOTE – Elasticsearch upgrade for SELKS

If you were running Elasticsearch 1.1.2 with SELKS 1.1 this is the way to upgrade to Elasticsearch 1.4.3:

make sure your /etc/apt/sources.list.d/elasticsearch.list  looks like so

root@SELKS:~# cat /etc/apt/sources.list.d/elasticsearch.list
deb http://packages.elasticsearch.org/elasticsearch/1.4/debian stable main
deb http://packages.elasticsearch.org/logstash/1.4/debian stable main

then run

apt-get update && apt-get dist-upgrade

Please make sure you consider some testing/verification for ES in a QA/test environment before doing the upgrade in the production environment.

Download SELKS 1.2

More information: Howto and README

Follow us on Twitter, Google+ and Github

Get help at Freenode IRC on the #SELKS channel and/or  Google Mailing list.

Stamus Networks is proud to announce the availability of the second release candidate of Scirius 1.0. This new release features bugfixes and improvements.

On the bugfix side, the main one is a fix in the display of graph that could fail on fresh install due to a problem in the Elasticsearch request
Screenshot from 2015-02-12 18:10:59

The system status has been improved to feature a warning phase on disk and memory usage.

The only new feature is the System Settings menu:

Screenshot from 2015-02-12 18:11:15

For now, it allows the administrator to setup two things:

  • HTTP proxy parameters: if activated and setup it will allow scirius to fetch rules updates using the specified proxy
  • Elasticsearch usage: some people are using scirius without Elasticsearch so displaying empty graph is not interesting for them. By unchecking elasticsearch, the graphs based on elasticsearch information are not displayed anymore.

Screenshot from 2015-02-12 18:05:54

You can download Scirius 1.0-rc2 from Github. SELKS users can upgrade to this release by doing apt-get update && apt-get dist-upgrade.

Stamus Networks is proud to announce the availability of version 1.0-rc1 of Scirius, our web interface for Suricata ruleset management. This new release is first 1.0 release candidate. You can download it from Github download page.

It features a lot of bug fixes and improvements over the previous (beta) release. Among the new features, Scirius is now displaying a system status in the left sidebar.

system-status-scirius

It displays :

  • Status of the Elasticsearch cluster (in SELKS and if setup).
  • Status of Suricata.
  • Memory usage: alerting if swap is used.
  • Disk status: alerting if disk is filled in.

An other important improvement is the support of flowbit, scirius now disables all rules sharing a flowbit if one is disabled. This helps preventing entering is some weird state where an incomplete set of rules could trigger a lot of events.

Last but not least, the copyright has been updated with a new year inside. Happy new year 2015 from Stamus Networks team.

SELKS user can upgrade to Scirius 1.0-rc1 via apt-get update && apt-get dist-upgrade.