I’m trying to install Security Onion in a qube running debian 12 using the instructions here
https://docs.securityonion.net/en/2.4/network-installation.html
Unfortunately, the installer fails and tells me that Security Onion requires two NICs in order to work. Is there a way for me to add an addition NIC to a qube using software?
According to the same documentation, you can install some Node types (for example “Import”, which looks useful) with 1 NIC available.
You’re not going to be able to run active sniffing through a virtual machine anyway… but you can try the solution in @MellowPoison 's link.
To try it, just run:
… in dom0 while your vm (“$guest_name”) is running.
Later EDIT: you have to run “sudo xl …”
Thank you
No worries.
On further notice, you have to use “sudo” in dom0, and I get some errors when running it… but the interface eth1 appears in the vm, with the specified mac address.
It would be helpful if you said what you want to use SO for. There are
various documented uses which only require 1 NIC. If you want to monitor
qubes traffic within the same machine this can be done fairly simply and
SO is probably overkill
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.