-
Notifications
You must be signed in to change notification settings - Fork 522
Proxy
Please note! This wiki is no longer maintained. Our documentation has moved to https://securityonion.net/docs/. Please update your bookmarks. You can find the latest version of this page at: https://securityonion.net/docs/Proxy.
Put your proxy server settings in /etc/environment like this:
export http_proxy=http://server:port
export https_proxy=https://server:port
export ftp_proxy=https://server:port
export PERL_LWP_ENV_PROXY=https://server:port
export no_proxy="localhost,127.0.0.1"
To configure Docker proxy settings, perform the following steps:
sudo -i
mkdir /etc/systemd/system/docker.service.d
cat <<EOT >> /etc/systemd/system/docker.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://proxy.someplace.com:8080/" "HTTPS_PROXY=http://proxy.someplace.com:8080/" "NO_PROXY=127.0.0.1,localhost,.someplace.com"
EOT
systemctl daemon-reload && systemctl restart docker && exit
sudo soup
For older versions of Security Onion on the Elastic Stack, if the above did not work, you may want to try the following:
Modify /etc/default/docker and add the appropriate proxy information, like so:
export http_proxy="http://server:port/"
export https_proxy="https://server:port/"
Then restart Docker with:
sudo so-elastic-stop
sudo service docker restart
sudo so-elastic-start
If you're going to run something using sudo, remember to use the "-i" option to force it to process the environment variables. For example:
sudo -i rule-update
Alternatively, see the env_keep option under the sudo caveat section of the following page:
https://help.ubuntu.com/community/EnvironmentVariables
As of PulledPork 0.7.2, you may need to pass the -W option to Pulledpork:
-W Where you want to work around the issue where some implementations of LWP do not work with pulledpork's proxy configuration.
If you find that you need this option, you can add the following to /etc/nsm/securityonion.conf:
PULLEDPORK_OPTIONS="-W"
For older versions of PulledPork and certain proxies (Bluecoat in particular), you may need to change from https to http in /etc/nsm/pulledpork/pulledpork.conf. For more information, please see:
PulledPork Issue 154
https://groups.google.com/d/topic/security-onion/NQ-dLLPxR6A/discussion
https://groups.google.com/d/topic/security-onion-testing/piRYj-7Ar8M/discussion
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs