Snort mailing list archives
Re: Acid / MySQL question
From: Guillaume <guillaume () anteria fr>
Date: Thu, 08 Nov 2001 17:42:24 +0100 (CET)
En réponse à Lance Spitzner <lance () honeynet org>:
Okay, I'm going over the MySQL manual and my head is ready to explode, I be database ignorant. Question. "How do I create seperate mysql accounts for each one of my Snort sensors feeding data to the ACID database?" I have 5 remote Snort sensors I want to feed data to my backend ACID/MySQL database. To do this, I have to add the mysql user account and password to each snort.conf file so each Snort sensor can send alerts to the database. output database: log, mysql, user=root password=test dbname=db host=localhost For security reasons, I want each sensor to have a unique user account and password on the mysql database. I feel user root is a bad thing, as this is full privalleges on the mysql database. So what is the >mysql command systax to add seperate users and passwords so each sensor has privalleges to add data to the snort database?
Hope I understood what you wanna do... Try this : mysql> GRANT ALL PRIVILEGES ON snort.* TO username () host com IDENTIFIED BY PASSWORD('pass'); With : - snort being the name of the DB you are using to logg snort's outputs, - username the user's name used by your sensor and this.host.com the FQDN of the sensor. You can - in fact you should - write the IP/netmask of this host instead of the FQDN : username@'192.168.10.12/255.255.255.O' <- do not forget the single quote ! - pass the password for this user. Do not forget to use the PASSWORD() function ! You can be more restrictive by just allowing INSERT and SELECT requests (I took a look at the code of the db plugin output, I do not remind having seen other SQL statements than this two ones) : GRANT SELECT,INSERT ON snort.* TO username@'192.168.10.12/255.255.255.0' etc... IMPORTANT : you'll have to reload MySQL privileges by running : mysql> FLUSH PRIVILEGES ; For this new rights to be activated ! Repeat this with as much as users you need/want. If you simply give SELECT and INSERT privileges to the sensor's users, do not forget to create a snort super-user you'll use for ACID. This super-user will have to have UPDATE and DELETE privileges in addition of SELECT/INSERT ones. Using this kind of super-user just for the snort DB will avoid using the general super-user root. Interesting when you use the same MySQL server for different DBs ! :-)
Thanks!
You're welcome. I am very interested by any discussion about the DB SQL schema of snort database anyway.
-- Lance Spitzner http://project.honeynet.org
Oops... I should have written : You're welcome, Sir... ;-) ------------------------------------------------------------------------------- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid / MySQL question Lance Spitzner (Nov 08)
- Re: Acid / MySQL question Guillaume (Nov 08)
- <Possible follow-ups>
- RE: Acid / MySQL question Steve Halligan (Nov 08)
- Re: Acid / MySQL question dan . forthun (Nov 08)
- RE: Acid / MySQL question Chris Eidem (Nov 08)
- RE: Acid / MySQL question Thomas Whipp (Nov 08)
- RE: Acid / MySQL question Aaron (Nov 08)
- Re: Acid / MySQL question Sean Wheeler (Nov 09)
- RE: Acid / MySQL question Thomas Whipp (Nov 09)