We're proud to announce the soon-to-be-available 1.0.4 installer (versioning wise it could be 1.1 or even higher because of all of the changes but, well, we called it 1.0.4), both as a standalone ISO image as well as the updater.

We've been working very hard the past months on this, the updater has been a nightmare. It's much easier to make an installer than an updater...

For those wanting to try it out, just download update.pl and run it on a 1.0 - 1.0.3 installed image (should work with the images we've released inbetween on the forums too). Be warned tho, we're still on final testing phases and there might be some issues in there, any sort of testing will be more than welcome.

Basically the installer will backup all the databases and /etc/*, /usr/share/ossim*, install new packages (ossim 0.9.9), new deps (ossec, munin, fprobe) and tune some other things.
Anyway, as said, there are backups and it shouldn't be too hard to get it back working if something fails.

A few hints if you're going to try it out:

• Default values for most of questions are fine. If unsure just press enter.
• "auto" is the recommended way to go for new users, "expert" allows for a more fine grained setup.
• We experienced occassional hangs at the munin plugin setup step. Had to kill the following process on another terminal in order to continue with the installation process
• After everything has been installed you have to log in and upgrade the web part, it should work like a charm :-)
• Right now requires internet access; we'll publish an offline updater too of course

Check a sample installer output if you're curious.

Here is a more detailed list of the most important changes:

New software:

• Included OSSEC (http://www.ossec.net/)
• Included Munin for sensor monitorization (http://munin.projects.linpro.no/)
• Included FProbe for high traffic environments (http://fprobe.sourceforge.net/)
• OSSIM core upgrade
• Included and updated bleeding snort rules

• Intrushield plugin
• Ntop connections being rewritten through the server, no need to open port 3000 to then anymore.
• Partitioning switched to manual on installation
• Database optimization code included
• Added some database indexes for query speedup
• Updater support
• Experimental agent event consolidation
• Agent event statistics

• Updated realsecure/proventia plugin
• Updated FW1 plugin
• Update IIS plugin
• Database types optimized
• Updated pam_unix rules
• Updated ssh rules
• Updated cross correlation information

• Localization now working
• Fixed some server issues

This tutorial tries to show the first common steps you could perform if you're new to ossim and just finished installation, without knowing what to do next.
The tutorial will cover:

• Policies
• Initial Inventory
• Scans
• Scheduled scans
• What to do next

This post will be the first of a series of tutorials describing how to accompliush certain useful things using OSSIM. A friendly IT teacher from Oklahoma suggested that it would be a good idea, and I have to agree. And on top, it's relaxing :-).

So here we go, this first installment will focus on deploying OCS Inventory on a couple of hosts, getting them to log to the central ossim server and see how it shows up in our interface. This will demonstrate the powerful cross-platform inventory capabilities built into ossim thanks to the new OCS integration.

The test environment consists of 6 devices:

• Apple 10.5 Leopard
• Debian 4.0 Linux inside Parallels
• IPhone MacosX
• OpenBSD 4.x
• Windows XP inside Parallels
• Yellow Dog Linux running on a PS3

Let's get a first meaningful update running too.

We have been working hard these last weeks to get the installer out and polish some outstanding issues. After the initial releases, our priorities are now focused on:

• Get an updater done (will be included with 1.0.4)
• Fix some remaining issues (two persons have reported hangs at specific OS installation stages)
• Allow for easy installation of specific graph plugins depending on scenario (ISO, Inventory, Nessus, etc...)

In the meantime, we preinstalled OSSEC (thanks Daniel for your help), fixed the Nagios plugin, fixed rrd_plugin which was missing a config line and added Munin to the sensor pages for performance monitorization.