[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Snort+acid+MySQL

De uma verificada nos logs de conexão do mysql, e verifique tambem se os dados estão dentro das tabelas! 

É bom verificar se o snort esta no ar também, mesmo depois do start!

[ ]'s Fernando Guimarães
----- Original Message ----- From: "caio ferreira" <idic@terra.com.br> 
To: "debian" <debian-user-portuguese@lists.debian.org>
Sent: Sunday, January 29, 2006 11:10 AM
Subject: Snort+acid+MySQL



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All

Estou tendo problemas com o trio snort, acid e mysql.

Fiz o a instalação e configuração do snort, acid e mysql seguindo o
roteiro[1], mas infelizmente no acid não esta aparecendo nada. Não tive
nenhum problema durante a instalação do snort e do acid, mas aparentemente
o snort não esta logando nada. Alguém por acaso teria alguma idéia do que
eu fiz de errado ?

Obrigado.

1-roteiro
# Dados Técnicos #
##################

gateway = servidor MySQ = localhost = netrino

# Instalacao #

$ aptitude install snort-common snort-mysql snort-rules-default
mysql-client mysql-server acidlab -y

# Criacao da base de dados #

# mysql -u root -p
Enter password:

       Welcome to the MySQL monitor.  Commands end with ; or \g.
       Your MySQL connection id is 1 to server version: 3.23.36-log

       Type 'help;' or '\h' for help. Type '\c' to clear the buffer

       mysql> create database snort;
       Query OK, 1 row affected (0.01 sec)

       mysql> grant insert, select on snort.* to snort@localhost
identified by 'senha123';
       Query OK, 0 rows affected (0.02 sec)

       mysql> grant insert, select, delete, update, create on snort.* to
acid@localhost identified by 'acid_senha';
       Query OK, 0 rows affected (0.01 sec)

       mysql> quit;

# cp /usr/share/doc/snort-mysql/create_mysql.gz /tmp

# gunzip /tmp/create_mysql.gz

# mysql -u root -p snort < /tmp/create_mysql

$ vi /etc/snort/reference.config

       output database: log, mysql, dbname=snort user=snort host=localhost
password=snort_user_password

# Criando o usuario acid
$ mysql -u root -p

       mysql> grant insert,select,delete,update,create on snort.* to
acid@akira identified by 'acid_user_password';

       mysql> quit;

$ vi /etc/mysql/my.cnf
       # Comentar a linha abaixo
       #skip-networking
$ vi /usr/share/acidlab/acid_conf.php

       $alert_dbname   = "snort";
       $alert_host     = "stargate";
       $alert_port     = "";
       $alert_user     = "snort";
       $alert_password = "snort_user_password";

       /* Archive DB connection parameters */
       $archive_dbname   = "snort";
       $archive_host     = "stargate";
       $archive_port     = "";
       $archive_user     = "snort";
       $archive_password = "snort_user_password";

ln -sf /usr/share/acidlab/ /var/www/acidlab
- --


.''`.   Caio Abreu Ferreira
: :'  :  GNU/Linux Debian
`. `'`   fingerprint 0B5 0357 B80C E53C 5EF6  9D58 2D1B 0602 45E5 183A
 `-     Key ID 0x45E5183A
 Linux Couter 327834

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD3L6oLRsGAkXlGDoRAsRwAJ482QwmFtRlVzC5gpTWzdgUqtj49wCgk3Lq
8d1by60x3uoRTLPVsUzlN4k=
=GB9f
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-portuguese-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: