Snort mailing list archives
Re: Query about mysql
From: Joel Esler <eslerj () gmail com>
Date: Fri, 27 May 2005 12:38:36 -0400
My suggestion is that you refer to Patrick Harper's install guide on www.snort.org/docs <http://www.snort.org/docs> On 5/27/05, Guillaume Arcas <guillaume.arcas () free fr> wrote:
Mukesh a écrit :Hello Users, Please tell me how to install mysql on redhat linux 9. The problem is not solved by ./mysqld_safe &. Please any one tell me the whole process how to install mysql.Hi. It's not a Snort issue but here is a (short) way : 1. Install mysql for RHL9 from RPMS - mysql-3.23.58-1.9.i386.rpm - mysql-server-3.23.58-1.9.i386.rpm - mysql-devel-3.23.58-1.9.i386.rpm [OPTIONNAL] 2. Default configuration for MySQL from theses RPMS is mysql server listening for requests on TCP port 3306 on all interfaces. VERY IMPORTANT : be aware that by default mysql superuser root has all rights on all databases from anywhere without password. YOU HAVE TO SET A PASSWORD FOR THIS USER AND RESTRICT CONNECTION TO localhost only. Security tip n° 1: if you want to have mysql server and snort on the same machine, you can/should/must configure MySQL server to listen on a local socket. This way, no network connection will be possible from network. That mean that you must have your GUI (Apache/BASE) on the same machine too. If not, configure MySQL server to listen only on an IP address (assuming your machine have at least two Network Interface, one for snort listening to traffic, one for other programs to access to the DB or for snort to send its alerts to a MySQL server installed on another machine) and set some filtering rules with NetFilter/IPtables to filter traffic on this NIC/IP. Security tip n°2 : you'll have to create a MySQL user that snort will use to insert alerts in the database. This user should/must only have insert/update privileges on only snort database. Start MySQL server : - service mysqld start || /etc/init.d/mysqld start Check / be sure that MySQL server is configured to start at boot : - chkconfig --list mysqld - If necessary : chkconfig mysqld on 3. Create snort database using Snort DB schema. - mysql -u root -p [Password prompting] - CREATE DATABASE snortdb ; - GRANT INSERT, UPDATE PRIVILEGES ON snortdb TO snort@localhost IDENTIFIED BY 'snort'; - FLUSH PRIVILEGES ; - exit from mysql shell - mysql -u snort -p snortdb < create_mysql 4. Configure snort to use this db - snort.conf -> output database: log, mysql, user=snort password=snort dbname=snortdb host=localhost sensor_name=snorty (names are given as examples) 5. Start your snort. I am sure that you'll find on snort website helpfull docs about running snort with mysql if you need more detailed informations. Best regards, -- Guillaume Arcas ------------------------------------------------------- "L'amour et l'imagination aveuglent aisément l'esprit." M. de Cervantès ------------------------------------------------------- This SF.Net <http://SF.Net> email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?froffad-ysdn-ostg-q22005 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?listsnort-users
-- Joel Esler BASE Project Lead http://sourceforge.net/projects/secureideas
Current thread:
- Query about mysql Mukesh (May 27)
- Re: Query about mysql Guillaume Arcas (May 27)
- Re: Query about mysql Joel Esler (May 27)
- Re: Query about mysql Senthil Prabu.S (May 27)
- Re: Query about mysql Guillaume Arcas (May 27)