OSSIM & Azure – initial configuration

OSSIM & Azure – initial configuration

In the previous part of this tutorial we deployed OSSIM instance. Now it’s time for initial configuration.

  1. As a good start, let’s configure IP address. VM should have static private address. It can be configured via Azure Portal. Go to Virtual machines (classic) and select OSSIM VM. Then show all settings and select IP address on “General” tab.

001

  1. Use your ssh client to connect to the VM.

ssh l adminuser your_dnsname.cloudapp.net

  1. Change to root user.

sudo su -

  1. From the menu select 3 – Jailbreak System and confirm by choosing Yes.
  2. We have extended our virtual disk, however root partition is still 8 GB. It’s time to fix it. First of all, turn off swap.

swapoff -a

  1. Use fdisk utility to edit partition layout. Enter p to show current partition layout.

fdisk /dev/sda

  1. Enter d to delete partitions. Start with the highest number (5). Delete all partitions.

002

  1. Create new primary partition (n). Follow defaults. Linux type partition is created.

003

  1. Add bootable flag (a).
  2. Write changes (w).
  3. Use partprobe command to re-read partition table.

partprobe

  1. Now it is necessary to resize filesystem. It can be accomplished by:

resize2fs /dev/sda1

  1. Have you noticed that swap is missing? Let’s add it via waagent. Edit /etc/waagent.conf.

  1. To apply changes unmount /mnt and restart waagent.

  1. Finally, configure OSSIM management interface. Exit to OSSIM menu and select System Preferences -> Configure Network -> Setup Management Network.
  2. Set hostname, DNS settings and any setting you may need. To access OSSIM web interface create Windows VM in the same network (it shouldn’t be accessed from the internet).

References

https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-linux-agent-user-guide/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.