Snort mailing list archives
Snort With Base Access Without Delete
From: IT Security <itsecurity () radford edu>
Date: Fri, 07 May 2010 14:53:30 -0400
This may be a silly question and more related to BASE than to Snort, but we can't seem to figure it out, so here goes... We're running Snort 2.8.6 and sending alerts to a mysql DB with BASE 1.4.5 as the frontend and would like to provide read-only access to BASE to our Helpdesk staff. The problem is that any BASE user can delete alerts. We've configured the sensor access and BASE access DB permissions per the documentation. We've tried adding plain users to BASE, but it seems anyone who can log into BASE have access to the underlying DB as the BASE DB user, and that user has DELETE on most all snort.* tables. Have others dealt with this? Are we over-looking something obvious? We looked at Snorby and Squil, but prefer to stick with BASE. Thanks for any suggestions. ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort With Base Access Without Delete IT Security (May 07)
- Re: Snort With Base Access Without Delete Galley, Daniel (May 11)
- Re: Snort With Base Access Without Delete Jeff Kell (May 12)
- Re: Snort With Base Access Without Delete Galley, Daniel (May 11)