Snort+acid+MySQL

To: debian <debian-user-portuguese@lists.debian.org>
Subject: Snort+acid+MySQL
From: caio ferreira <idic@terra.com.br>
Date: Sun, 29 Jan 2006 11:10:01 -0200
Message-id: <[🔎] 43DCBEA9.1040100@terra.com.br>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

	All

	Estou tendo problemas com o trio snort, acid e mysql.

	Fiz o a instalação e configuração do snort, acid e mysql seguindo o
roteiro[1], mas infelizmente no acid não esta aparecendo nada. Não tive
nenhum problema durante a instalação do snort e do acid, mas aparentemente
o snort não esta logando nada. Alguém por acaso teria alguma idéia do que
eu fiz de errado ?

	Obrigado.

1-roteiro
# Dados Técnicos #
##################

gateway = servidor MySQ = localhost = netrino

# Instalacao #

$ aptitude install snort-common snort-mysql snort-rules-default
mysql-client mysql-server acidlab -y

# Criacao da base de dados #

# mysql -u root -p
Enter password:

        Welcome to the MySQL monitor.  Commands end with ; or \g.
        Your MySQL connection id is 1 to server version: 3.23.36-log

        Type 'help;' or '\h' for help. Type '\c' to clear the buffer

        mysql> create database snort;
        Query OK, 1 row affected (0.01 sec)

        mysql> grant insert, select on snort.* to snort@localhost
identified by 'senha123';
        Query OK, 0 rows affected (0.02 sec)

        mysql> grant insert, select, delete, update, create on snort.* to
acid@localhost identified by 'acid_senha';
        Query OK, 0 rows affected (0.01 sec)

        mysql> quit;

# cp /usr/share/doc/snort-mysql/create_mysql.gz /tmp

# gunzip /tmp/create_mysql.gz

# mysql -u root -p snort < /tmp/create_mysql

$ vi /etc/snort/reference.config

        output database: log, mysql, dbname=snort user=snort host=localhost
password=snort_user_password

# Criando o usuario acid
$ mysql -u root -p

        mysql> grant insert,select,delete,update,create on snort.* to
acid@akira identified by 'acid_user_password';

        mysql> quit;

$ vi /etc/mysql/my.cnf
        # Comentar a linha abaixo
        #skip-networking
$ vi /usr/share/acidlab/acid_conf.php

        $alert_dbname   = "snort";
        $alert_host     = "stargate";
        $alert_port     = "";
        $alert_user     = "snort";
        $alert_password = "snort_user_password";

        /* Archive DB connection parameters */
        $archive_dbname   = "snort";
        $archive_host     = "stargate";
        $archive_port     = "";
        $archive_user     = "snort";
        $archive_password = "snort_user_password";

ln -sf /usr/share/acidlab/ /var/www/acidlab
- --


 .''`.   Caio Abreu Ferreira
: :'  :  GNU/Linux Debian
`. `'`   fingerprint 0B5 0357 B80C E53C 5EF6  9D58 2D1B 0602 45E5 183A
  `-     Key ID 0x45E5183A
  	 Linux Couter 327834

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD3L6oLRsGAkXlGDoRAsRwAJ482QwmFtRlVzC5gpTWzdgUqtj49wCgk3Lq
8d1by60x3uoRTLPVsUzlN4k=
=GB9f
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Snort+acid+MySQL
  - From: Fernando Guimarães <linux@thesurfers.com.br>

Prev by Date: En: Re: no br-cdd so navego como root!
Next by Date: Re: GRANDE Problema com o velox no debian
Previous by thread: En: Re: no br-cdd so navego como root!
Next by thread: Re: Snort+acid+MySQL
Index(es):
- Date
- Thread