Snort mailing list archives
RE: Access denied for user: '@192.168.0.1' -SNORT-
From: "mike Hughes" <mikehughes013 () hotmail com>
Date: Mon, 10 Feb 2003 18:43:59 -0800
Here is some real results: Ok im going to give you all my interface ip addys soo it might clear up what im trying to do up:
Internet IP Linux Machine Eth0 - 142.173.77.22- Linux Machine LAN interface Eth1 - 192.168.0.1 - Windows Machine on my LAN - 192.168.0.69 -I installed all the packages on the linux machine that i was suppose to folowing the reference but didnt do anything to MYSQL on the LINUX just installed the RPMS and didnt touch any settings on the LINUX machine only the WINDOWS machine i have set users and stuff:
Here is the output of commands from my WINDOWS mysql: mysql> SHOW DATABASES; +----------+ | Database | +----------+ | mysql | | snort | | test | +----------+ 3 rows in set (0.00 sec) mysql> SHOW GRANTS FOR root@localhost -> ; +---------------------------------------------------------------------+ | Grants for root@localhost | +---------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION | +---------------------------------------------------------------------+ 1 row in set (0.00 sec) mysql> SHOW GRANTS FOR sensor1@192.168.0.1 -> ; +------------------------------------------------------------------------------- -------+ | Grants for sensor1@192.168.0.1 | +------------------------------------------------------------------------------- -------+| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO 'sensor1'@'192.16
8.0.1' | +------------------------------------------------------------------------------- -------+ 1 row in set (0.00 sec) mysql>Soo then the intructions say connct to the LINUX machine from WINDOWS machine using PUTTY and PORT 22 Soo here is what i plug into PUTTY
IP: 142.173.77.22 Port 22 login as: root password: rootpassword Then i run this command snort-mysql+flexresp -v -c /etc/snort/snort.conf I get this error: database: mysql_error: Can't connect to MySQL server on '192.168.0.69' (110) Fatal Error, Quitting..Can you see whats wrong yet? with my settings? Maybe i got the ip address messed up i cant tell..any help from that?? Thanksd again for any help
From: "Schmehl, Paul L" <pauls () utdallas edu> To: "mike Hughes" <mikehughes013 () hotmail com> Subject: RE: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT- Date: Mon, 10 Feb 2003 19:51:10 -0600 Is mysql running? Any errors in /var/log/messages? If mysql is running, any errors in /var/db/mysql/hostname.err? Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member -----Original Message----- From: mike Hughes [mailto:mikehughes013 () hotmail com] Sent: Monday, February 10, 2003 6:38 PM To: Schmehl, Paul L Subject: RE: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT- Ok when i connect to the linux(192.168.0.1 LAN INTERFACE) machine from my management machine windows (192.168.0.69) using putty port 22 I log on to eth0 on my linux machine(142.178.22.12) as root then running this command: snort-mysql+flexresp -v -c /etc/snort/snort.conf I get this error: database: mysql_error: Can't connect to MySQL server on '192.168.0.69' (110) Fatal Error, Quitting.. Can you see whats wrong yet? with my settings? See my Linux machine has snort installed on it...and my windows machine is managing... Do ihave to set anything on my sql on the linux machine too casue i didnt?Do anything to that...casue the manual didnt mention too...Soo i hope that clears things up for you too see what im trying to do! Thanks for you help!!! >From: "Schmehl, Paul L" <pauls () utdallas edu> >To: "mike Hughes" ><mikehughes013 () hotmail com>,<Snort-users () lists sourceforge net> >Subject: RE: [Snort-users] Access denied for user: '@192.168.0.1' -SNORT- >Date: Mon, 10 Feb 2003 18:16:53 -0600 > >mysql> SHOW DATABASE > -> > xxxx >The -> is telling you that the command isn't finished. You need a >semi-colon. Also, it's DATABASE*S*, not DATABASE. > > mysql> show DATABASES; >+---------------------+ >| Database | >+---------------------+ >| mysql | >| snort | >| snort_archive_FEB03 | >+---------------------+ >3 rows in set (0.00 sec) > >What is "SHOW GRANTS"? The proper command is "SHOW GRANTS for >xxx$hostname", for example: > >mysql> SHOW GRANTS FOR root@localhost > -> ; >+---------------------------------------------------------------------- >+- >----------------------------------------+ >| Grants for root@localhost >| >+---------------------------------------------------------------------- >+- >----------------------------------------+ >| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY >PASSWORD 'xxxxxxxx' WITH GRANT OPTION | >+---------------------------------------------------------------------- >+- >----------------------------------------+ >1 row in set (0.01 sec) > >There is an excellent online manual at >http://www.mysql.com/doc/en/index.html. > >Paul Schmehl (pauls () utdallas edu) >Adjunct Information Security Officer >The University of Texas at Dallas http://www.utdallas.edu/~pauls/ >AVIEN Founding Member > > >-----Original Message----- >From: mike Hughes [mailto:mikehughes013 () hotmail com] >Sent: Monday, February 10, 2003 5:28 PM >To: Snort-users () lists sourceforge net >Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1' >-SNORT- > > >Ok from my "windows machine (management)" i ran these commands and here >is the output: > >C:\mysql\bin>mysql -u sensor1 -p snort >Enter password: >Welcome to the MySQL monitor. Commands end with ; or \g. >Your MySQL connection id is 1 to server version: 3.23.55-nt > >Type 'help;' or '\h' for help. Type '\c' to clear the buffer. > >mysql> SHOW DATABASE > -> > >mysql> SHOW GRANTS > -> > >This shouldnt be like this im guessing? ;( HOw can i fix this? > > > > > > > > >From: "Kenneth G. Arnold" <bkarnold () cbu edu> > >To: Snort-users () lists sourceforge net > >Subject: Re: [Snort-users] Access denied for user: '@192.168.0.1' > >-SNORT- > >Date: Mon, 10 Feb 2003 15:38:35 -0600 > > > >It looks like the host where this snort process is trying to run does > >not have write access to the mysql database located at 192.168.0.69 >connecting > >as user sensor1. Is 192.168.0.1 the host where snort is actually >running? > >I am confused as to why the error message doesn't mention user > >sensor1@192.168.0.1 if that is the case. There doesn't appear to be > >a >user > >specified in the error message yet the log shows that it knows the > >user >is > >sensor1. Anyway, you need to make sure that the MySQL database has >write > >permission for user sensor1 connecting from 192.168.0.1 (or wherever >your > >snort machine is located). Page 19 of the Snort Installation Manual >for > >Snort, MySQL and ACID on Redhat 7.3 describes how to do this for a > >user > > >snort from both the localhost and from all hosts. I would recommend >that > >you only allow access from the specific hosts that need it. That > >documentation is located at > >http://www.snort.org/docs/snort-rh7-mysql-ACID-1-5.pdf > > > >Ken > > > >At 12:46 PM 2/10/03 -0800, mike Hughes wrote: > >>Whats up guys...i am folowing this as my refernce: > >>http://www.sans.org/rr/intrusion/practical_guide.php > >>Im on the second to last step and am stuck and cant figure it > >>out...Im > > >>a > >>noob to mysql tooo im getting this error: > >>database: mysql_error: Access denied for user: '@192.168.0.1' to >database > >>'snort' > >>Fatal Error, Quitting.. > > > > > > > >------------------------------------------------------- > >This SF.NET email is sponsored by: > >SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > >http://www.vasoftware.com > >_______________________________________________ > >Snort-users mailing list > >Snort-users () lists sourceforge net > >Go to this URL to change user options or unsubscribe: > >https://lists.sourceforge.net/lists/listinfo/snort-users > >Snort-users list archive: > >http://www.geocrawler.com/redir-sf.php3?list=snort-users > > >_________________________________________________________________ >The new MSN 8: smart spam protection and 2 months FREE* >http://join.msn.com/?page=features/junkmail > > > >------------------------------------------------------- >This SF.NET email is sponsored by: >SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! >http://www.vasoftware.com >_______________________________________________ >Snort-users mailing list >Snort-users () lists sourceforge net >Go to this URL to change user options or unsubscribe: >https://lists.sourceforge.net/lists/listinfo/snort-users >Snort-users list archive: >http://www.geocrawler.com/redir-sf.php3?list=snort-users _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
_________________________________________________________________The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Access denied for user: '@192.168.0.1' -SNORT-, (continued)
- Re: Access denied for user: '@192.168.0.1' -SNORT- twig les (Feb 10)
- RE: Access denied for user: '@192.168.0.1' -SNORT- Schmehl, Paul L (Feb 10)
- Re: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 10)
- Re: Access denied for user: '@192.168.0.1' -SNORT- twig les (Feb 10)
- Re: Access denied for user: '@192.168.0.1' -SNORT- Kenneth G. Arnold (Feb 10)
- RE: Access denied for user: '@192.168.0.1' -SNORT- Michael Steele (Feb 10)
- ACID - Which Database? Yaakov Yehudi (Feb 11)
- Re: ACID - Which Database? Ken Gunderson (Feb 11)
- Re: ACID - Which Database? Paul B. Poh (Feb 11)
- Re: ACID - Which Database? Yaakov Yehudi (Feb 12)
- RE: Access denied for user: '@192.168.0.1' -SNORT- Kenneth G. Arnold (Feb 11)
- Re: RE: Access denied for user: '@192.168.0.1' -SNORT- Erek Adams (Feb 11)
- RE: Access denied for user: '@192.168.0.1' -SNORT- Erek Adams (Feb 12)