Home | Blogs
Home - News - Download - Docs - Screenshots - Developers - Blogs - Forums - Contact

 

AlienVault OSSIM Installer

The OSSIM Installer ISO will ask you a series of questions after starting:

  1. Country
  2. Timezone
  3. Keyboard Layout
  4. (optional) Main interface, if more than one available.
  5. Root password
  6. Selected interface IP, mask, GW and DNS.

Future version will allow for different installation methods (server, sensor, database, expert, etc…) and further customization options. For now we just wanted to make the ossim installation accessible to everybody.

After installation a series of post-installation steps will be accomplished. Some of these tasks may error, don't worry about that, it's just that some things are trying to do themselves twice and we have to sort that out.

After installation you get a full-featured ossim system with everything ready to use.

<note> To access to the OSSIM GUI, you need to use your favorite browser. Just point to the IP that you have entered before </note>

A noteworthy addition is the /etc/ossim/ossim_setup.conf file. Changing anything in there and running /home/ossim/dist/reconfig.pl will reconfigure the whole system.

Following is a sample installed config file: 

interface=eth4
language=en
profile=all-in-one

[database]
acl_db=ossim_acl
db_ip=
db_port=3306
event_db=snort
ossim_db=ossim
osvdb_db=osvdb
pass=
type=mysql
user=root

[expert]
profile=server

[sensor]
detectors=snare, p0f, osiris, arpwatch, snort, pads, ssh, pam_unix, rrd, sudo, iptables
interfaces=eth4
ip=
monitors=nmap, ping, ntop, ossim-ca
name=ossim
priority=5

[server]
server_ip=
server_port=40001
server_plugins=osiris, pam_unix, ssh, snare, sudo

Here is a description of all the parameters, one by one:

  • interface: the main (administration) interface. The IP address configured for that interface will be fetched and used all over the ossim deployment.
  • language: Will configure the interface's language. Disabled on 1.0 release.
  • profile: Sensor, server, etc… Disabled on 1.0 release.
  • Database: Database entries which will get configured.
    • pass: If left empty, a random one will be generated.
    • ip: If left empty, the main host's IP address will be used.
  • Sensor: Sensor options.
    • detectors: which detectors will be enabled.
    • monitors: which monitors will be enabled.
    • ip: If left empty, the main host's IP address will be used. This will also launch multiple separate instances of arpwatch, pads, p0f, snort.
    • interfaces: More than one can be specified, comma separated. All of them have to be UP for everything to work right.
    • name: sensor name, will be inserted into DB.
    • priority: sensor priority which will be inserted.

Remember: run reconfig.pl after changing this file for changes to get applied to the system.

 
ossim_installer/user_guide.txt · Last modified: 2009/11/28 21:59 (external edit)
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki