Tutorial 1: Host Inventory using OSSIM

November 25, 2007 | Dominique Karg
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

This post will be the first of a series of tutorials describing how to accompliush certain useful things using OSSIM. A friendly IT teacher from Oklahoma suggested that it would be a good idea, and I have to agree. And on top, it’s relaxing :-).

So here we go, this first installment will focus on deploying OCS Inventory on a couple of hosts, getting them to log to the central ossim server and see how it shows up in our interface. This will demonstrate the powerful cross-platform inventory capabilities built into ossim thanks to the new OCS integration.

The test environment consists of 6 devices:

  • Apple 10.5 Leopard
  • Debian 4.0 Linux inside Parallels
  • IPhone MacosX
  • OpenBSD 4.x
  • Windows XP inside Parallels
  • Yellow Dog Linux running on a PS3

Step 1: Check out how our freshly installed image is performing

After logging into the interface we first check the specific Inventory tab at the executive panel, seeing how it is currently empty:

(Image removed, broken link, I’m very sorry. DK.)

Next, we go to Reports -> OCS Inventory and also see how it is (still) empty:

(Image removed, broken link, I’m very sorry. DK.)

Step 2: Start installing the agents. Windows.

During step two we’ll install the ocs Agent on windows. The ossim installer already rewrites the ocs package with the server IP you’ve configured during installation, so actually deploying agents is very simple.

First we’ll go to Tools -> Downloads in order to get the pre-configured installer package. As you may notice on this screenshot, I’ve created a very restricted user with no permissions, he just can see and fetch things from the download page.

(Image removed, broken link, I’m very sorry. DK.)

After downloading we open up the compressed file and execute the “install.bat” script. This should go on pretty fast and will install and enable OCS on the system.

(Image removed, broken link, I’m very sorry. DK.)

By default, ocs schedules itself to run on a daily basis (not 100% sure aabout this) so at first you won’t get any inventory. Anyway, since I’m more of the impatient kind I want to force it.

In order to force an inventory we must execute “inventorize_now.bat” after installation. It can be done from the zip already, as shown below:

(Image removed, broken link, I’m very sorry. DK.)

And voila, there we’ve got our first inventoried host and it’s detail:

(Image removed, broken link, I’m very sorry. DK.)

Step 3: Continue installing the agents. Debian Linux.

Our next step will will involve installing the OCS agent on the ossim server itself. Since we’re on the filesystem we can just copy the included agent package to some tmp directory, uncompress it, install everything and there we go.

And, the resulting host will appear on our list, and it’s detail:

(Image removed, broken link, I’m very sorry. DK.)

Step 4: Continue installing the agents. Macox (including IPhone).

Since only Windows and Linux agents are included with the installer, you have to find ocs inventory agents for other systems from the contrib page. It is linked from Downloads->Tools for easy reference.

Here you can see how it looks like, we’ll be using the MacosX agent for this step and the unix agent for the next one (ain’t it pretty?):

(Image removed, broken link, I’m very sorry. DK.)

Now to the bad news. I tried to get it running but the current version doesn’t work on Leopard, nor does it work on the iPhone either (not even exporting the xml inventory to another host, though iPhone does run php).

So, here you can see my efforts but after skimming over the forums I don’t thing I’ll waste much time on this right now. Pretty sure the author will come up with a leopard compatible version at some time. Check the post at the bottom of this link for more information, you might be luckier than I’ve been.

Step 5: More agent installation. Openbsd.

This one has been pretty straightforward. Downloaded the unix version, had curl and libxml2, pointed at the right zlib path and there we go.

And the PoC:

(Image removed, broken link, I’m very sorry. DK.)

Step 6: Inventory of a PS3. YDL.

Since the ocs agent installer provides all the needed deps, this was straightforward too and very similar to the other linux one, so no log included. The PS3 is actually quite an impressive linux platform btw :-)

(Image removed, broken link, I’m very sorry. DK.)

Final Step 7: Conclusion

So there we go, if everything had gone well now I’d have had every host surrounding me inventoried. Sadly there was that minor macosx glitch, but I had it running on Tiger and I assure you it works.

Our final setup looks like this:

(Image removed, broken link, I’m very sorry. DK.)

And… do you remember the empty inventory graph section at the beginning ? well, as expected, now it’s got some data in it:

(Image removed, broken link, I’m very sorry. DK.)

I hope you enjoyed this first tutorial, if you like it please leave a quick comment below, since I’m just testing if all this blogging thing makes sense to me any feedback will be welcome.

Dominique Karg

About the Author: Dominique Karg
Read more posts from Dominique Karg ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL