Setting up OSSIM in a cloud environment

Question

I am trying to setup OSSIM from Alientvault, via an ISO in my cloud instance. I have got the installation working in my local Virtual Box, however I can not get it to work on my cloud server.

I have a vultr.com cloud server and have downloaded the iso and have it mounted, but I can not run it as I do not have any GUI (only SSH).

I have been checking in the net for hours and I can not seem to get this going.

Has anyone done this before? any help will be greatly appreciated.

Answer 1

I found two ways of doing this.

1. Mount an ISO from the command line

• You can create a folder where you want to mount the ISO. But this must be an empty directory("/indika/alieanvault/").
• mount -oloop /home/alieanvault.iso /indika/alieanvault/
• You can configure this to mount at boot time if the image is mounting correctly with above command.
• Open file "/etc/fstab" and add this line to end of it. Open with ROOT privileges and add the following. *** Note - Keep an empty line in the end of the file after adding this.

/home/alieanvault.iso /indika/alieanvault/ iso9660 loop,ro,auto 0 0

• Type "mount -a" to check if there are any issues.

2. Use ISO with cloud provider

Almost all cloud vendors provide a way to load the ISO and boot with the ISO. I use vultr, so they allow to upload the ISO and boot with the ISO, which makes the task easier.

Answer 2

It looks like you can build a custom VM there by uploading your OSSIM ISO. I would just try that. The OSSIM ISO is a full OS install, at least the one I downloaded was. If you try to do this in Azure, you have to build the VM first using a fixed disk and upload it to a storage blob (as a Page Blob not a Block Blob). Then create the Azure disk using the vhd you uploaded. Um, this is a royal PITA. And after all that, darn thing doesn't start but Azure gives you no actual reason why. So I am guessing the config gets FUBARed. Vultr looks way easier.