Wednesday, March 19, 2014

Installing OSSIM community edition in QEMU

Since OSSIM is based on Debian and it is a nightmare to compile it for something else (ehm, CentOS) I decided to use it in a headless QEMU virtual machine. To test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole process, I first decided to do a regular installation of OSSIM, with display. But, I had a lot of obstacles while trying install OSSIM community edition in QEMU. It is even more interesting that when you google for ossim and qemu, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are almost no posts.

In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end, everything worked flawlessly but when using text based installation. To access text based installation edit boot command line (pressing TAB at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 initial boot screen) and at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end add cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:
DEBIAN_FRONTEND=text
And that gave me text based installation. Basically, AlienVault uses Debian's installer so anything that can be configured for Debian, can be for OSSIM too. Take a look into manual for furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r information.

Few things to be aware of when doing this:
  1. Don't use too small disk because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation will stuck without any notification what happened.
  2. I had problems with GUI based installation, and its fallback ncurses. The installation would stuck somewhere (e.g. in GUI after entering IP address, something would go wrong in package installation process, MySQL wasn't properly installed and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re were errors that starting failed, apache wasn't properly installed and Web console wasn't accessible, etc.)

CentOS 6

On CentOS cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no qemu-kvm like in Fedora. Instead, you have to use libvirtd. Be sure that libvirt is installed, before continuing. That means packages virt-install and libvirt are installed. Additionally, libvirtd daemon must bi started.

So, first create file for disk image. You can do this using dd, but even better is to use fallocate(1) command. Also, fetch OSSIM ISO image file. Now, to start installation process use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
virt-install -r 2560 --accelerate -n OSSIM \
        --cdrom /tmp/AlienVault_OSSIM_64Bits_4.3.4.iso \
        --os-variant=debiansqueeze --disk path=./sda.img \
        -w bridge --graphics vnc,password=replaceme
In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous command I'm giving to OSSIM 2.5G RAM (option -r), cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 name will be OSSIM, disk image is in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current directory (with respect to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command virt-install) and I'm using bridged networking. Finally, console will be available via VNC and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 password for access is replaceme.

There are several error messages you might receive when trying to start installation process:
ERROR    Error with storage parameters: size is required for non-existent disk '/etc/sysconfig/network-scripts/sda.img'
Well, this error message occured because I was trying to start installation process in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wrong directory, i.e. cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one that didn't contain file for hard disk image.

The following error:
ERROR    Failed to connect socket to '/var/run/libvirt/libvirt-sock': No such file or directory
means that libvirtd daemon isn't started. Start it using:
service libvirtd on
and don't forget to make it start every time you boot your machine:
chkconfig libvirtd on
The next error:
Starting install...
ERROR    internal error Process exited while reading console log output: char device redirected to /dev/pts/1
qemu-kvm: -drive file=/root/AlienVault_OSSIM_64Bits_4.3.4.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw: could not open disk image /root/AlienVault_OSSIM_64Bits_4.3.4.iso: Permission denied
means that I placed ISO image in a directory where libvirt can not access it. Move image to, e.g. /tmp directory and try again.

After you managed to start installation process, connect to it using vncviewer application. libvirt-install binds vnc to localhost so you won't be able to access it directly from some remote host. This is actually OK, so you shouldn't change it, unless you know very well what you are doing. So, to connect to console, open terminal window and execute cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
ssh -L 5900:127.0.0.1:5900 host_where_installation_is_started
Now, in anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r terminal on local machine (i.e. cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one where you started previous ssh command) run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
vnc localhost
And that should be it. What happened is that with ssh you created a tunnel between your local machine and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 remote where virtual machine is being installed. So, don't stop ssh until you vnc session is running!

No comments:

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive