Offline update of Alienvault OSSIM


Alienvault OSSIM has a built in upgrade mechanism for updates. However, not all installs exist in locations with an active internet connection. To get around this you can either

  1. Mirror the update repository locally down from Alienvault and hack the update script
  2. Download the CD/DVD and hack the update script!

This is a description of the latter method.

Start by downloading the CD from the Alienvault OSSIM website and mount the iso on the server to be updated.

When the alienvault-update runs it tried to download an update script. You can grab this from the website. For v4 this script is located at http://data.alienvault.com/RELEASES/alienvault4_update-script. Download the script and write a copy to the OSSIM server to run manually.

The script uses apt-get to get the updates from alienvault but those packages are also on the CD we downloaded. Add in the CD as a source by typing:

apt-cdrom add

This adds in the CD as a source into /etc/apt/sources.list, for example:

deb cdrom:[Debian GNU/Linux 6.0.6 _Squeeze_ - Unofficial amd64 DVD Binary-1 20121002-12:02]/ squeeze main non-free

Comment out the other lines that refer to debian in this file by putting a hash (#) in front of them:

#deb http://ftp.us.debian.org/debian/ squeeze main contrib
#deb-src http://ftp.us.debian.org/debian/ squeeze main contrib
#deb http://security.debian.org/ squeeze/updates main contrib
#deb-src http://security.debian.org/ squeeze/updates main contrib

Save the file and open the downloaded update script. Find the part of the script that says “download-only” and remove that option. For instance:

apt-get dist-upgrade --download-only -y --force-yes

change to

apt-get dist-upgrade -y --force-yes

When you’ve changed all the lines with “download-only” in them you’re ready to run the update script.

As root run the script, for example:

sh ./alienvault4_update-script

and watch as the packages are updated. Once done reboot and verify the system has been updated by browsing to Configuration -> Sensors or by using the command

ossim-server -v
Advertisements
Tagged ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: