• Support
  • Forums
  • Blogs

Commandline Access


AlienVault Employee

OSSIM & AlienVault Community!
You may have noticed some changes in the last release ­ namely the way we handle command line access has changed. Why? well, we are not trying to make your life harder, in fact we are trying to make it easier.

The goal of OSSIM is to help reduce the amount of time you spend configuring and administering your security controls ­ the way we do this is by unifying the configuration settings and replicating them to all of the security controls we have included in the product. When a new user starts with OSSIM they often say ‘hey cool, I know how to configure SNORT!’ and they start hacking away at the config. Little do they know, when they touch these files, there is a very good chance they are going to change something that will get overwritten when they change something in the user interface. We have restricted the commandline access so as to help users understand this and make it harder for these mistakes to be made.
But wait! We know that we do not have all of the config options available so when you find yourself in a jam, you can ‘jailbreak’ the system. All we ask is that when you do, leave us a little note here to let us know what you were trying to do. This will help us improve the product - the goal is to simplify and unify the configuration so any bit helps! 


Share post:



  • Jailbreak required to create and implement custom plugins.
  • Jailbreak required to tune rsyslog.d includes for log filtering
  • i think that jailbreak is messing with sftp and scp connections from windows clients. at least in this version i can't do them and on the 4.1 i could
  • jaibreak required to create user used pulling logs from systems, that we are unable to send them over standard way.
  • edited April 2013
    Jailbreak required to install the backup client.
  • edited April 2013
    4.2.1 killed my sensor.  Jailbreak needed to run the host_cache_pro.dic fix (OSError: [Errno 2] No such file or directory: '/etc/ossim/agent/host_cache_pro.dic').
  • Needed to install VMware tools; needed to customize plugins and rsyslog.
  • Needed so tht can configure plugins and data sources so as to integrate it with other platforms.
    I will be trying to integrate it with OTRS
  • To modify plugin for my devices.
  • Jailbreak required to modify snort rules
  • Forbidden the command line access in Alienvault appliance (in the future) it’s the worst idea you ever had.

    “Jailbreak” option is require to create custom plugins, run SQL scripts to create custom data sources (for custom plugins), create and customize new configurations backup jobs in “crontab”, define new Hosts IP’s in “rsyslog.d” files and create new ones, create new “logrotate.d” files definitions, run the OSSEC-LOGTEST for new messages rules, run “KILLALL -9 OSSIM-AGENT” when it hangs, manage and generate OSSEC certificates for new servers agents, etc, etc,etc. 

    Like as previous versions Alienvault should allow connection in SFTP/SCP for Windows Clients like “WinSCP”, this is very useful for people who haven’t any knowledge in Linux.

  • I like the idea in the new menu giving us a place for easy configs like changing ips and all that but yeah the "jailbreak" option will be required for most of stuff we do daily.
  • I agree with freis.

    It is nice to see some things moved to make them easier. But there are a lot of components etc which can be adjusted etc that it isn't viable to do it via the gui.
  • Modify DoNagios.py interval because i cant afford to restart nagios every 600 seconds (aka 10 minutes).
  • needed to close cisco  SDEE subscription and restart agent when events stop appearing in OSSIM

    python /usr/share/ossim/scripts/closeSDEEsession.py <subscription-id>
  • dear god, why would you disable SFTP and SCP?
  • For the love of... How can I make the "jailbreak" permanent so one doesn't have to choose jailbreak every time I login via SSH? This is very annoying.

  • Modify DoNagios.py interval because i cant afford to restart nagios every 600 seconds (aka 10 minutes).

    Every 10 minutes a SIGHUP is executed, not a SIGTERM

    If you have problems with nagios reloading its configuration, please open a  new forum post with the problem you have identified, so we can fix the root cause.

  • god Russ ... It is clear that you had never use OSSIM via SSH ... try to do a test deployment at home man! try TO USE IT !!!! Then you can think about improvements, but please, use it at least ONCE!
  • edited April 2013

    Hey guys, here is the way to bypass permanently the restricted shell:

    sed -e 's/\/usr\/bin\/llshell/\/bin\/bash/g' -i /etc/passwd

    Also enjoy the feature of UNLIMITED SCP!

    Fuck Yeah!

  • I really appreciate the time you are putting in giving us feedback on this. 
    @IanHayes We will make sure we reintroduce the ability to do SCP/SFTP certainly the removal of this functionality was limiting and not intended.  Expect to see that soon.  
    As for the plugin usecases we are working hard to make this simpler throughout the product.  

    Please keep the feedback coming and we will make sure to work on the making the things you have to do automated or at least easier to do.  And in case this was not apparent in the initial post, the intention of this change is to help people understand the parts of the operating system that AlienVault may reconfigure automatically.  We will work hard and fast to make sure that any configuration you need to do frequently is either automated or easily accessible.
  • fredrik said:
    For the love of... How can I make the "jailbreak" permanent so one doesn't have to choose jailbreak every time I login via SSH? This is very annoying.
    edit /etc/passwd and change root's shell to /bin/bash. That gets rid of the jailbreak menu and restores sftp/scp access.
  • If you're going to do that, this is the safest way:

    #usermod -s /bin/bash root
  • I don't even know what to say without being a Richard. 
  • Definitely one of the worst ideas so far. I really do not understand how this should make life easier. Don't really know where to start because there are so many reasons I need console access.

    Here are a couple of reasons:

    I am running complimentary software on many of my agent boxes which I need to load/configure in console.

    Face it: there are a lot of bugs and configurations which requires console access to manipulate 

  • Looks like a simple case of "Get rid of the lockdown". I cant believe you would put it in.
    If you dont know a reasonable amount about the systems you are running, you shouldnt be playing with them.

    Please get rid of this lockdown asap.

  • I have installed an OSSIM-server in one of my servers, and other OSSIM (only sensor this time) in another one. I can't access throught SSH to the first one (wrong root password), but I have SSH access to the second. It's normal?
  • @setshocket please open a new post with your issue
  • edited April 2013
    Need to jailbreak for several reasons:
    1/ to run custom python scripts (nbtscan + request external database) to check whether an IP/host has already been identified in previous incidents.
    2/ to remove pcap dumps once gathered on another machine (rm is not allowed!)
    3/ to run INAV
    4/ to use "pipe" in commands (e.g. "ps aux" is allowed but "ps aux | grep something" is not)
  • @sdamaye thank you for the feedback - how does INAV work out for you?
    @jhybinette what other packages are you running?  Always looking for good data to integrate into the sensor
Sign In or Register to comment.