Setup
After installing Security Onion, double-click the Setup icon on the desktop (or run sudo sosetup from a terminal) to configure your system. In most cases, you’ll run Setup to do network configuration, reboot, and then run Setup again for service configuration.
sosetup-minimal
sosetup-minimal configures Security Onion to run using minimal resources. It will run Setup and then do the following:
stop and disable elastalert
stop and disable freqserver
stop and disable domainstats
set Elasticsearch to a 400MB heap size
set Logstash to
LOGSTASH_MINIMALmode and set a 200MB heap size
Automating Setup
You can automate the Setup process using sosetup.conf.
Starting from scratch
There are a few example files in /usr/share/securityonion/. Copy one of these example files to your home directory:
cp /usr/share/securityonion/sosetup.conf ~
Edit your new sosetup.conf using nano or your favorite text editor:
nano ~/sosetup.conf
Then run Setup with the -f switch and the path to this file:
sudo sosetup -f ~/sosetup.conf
sosetup -w
sosetup also supports a -w switch that allows you to answer the standard Setup questions and have it write out your custom sosetup.conf. For example:
# Configure sosetup to write out a new configuration file called sosetup.conf
sosetup -w ~/sosetup.conf
# Answer all questions in Setup
# Run sosetup with the new configuration file
sudo sosetup -f ~/sosetup.conf