Snort mailing list archives
Re: encrypt barnyard connections
From: Joerg Weber <j.weber () infos de>
Date: 27 Jun 2003 13:30:53 +0200
Hi,
i would to encrypt the barnyard connection to the the mysql database. -is this possible over stunnel?
This works just fine for me without any issues. You can run Stunnel with certificates and strict cert checking. On the snort-box do something like stunnel -c -d 127.0.0.1:3306 -r mysql-server-here:3307 -s stunnel -g stunnel and on the remote mysql box /usr/sbin/stunnel -p /usr/share/ssl/stunnel/server.pem -P/tmp/ -d 3307 -r 127.0.01:3306 -s stunnel -g stunnel or, with strict cert checking, something like this on the client /usr/sbin/stunnel -c -d 127.0.01:3306 -r mysql-server-here:3307 -v 3 -A /usr/share/ssl/stunnel/server.cert -p /usr/share/ssl/stunnel/client.pem -P /var/run/stunnel.pid -s stunnel -g stunnel on the remote mysql box /usr/sbin/stunnel -A /usr/share/ssl/stunnel/all.cert -p /usr/share/ssl/stunnel/server.pem -d 3307 -r 127.0.0.1:3306 -v 3 -P /var/run/stunnel.pid -s stunnel -g stunnel Now, if you distribute the proper certs to the client and the server, your connection is ssl-encrypted and connections are allowed with the proper certs only. Works like a charm for me. Oh, it's very possible I goofed up on the pasted lines, you gotta check the parameters of course ;) Cheers! -- Joerg Weber Network Security infoServe GmbH Nell-Breuning-Allee 6 D-66115 Saarbruecken T: (0681) 8 80 08 - 0 F: (0681) 8 80 08 - 59 www.infos.de E: j.weber () infos de
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- encrypt barnyard connections Jochen Vogel (Jun 27)
- Re: encrypt barnyard connections Joerg Weber (Jun 27)
- <Possible follow-ups>
- RE: encrypt barnyard connections Hutchinson, Andrew (Jun 27)