Alienvault OSSIM has a built in upgrade mechanism for updates. However, not all installs exist in locations with an active internet connection. To get around this you can either
- Mirror the update repository locally down from Alienvault and hack the update script
- Download the CD/DVD and hack the update script!
This is a description of the latter method.
Start by downloading the CD from the Alienvault OSSIM website and mount the iso on the server to be updated.
When the alienvault-update runs it tried to download an update script. You can grab this from the website. For v4 this script is located at http://data.alienvault.com/RELEASES/alienvault4_update-script. Download the script and write a copy to the OSSIM server to run manually.
The script uses apt-get to get the updates from alienvault but those packages are also on the CD we downloaded. Add in the CD as a source by typing:
apt-cdrom add
This adds in the CD as a source into /etc/apt/sources.list, for example:
deb cdrom:[Debian GNU/Linux 6.0.6 _Squeeze_ - Unofficial amd64 DVD Binary-1 20121002-12:02]/ squeeze main non-free
Comment out the other lines that refer to debian in this file by putting a hash (#) in front of them:
#deb http://ftp.us.debian.org/debian/ squeeze main contrib #deb-src http://ftp.us.debian.org/debian/ squeeze main contrib #deb http://security.debian.org/ squeeze/updates main contrib #deb-src http://security.debian.org/ squeeze/updates main contrib
Save the file and open the downloaded update script. Find the part of the script that says “download-only” and remove that option. For instance:
apt-get dist-upgrade --download-only -y --force-yes
change to
apt-get dist-upgrade -y --force-yes
When you’ve changed all the lines with “download-only” in them you’re ready to run the update script.
As root run the script, for example:
sh ./alienvault4_update-script
and watch as the packages are updated. Once done reboot and verify the system has been updated by browsing to Configuration -> Sensors or by using the command
ossim-server -vFiled under: Alienvault OSSIM, Security, SIEM Tagged: alienvault, OSSIM Image may be NSFW.
Clik here to view.
Image may be NSFW.Clik here to view.
