Re: [Snort-users] Query about mysql
This is a discussion on Re: [Snort-users] Query about mysql within the Snort forums, part of the System Security and Security Related category; Mukesh a =E9crit : > Hello Users, > =20 > Please tell me how to install mysql on redhat linux 9. ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-27-2005
|
|||
|
|||
Re: [Snort-users] Query about mysql
Mukesh a =E9crit :
> Hello Users, > =20 > Please tell me how to install mysql on redhat linux 9. The problem is > not solved by ./mysqld_safe &. > =20 > Please any one tell me the whole process how to install mysql. Hi. It's not a Snort issue but here is a (short) way : 1. Install mysql for RHL9 from RPMS - mysql-3.23.58-1.9.i386.rpm - mysql-server-3.23.58-1.9.i386.rpm - mysql-devel-3.23.58-1.9.i386.rpm [OPTIONNAL] 2. Default configuration for MySQL from theses RPMS is mysql server listening for requests on TCP port 3306 on all interfaces. VERY IMPORTANT : be aware that by default mysql superuser root has all rights on all databases from anywhere without password. YOU HAVE TO SET A PASSWORD FOR THIS USER AND RESTRICT CONNECTION TO localhost only. Security tip n=B0 1: if you want to have mysql server and snort on the same machine, you can/should/must configure MySQL server to listen on a local socket. This way, no network connection will be possible from network. That mean that you must have your GUI (Apache/BASE) on the same machine too. If not, configure MySQL server to listen only on an IP address (assuming your machine have at least two Network Interface, one for snort listening to traffic, one for other programs to access to the DB or for snort to send its alerts to a MySQL server installed on another machine) and set some filtering rules with NetFilter/IPtables to filter traffic on this NIC/IP. Security tip n=B02 : you'll have to create a MySQL user that snort will use to insert alerts in the database. This user should/must only have insert/update privileges on only snort database. Start MySQL server : - service mysqld start || /etc/init.d/mysqld start Check / be sure that MySQL server is configured to start at boot : - chkconfig --list mysqld - If necessary : chkconfig mysqld on 3. Create snort database using Snort DB schema. - mysql -u root -p [Password prompting] - CREATE DATABASE snortdb ; - GRANT INSERT, UPDATE PRIVILEGES ON snortdb TO snort@localhost IDENTIFIED BY 'snort'; - FLUSH PRIVILEGES ; - exit from mysql shell - mysql -u snort -p snortdb < create_mysql =09 4. Configure snort to use this db - snort.conf -> output database: log, mysql, user=3Dsnort password=3Dsnort dbname=3Dsnortdb host=3Dlocalhost sensor_name=3Dsnorty (names are given as examples) 5. Start your snort. I am sure that you'll find on snort website helpfull docs about running snort with mysql if you need more detailed informations. Best regards, --=20 Guillaume Arcas ------------------------------------------------------- "L'amour et l'imagination aveuglent ais=E9ment l'esprit." M. de Cervant=E8s ------------------------------------------------------- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
