Matt Calvert's Blog

AlienVault Disk Detection Issue

Issues with bare metal install on R320

When I was installing the latest “AlienVault OSSIM” ISO onto a server I was receiving alerts saying something like:

No root disk found. Please correct in the disk partitioning screen

However the installer doesn’t provide a screen where you can choose the disk config.

After a bit of digging around, it became apparent that the boot menu screen actually selects a preseed file, which is passed into DebianInstaller to provide an automated install.

On the ISO image, the “OSSIM” install preseed is in /simple-ccd/defaultA.preseed, and the one for the “Sensor” install is in /simple-ccd/defaultB.preseed.

I had a look through that file and a bit of a Google around, and one of the suggestions was to use LVM for the partitioning, which I tried but to no avail. With that said I had a few other mistakes in my process which may have induced this, so don’t write off the option of using LVM just yet ;)

When I performed the sensor install and it failed, I escaped to a shell and checked with fdisk -l to see what disks were available. One of the first things I noticed is that the hard disk was identified as sdb via the installer, even though there was no sda present in the system. I tried a number of different avenues to fix the issue, but the one that worked was to amend the preseed file and change the device path to sdb, as my system had detected it

As I didn’t have networking available at the time, I actually needed to download the ISO onto a Linux box, extract the ISO contents, amend the file, then reconstruct the ISO image.

If you do have a working network connection on the server, skip down to the section below

Working around those issues

Here’s how I went about rebuilding the ISO:

wget https://dlcdn.alienvault.com/AlienVault_OSSIM_64bits.iso
mkdir iso
mount -o loop AlienVault_OSSIM_64bits.iso /mnt
rsync -av --progress /mnt/. iso
vim iso/simple-ccd/defaultB.preseed

AlienVault defaultB.preeseed file

isoinfo -d -i AlienVault_OSSIM_64bits.iso
CD-ROM is in ISO 9660 format
System id: LINUX
Volume id: AlienVault
Volume set id:
Publisher id:
Data preparer id:
Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM
Copyright File id:
Abstract File id:
Bibliographic File id:
Volume set size is: 1
Volume set sequence number is: 1
Logical block size is: 2048
Volume size is: 325957
El Torito VD version 1 found, boot catalog is in sector 1663
Joliet with UCS level 3 found
Rock Ridge signatures version 1 found
Eltorito validation header:
    Hid 1
    Arch 0 (x86)
    ID ''
    Key 55 AA
    Eltorito defaultboot header:
        Bootid 88 (bootable)
        Boot media 0 (No Emulation Boot)
        Load segment 0
        Sys type 0
        Nsect 4
        Bootoff 680 1664
mkisofs -b isolinux/isolinux.bin -boot-info-table -boot-load-size 4 -no-emul-boot -J -ucs-level 3 -R -o ../AlienVault_OSSIM_64bits-new.iso .

Check the manpage for genisoimage to understand how these relate.

CD-ROM is in ISO 9660 format
System id: LINUX
Volume id: AlienVault
Volume set id:
Publisher id:
Data preparer id:
Application id: GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM
Copyright File id:
Abstract File id:
Bibliographic File id:
Volume set size is: 1
Volume set sequence number is: 1
Logical block size is: 2048
Volume size is: 652104
El Torito VD version 1 found, boot catalog is in sector 1661
Joliet with UCS level 3 found
Rock Ridge signatures version 1 found
Eltorito validation header:
    Hid 1
    Arch 0 (x86)
    ID ''
    Key 55 AA
    Eltorito defaultboot header:
        Bootid 88 (bootable)
        Boot media 0 (No Emulation Boot)
        Load segment 0
        Sys type 0
        Nsect 4
        Bootoff 67E 1662

If you have networking available

If you do have a working network connection and access to a web server to put your files, you can doctor your own preseed file and pass in the path via grub. Here’s how:

mount -o loop AlienVault_OSSIM_64bits-new.iso /mnt
cp /mnt/simple-ccd/defaultA.preseed /var/www/html/