Snort mailing list archives
FW: FW: Beginner Help...
From: <support () nps-dc org>
Date: Fri, 1 Aug 2003 12:43:44 -0400
Thanks for the link. I'll try augmenting the SQL rights of the snort user per your info. Fernando -----Original Message----- From: Erek Adams [mailto:erek () snort org] Sent: Friday, August 01, 2003 10:58 AM To: support () nps-dc org Cc: snort-users () lists sourceforge net Subject: Re: FW: [Snort-users] Beginner Help... On Thu, 31 Jul 2003 support () nps-dc org wrote:
I've set up 3 boxes in 10 days using that acid/rh9.0 howto (my first 3)- and each time the same thing happened to me. Check your MySQL snort dbase, and the table called 'events' if (after running Nessus/NMAP at your sensor) the table's empty, it's that snort isn't writing to the dbase. (this was the case for me) I double checked everything to no avail (i did have a MySQL user named snort who has/had INSERT rights like the howto said...) as a work-around: in the snort.conf file, if i switch the mySQL user to 'root' instead of 'snort' and then snort can write to MySQL, and ACID has some data to display.
You probably don't have the permissions set right for the user. Make sure that the snort user has SELECT, INSERT, UPDATE and DELETE according to the chart here [1].
OT: -how big a security issue is this?
Well.... If you want someone to be able to grep thru your snort.conf file and get his password to the DB, then it's not an issue. :) Just keep in mind that the root user usually has full rights to the DB. One good SELECT and DELETE and all your data goes away... Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [1] http://acidlab.sourceforge.net/acid_config.html ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: FW: Beginner Help..., (continued)
- Re: FW: Beginner Help... Erek Adams (Aug 01)
- Re: FW: Beginner Help... Stevo (Aug 01)
- RE: FW: Beginner Help... Brian Gregorcy (Aug 01)
- Re: FW: Beginner Help... Erek Adams (Aug 01)
- Re: FW: Beginner Help... Patrick S. Harper - CISSP (Aug 01)
- Re: FW: Beginner Help... Stevo (Aug 01)
- Re: FW: Beginner Help... Patrick S. Harper - CISSP (Aug 01)
- Re: FW: Beginner Help... Erek Adams (Aug 01)