AlienVault R&D Labs Portal. Get the latest news from our research.
Header

New Instaler beta: 1.2beta6

May 2nd, 2009 | Posted by DK in Installer - (Comments Off)

I’m happy to announce the availability of the next beta, AV Installer beta6. (md5: 21204ecf2949a1d9ac9838b3c694b72d.

Again, thanks a ton to everybody testing the betas and reporting bugs / improvements, with your help this is already the best release that’s been published ever for OSSIM.

The betatesting process is reaching the point where we’re going to freeze code and just fix bugs. OpenVAS is now fully integrated and running like a charm, the compliance framework runs out of te box for ISO27001 (install beta6, “apt-get install ossim-compliance” and go to reports->reporting server), many new directives have been added and old ones fixed. A quick warning: OpenVAS takes ages to start the first time, if it looks like it hangs during init don’t worry, after maybe 5 or 10 minutes it will get through.

Next steps will be to ensure everything is working, get a new dashboard for PCI and ISO2700[12] compliance, integrate the SEM part (without signing) into the public server, put the new policy interface in place and double check distributed architecture scripts. After this release the final version, throw a party and get a couple of weeks off ;-)

I hope you enjoy this beta.

DK

Mr Wolf Wannabe.

More Posts - Website

, ,

Upcoming Installer testing version 1.2beta1

February 28th, 2009 | Posted by DK in Installer - (Comments Off)

I’m proud to announce the availability of the first public testing release of the upcoming installer. We’re in final stages of testing now, and tho there are still known issues it’s time to get community feedback on it. Many many thanks to anybody willing to help test this iso. Please keep in mind that it’s a testing version, not intended for production. We can’t even ensure that at the end of the testing period there will be a seamless upgrade into the stable distribution ;-)

First a quick note on versioning. The new installer will have two versions, one for each architecture:

  • Installer 1.2: amd64 (that is, most of the 64bit capable processors out there, including Xeons).
  • Installer 1.1: i386 (old 32bit).

    • Our intention, right now, is to maintain the 1.1 as long as needed and focus on the 1.2(64bit). Functionality will be exactly the same (if it doesn’t involve too much work, we’ve got limited resources. Jasper/Tomcat integration for example will be limited to 1.2) on both but our development platform is entirely 64bit based due to performance reasons, so there might be a slight delay.

    We’re not excluding anyone tho, we’re going to maintain updates for 32bit while there is a large enough user base on it and 32bit users can test the 64bit version on vmware without problems.

    The installer testing version can be found at http://data.alienvault.com/ossim-installer_1.2.beta1.iso. Next I’ll list how to install it (along with update guidelines), known issues right now (and how to report new ones) and a short list of some of the stuff included in this release.


    Download it

    Highlighting the download: http://data.alienvault.com/ossim-installer_1.2.beta1.iso.


    Installing it

    Grab the iso, install it. After installation, in order to get a clean testing and updating environment (we’re working on solving this right now) issue an:

    apt-get remove ossim-cd-setup

    This will erase the monstrous package we used before, leaving the files tho (since they’re uncompressed from within a .tgz). More on this later.

    After this:

    apt-get update; apt-get upgrade

    You might get an gpg inoxious error; I’m working on getting the packages gpg signed, thanks Jonathan for the script when it arrives :-))


    Bugtracking/reporting

    We did setup a specific forum for this. Please post any discovered bugs in there, and please check the rest of the 1.2 forum in case somebody might have reported the issue before.


    Before reporting a bug please issue an “apt-get update; apt-get upgrade”, your bug might have been fixed.


    Known issues

    There are several issues that I’m aware of right now, which I’m working on:

    • Jasperserver password change might break jasperserver.
    • SEM doesn’t work out of the box (haven’t commited the code to the cvs yet).
    • /home/ossim/dist/ doesn’t get cleaned up.
    • Creating new tabs breaks existing tabs at executive panel.
    • Memory issues (adding tomcat to the mix didn’t help the already large memory requirements)
    • Passwords doesn’t get changed / adapted for everything.
    • the reconfig bug when passwords contain “&, ‘, ; or \”" is still present.
    • repository is missing gpg signatures


    Feature highlight

    There are many things we’ll be proud of this new release, just to name a few (all of them will be provided before the final release via updates):

    1. Completely new forensics console. Based on ACID and BASE we decided to incorporate the code into our own cvs; we just have too many specific needs and need to cover them. Check out the following screenshots:
    2. Disk based event storage (a.k.a. SEM) (will be updating a screenshot asap)
    3. Interactive risk maps (seen them before)
    4. Reporting plugins using JasperServer. This will be a major breakthrough, allowing for easy to share reporting plugins, scheduled reports, auto-emailing of reports and much more.
    5. Shellcode interpretation plugin for forensics.
    6. OSSEC 2.0
    7. Many new plugins.
    8. Updated directives, cross correlation and inventory correlation tables.
    9. Complete debian package based update/upgrade mechanism, including offline updates. No more custom ossim-updates.
    10. Many more…

    We want this release to be as good as possible, and your feedback is crucial for that. Please download it, throw it into a VM, make your evil tests and report back on the forum thread mentioned above.




    Enjoy.

    DK

    Mr Wolf Wannabe.

    More Posts - Website

    , , , , ,