Re: Query about mysql

[Guillaume Arcas <guillaume.arcas () free fr>]

Mukesh a écrit :
> Hello Users,
>  
> Please tell me how to install mysql on redhat linux 9. The problem is
> not solved by ./mysqld_safe &.
>  
> Please any one tell me the whole process how to install mysql.

Hi.

It's not a Snort issue but here is a (short) way :

1. Install mysql for RHL9 from RPMS
        - mysql-3.23.58-1.9.i386.rpm
        - mysql-server-3.23.58-1.9.i386.rpm
        - mysql-devel-3.23.58-1.9.i386.rpm [OPTIONNAL]

2. Default configuration for MySQL from theses RPMS is mysql server
listening for requests on TCP port 3306 on all interfaces.

VERY IMPORTANT : be aware that by default mysql superuser root has all
rights on all databases from anywhere without password. YOU HAVE TO SET
A PASSWORD FOR THIS USER AND RESTRICT CONNECTION TO localhost only.

Security tip n° 1: if you want to have mysql server and snort on the
same machine, you can/should/must configure MySQL server to listen on a
local socket. This way, no network connection will be possible from
network. That mean that you must have your GUI (Apache/BASE) on the same
machine too. If not, configure MySQL server to listen only on an IP
address (assuming your machine have at least two Network Interface, one
for snort listening to traffic, one for other programs to access to the
DB or for snort to send its alerts to a MySQL server installed on
another machine) and set some filtering rules with NetFilter/IPtables to
filter traffic on this NIC/IP.

Security tip n°2 : you'll have to create a MySQL user that snort will
use to insert alerts in the database. This user should/must only have
insert/update privileges on only snort database.

Start MySQL server :
        - service mysqld start || /etc/init.d/mysqld start
Check / be sure that MySQL server is configured to start at boot :
        - chkconfig --list mysqld
        - If necessary : chkconfig mysqld on

3. Create snort database using Snort DB schema.
        - mysql -u root -p
        [Password prompting]
        - CREATE DATABASE snortdb ;
        - GRANT INSERT, UPDATE PRIVILEGES ON snortdb TO snort@localhost
IDENTIFIED BY 'snort';
        - FLUSH PRIVILEGES ;
        - exit from mysql shell
        - mysql -u snort -p snortdb < create_mysql
        
4. Configure snort to use this db
        - snort.conf
        -> output database: log, mysql, user=snort password=snort
dbname=snortdb host=localhost sensor_name=snorty
        (names are given as examples)

5. Start your snort.

I am sure that you'll find on snort website helpfull docs about running
snort with mysql if you need more detailed informations.

Best regards,

-- 

Guillaume Arcas
-------------------------------------------------------
"L'amour et l'imagination aveuglent aisément l'esprit."
M. de Cervantès



-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users