Menu
▾
▴
[Os-sim-devel] OSSIM autoinstall perl script for FC3 (v0.9)
|
From: Arn V. <arn...@xs...> - 2006-01-04 22:09:24
|
I am currently writing an autoinstall script for OSSIM in perl. Version 0.9 supports installing and configuring a server with a local sensor on Fedora Core 3. The next mayor release should support installation on other Linux distro's as well (see TODO list), as long as there is an apt-get repository available with OSSIM in it. The reason this is not version 1.0 is a minor problem with the 'create_basic_configuration' function, which means you have to manually add the detected sensor and a network to monitor. Other then that the installation and configuration runs okay, hence I classify this is a minor problem. For those who wish to use/test this script, the latest version is available from http://82.92.8.139/projects/OSSIM/ossim.autoinstall.pl This is an open directory where you can also find all released versions. Below I included parts of the header with some additional information. ################################################################################ # What does it do: # A script to completely automate the installation and configuration of OSSIM # (http://www.ossim.net) on a fresh install of Fedora Core 3. It installs a # server with a local sensor running: snort, ntop (v3.2), p0f, arpwatch, # nessus, tcptrack and pads. The next mayor release will also support other # Linux versions. # # Features include: # * Tracking finished functions in the file 'processed.functions'. On a second # run the succesfully finished functions will not be run again. # * Rollback of half finished functions on errors. # * Saving errors to 'saved.errors', consisting of function, linenumber and # system() error code. Old errors are overwritten. # * Backups of all altered files saved to '$filename.backup'. # # Things to keep in mind: # 1) You need to manually start the ossim components after the installation. # The start command is provided after a succesfull installation. # 2) The 'create_basic_configuration' function does not work yet, for now # add the detected sensor by hand, and add the network(s) manually 'policy # tab in web interface'. Without a sensor and a network most data will not # be logged! An alternative is to install, start OSSIM, enable this # function and run the script again. This works as far as I can tell. # 3) This version of the script will setup a server with a local sensors. # 4) This version of the script will most likely only work on Fedora Core 3 at # the moment. A future version will contain variables to systempaths which # can be changed. # 5) The following error is to be expected (see todo 'Future versions' item 1); # find: /usr/share/ntop/rrd//interface/eth0/hosts: No such file or directory # This error will keep appearing in the shell you used to start the agent # component. # # TODO: # Next mayor version (required functionality) # 1) Include system path variables for portability to other Linux versions. # 2) Find out why the function 'create_basic_configuration' fails (either I am # doing something wrong, or this can only be done after first run?). # 3) Locate apt repository with newer nessus version (used: 2.2.6 current: 3.0). # 4) Include some sanity checks (required variables for selected functions, # internet connection, installed packages, etc). # 5) Provide some default choices for installations (server only, sensor only, # etc). # # Future versions (optimizing code/functions/functionality) # 1) Include the option to install NTOP 3.1 (check if sources need patching). # See http://sourceforge.net/mailarchive/message.php?msg_id=14231830 # 2) Tweak/secure the installed components (and OS?). # 3) Configure snort/nessus to autoupdate rulesets. # 4) Find out what (unprintable?) characters live at the end of the keys in the # associative array from prefsCache.db from ntop, so we can specify these # keys directly instead of using regex matching. # 5) Find out why the /x option doesnt work as supposed to in the susbstitute # commands so that I can properly terminate those lines on 80 characters. # 6) Pull more repeating code to their own functions. # 7) Better error function/handeling. # 8) Include status bar, hopefully without including external modules (threads?) # 9) Also support subnetmasks in /xx form (and convert /xx to /xxx.xxx.xxx.xxx). ################################################################################ I am currently in the last month of a project, so chances are I have less time to maintain this script at the moment. I will however do my best to fix and update this script when required. Comments and/or ideas are always welcome. Arn Vollebregt -- "Wisdom lies not in obtaining knowledge, but in using it in the right way" - kroesjnov |
