Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort logging to encrypted MySQL (ssl) server

From: "Jason Monroe \"JC\"" <monroe () nas nasa gov>
Date: 04 Nov 2003 12:36:21 -0800
Hi Dave,

Short answer: Native Mysql/Snort crypto NOT RIGHT NOW!
snort-2.0.2/src/output-plugins/spo_database.c doesn't provide the stubs
to do what you're trying to do. Snort v2.0.3 is the same story.

I think you want something like (or at least places to fill the
following values in) 

from mysql-4.0.16/include/sslopt-longopts.h

{"ssl", OPT_SSL_SSL,
   "Enable SSL for connection (automatically enabled with other flags).
Disable with --skip-ssl",
 (gptr*) &opt_use_ssl, (gptr*) &opt_use_ssl, 0, GET_BOOL, NO_ARG, 0, 0,
0,
   0, 0, 0},
  {"ssl-key", OPT_SSL_KEY, "X509 key in PEM format (implies --ssl)",
   (gptr*) &opt_ssl_key, (gptr*) &opt_ssl_key, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-cert", OPT_SSL_CERT, "X509 cert in PEM format (implies --ssl)",
   (gptr*) &opt_ssl_cert, (gptr*) &opt_ssl_cert, 0, GET_STR,
REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-ca", OPT_SSL_CA,
   "CA file in PEM format (check OpenSSL docs, implies --ssl)",
   (gptr*) &opt_ssl_ca, (gptr*) &opt_ssl_ca, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-capath", OPT_SSL_CAPATH,
   "CA directory (check OpenSSL docs, implies --ssl)",
   (gptr*) &opt_ssl_capath, (gptr*) &opt_ssl_capath, 0, GET_STR,
REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use (implies --ssl)",
   (gptr*) &opt_ssl_cipher, (gptr*) &opt_ssl_cipher, 0, GET_STR,
REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},


snort/src/output-plugins/spo_database.c
/* Snort Database Output Plug-in
 *
 *  Maintainer: Roman Danyliw <rdd () cert org>, <roman () danyliw com>
 *
 *  Originally written by Jed Pickel <jed () pickel net> (2000-2001)
 *
 * See the doc/README.database file with this distribution
 * documentation or the snortdb web site for configuration
 * information
 *
 * Web Site: http://www.andrew.cmu.edu/~rdanyliw/snortdb/snortdb.html
 */

Be aware the the link for "web site" produces a 404, but as Marty told
me you're encouraged to mail the maintainer to add a tally to the board
of people who would like to make use of various crypto functionality
that is provided natively by their various database engines. 

In the mean time you can make use stunnel a fairly good tutorial is
provided for you by Mr. Jason Chan @
http://www.samag.com/documents/s=1147/sam0108b/0108b.htm

If by chance this article doesn't provide you with enough information I
have a more in depth step by step for stunnel if you're interested. 

Thanks,

JC




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: