Security Onion on SSD and Security Onion Data On Second Hard Drive HDD

mar

bitcoin is freedom
Staff member
Joined
Jan 14, 2015
Messages
170
Points
28
Credits
55,526,874
Bronze Usergroup
Username Style
Security Onion Requires too much Data and SSD's are expensive so it's only best to run Security Onion on an SSD and the data on a traditional hard drive

Here's how to do that

let's pretend my second hard drive will be called "SoData" and mounted at "/mnt/SoData"

1. first we have to format the new drive and mount it(make sure to run it with sudo)
terminal:
sudo gnome-disks
-- format the disk, name it "SoData", once completed, edit mount options and disable auto mount and set "Identify As" label "SoData" choosen
--restart

2. change permissions of "SoData" of /mnt/SoData to 755
terminal:
sudo chmod -R 755 /mnt/SoData


3. make a "nsm" folder in /mnt/SoData and change permissions
sudo mkdir /mnt/SoData/nsm
sudo chmod -R 755 /mnt/SoData/nsm


4. run the sguil setup, after completed run in terminal:
sudo ufw allow 443

5. then we have to move nsm files to the new location, run in terminal(bold is to show you your new HDD location):

sudo so-stop
sudo cp -av /nsm/* /mnt/SoData/nsm
sudo mv /nsm /nsm-backup
sudo ln -s /mnt/SoData/nsm /nsm

cd /etc/apparmor.d/local/
sudo gedit usr.sbin.mysqld
/mnt/SoData/nsm/server_data/** r,

sudo gedit usr.sbin.tcpdump
/mnt/SoData/nsm/sensor_data/** r,

sudo service apparmor restart
sudo so-start



6. update the securityonion.conf file with the new size of your hard drive,
terminal:
sudo gedit /etc/nsm/securityonion.conf change "300" GB to your new size

# Log size limit (GB) for Elasticsearch logs
LOG_SIZE_LIMIT=300

Done!


source:
 
Last edited:
The Biggest Forums - The Biggest, Largest, Best, Most Popular Forums and Message Boards Top List on the Internet.
The Biggest Forums - The Biggest, Largest, Best, Most Popular Forums and Message Boards Top List on the Internet. Forum-List.com

Number of visitors since November 2018: