AlienVault 4.4 5.x Offline Update and Software Restoration PDF

AlienVault
Unified Security Management 4.4-5.x

Offline Update and Software Restoration
Procedures
USM 4.4-5.x Offline Update and Software Restoration Procedures
Copyright 2015 AlienVault, Inc. All rights reserved.
The AlienVault Logo, AlienVault, AlienVault Unified Security Management, AlienVault USM,
AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX
Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM, and
OSSIM are trademarks or service marks of AlienVault, Inc.
All other registered trademarks, trademarks or service marks are the property of their respective
owners.
November 2, 2015 USM 4.4-5.x Offline Update and Software Restoration Procedures Page 2 of 19
Contents
Contents
Introduction ..................................................................................................................................... 4
Requirements .................................................................................................................................. 4
Burning ISO Images ........................................................................................................................ 4

Burning to a USM Flash Drive ..................................................................................................... 4
Linux ...................................................................................................................................... 4
Mac OS X ............................................................................................................................... 5
Windows ................................................................................................................................ 6
Burning to a CD .......................................................................................................................... 7
Updating USM Offline ...................................................................................................................... 7
Restoring Software on a USM ....................................................................................................... 10

Changing the BIOS Setup ......................................................................................................... 10
Restoring an appliance from a USB Flash Drive ....................................................................... 14
Burning to a USM Flash Drive
Introduction
This procedure describes the required process to update an AlienVault appliance when there is not
an Internet connection available. It also describes how to restore the software of an AlienVault
appliance.
Requirements
These are the requirements to update the AlienVault appliances:
USM version 4.4 or greater.
ISO image provided by AlienVault, see Downloading the AlienVault USM ISO for Offline
Update
USB flash drive or external USB CD/DVD R/RW drive.
Burning ISO Images

Important: This process deletes all files stored in the USB.
Linux
To burn an ISO Image using a USB Flash Drive from Linux
1. Insert your USB flash drive into the USB port. It is recommended to copy the ISO image in a
temporary directory, for example /tmp.
2. Execute the following command to copy the ISO image:
sudo dd if=<USB_image.iso> of=<USB_device> bs=4M
<USB_image.iso>, replace this by the ISO image file path. Note that it is necessary to write the
whole path where the file is located.
<USB_device> refers to the USB device name.
For example, having a file called image.iso and with the USB device name /dev/sdb, the
command to write will be:
sudo dd if=/home/user/temp/image.iso of=/dev/sdb bs=4M
Mac OS X
To burn an ISO Image using a USB Flash Drive from Mac OS X
1. Insert your USB flash drive into the USB port. Copy the image in a temporary directory or in
your own user directory.
2. Run the following comand to identify the USB device name:
diskutil list
Figure 1. Burning ISO image using MAC OS X: example of a diskutil command
According to Figure 1, the name of the USB device is /dev/disk1.

3. Unmount your USB device before burning the image:
diskutil unmountDisk <USB_device>
<USB_device> refers to your USB device name. For example:
diskutil unmountDisk /dev/disk1
4. Copy the image:
sudo dd if=<USB_image.iso> of=<USB_device> bs=1m
<USB_image.iso>, replace it by the ISO image file path. Note that it is necessary to write the
whole path where the file is located.
<USB_device> refers to your USB device name.
For example, having a file called image.iso and being /dev/disk1 the USB device name, the
command to write will be the following:
sudo dd if=/home/user/temp/image.iso of=/dev/disk1 bs=1m
5. Eject the device:
diskutil eject <USB_device>
<USB_device> refers to your USB device name.
Windows
To burn an ISO Image using a USB Flash Drive from Windows
1. Connect your USB flash drive.
2. List the devices connected to the Windows platform using dd.exe1, similar to the dd command
on Linux, so you can identify where your USB flash drive has been mounted:
C:\Users\myuser\Desktop>dd.exe --list
rawwrite dd for windows version 0.6beta3.

Written by John Newbigin <jn@it.swin.edu.au>
This program is covered by terms of the GPL Version 2.
Win32 Available Volume Information
\\.\Volume{93c9c543-7952-11e3-8953-806e6f6e6963} \
link to \\?\Device\HarddiskVolume1
fixed media
Mounted on \\.\c:
\\.\Volume{a7bddb16-7b9e-11e4-b358-6003089d6c19}\
link to \\?\Device\HarddiskVolume2
removeable media
Mounted on \\.\e:
\\.\Volume{93c9c547-7952-11e3-8953-806e6f6e6963}\
link to \\?\Device\Floppy0
1
dd.exe is a Windows version of the "dd" command used in Linux/Mac. The tool site is http://www.chrysocome.net/dd.
Burning to a CD
removeable media
Mounted on \\.\a:
3. Once you identify where your USB flash drive has been mounted, execute the following
command to burn the ISO image file onto the device:
C:\Users\myuser\Desktop>dd bs=4M if=AlienVault_USM_UPDATE-FOR-64bits_XXXXX.iso

of=\\.\e: --progress
rawwrite dd for windows version 0.6beta3.

Written by John Newbigin <jn@it.swin.edu.au>
This program is covered by terms of the GPL Version 2.
794M
198+1 records in
198+1 records out
4. Eject securely the device from the computer.
Note: In case you are asked for formatting the unit during the process, please, do no accept
the operation. The device should not be formatted.
Burning to a CD
Burn the ISO image file by using any CD burning software.
The method you use will depend on which CD writing software package you have available on your
Operating System. Once the ISO file is burned as an image, the resulting CD is bootable, but it is a
clone of the original file, so it contains the same folders, files, and properties as the original ISO.
Updating USM Offline

To update a USM offline
1. Insert a USB drive or connect a CD/DVD drive.
2. Open a console terminal and write the following command:
ssh root@IP_address
IP_address refers to the default IP of your appliance.
Burning to a CD
3. The AlienVault Setup main menu appears:
Figure 2. AlienVault Setup Main Menu
4. Move to System Preferences.

5. Press Enter to accept the selection (<OK>).
Figure 3. System Preferences Menu
6. Move to Update AlienVault System.

Burning to a CD
Figure 4. Update AlienVault System Menu
8. Move to Update (Offline).

Figure 5. Update (Offline) option
10. If you did not do it in the first step, connect your USB to the appliance you want to upgrade.
11. Click OK.
When the process ends the following message appears.
Changing the BIOS Setup
Figure 6. AlienVault Setup: system updated successfully

The System Updates menu appears.
13. Press Tab to move from <OK> to <Back>.
14. Remove your USB device.
Restoring Software on a USM

Sometimes you may want to restore the software on a USM to its factory status. In order to do this,
you must
Burn the corresponding ISO image on a USB flash drive, see Burning ISO Images.
Change the BIOS Setup so that it boots from the USB.
Note: If the BIOS is already configured to boot up from a USB, go to Restoring an appliance
from a USB Flash Drive.
To change the BIOS Setup

1. Reboot your appliance, press Del in the initial screen and go to BIOS Setup.
2. Move to Boot Settings.
Figure 7. BIOS Setup Utility: Boot Settings
3. Select Boot Device Priority through cursor arrow keys.

4. Press Enter:
Figure 8. BIOS Setup Utility: Boot Device Priority
5. Move to 1st Boot Device by using the arrow keys.

6. Select your USB device by using + and keys.
7. Press ESC key.
8. Move to the Exit and select Save Changes and Exit.
Figure 9. BIOS Setup Utility: Exit Options
9. Press Enter.
Restoring USM from a USB Flash Drive
Figure 10. BIOS Setup Utility: Save Configuration Changes

11. Reboot your appliance.

Before starting the restore process, you need a USB flash drive containing the ISO image for the
USM version youd like to restore. See Burning ISO Images.
Note: Make sure your USB flash drive is connected to the USB port before rebooting the
appliance.
To restore USM from a USB Flash Drive

1. Reboot the system.
The following screen displays:
Figure 11. USB restore initial screen
2. Select Restore AlienVault <your-Appliance-Type> to restore your appliance.

Select Local operating system in hard drive (if available) to cancel the data restoration
process.
Important: The restore process deletes all the data stored in your USM.
After selecting the data restoration option, the system will ask for a confirmation:
Figure 12. Data Restoration: confirmation of the process
3. Press y and Enter to confirm to continue with the restore process.

A progress screen displays.
Figure 13. Data Restoration: progress screen
When the process finishes, the system reboots automatically.
Note: Remove your USB before the system reboots. If you forget to remove it, the system will
continue to boot from your USB.
Figure 14. Data Restoration: process finished
A reboot may take several minutes. After that, the initial user login prompt appears in the
console:
Figure 15. Data Restoration: initial login screen
This screen displays the root username and a randomly generated password for you to enter.
4. In the login: field, enter root.
5. In the password field, enter the displayed randomly generated password, then press Enter.
6. When prompted whether you would like to change your password, click Yes.
7. Reboot again for finishing the data restoration. After this second reboot, the appliance will be
ready.
Note: For further information about how to deploy the appliance, see the AlienVault document
Initial Setup Guide.

AlienVault 4.4 5.x Offline Update and Software Restoration PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AlienVault 4.4 5.x Offline Update and Software Restoration PDF

Uploaded by

Copyright:

Available Formats

AlienVault

Unified Security Management 4.4-5.x

Burning ISO Images ........................................................................................................................ 4

Updating USM Offline ...................................................................................................................... 7

Restoring Software on a USM ....................................................................................................... 10

Burning ISO Images

Important: This process deletes all files stored in the USB.

sudo dd if=<USB_image.iso> of=<USB_device> bs=4M

sudo dd if=/home/user/temp/image.iso of=/dev/sdb bs=4M

Figure 1. Burning ISO image using MAC OS X: example of a diskutil command

According to Figure 1, the name of the USB device is /dev/disk1.

diskutil unmountDisk <USB_device>

<USB_device> refers to your USB device name. For example:

diskutil unmountDisk /dev/disk1

4. Copy the image:

sudo dd if=<USB_image.iso> of=<USB_device> bs=1m

sudo dd if=/home/user/temp/image.iso of=/dev/disk1 bs=1m

5. Eject the device:

diskutil eject <USB_device>

<USB_device> refers to your USB device name.

rawwrite dd for windows version 0.6beta3.

Win32 Available Volume Information

C:\Users\myuser\Desktop>dd bs=4M if=AlienVault_USM_UPDATE-FOR-64bits_XXXXX.iso

rawwrite dd for windows version 0.6beta3.

4. Eject securely the device from the computer.

Updating USM Offline

IP_address refers to the default IP of your appliance.

3. The AlienVault Setup main menu appears:

Figure 2. AlienVault Setup Main Menu

4. Move to System Preferences.

Figure 3. System Preferences Menu

6. Move to Update AlienVault System.

Figure 4. Update AlienVault System Menu

8. Move to Update (Offline).

Figure 5. Update (Offline) option

Figure 6. AlienVault Setup: system updated successfully

12. Press Enter to accept the selection (<OK>).

Restoring Software on a USM

To change the BIOS Setup

Figure 7. BIOS Setup Utility: Boot Settings

3. Select Boot Device Priority through cursor arrow keys.

Figure 8. BIOS Setup Utility: Boot Device Priority

5. Move to 1st Boot Device by using the arrow keys.

Figure 9. BIOS Setup Utility: Exit Options

Figure 10. BIOS Setup Utility: Save Configuration Changes

10. Press Enter to accept the selection (<OK>).

Restoring USM from a USB Flash Drive

To restore USM from a USB Flash Drive

Figure 11. USB restore initial screen

2. Select Restore AlienVault <your-Appliance-Type> to restore your appliance.

Figure 12. Data Restoration: confirmation of the process

3. Press y and Enter to confirm to continue with the restore process.

Figure 13. Data Restoration: progress screen

When the process finishes, the system reboots automatically.

Figure 14. Data Restoration: process finished

Figure 15. Data Restoration: initial login screen

You might also like