[Snort-users] Acid / MySQL question
guillaume at ...4029...
Thu Nov 8 08:40:04 EST 2001
En réponse à Lance Spitzner <lance at ...2024...>:
> Okay, I'm going over the MySQL manual and my head is ready
> to explode, I be database ignorant. Question.
> "How do I create seperate mysql accounts for each
> one of my Snort sensors feeding data to the ACID
> I have 5 remote Snort sensors I want to feed data to my
> backend ACID/MySQL database. To do this, I have to add
> the mysql user account and password to each snort.conf file
> so each Snort sensor can send alerts to the database.
> output database: log, mysql, user=root password=test dbname=db
> For security reasons, I want each sensor to have a unique
> user account and password on the mysql database. I feel user
> root is a bad thing, as this is full privalleges on the mysql
> database. So what is the >mysql command systax to add seperate
> users and passwords so each sensor has privalleges to add data to
> the snort database?
Hope I understood what you wanna do... Try this :
mysql> GRANT ALL PRIVILEGES ON snort.* TO username at ...4034... IDENTIFIED BY
- snort being the name of the DB you are using to logg snort's outputs,
- username the user's name used by your sensor and this.host.com the FQDN of
the sensor. You can - in fact you should - write the IP/netmask of this host
instead of the FQDN : username@'192.168.10.12/255.255.255.O' <- do not forget
the single quote !
- pass the password for this user. Do not forget to use the PASSWORD()
You can be more restrictive by just allowing INSERT and SELECT requests (I took
a look at the code of the db plugin output, I do not remind having seen other
SQL statements than this two ones) :
GRANT SELECT,INSERT ON snort.* TO username@'192.168.10.12/255.255.255.0' etc...
IMPORTANT : you'll have to reload MySQL privileges by running :
mysql> FLUSH PRIVILEGES ;
For this new rights to be activated !
Repeat this with as much as users you need/want.
If you simply give SELECT and INSERT privileges to the sensor's users, do not
forget to create a snort super-user you'll use for ACID. This super-user will
have to have UPDATE and DELETE privileges in addition of SELECT/INSERT ones.
Using this kind of super-user just for the snort DB will avoid using the
general super-user root. Interesting when you use the same MySQL server for
different DBs ! :-)
You're welcome. I am very interested by any discussion about the DB SQL schema
of snort database anyway.
> Lance Spitzner
Oops... I should have written : You're welcome, Sir... ;-)
More information about the Snort-users