Snort mailing list archives
Re: SNORT (Linux) / MySQL (Win32)
From: JP Vossen <vossenjp () netaxs com>
Date: Tue, 10 Feb 2004 02:19:16 -0500 (EST)
From: "MVIBE" <mvibe () sublimegrooves com> To: <snort-users () lists sourceforge net> Date: Mon, 9 Feb 2004 17:47:23 -0600 Subject: [Snort-users] SNORT (Linux) / MySQL (Win32) To keep it simple. I have a small network. MySQL is active on a WIN32 Box, has been for sometime now for some web development. I am interested in running SNORT, but wish to do this from one of my Linux Firewall. I know that to compile SNORT with MySQL support I am to use the --with-mysql configure switch.
OK, first, ideally a firewall is JUST a firewall. I know there is a great temptation to run Snort on it, since it's in a perfect place. Be aware that you are adding complexity and potentially reducing the security of the firewall if you do this. In some (perhaps many) cases running Snort on the FW may be entierly justified. Second, please tell me you don't have a compiler on the firewall! If you do, remove it. A firewall should be just a firewall, and having a compiler on it opens up all kinds of Evil Things should the box ever be compromised. The theory is that an Evil Cracker can download and compile all sorts of nasty things, so don't have a compiler on a security device. The same argument may be made for lots of other things, like Perl... YMMV, evaluate your risk, etc. In general, the first principal of hardening (and what should be more hardened than the firewall?) is--if it ain't installed it can't be cracked. Less is much better.
The problem I am encountering is that for this switch to work, ./configure needs to find the mysql.h header file.
<snip>
What am I missing, Is this possible (ie running SNORT on Linux with MySQL on Win32)?
Yes. My recommendation is to use the Snort RPMs (but I'm biased). See http://www.starken.com/snort/ for the latest RPMs that have not made it to the Snort.org site yet. Install snort and snort-mysql on the firewall (shudder) and you're all set. Later, JP ------------------------------|:::======|-------------------------------- JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org My Account, My Opinions |=========| http://www.jpsdomain.org/ ------------------------------|=========|-------------------------------- You used to have to reboot the Windows 9.x series every couple of days because it would crash. Now you have to reboot Windows 200x or XP every couple of days because of a patch. How is that better or more stable? ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNORT (Linux) / MySQL (Win32) MVIBE (Feb 09)
- <Possible follow-ups>
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 09)
- RE: SNORT (Linux) / MySQL (Win32) Michael Steele (Feb 10)
- Re: SNORT (Linux) / MySQL (Win32) MVIBE (Feb 10)
- RE: SNORT (Linux) / MySQL (Win32) Fred McFeeters (Feb 11)
- Re: SNORT (Linux) / MySQL (Win32) M. Salman Farisi (Feb 10)
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 12)
- Re: SNORT (Linux) / MySQL (Win32) AJ Butcher, Information Systems and Computing (Mar 25)
- RE: SNORT (Linux) / MySQL (Win32) robert schwartz (Feb 12)
- RE: SNORT (Linux) / MySQL (Win32) AJ Butcher, Information Systems and Computing (Mar 25)
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 11)