Alienvault by default installs just one partition and in some cases errors on some installations, by editing the preseed file you can split the partitioning up with LVM and avoid any errors.

Best practice is to split up the filesystem in to separate sections so filling up /var does not corrupt the main root partition, doing this with LVM allows you to add extra disks later on.

As Alienvault can store a lot of data, utilising LVM is extremely useful so you can expand your partitions on the fly later on.

The Alienvault setup by default puts everything on just the root partition and doesn’t use LVM, this isn’t the best set up for expansion later on and makes its really difficult if you run out of disk space later on. Not only this but the install also doesn’t seem to play nicely with VMWare and some physical servers and produces the error “no root filesystem defined” see here. Luckily Alienvault is built on Debian so we can change the preseed file to automatically format the disk using LVM.

For the main USM server the preseed file is “/simple-cdd/defaultA.preseed” so we need to edit the partman section from line 38 to 127 just before the Bootloader section. We can then place the following in its place:

Preseed File

Partitioning.

d-i partman-auto/choose_recipe select boot-root

d-i partman-auto/disk string /dev/sda

d-i partman-auto/method string lvm

d-i partman-lvm/device_remove_lvm boolean true

d-i partman-md/device_remove_md boolean true

d-i partman-auto-lvm/no_boot boolean true

d-i partman-auto-lvm/new_vg_name string vg_VolumeGroup01

d-i partman-auto/expert_recipe string \
boot-root :: \
2048 2048 2048 linux-swap method{ swap } \
format{ } $lvmok{ } lv_name{ lv_swap } \
. \
5120 5120 5120 ext4 method{ lvm } \
$lvmok{ } mountpoint{ /var } lv_name{ lv_var } \
format{ } use_filesystem{ } filesystem{ ext4 } \
. \
5120 5120 5120 ext4 method{ lvm } \
$lvmok{ } mountpoint{ /home } lv_name{ lv_home } \
format{ } use_filesystem{ } filesystem{ ext4 } \
. \
8192 8192 8192 ext4 method{ lvm } \
$lvmok{ } mountpoint{ /usr } lv_name{ lv_usr } \
format{ } use_filesystem{ } filesystem{ ext4 } \
. \
1 10240 10000000000 ext4 method{ lvm } \
$lvmok{ } mountpoint{ / } lv_name{ lv_root } \
format{ } use_filesystem{ } filesystem{ ext4 } \
.

d-i partman-lvm/confirm_nooverwrite boolean true

d-i partman-lvm/confirm boolean true

d-i partman-partitioning/confirm_write_new_label boolean true

d-i partman/choose_partition select Finish

d-i partman/confirm_nooverwrite boolean true

d-i partman/confirm boolean true

Partitions

The above creates a volume group called vg_VolumeGroup01 on /dev/sda, it then creates 4 partitions with ext4 filesystems and a 5th partition for swap. Partition sizes will editing depending on the size of your disk or needs.

So the following partitions are made:

  • swap 2GB

  • /var 5GB

  • /home 5GB

  • /usr 8GB

  • / Take up the rest of the filesystem

The rest of the options basically just make it so there is no prompt and the disk will be overwritten so be careful. You may also want to set the root to use a specific amount and for /var to take the rest as it will be the most heavily utilised.

Once you have edited this file save it to somewhere, you can then use an ISO editor to either upload the preseed file to a new file or overwrite the original.

If just adding the file back to the ISO with a seperate name you will need to press TAB and edit the grub command and set the preseed file to the correct place as below:

Alienvault Change Preseed File

There is also a preseed file for Sensor installation as well which is stored in “/simple-cdd/defaultB.preseed” you can follow the same procedure as above.