InstallingOnUbuntu

Please note! This wiki is no longer maintained. Our documentation has moved to https://securityonion.net/docs/. Please update your bookmarks. You can find the latest version of this page at: https://securityonion.net/docs/InstallingOnUbuntu.

If you want to quickly evaluate Security Onion on your preferred flavor of Ubuntu 16.04 64-bit (not using our ISO image), follow these steps:

1. First, check the Hardware Requirements page.
2. Download the ISO image for your preferred flavor of Ubuntu 16.04, verify the ISO image, and boot from it.
3. Follow the prompts in the installer. When prompted to encrypt home folder or encrypt partition option, DO NOT enable this feature. When asked about automatic updates, DO NOT enable automatic updates.
4. Reboot into your new installation.
5. Login using the username/password you specified during installation.
6. Verify that you have Internet connectivity. If necessary, configure your proxy settings.
7. Log back in (using ssh -X if you’re installing on Ubuntu Server or a headless distro).
8. Configure MySQL not to prompt for root password (Setup will generate a random password later):
   echo "debconf debconf/frontend select noninteractive" | sudo debconf-set-selections
9. Clean apt list repository:
   sudo rm -rf /var/lib/apt/lists/*
sudo apt-get update
10. Add the Security Onion stable repository:
    sudo apt-get -y install software-properties-common
sudo add-apt-repository -y ppa:securityonion/stable
sudo apt-get update
11. Install the securityonion-all metapackage:
    sudo apt-get -y install securityonion-all syslog-ng-core
12. Run the Setup wizard:
    sudo sosetup
    If you're using Ubuntu Server (no GUI), then you will need to forward X for this to work:
    https://groups.google.com/d/msg/security-onion/ceamp2XztVI/ECPOjaIqBwAJ)
13. Follow the prompts.
    
14. Analyze alerts using the Sguil client, or open a browser to https://localhost where you can access Squert and Kibana.
    
15. Follow the upgrade process.

Please review the PostInstallation page.