Snort mailing list archives
RE: Forbid snort to delete alerts from a MySQL database for security reasons?
From: "Michael Steele" <michaels () silicondefense com>
Date: Mon, 4 Nov 2002 17:06:13 -0800
Twig, What I do on a typical install with MySQL and Acid is; give Snort the minimal access to MySQL (insert & select) and give Acid all the necessary privileges to function fully as a viewer and to perform its maintenance functions. This goes for all remote sensors. -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of twig les Sent: Monday, November 04, 2002 4:22 PM To: Michael Steele; edin.dizdarevic () brainMedia de Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Forbid snort to delete alerts from a mysql database for security reasons? I would like to know this myself now. Could you try it for a couple of weeks and let us know? I especially thinking of multiple sensors reporting back to a single viewing station...it would be nice to only have one system that can delete instead of one + n sensors. --- Michael Steele <michaels () silicondefense com> wrote:
Edin, All depends, Snort really only needs insert and select to operate with MySQL. -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Edin Dizdarevic Sent: Sunday, November 03, 2002 5:09 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Forbid snort to delete alerts from a mysql database for security reasons? Hello, Is it really nessesary to grant snort a privilege to delete alerts from a db? This could be also used by an attacker after hacking the sensor... Any hints? Greetings, Edin -- Edin Dizdarevic
-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- Heavy metal made me do it. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Forbid snort to delete alerts from a mysql database for security reasons? Edin Dizdarevic (Nov 03)
- RE: Forbid snort to delete alerts from a mysql database for security reasons? Michael Steele (Nov 04)
- RE: Forbid snort to delete alerts from a mysql database for security reasons? twig les (Nov 04)
- RE: Forbid snort to delete alerts from a MySQL database for security reasons? Michael Steele (Nov 04)
- RE: Forbid snort to delete alerts from a mysql database for security reasons? twig les (Nov 04)
- <Possible follow-ups>
- Re: Forbid snort to delete alerts from a mysql database for security reasons? Roman Danyliw (Nov 03)
- RE: Forbid snort to delete alerts from a mysql database for security reasons? Michael Steele (Nov 04)