Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Aanval:Aanval Installation and Upgrade Guides

From Aanval Wiki
Jump to: navigation, search

Below you'll find detailed guides for upgrading your current Aanval console or performing a fresh install of Aanval, and all necessary software and hardware components.

If Snort or Suricata are intended for use with Aanval (rather than syslog), the IDS engine and necessary components, like Barnyard2, must first be installed. For assistance, please visit our Community Portal and reference the proper IDS installation guide. If OS X is the chosen platform, simply reference the OS X guide below, as it additionally includes detailed instructions for installing Snort, Barnyard2, and all required packages on OS X.

For software prerequisites and hardware system requirements, please see below.

Aanval Installation for Linux or UNIX

Aanval Installation for OS X

Hardware Requirements

Below are the minimum hardware requirements for the most common deployments of Aanval.

Environment Sensor Capacity Memory CPU Cores Disk Space
Small Scale 1-3 4GB 2 100GB
Large Scale 8 or more 8+GB 4 or more 500GB

Network Requirements

The following ports will need to be opened for proper functionality.

Port Direction
22 SSH access will be needed to access the console and sensors for installation and necessary maintenance and troubleshooting
80 / 443 HTTP/HTTPS access will be needed to view the console as well as console to sensor communication will use 80 / 443 as well

The console will occasionally contact the following locations for updates and maintenance.

URL Reasoning
download.aanval.com The console will download packages from this URL.
update.aanval.com The console will check for new versions and updates from this URL.

Software Requirements

Each of the following requirements should be satisfied prior to starting your Aanval installation. Testing for any additional requirements will be performed during the installation process. Details and remediation instructions will be available as necessary.

Requirement Reasoning Reference
Operating System Aanval will install on all major Linux and Unix distributions, including Mac OS X. Linux: CentOS has been a popular choice as a Linux OS for Aanval users. The most current version of CentOS can be obtained from the following site: [1]
Unix: BSD has been a popular choice as a Unix OS for Aanval users. Any variant of BSD will work with Aanval, and Free BSD can be obtained from the following site: [2]
OS X: Mac OS X has also been a popular choice for Aanval users.
Appliances are available in a variety of hardware and software combinations to fit every environment, and each is pre-configured and optimized for Aanval with Snort and/or Suricata intrusion detection and Syslog correlation. Appliances are installed with the most recent release of Mac OS X, along with the latest compatible versions of Apache, MySQL, Perl, PHP, GD, and more. All appliances may be custom configured with specific destination network details (IP, DNS, etc.), ensuring the installation is as simple as plugging in and powering on the Appliance. From single-sensor deployments to large-scale enterprise intrusion arrays, Aanval Appliances are pre-configured for full intrusion detection and correlation functionality out-of-the-box.
To find which appliance is right for your network, contact our friendly and knowledgable sales department at 800-921-2584 or sales.group [at] tacticalflex.com.
PHP
(at least version 5)
Aanval will require PHP for server-side scripting. The most current version of PHP can be obtained from the following site: [3]
It is recommended when using the Unified2 Module for importing IDS events that the php.ini file be updated the following changes:
upload_max_filesize = 256M
After making changes, restart Apache. These changes allow Aanval to receive all necessary files from sensors, including event data and especially sid-msg.map and gen-msg.map files.
PHP Modules Specific PHP modules required for Aanval functionality php-xml, php-pdo, php-mysql, php-dom
PERL
(any version)
Aanval uses PERL to launch the PHP scripts in wrapper fashion. The most current version of PERL can be obtained from the following site: [4]
Web Server Aanval will require an Apache web server capable of serving PHP scripting. The most current version of Apache can be obtained from the following site: [5]
IDS Engine Aanval requires an Intrusion Detection System (IDS) for monitoring and retrieving (sometimes called "sniffing") network traffic and packets. Snort and Suricata have been the most popular IDS engines used with Aanval.
Snort: The most current version of Snort can be downloaded from the following link: [6]
Suricata: The most current version of Suricata can be downloaded from the following link: [7]