Re: ACID/mysql/snort install

[Guillaume Rix <guillaume.rix () sun com>]

Verify this :

Mysql (just after install)===>

bash-2.05# mysql -u root -p

Password for root local access :

mysql> set password for 'root'@'localhost' = password('your_root_password');

Delete unnecessary database :

mysql> drop database test

Delete the anonymous access :

mysql> connect mysql
mysql> delete from user where user="";
mysql> delete from db where user="";
mysql> exit

Test =

bash-2.05# ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql
bash-2.05# mysql -u snort -p
mysql> show databases;
+------------------+
| Database |
+------------------+
| mysql
+------------------+
1 row in set (0.02 sec)
mysql> connect mysql
mysql> exit

Snort ===>

Create a database for snort :

bash-2.05# ln -s /usr/local/mysql/bin/mysql /usr/local/bin/mysql
bash-2.05# mysql -u root -p
mysql> create database snort;
mysql> source /download/snort-2.0.0/contrib/create_mysql

Configure the good rights for this new database :

mysql> connect snort
mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;
mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to 
snort@localhost;

Create the user "snort" in the database "mysql" :

mysql> connect mysql
mysql> set password for 'snort'@'localhost' = 
password('your_snort_password');
mysql> set password for 'snort'@'%' = password('your_snort_password');
mysql> flush privileges;

Test  =

mysql> connect snort
mysql> show tables;
+------------------+
| Tables_in_snort |
+------------------+
| acid_ag |
| acid_ag_alert |
| acid_event |
| acid_ip_cache |
| data |
| detail |
| encoding |
| event |
| icmphdr |
| iphdr |
| opt |
| reference |
| reference_system |
| schema |
| sensor |
| sig_class |
| sig_reference |
| signature |
| tcphdr |
| udphdr |
+------------------+
20 rows in set (0.00 sec)
mysql> exit

Acid ===>

$DBlib_path = "../adodb";
$DBtype = "mysql";
$alert_dbname = "snort";
$alert_host = "localhost";
$alert_port = "";
$alert_user = "snort";
$alert_password = "your_snort_password";
$ChartLib_path = "../jpgraph/src";

Test =

bash-2.05# mysql-u snort -p
mysql> connect snort
mysql> show tables;
+------------------+
| Tables_in_snort |
+------------------+
| acid_ag |
| acid_ag_alert |
| acid_event |
| acid_ip_cache |
| data |
| detail |
| encoding |
| event |
| icmphdr |
| iphdr |
| opt |
| reference |
| reference_system |
| schema |
| sensor |
| sig_class |
| sig_reference |
| signature |
| tcphdr |
| udphdr |
+------------------+
20 rows in set (0.00 sec)
mysql> exit

>     -----Message d'origine-----
>     *De :* D@7@K|N& [mailto:dataking () cox net]
>     *Envoyé :* jeudi 19 juin 2003 15:39
>     *À :* snort-users-admin () lists sourceforge net;
>     snort-users () lists sourceforge net
>     *Objet :* [Snort-users] ACID/mysql/snort install
>
>     OK...maybe this has been answered already and I missed it.  If so,
>     please indulge me as I would really like to get this system up and
>     running.  I followed the steps according to the HOW-TO at the
>     following link: 
>     http://www.madisonlinux.org/help/snort.shtml. Except that I'm
>     setting this up on a RedHat 9 system with all of the newest
>     package instead of the ones listed.  Basically everything went off
>     without a hitch EXCEPT the snort RPMs.  I couldn't find them
>     anywhere.  So I downloaded and installed the newest release
>     (2.0.0) from tarball.  Now obviously there are some options that
>     aren't available because of the version differences, which I can
>     accept.  However, once everything is said and done, I get an
>     access denied error when I try it out.  I've enclosed a screenshot
>     for clarity.  Is this a database issue?  A snort issue?  A mysql
>     issue?  Can anyone help????
>
>      
>
>     Thanks....
>
>      
>
>     -the dataking

--
                            ____ _ __ __   |
Guillaume Rix               / __// / //  \  |
Technical Support Engineer _\_ \/ / // / /  |
SunONE - A Division of     \___/\__//_/_/   |
                           Microsystems    |
                                           |
--------------------------------------------