We've released OSSIM 0.9.9 this week, release which was followed by a post to BugTraq regarding some XSS and SQL vulnerabilities present on OSSIM.
After having fixed those vulnerabilities we're now releasing:

• OSSIM Installer 1.0.4 (the recommended installation method)
• OSSIM Updater 1.0.4 (the recommended updating method for those running versions 1.0 - 1.0.3)
• OSSIM 0.9.9-3 Debian packages.
• OSSIM 0.9.9p1 for those who need source code.

We're proud to announce the soon-to-be-available 1.0.4 installer (versioning wise it could be 1.1 or even higher because of all of the changes but, well, we called it 1.0.4), both as a standalone ISO image as well as the updater.

We've been working very hard the past months on this, the updater has been a nightmare. It's much easier to make an installer than an updater...

For those wanting to try it out, just download update.pl and run it on a 1.0 - 1.0.3 installed image (should work with the images we've released inbetween on the forums too). Be warned tho, we're still on final testing phases and there might be some issues in there, any sort of testing will be more than welcome.

Basically the installer will backup all the databases and /etc/*, /usr/share/ossim*, install new packages (ossim 0.9.9), new deps (ossec, munin, fprobe) and tune some other things.
Anyway, as said, there are backups and it shouldn't be too hard to get it back working if something fails.

A few hints if you're going to try it out:

• Default values for most of questions are fine. If unsure just press enter.
• "auto" is the recommended way to go for new users, "expert" allows for a more fine grained setup.
• We experienced occassional hangs at the munin plugin setup step. Had to kill the following process on another terminal in order to continue with the installation process
• After everything has been installed you have to log in and upgrade the web part, it should work like a charm :-)
• Right now requires internet access; we'll publish an offline updater too of course

Check a sample installer output if you're curious.

Here is a more detailed list of the most important changes:

New software:

• Included OSSEC (http://www.ossec.net/)
• Included Munin for sensor monitorization (http://munin.projects.linpro.no/)
• Included FProbe for high traffic environments (http://fprobe.sourceforge.net/)
• OSSIM core upgrade
• Included and updated bleeding snort rules

• Intrushield plugin
• Ntop connections being rewritten through the server, no need to open port 3000 to then anymore.
• Partitioning switched to manual on installation
• Database optimization code included
• Added some database indexes for query speedup
• Updater support
• Experimental agent event consolidation
• Agent event statistics

• Updated realsecure/proventia plugin
• Updated FW1 plugin
• Update IIS plugin
• Database types optimized
• Updated pam_unix rules
• Updated ssh rules
• Updated cross correlation information

• Localization now working
• Fixed some server issues

Let's get a first meaningful update running too.

We have been working hard these last weeks to get the installer out and polish some outstanding issues. After the initial releases, our priorities are now focused on:

• Get an updater done (will be included with 1.0.4)
• Fix some remaining issues (two persons have reported hangs at specific OS installation stages)
• Allow for easy installation of specific graph plugins depending on scenario (ISO, Inventory, Nessus, etc...)

In the meantime, we preinstalled OSSEC (thanks Daniel for your help), fixed the Nagios plugin, fixed rrd_plugin which was missing a config line and added Munin to the sensor pages for performance monitorization.