[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: [security-onion] Notes on WiFi not working after Security Onion setup
From: Nicholas Hairs <nicholas.hairs () finder ! com>
Date: 2019-11-27 9:13:06
Message-ID: ec142ea2-0c94-44b8-b783-0614c549f005 () googlegroups ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi SO community!
I thought it was worth documenting some things I discovered while debugging
a "wifi not working" issue for either others to find, or for the community
to find a more appropriate place to document / raise an issue (per github
<https://github.com/Security-Onion-Solutions/security-onion/blob/master/CONTRIBUTING.md>
).
-----------------
*Preconditions*
SO Version: 16.04.6.2
Network Interfaces:
- on-board wifi
- on-board ethernet
During installation of SO, I connected to a WiFi network to update packages
during install etc.
After installation, I launched into the GUI and used the same said WiFi
network. WiFi networks were visible from the network-manager GUI embedded
in the top menu bar.
I then ran stage 1 of the setup installer configuring the wifi device for
management and the ethernet device for monitoring.
*Issue*
After rebooting I could wireless networks were no longer detected by the
network-manager GUI embedded in the top menu bar.
I followed a number of standard Ubuntu guides for WiFi debugging:
- https://help.ubuntu.com/community/WifiDocs/WirelessTroubleShootingGuide
- https://help.ubuntu.com/community/WifiDocs/WirelessTroubleShootingGuide/Drivers
- https://help.ubuntu.com/community/WifiDocs/WirelessTroubleShootingGuide/Connections
Working from low-level up I could not located any issues from the output of:
- lshw
- lsmod
- iwconfig
- rfkill list
iwlist scan would not produce any output (indicating a problem), however sudo
iwlist scan did show available networks indicating that the device itself
was not to blame.
I eventually came across the command nmcli device status which had my WiFi
device listed as "unmanaged".
*"Fix"*
I edited /etc/network/interfaces and commented out the lines for my WiFi
device.
I then restarted the network manager service (sudo systemctl restart
network-manager).
nmcli device status then showed my WiFi device connecting to my network.
The network-manager embedded GUI in the top menu bar also correctly showed
the network.
In summary the issue seems to be that the setup script uses
/etc/network/interfaces to manage the network interfaces which causes
network-manager to lose the ability to manage the WiFi device.
*Related Threads*
- https://groups.google.com/d/topic/security-onion/fYqk5EciXMg/discussion
- https://groups.google.com/d/topic/security-onion/lhtVNdN_sok/discussion
- https://groups.google.com/d/topic/security-onion/0n6VHGEllYI/discussion
------------------
I hope this information helps.
I don't currently have the ability to copy output / take screen grabs from
my SO device so I hope the description above is enough.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To view this \
discussion on the web visit \
https://groups.google.com/d/msgid/security-onion/ec142ea2-0c94-44b8-b783-0614c549f005%40googlegroups.com.
[Attachment #5 (text/html)]
<div dir="ltr">Hi SO community!<div><br></div><div>I thought it was worth documenting \
some things I discovered while debugging a "wifi not working" issue for \
either others to find, or for the community to find a more appropriate place to \
document / raise an issue (<a \
href="https://github.com/Security-Onion-Solutions/security-onion/blob/master/CONTRIBUTING.md">per \
github</a>).<br></div><div><br></div><div>-----------------</div><div><br></div><div><b>Preconditions</b></div><div>SO \
Version: 16.04.6.2</div><div>Network Interfaces:</div><blockquote style="margin: 0 0 \
0 40px; border: none; padding: 0px;"><div>- on-board wifi</div><div>- on-board \
ethernet </div></blockquote><div><br></div><div>During installation of SO, I \
connected to a WiFi network to update packages during install \
etc.</div><div><br></div><div>After installation, I launched into the GUI and used \
the same said WiFi network. WiFi networks were visible from the network-manager GUI \
embedded in the top menu bar.</div><div><br></div><div>I then ran stage 1 of the \
setup installer configuring the wifi device for management and the ethernet device \
for monitoring.</div><div><br></div><div><b>Issue</b></div><div>After rebooting I \
could wireless networks were no longer detected by the network-manager GUI embedded \
in the top menu bar.</div><div><br></div><div>I followed a number of standard Ubuntu \
guides for WiFi debugging:</div><div>- \
https://help.ubuntu.com/community/WifiDocs/WirelessTroubleShootingGuide</div><div>- \
https://help.ubuntu.com/community/WifiDocs/WirelessTroubleShootingGuide/Drivers</div><div>- \
https://help.ubuntu.com/community/WifiDocs/WirelessTroubleShootingGuide/Connections</div><div><br></div><div>Working \
from low-level up I could not located any issues from the output of:</div><div>- \
<font face="courier new, monospace" style="background-color: rgb(243, 243, \
243);">lshw</font></div><div>- <font face="courier new, monospace" \
style="background-color: rgb(243, 243, 243);">lsmod</font></div><div>- <font \
face="courier new, monospace" style="background-color: rgb(243, 243, \
243);">iwconfig</font></div><div>- <font face="courier new, monospace" \
style="background-color: rgb(243, 243, 243);">rfkill \
list</font></div><div><br></div><div><font face="courier new, monospace" \
style="background-color: rgb(243, 243, 243);">iwlist scan</font> would not produce \
any output (indicating a problem), however <font face="courier new, monospace" \
style="background-color: rgb(243, 243, 243);">sudo iwlist scan</font> did show \
available networks indicating that the device itself was not to \
blame.</div><div><br></div><div>I eventually came across the command <font \
face="courier new, monospace" style="background-color: rgb(243, 243, 243);">nmcli \
device status</font><font face="arial, sans-serif"> which had my WiFi device listed \
as "</font><font face="courier new, monospace" style="background-color: rgb(243, \
243, 243);">unmanaged</font><font face="arial, \
sans-serif">".</font></div><div><font face="arial, \
sans-serif"><br></font></div><div><font face="arial, \
sans-serif"><b>"Fix"</b></font></div><div><font face="arial, sans-serif">I \
edited </font><font face="courier new, monospace" style="background-color: rgb(243, \
243, 243);">/etc/network/interfaces</font><font face="arial, sans-serif"> and \
commented out the lines for my WiFi device.</font></div><div><font face="arial, \
sans-serif">I then restarted the network manager service (</font><font face="courier \
new, monospace" style="background-color: rgb(243, 243, 243);">sudo systemctl restart \
network-manager</font><font face="arial, sans-serif">).</font></div><div><font \
face="arial, sans-serif"><br></font></div><div><font face="courier new, monospace" \
style="background-color: rgb(243, 243, 243);">nmcli device status</font><font \
face="arial, sans-serif"> then showed my WiFi device connecting to my network. The \
network-manager embedded GUI in the top menu bar also correctly showed the \
network.</font></div><div><font face="arial, sans-serif"><br></font></div><div><font \
face="arial, sans-serif">In summary the issue seems to be that the setup script uses \
</font><font face="courier new, monospace" style="background-color: rgb(243, 243, \
243);">/etc/network/interfaces</font><font face="arial, sans-serif"> to manage the \
network interfaces which causes network-manager to lose the ability to manage the \
WiFi device.</font></div><div><br></div><div><b>Related Threads</b></div><div>- \
https://groups.google.com/d/topic/security-onion/fYqk5EciXMg/discussion</div><div>- \
https://groups.google.com/d/topic/security-onion/lhtVNdN_sok/discussion</div><div>- \
https://groups.google.com/d/topic/security-onion/0n6VHGEllYI/discussion</div><div><br></div><div>------------------</div><div><br></div><div>I \
hope this information helps.<br>I don't currently have the ability to copy output \
/ take screen grabs from my SO device so I hope the description above is \
enough.</div></div>
<p></p>
-- <br />
Follow Security Onion on Twitter!<br />
<a href="https://twitter.com/securityonion">https://twitter.com/securityonion</a><br \
/>
--- <br />
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br /> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion+unsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br \
/> To view this discussion on the web visit <a \
href="https://groups.google.com/d/msgid/security-onion/ec142ea2-0c94-44b8-b783-0614c54 \
9f005%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.com \
/d/msgid/security-onion/ec142ea2-0c94-44b8-b783-0614c549f005%40googlegroups.com</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic