[Snort-users] ACID v0.9.5b6 - news

Frank Reid fcreid at ...691...
Wed Nov 1 18:40:42 EST 2000


Yup, that was surely the problem.  The user didn't have delete permissions
from localhost.  Thanks for the help, Bill and Roman.

Frank

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Roman
Danyliw
Sent: Wednesday, November 01, 2000 09:06
To: Frank Reid
Cc: Bill Marquette; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] ACID v0.9.5b6 - news


Frank,

I suspect that Bill is absolutely correct and your deletion problem is
associated with not having the DELETE permissions.

This can be confirmed by manually inserting a row into the database, then
trying to delete it.

1.  login to MySQL with the same credentials (i.e. username, password) as
you use in ACID.

  e.g. % mysql <database> -u <user> -p

2.  insert a test row into the event table

mysql> INSERT INTO event (sid, cid, signature, timestamp) VALUES (1,
10000000, "test", "0");

(this assumes that you don't already have a row with an event
ID=1000000.  If you do just choose another event id #)

3.  now delete this newly inserted row

mysql> DELETE FROM event WHERE sid=1 AND cid=10000000;

If you where not able to delete, this confirms that this is a permission
problem.  Re-login to mysql as root, and issue a GRANT command (giving the
DELETE permission) to the ACID DB user.

  e.g. GRANT DELETE on snort.* to acid at ...274...

(this assumes that my alert database is 'snort', username is 'acid', and
logging from the 'localhost')

However, if you were able to successfully delete there are some other
issues we need to resolve and send me an email.

cheers,
Roman

> To: "Frank Reid" <fcreid at ...691...>
> From: "Bill Marquette" <wlmarque at ...8...>
> Subject: RE: [Snort-users] ACID v0.9.5b6 - news
> Date: Wed, 1 Nov 2000 07:26:53 -0600
> -----
>
>
> Frank, this is almost certainly a permission error.  I had originally
> setup ACID
> to have read only access to my snort db and slowly added privs until all
>the
> features worked.  FYI, beta7 is up on Roman's page as of yesterday, you
> might
> try that...I know it works here.
>
> --Bill
>
>
>

On Tue, 31 Oct 2000, Frank Reid wrote:

> Roman,
>
> Are the problems with alert deletion a rights issue to the database or
> something deeper in your code?  I saw someone mention they are using the
> alert deletion feature successfully.  I'd tried (FreeBSD, MySQL and ACID
> v0.9.5b6) and received the "Error deleting alert ..." message.  Don't
> want
> to play with the recommended rights on the database itself, unless
> that's
> the root of the problem.  Thanks in advance.
>
> Frank


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users





More information about the Snort-users mailing list