Snort mailing list archives
Re: mysql error prevails...
From: AllowOverride <allowoverride () gmail com>
Date: Sat, 06 Oct 2012 13:10:04 -0700
thanks but are you going to make me guess at this point? don't you think i have suffered enough? whats the syntax, i would have said if i knew to anyone asking... its call community. i can study the mysql manual later, i just want to get this up and running, im going on two weeks dude... i hope this i not how one gets free support here, that would be tragic... i dont want to mess and make it worse typing perm cmds in mysql at this point, if you know, just say! thanks, if not, anyone else ?
--- Begin Message --- From: beenph <beenph () gmail com>
Date: Sat, 6 Oct 2012 14:59:27 -0400
On Sat, Oct 6, 2012 at 2:51 PM, AllowOverride <allowoverride () gmail com> wrote:ok, beenph, i did what you suggested, here are new grants for snort user:Your not there yet Your user should be seen as snort@'%' not snort@'localhostmysql> show grants for 'snort'@'localhost'; +-----------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for snort@localhost | +-----------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON *.* TO 'snort'@'localhost' IDENTIFIED BY PASSWORD '*hidden-sorry' | | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO 'snort'@'localhost' | +-----------------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) 1. just for good measure restarting mysql service: # service mysql restart mysql stop/waiting mysql start/running, process 2114 # service mysql status mysql start/running, process 2114 2. my.cnf unchanged: [client] port = 3306 socket = /var/run/mysqld/mysqld.sock [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 localhost which is more compatible and is not less secure. bind-address = 127.0.0.1 (i changed this before, per email suggestions, now its back to default 127... 3. /etc/mysql/debian.cnf defaults: # Automatically generated for Debian scripts. DO NOT TOUCH! [client] host = localhost user = debian-sys-maint password = sorry-hidden socket = /var/run/mysqld/mysqld.sock [mysql_upgrade] host = localhost user = debian-sys-maint password = sorry-hidden socket = /var/run/mysqld/mysqld.sock basedir = /usr 3. now, trying to connect again by running barnyard2: a. start snort: /usr/local/bin/snort -A fast -q -u snort -g snort -c /etc/snort/etort.conf -i eth0 & [1] 2276 # tail -f /var/log/syslog Oct 6 11:36:57 hidden kernel: [ 2423.983662] device eth0 entered promiscuous mode b. start barnyard2: /usr/local/bin/barnyard2 -c /etc/snort/etc/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D & [2] 2296 Oct 6 11:38:17 jupiter barnyard2[2296]: Running in Continuous mode Oct 6 11:38:17 jupiter barnyard2[2296]: Oct 6 11:38:17 jupiter barnyard2[2296]: --== Initializing Barnyard2 ==-- Oct 6 11:38:17 jupiter barnyard2[2296]: Initializing Input Plugins! Oct 6 11:38:17 jupiter barnyard2[2296]: Initializing Output Plugins! Oct 6 11:38:17 jupiter barnyard2[2296]: Parsing config file "/etc/snort/etc/barnyard2.conf" Oct 6 11:38:25 jupiter barnyard2[2296]: Log directory = /var/log/barnyard2 Oct 6 11:38:25 jupiter barnyard2[2296]: Initializing daemon mode Oct 6 11:38:25 jupiter barnyard2[2297]: Daemon initialized, signaled parent pid: 2296 Oct 6 11:38:25 jupiter barnyard2[2297]: PID path stat checked out ok, PID path set to /var/run/ Oct 6 11:38:25 jupiter barnyard2[2297]: Writing PID "2297" to file "/var/run//barnyard2_eth0.pid" Oct 6 11:38:25 jupiter barnyard2[2296]: Daemon parent exiting Oct 6 11:38:26 jupiter barnyard2[2297]: FATAL ERROR: database: mysql_error: Access denied for user 'snort'@'localhost' (using password: YES) ... also Oct 6 11:39:01 jupiter CRON[2300]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete) interesting... ok welp, as you can see, i am still unable to connect locally. i will try this cmd at terminal... to rule out some networking issue,, stand by.... nope, also tried running as snort user, which leads me to another question,,, 1. should i be running barnyard2 and snort processes with root, or snort user? the howtos mention chmoding perms chmod 777 /var/log/barnyard2 which would imply barnyard2 should be run as non-root user... but when i ran same cmd above logged in as snort user, i Fatal Error: -== Initializing Barnyard2 ==-- Oct 6 11:43:58 jupiter barnyard2[2497]: Initializing Input Plugins! Oct 6 11:43:58 jupiter barnyard2[2497]: Initializing Output Plugins! Oct 6 11:43:58 jupiter barnyard2[2497]: Parsing config file "/etc/snort/etc/barnyard2.conf" Oct 6 11:44:07 jupiter barnyard2[2497]: Log directory = /var/log/barnyard2 Oct 6 11:44:07 jupiter barnyard2[2497]: FATAL ERROR: OpenAlertFile() => fopen() alert file /var/log/barnyard2/barnyard2.alert: Permission denied so.. 2. which users can/should be running snort, barnyard2 services by default just to get this working? i think this might be the issue, for ubuntu servers have everything involved set as root:root and the howtos mention chmod on some dirs.. just thinking outloud,,, any suggestions about perms for dirs as well? what works easiest and consistently with default ./configure installs. thanks... ~# [2]+ Done /usr/local/bin/barnyard2 -c /etc/snort/etc/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D ---------- Forwarded message ---------- From: beenph <beenph () gmail com> To: AllowOverride <allowoverride () gmail com> Cc: Date: Sat, 6 Oct 2012 04:31:46 -0400 Subject: Re: [Snort-users] mysql error prevails... On Fri, Oct 5, 2012 at 5:59 AM, AllowOverride <allowoverride () gmail com> wrote:you mean snort.* yes i haveDo you actually read e-mails and links sent to you such as the MySQL documentation? By wildcard i didin/t mean * but % <SNIP Also have you tried to wildcard your access for the user you configured? UPDATE mysql.user SET host="%' WHERE user='YOURCONFIGUREDUSED'; REF: https://dev.mysql.com/doc/refman/5.5/en/adding-users.html And make sure to flush--privileges/reload before testing . </SNIP> And in your Context "YOURCONFIGUREDUSER" should be snort. ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
--- End Message ---
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: mysql error prevails..., (continued)
- Re: mysql error prevails... AllowOverride (Oct 04)
- Re: mysql error prevails... AllowOverride (Oct 04)
- Re: mysql error prevails... beenph (Oct 04)
- Re: mysql error prevails... AllowOverride (Oct 05)
- Re: mysql error prevails... AllowOverride (Oct 05)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... James Lay (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... beenph (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... beenph (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... Eric G (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... Jack (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)