Re: mysql error prevails...

[AllowOverride <allowoverride () gmail com>]

ok, beenph, i did what you suggested, here are new grants for snort
user:

mysql> show grants for 'snort'@'localhost';
+-----------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for snort@localhost
|
+-----------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON *.* TO
'snort'@'localhost' IDENTIFIED BY PASSWORD '*hidden-sorry' |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO
'snort'@'localhost'
|
+-----------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

1. 
just for good measure restarting mysql service:

# service mysql restart
mysql stop/waiting
mysql start/running, process 2114

# service mysql status
mysql start/running, process 2114


2.
my.cnf unchanged:

[client]
port            = 3306
socket          = /var/run/mysqld/mysqld.sock

[mysqld_safe]
socket          = /var/run/mysqld/mysqld.sock
nice            = 0

 localhost which is more compatible and is not less secure.
bind-address            = 127.0.0.1
(i changed this before, per email suggestions, now its back to default
127...

3. 

/etc/mysql/debian.cnf  defaults:

# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host     = localhost
user     = debian-sys-maint
password = sorry-hidden
socket   = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host     = localhost
user     = debian-sys-maint
password = sorry-hidden
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr


3. 

now, trying to connect again by running barnyard2:

a. start snort:

/usr/local/bin/snort -A fast -q -u snort -g snort
-c /etc/snort/etort.conf -i eth0 &
[1] 2276

# tail -f /var/log/syslog
Oct  6 11:36:57 hidden kernel: [ 2423.983662] device eth0 entered
promiscuous mode


b. start barnyard2:

/usr/local/bin/barnyard2 -c /etc/snort/etc/barnyard2.conf
-d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D &
[2] 2296


Oct  6 11:38:17 jupiter barnyard2[2296]: Running in Continuous mode
Oct  6 11:38:17 jupiter barnyard2[2296]: 
Oct  6 11:38:17 jupiter barnyard2[2296]:         --== Initializing
Barnyard2 ==--
Oct  6 11:38:17 jupiter barnyard2[2296]: Initializing Input Plugins!
Oct  6 11:38:17 jupiter barnyard2[2296]: Initializing Output Plugins!
Oct  6 11:38:17 jupiter barnyard2[2296]: Parsing config file
"/etc/snort/etc/barnyard2.conf"
Oct  6 11:38:25 jupiter barnyard2[2296]: Log directory
= /var/log/barnyard2
Oct  6 11:38:25 jupiter barnyard2[2296]: Initializing daemon mode
Oct  6 11:38:25 jupiter barnyard2[2297]: Daemon initialized, signaled
parent pid: 2296
Oct  6 11:38:25 jupiter barnyard2[2297]: PID path stat checked out ok,
PID path set to /var/run/
Oct  6 11:38:25 jupiter barnyard2[2297]: Writing PID "2297" to file
"/var/run//barnyard2_eth0.pid"
Oct  6 11:38:25 jupiter barnyard2[2296]: Daemon parent exiting
Oct  6 11:38:26 jupiter barnyard2[2297]: FATAL ERROR: database:
mysql_error: Access denied for user 'snort'@'localhost' (using password:
YES)

... also 
Oct  6 11:39:01 jupiter CRON[2300]: (root) CMD (
[ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] &&
find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin
+$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \;
-delete)

interesting...

ok welp, as you can see, i am still unable to connect locally. i will
try this cmd at terminal... to rule out some networking issue,,

stand by....


nope, also tried running as snort user, which leads me to another
question,,, 

1. should i be running barnyard2 and snort processes with root, or snort
user?
the howtos mention chmoding perms chmod 777 /var/log/barnyard2 which
would imply barnyard2 should be run as non-root user...
but when i ran same cmd above logged in as snort user, i Fatal Error:

-== Initializing Barnyard2 ==--
Oct  6 11:43:58 jupiter barnyard2[2497]: Initializing Input Plugins!
Oct  6 11:43:58 jupiter barnyard2[2497]: Initializing Output Plugins!
Oct  6 11:43:58 jupiter barnyard2[2497]: Parsing config file
"/etc/snort/etc/barnyard2.conf"
Oct  6 11:44:07 jupiter barnyard2[2497]: Log directory
= /var/log/barnyard2
Oct  6 11:44:07 jupiter barnyard2[2497]: FATAL ERROR: OpenAlertFile() =>
fopen() alert file /var/log/barnyard2/barnyard2.alert: Permission denied

so.. 

2. which users can/should be running snort, barnyard2 services by
default just to get this working?
i think this might be the issue, for ubuntu servers have everything
involved set as root:root and the howtos mention chmod on some dirs..
just thinking outloud,,, any suggestions about perms for dirs as well?
what works easiest and consistently with default ./configure installs.

thanks...




~# 
[2]+  Done                    /usr/local/bin/barnyard2
-c /etc/snort/etc/barnyard2.conf -d /var/log/snort -f snort.log
-w /var/log/snort/barnyard2.waldo -D

> --- Begin Message ---
>
>
> From: beenph <beenph () gmail com>
>
> Date: Sat, 6 Oct 2012 04:31:46 -0400
>
> On Fri, Oct 5, 2012 at 5:59 AM, AllowOverride <allowoverride () gmail com> wrote:
> > you mean snort.* yes i have
>
> Do you actually read e-mails and links sent to you such as the MySQL
> documentation?
>
>
> By wildcard i didin/t mean * but  %
>
> <SNIP
>
> Also have you tried to wildcard your access for the user you configured?
>
> UPDATE mysql.user SET host="%' WHERE user='YOURCONFIGUREDUSED';
>
> REF: https://dev.mysql.com/doc/refman/5.5/en/adding-users.html
>
> And make sure to flush--privileges/reload before testing .
> </SNIP>
>
>
> And in your Context "YOURCONFIGUREDUSER" should be snort.
>
> --- End Message ---
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!