Snort mailing list archives
Re: mysql error prevails...
From: AllowOverride <allowoverride () gmail com>
Date: Sat, 06 Oct 2012 11:51:14 -0700
ok, beenph, i did what you suggested, here are new grants for snort user: mysql> show grants for 'snort'@'localhost'; +-----------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for snort@localhost | +-----------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON *.* TO 'snort'@'localhost' IDENTIFIED BY PASSWORD '*hidden-sorry' | | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO 'snort'@'localhost' | +-----------------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) 1. just for good measure restarting mysql service: # service mysql restart mysql stop/waiting mysql start/running, process 2114 # service mysql status mysql start/running, process 2114 2. my.cnf unchanged: [client] port = 3306 socket = /var/run/mysqld/mysqld.sock [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 localhost which is more compatible and is not less secure. bind-address = 127.0.0.1 (i changed this before, per email suggestions, now its back to default 127... 3. /etc/mysql/debian.cnf defaults: # Automatically generated for Debian scripts. DO NOT TOUCH! [client] host = localhost user = debian-sys-maint password = sorry-hidden socket = /var/run/mysqld/mysqld.sock [mysql_upgrade] host = localhost user = debian-sys-maint password = sorry-hidden socket = /var/run/mysqld/mysqld.sock basedir = /usr 3. now, trying to connect again by running barnyard2: a. start snort: /usr/local/bin/snort -A fast -q -u snort -g snort -c /etc/snort/etort.conf -i eth0 & [1] 2276 # tail -f /var/log/syslog Oct 6 11:36:57 hidden kernel: [ 2423.983662] device eth0 entered promiscuous mode b. start barnyard2: /usr/local/bin/barnyard2 -c /etc/snort/etc/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D & [2] 2296 Oct 6 11:38:17 jupiter barnyard2[2296]: Running in Continuous mode Oct 6 11:38:17 jupiter barnyard2[2296]: Oct 6 11:38:17 jupiter barnyard2[2296]: --== Initializing Barnyard2 ==-- Oct 6 11:38:17 jupiter barnyard2[2296]: Initializing Input Plugins! Oct 6 11:38:17 jupiter barnyard2[2296]: Initializing Output Plugins! Oct 6 11:38:17 jupiter barnyard2[2296]: Parsing config file "/etc/snort/etc/barnyard2.conf" Oct 6 11:38:25 jupiter barnyard2[2296]: Log directory = /var/log/barnyard2 Oct 6 11:38:25 jupiter barnyard2[2296]: Initializing daemon mode Oct 6 11:38:25 jupiter barnyard2[2297]: Daemon initialized, signaled parent pid: 2296 Oct 6 11:38:25 jupiter barnyard2[2297]: PID path stat checked out ok, PID path set to /var/run/ Oct 6 11:38:25 jupiter barnyard2[2297]: Writing PID "2297" to file "/var/run//barnyard2_eth0.pid" Oct 6 11:38:25 jupiter barnyard2[2296]: Daemon parent exiting Oct 6 11:38:26 jupiter barnyard2[2297]: FATAL ERROR: database: mysql_error: Access denied for user 'snort'@'localhost' (using password: YES) ... also Oct 6 11:39:01 jupiter CRON[2300]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete) interesting... ok welp, as you can see, i am still unable to connect locally. i will try this cmd at terminal... to rule out some networking issue,, stand by.... nope, also tried running as snort user, which leads me to another question,,, 1. should i be running barnyard2 and snort processes with root, or snort user? the howtos mention chmoding perms chmod 777 /var/log/barnyard2 which would imply barnyard2 should be run as non-root user... but when i ran same cmd above logged in as snort user, i Fatal Error: -== Initializing Barnyard2 ==-- Oct 6 11:43:58 jupiter barnyard2[2497]: Initializing Input Plugins! Oct 6 11:43:58 jupiter barnyard2[2497]: Initializing Output Plugins! Oct 6 11:43:58 jupiter barnyard2[2497]: Parsing config file "/etc/snort/etc/barnyard2.conf" Oct 6 11:44:07 jupiter barnyard2[2497]: Log directory = /var/log/barnyard2 Oct 6 11:44:07 jupiter barnyard2[2497]: FATAL ERROR: OpenAlertFile() => fopen() alert file /var/log/barnyard2/barnyard2.alert: Permission denied so.. 2. which users can/should be running snort, barnyard2 services by default just to get this working? i think this might be the issue, for ubuntu servers have everything involved set as root:root and the howtos mention chmod on some dirs.. just thinking outloud,,, any suggestions about perms for dirs as well? what works easiest and consistently with default ./configure installs. thanks... ~# [2]+ Done /usr/local/bin/barnyard2 -c /etc/snort/etc/barnyard2.conf -d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D
--- Begin Message --- From: beenph <beenph () gmail com>
Date: Sat, 6 Oct 2012 04:31:46 -0400
On Fri, Oct 5, 2012 at 5:59 AM, AllowOverride <allowoverride () gmail com> wrote:you mean snort.* yes i haveDo you actually read e-mails and links sent to you such as the MySQL documentation? By wildcard i didin/t mean * but % <SNIP Also have you tried to wildcard your access for the user you configured? UPDATE mysql.user SET host="%' WHERE user='YOURCONFIGUREDUSED'; REF: https://dev.mysql.com/doc/refman/5.5/en/adding-users.html And make sure to flush--privileges/reload before testing . </SNIP> And in your Context "YOURCONFIGUREDUSER" should be snort.
--- End Message ---
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: mysql error prevails..., (continued)
- Re: mysql error prevails... AllowOverride (Oct 04)
- Re: mysql error prevails... Marcos Rodriguez (Oct 04)
- Re: mysql error prevails... AllowOverride (Oct 04)
- Re: mysql error prevails... AllowOverride (Oct 04)
- Re: mysql error prevails... beenph (Oct 04)
- Re: mysql error prevails... AllowOverride (Oct 05)
- Re: mysql error prevails... AllowOverride (Oct 05)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... James Lay (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 04)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... beenph (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... beenph (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... Eric G (Oct 06)
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Message not available
- Re: mysql error prevails... AllowOverride (Oct 06)
- Re: mysql error prevails... Jack (Oct 06)