OSSIM - Install On Ubuntu 24.4: Difference between revisions

Return to Wiki Index

Before starting the installation, ensure that your system meets the following requirements:

• Ubuntu 24.4 server (or any other compatible Ubuntu version)
• Root privileges or sudo access
• A working internet connection for downloading dependencies
• Sufficient disk space for OSSIM components and data storage

After installation, you must configure OSSIM for proper operation. Follow these steps to complete the configuration:

OSSIM requires proper network setup, including configuring the system's IP address, subnet, and gateway. Edit the network interfaces file using:

sudo nano /etc/network/interfaces

Example configuration for static IP:

iface eth0 inet static
    address 192.168.1.100
    netmask 255.255.255.0
    gateway 192.168.1.1

Once the network configuration is updated, restart the networking service:

sudo systemctl restart networking

Ensure that the necessary ports are open for communication between OSSIM components and other services:

sudo ufw allow 443/tcp
sudo ufw allow 22/tcp
sudo ufw allow 1514/udp
sudo ufw allow 514/udp

Verify that the firewall settings are applied correctly:

sudo ufw status

OSSIM uses MySQL for its database. Make sure that MySQL is installed and properly configured before running OSSIM:

sudo apt update
sudo apt install mysql-server

After installation, secure your MySQL installation:

sudo mysql_secure_installation

Create a dedicated MySQL user and database for OSSIM:

sudo mysql -u root -p
CREATE DATABASE ossim;
CREATE USER 'ossim'@'localhost' IDENTIFIED BY 'yourpassword';
GRANT ALL PRIVILEGES ON ossim.* TO 'ossim'@'localhost';
FLUSH PRIVILEGES;
EXIT;

For optimal performance, tune your system to handle the high demands of logging and alert processing. Adjust the following parameters in `/etc/sysctl.conf`:

fs.file-max = 100000
net.ipv4.ip_local_port_range = 1024 65535

Apply the changes:

sudo sysctl -p

Now that the system is set up, you need to configure OSSIM. The main configuration file for OSSIM is located at `/etc/ossim/ossim.conf`. Edit this file to adjust key parameters such as database connection, logging level, and network settings.

Example:

nano /etc/ossim/ossim.conf

Set the database user and password:

DB_USER=ossim
DB_PASS=yourpassword

After making the changes, restart OSSIM:

sudo systemctl restart ossim

The OSSIM web interface is typically hosted on port 443 (HTTPS). To access the OSSIM interface, open a browser and navigate to:

https://<your_server_ip>/ossim

Log in using the default credentials:

Username: admin
Password: admin

Once logged in, you can customize your dashboards, configure additional plugins, and set up monitoring and alerting systems as needed.

In case of issues during installation or configuration, here are some common solutions:

• **Database connection issues**: Verify that the MySQL server is running and that the database user has correct privileges.
• **Service startup failures**: Check system logs using `journalctl` or the specific OSSIM service logs located in `/var/log/ossim/` to identify any issues.
• **Firewall problems**: Ensure all required ports are open and accessible.

To view real-time logs for OSSIM services:

sudo journalctl -u ossim

• [OSSIM Official Website](https://www.alienvault.com/products/ossim)
• [OSSIM Documentation](https://www.alienvault.com/resources/ossim-documentation)
• [OSSIM GitHub Repository](https://github.com/alienvault/ossim)
• [Ubuntu Documentation](https://help.ubuntu.com/)
• [MySQL Documentation](https://dev.mysql.com/doc/)