Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Aanval:Aanval Installation and Upgrade Guides

From Aanval Wiki
Jump to: navigation, search

Below you'll find detailed guides for upgrading your current Aanval console or performing a fresh install of Aanval SAS, and all necessary software and hardware components.

If Snort or Suricata are intended for use with Aanval (rather than syslog), the IDS engine and necessary components, like Barnyard2, must first be installed. For assistance, please visit our Community Portal and reference the proper IDS installation guide. If OS X is the chosen platform, simply reference the OS X guide below, as it additionally includes detailed instructions for installing Snort, Barnyard2, and all required packages on OS X.

For software prerequisites and hardware system requirements, please see below.

Contents

Aanval Installation for Linux or Unix

Aanval Installation for OS X

Hardware Requirements

Below are the minimum hardware requirements for the most common deployments of Aanval.

Environment Sensor Capacity Memory CPU Cores Disk Space
Small Scale 1-3 4GB 2 100GB
Large Scale 8 or more 8+GB 4 or more 500GB

Software Requirements

Each of the following requirements should be satisfied prior to starting your Aanval installation. Testing for any additional requirements will be performed during the installation process. Details and remediation instructions will be available as necessary.

Requirement Reasoning Reference
Operating System Aanval will install on all major Linux and Unix distributions, including Mac OS X. Linux: CentOS has been a popular choice as a Linux OS for Aanval users. The most current version of CentOS can be obtained from the following site: [1]
Unix: BSD has been a popular choice as a Unix OS for Aanval users. Any variant of BSD will work with Aanval, and Free BSD can be obtained from the following site: [2]
OS X: Mac OS X has also been a popular choice for Aanval users.
Appliances are available in a variety of hardware and software combinations to fit every environment, and each is pre-configured and optimized for Aanval with Snort and/or Suricata intrusion detection and Syslog correlation. Appliances are installed with the most recent release of Mac OS X, along with the latest compatible versions of Apache, MySQL, Perl, PHP, GD, and more. All appliances may be custom configured with specific destination network details (IP, DNS, etc.), ensuring the installation is as simple as plugging in and powering on the Appliance. From single-sensor deployments to large-scale enterprise intrusion arrays, Aanval Appliances are pre-configured for full intrusion detection and correlation functionality out-of-the-box.
To find which appliance is right for your network, contact our friendly and knowledgable sales department at 800-921-2584 or sales.group [at] tacticalflex.com.
MySQL Aanval will require a MySQL database for event processing and storage. The most current version of MySQL can be obtained from the following site: [3]
PHP
(at least version 5)
Aanval will require PHP for server-side scripting. The most current version of PHP can be obtained from the following site: [4]
PERL
(any version)
Aanval uses PERL to launch the PHP scripts in wrapper fashion. The most current version of PERL can be obtained from the following site: [5]
Web Server Aanval will require a web server like Apache capable of serving PHP scripting. The most current version of Apache can be obtained from the following site: [6]
Wget Aanval uses Wget to download external data like console updates, GeoLocation databases, and signatures. The most current version of Wget can be obtained from the following site: [7]. Users can also use their OS' built-in installation or update commands to obtain the utility.
Unzip Aanval uses Unzip to decompress downloaded data like console updates and GeoLocation databases. Oracle offers an unzip utility, and the most current version can be obtained from the following site: [8]. Users can also use their OS' built-in installation or update commands to obtain the utility.
IDS Engine Aanval requires an Intrusion Detection System (IDS) for monitoring and retrieving (sometimes called "sniffing") network traffic and packets. Snort and Suricata have been the most popular IDS engines used with Aanval.
Snort: The most current version of Snort can be downloaded from the following link: [9]
Suricata: The most current version of Suricata can be downloaded from the following link: [10]
Barnyard2 Barnyard2 is used to parse Snort/Suricata Unified2 events and send them to the Snort MySQL database. The most current version of Barnyard2 can be obtained from the following site: [11]
Personal tools

Variants
Actions
Navigation
Toolbox