OSSIM - Install Script On Ubuntu 24.4
From IT-Arts.net
[[]]
install-ossim.sh
#!/bin/bash # This script installs OSSIM (Open Source Security Information Management) on Ubuntu 24.04 LTS # Ensure the system is up-to-date echo "Updating system packages..." sudo apt update -y && sudo apt upgrade -y # Install essential packages for system configuration echo "Installing necessary dependencies..." sudo apt install -y curl wget gnupg2 lsb-release apt-transport-https sudo # Add the OSSIM repository and import the GPG key echo "Adding OSSIM repository and GPG key..." curl -s https://updates.alienvault.com/ossim/ossim-5.9.0/ossim-repo.key | sudo tee /etc/apt/trusted.gpg.d/ossim.asc # Add the OSSIM repository to the sources list echo "Adding OSSIM repository to the sources list..." echo "deb https://updates.alienvault.com/ossim/ossim-5.9.0/ubuntu/ focal main" | sudo tee /etc/apt/sources.list.d/ossim.list # Update the package list with OSSIM repository echo "Updating package lists..." sudo apt update -y # Install OSSIM base components and other dependencies echo "Installing OSSIM and dependencies..." sudo apt install -y ossim-server ossim-agent ossim-web ossim-database # Install Nginx (if not already installed) as the web server echo "Installing Nginx for web interface..." sudo apt install -y nginx # Install and configure PostgreSQL for OSSIM database echo "Installing PostgreSQL and setting up OSSIM database..." sudo apt install -y postgresql postgresql-contrib # Configure PostgreSQL for OSSIM sudo -u postgres psql -c "CREATE USER ossim WITH PASSWORD 'ossim_password';" sudo -u postgres psql -c "CREATE DATABASE ossim;" sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ossim TO ossim;" # Enable PostgreSQL service to start on boot echo "Enabling PostgreSQL to start on boot..." sudo systemctl enable postgresql # Install and configure OSSIM agent echo "Configuring OSSIM agent..." sudo apt install -y ossim-agent # Start OSSIM services echo "Starting OSSIM services..." # Start and enable OSSIM database, agent, and server services sudo systemctl start ossim-server sudo systemctl start ossim-agent sudo systemctl start ossim-database sudo systemctl enable ossim-server sudo systemctl enable ossim-agent sudo systemctl enable ossim-database # Start Nginx and enable it to start on boot echo "Starting Nginx and enabling it to start on boot..." sudo systemctl start nginx sudo systemctl enable nginx # Set up firewall rules for OSSIM (allow HTTP, HTTPS, and required ports) echo "Configuring UFW firewall rules..." sudo ufw allow 22/tcp sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw allow 4433/tcp # OSSIM-specific port sudo ufw allow 514/udp # Syslog traffic sudo ufw allow 10000:20000/udp # OSSIM related ports # Enable UFW firewall sudo ufw enable # Check if all OSSIM components are running echo "Verifying OSSIM components are running..." # Check systemd status for OSSIM services sudo systemctl status ossim-server sudo systemctl status ossim-agent sudo systemctl status ossim-database # Verify if Nginx is running sudo systemctl status nginx # Show instructions to access OSSIM echo "OSSIM installation completed successfully!" echo "You can access the OSSIM web interface by navigating to https://your-server-ip or https://your-domain.com" echo "Login with the default credentials: admin / ossim_password" # Revert to the original directory cd ~ echo "OSSIM installation script completed!" exit 0
