Snort mailing list archives
[patch] snort with mysql+SSL support
From: Ryan Steinmetz <rpsfa () rit edu>
Date: Fri, 24 Jun 2011 21:52:57 -0400
All, I've thrown together a quick hack to require SSL use when logging to a mysql database. I've tested this against v2.9.0.5 and it seems to work fine. A few notes: -If you are chrooting snort, you'll need to have a devfs mount within the new root as the mysql client libs will want access to /dev/urandom. -If you are chrooting snort, you will also need to have the certificates available within the chrooted environment as well. -Once the patch has been applied, snort will require SSL for all mysql connections. To disable this you will need to revert the patch. -Certificates must exist in /usr/local/etc/snort/certs and be named as follows: --ca.pem: The CA's public key --cert.pem: The client's public key --key.pem: The client's private key Ideally, this would be incorporated into future releases and include config knobs to allow for flexibility. -r -- Ryan Steinmetz PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2
Attachment:
sslpatch.diff
Description:
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- [patch] snort with mysql+SSL support Ryan Steinmetz (Jun 24)
- Re: [patch] snort with mysql+SSL support Joel Esler (Jun 25)
- Re: [patch] snort with mysql+SSL support Ryan Steinmetz (Jun 25)
- Re: [patch] snort with mysql+SSL support Joel Esler (Jun 25)
- Re: [patch] snort with mysql+SSL support Ryan Steinmetz (Jun 25)
- Re: [patch] snort with mysql+SSL support Joel Esler (Jun 25)