Snort mailing list archives

Re: SNORT (Linux) / MySQL (Win32)

From: JP Vossen <vossenjp () netaxs com>
Date: Tue, 10 Feb 2004 02:19:16 -0500 (EST)

From: "MVIBE" <mvibe () sublimegrooves com>
To: <snort-users () lists sourceforge net>
Date: Mon, 9 Feb 2004 17:47:23 -0600
Subject: [Snort-users] SNORT (Linux) / MySQL (Win32)

To keep it simple. I have a small network. MySQL is active on a WIN32 Box,
has been for sometime now for some web development. I am interested in
running SNORT, but wish to do this from one of my Linux Firewall. I know
that to compile SNORT with MySQL support I am to use the --with-mysql
configure switch.


OK, first, ideally a firewall is JUST a firewall.  I know there is a great
temptation to run Snort on it, since it's in a perfect place.  Be aware that
you are adding complexity and potentially reducing the security of the
firewall if you do this.  In some (perhaps many) cases running Snort on the FW
may be entierly justified.

Second, please tell me you don't have a compiler on the firewall!  If you do,
remove it.  A firewall should be just a firewall, and having a compiler on it
opens up all kinds of Evil Things should the box ever be compromised.  The
theory is that an Evil Cracker can download and compile all sorts of nasty
things, so don't have a compiler on a security device.  The same argument may
be made for lots of other things, like Perl...  YMMV, evaluate your risk, etc.
In general, the first principal of hardening (and what should be more hardened
than the firewall?) is--if it ain't installed it can't be cracked.  Less is
much better.

The problem I am encountering is that for this switch to work, ./configure
needs to find the mysql.h header file.


<snip>

What am I missing, Is this possible (ie running SNORT on Linux with MySQL on
Win32)?



Yes.  My recommendation is to use the Snort RPMs (but I'm biased).  See
http://www.starken.com/snort/ for the latest RPMs that have not made it to the
Snort.org site yet.

Install snort and snort-mysql on the firewall (shudder) and you're all set.

Later,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SNORT (Linux) / MySQL (Win32) MVIBE (Feb 09)
- <Possible follow-ups>
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 09)
  - RE: SNORT (Linux) / MySQL (Win32) Michael Steele (Feb 10)
  - Re: SNORT (Linux) / MySQL (Win32) MVIBE (Feb 10)
    - RE: SNORT (Linux) / MySQL (Win32) Fred McFeeters (Feb 11)
  - Re: SNORT (Linux) / MySQL (Win32) M. Salman Farisi (Feb 10)
    - Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 12)
    - Re: SNORT (Linux) / MySQL (Win32) AJ Butcher, Information Systems and Computing (Mar 25)
  - RE: SNORT (Linux) / MySQL (Win32) robert schwartz (Feb 12)
    - RE: SNORT (Linux) / MySQL (Win32) AJ Butcher, Information Systems and Computing (Mar 25)
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 11)