OSSIM + OpenFire integration mini-howto

Jun 11, 2009 11:41

OSSIM is security monitoring/correlation framework. www.ossim.net
OpenFire is an opensource XMPP (Jabber) server written in Java.

By integrating ossim with openfire with get to have a collaboration framework where you could have groups of operators using Jabber messaging client as primary means of communication and collaboration. Of course you can do even more than that. XMPP is an extendable protocol. You can build security monitoring services on the top of it, so you could use your messaging client (with extensions) as primary security monitoring interface.

The monitoring part can be easily done with XMPP based agents, which could talk to OSSIM database or other components directly, and maybe we could talk about it later some time. The cool thing about using agents, that it runs over standard XMPP protocol so you could technically even use your gmail.com client, or mobile phone jabber client to collaborate with your ossim system. However, when you run into huge number of users, scallability might become an issue...

There's also another really neat way of adding things up by extending OpenFire server with custom plugins, then you won't really need agents anymore. But you'll need customized Jabber clients. You can read more about this appraoch here: http://java.sys-con.com/node/232087

anyway, we'll start with the basics. Right now we simply want OSSIM users to be able to login into our XMPP server using ossim framework authentication credentials.

I used ossim installer here to install the base system. Once you get that stuff done, you'll need to install Java's JRE on your box.

Ossim installer is based on debian, so you'll have to install sun-java6-jre package on it.

echo " deb http://www.backports.org/debian/ etch-backports main non-free" >> /etc/apt/sources.list
apt-get get update
apt-get install sun-java6-jre

if this went smooth, go to http://www.igniterealtime.org/downloads/index.jsp and download .deb package.

dpkg -i openfire_3.6.4_all.deb

/etc/init.d/openfire start

now you should have openfire running on your box with admin console on ports 9090 and 9091(ssl'ed).

One thing you will need to do now is to configure the mysql database for openfire to use.

echo "create database openfire" | mysql -p
cat /usr/share/openfire/resources/database/openfire_mysql.sql | mysql -p openfire

(you'll need to peek at root password for mysql, which can be found in /etc/ossim/ossim_setup.conf)

Once you're done w/ this stuff, launch your browser to ossim:9090 and complete the setup. Select external database, and choose mysql database for it. Then correct the url for the mysql database thing. You can skip the setup user part at the end.

Once you're done with this stuff, you'll need to save this into a file, i.e. custom.sql and make some changes.
At the very least you'll want to change the connection string and set the user id and password to those you use to connect to your ossim database. You may also want to change admin.authorizedJIDS to list users, who would be allowed to login into openfire admin console:

--/cut here/--

/* make modifications */

update ofProperty set propValue = 'org.jivesoftware.openfire.auth.JDBCAuthProvider' where name = 'provider.auth.className';

update ofProperty set propValue = 'org.jivesoftware.openfire.user.JDBCUserProvider' where name = 'provider.user.className';

/* connection */

insert into ofProperty (name, propValue) values ('jdbcProvider.driver', 'com.mysql.jdbc.Driver');

insert into ofProperty (name, propValue) values ('jdbcProvider.connectionString', 'jdbc:mysql://localhost:3306/ossim?user=root&password=yourpass');

/* authentication */

insert into ofProperty (name, propValue) values ('jdbcAuthProvider.passwordSQL', 'select pass from users where login=?');

insert into ofProperty (name, propValue) values ('jdbcAuthProvider.passwordType', 'md5');

insert into ofProperty (name, propValue) values ('admin.authorizedJIDs', 'yourleetuser, admin');

/* user */

insert into ofProperty (name, propValue) values ('jdbcUserProvider.loadUserSQL', 'select name, email from users where login=?');

insert into ofProperty (name, propValue) values ('jdbcUserProvider.userCountSQL', 'select count(*) from users');

insert into ofProperty (name, propValue) values ('jdbcUserProvider.allUsersSQL', 'select login from users');

insert into ofProperty (name, propValue) values ('jdbcUserProvider.searchSQL', 'select login from users where');

insert into ofProperty (name, propValue) values ('jdbcUserProvider.usernameField', 'login');

insert into ofProperty (name, propValue) values ('jdbcUserProvider.nameField', 'name');

insert into ofProperty (name, propValue) values ('jdbcUserProvider.emailField', 'email');

--/cut here/--

once you're done with this stuff, save it and then do something like:

cat custom.sql | mysql -p openfire

then restart your openfire server and you're done ;-)

For the agents and stuff, maybe I'll make another post :)

Sources:
http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/database.html
http://www.igniterealtime.org/community/thread/38646
Previous post Next post
Up