Error on centos container install: Only one nic installed, you need two!!!

[gigantor2]

I am currently trying to install Security Onion (SO) in a Docker (Centos 7) container using VBox VM on my 32 GB of memory laptop. I have allowed all custom specs to the container ( 12 GB ram, two virtual Nics, 500 GB of space to mount the SO iso, 4 cpu's, etc.). I ran into other problems while trying to install SO 2.3.30 and 2.3.40. As a result, and after reading countless questions and answers from Google searches, I switched to the SO 2.3.10. iso.

After mounting the SO 2.3.10 iso, (from inside the centos 7 container) I CD to the SecurityOnion dir and run the install file. I am then asked if I wish to continue. I answer yes and am asked to pick the install option. To my surprise, I am at least being allowed to answer questions towards installing from the SO-2.3.10 iso. However, regardless of my method of install (eval, single standing, etc.,) I get the same result: "You only have one nic, you need two to meet minimum requirements!!

No matter what I try, ( creating 2 Docket bridged networks, 2 Vbox networks (host or bridged) networks, changing up IP addresses to match the same subnet, etc.) nothing works. I get the same error, that I only have one nic card.

Does SO not recognize virtual networks? When I do ifconfig both eth0 and eth1 show up as available inside the Centos container. Does SO only read and accept your physical NIC device?? Will my only solution be using a USB NIC for the mgmt interface??? Should I " roll back" to SO 16.04.7.1???

I trying to run a LAMP website in containers, and want to run a SO container to capture any bad traffic to my host and the LAMP stack (as well as bind, and sftp) containers. I know this is an ambitious project but SO won't let me get pass "go".

I would also like to take " a stab" at using Alienvault pulses with S.O. I previously ran elasticsearch on a separate centos server (using winlogbeat, filebeat, and, wazuh sensors (on windows) until SO incorporated it into being part of it's security. I was elated to see such a magnificent and significant upgrade. I felt this is perfect!!!

BTW - I'm a big fan of SO, and I have been using it since 12.04. I never had any problems and I have ran it in numerous virtual machines on VBox. I now have 16.04.7.1 installed and it runs perfectly in a VBox vm, allowing me to control the amount of traffic it stores before deleting logs for more storage. This is my first attempt using it with Docker, and my first attempt using 20.10-40.

Im thinking that perhaps I've missed something really simple, or, I'm simply using the wrong method of install. I just felt it was time I reached out for help. I am totally appreciative of any assistance that can be provided. I generally find the answers to most of my questions via Google, but either no one else has this problem, or something really small has eluded my research. Thanks again for any help that can be provided.

BTW- I ran a private repository and have downloaded all of the elastic stack Docker images. I'm just not sure how to put all of these images together and have them integrate into the SO application. I read the instructions and followed them to get all the images but Im now stuck. Images I have downloaded:

--so-elastic search, so-logstash, so-kibana, so-curator, so-elastalert, so-domain stats, so-freqserver.

(I also was able to successfully install the Analyst VM to my centos container. I know I'm close I just need a little missing information. For what its worth, I have a compose file that I successfully used to run the elastic stack independently before SO integrated with the ELK stack. If I knew which container brings all of these images together I would include it in my compose file.

[gigantor2]

SOLVED, NOOBIE MISTAKE!!! AFTER REMOUNTING ISO FOLLOWING ANALYST INSTALL, ALL IS GOING WELL. FINGERS ARE STILL CROSSED AS IT LOADS. Uh oh, error!!. Checking logs could not resolve salt master. Salt master is not running. Errors bein after 23% of building and generating CA. Error: attempting to authenticate with alt master failed with time out error.

ANYWAY I AM ENCOURAGED. I WILL TRY AGAIN TOMORROW, RIGHT NOW I NEED SLEEP, ITS 3:48 AM. HANKS TO ANYONE WHO READ THIS AND LET ME RANT!!! 😐