We’re proud to announce the soon-to-be-available 1.0.4 installer (versioning wise it could be 1.1 or even higher because of all of the changes but, well, we called it 1.0.4), both as a standalone ISO image as well as the updater.
We’ve been working very hard the past months on this, the updater has been a nightmare. It’s much easier to make an installer than an updater…
For those wanting to try it out, just download update.pl
http://updates.alienvault.com/updates/update.pl [no longer available] and run it on a 1.0 - 1.0.3 installed image (should work with the images we’ve released inbetween on the forums too). Be warned tho, we’re still on final testing phases and there might be some issues in there, any sort of testing will be more than welcome.
Basically the installer will backup all the databases and /etc/*, /usr/share/ossim*, install new packages (ossim 0.9.9), new deps (ossec, munin, fprobe) and tune some other things.
Anyway, as said, there are backups and it shouldn’t be too hard to get it back working if something fails.
A few hints if you’re going to try it out:
- Default values for most of questions are fine. If unsure just press enter.
- “auto” is the recommended way to go for new users, “expert” allows for a more fine grained setup.
- We experienced occassional hangs at the munin plugin setup step. Had to kill the following process on another terminal in order to continue with the installation process
- After everything has been installed you have to log in and upgrade the web part, it should work like a charm 😊
- Right now requires internet access; we’ll publish an offline updater too of course
Check a sample installer output if you’re curious.
Get the 1.0.4 (beta) updater here.
http://updates.alienvault.com/updates/update.pl [no longer available]
Here is a more detailed list of the most important changes:
- Included OSSEC (http://www.ossec.net/)
- Included Munin for sensor monitorization (http://munin.projects.linpro.no/)
- Included FProbe for high traffic environments (http://fprobe.sourceforge.net/)
- OSSIM core upgrade
- Included and updated bleeding snort rules
- Intrushield plugin
- Ntop connections being rewritten through the server, no need to open port 3000 to then anymore.
- Partitioning switched to manual on installation
- Database optimization code included
- Added some database indexes for query speedup
- Updater support
- Experimental agent event consolidation
- Agent event statistics
- Updated realsecure/proventia plugin
- Updated FW1 plugin
- Update IIS plugin
- Database types optimized
- Updated pam_unix rules
- Updated ssh rules
- Updated cross correlation information
- Localization now working
- Fixed some server issues