AW: [Snort-users] encrypt barnyard connections

Jochen Vogel jvogel at ...8466...
Mon Jun 30 00:53:08 EDT 2003


Hi Andrew,

in the past i tried to use barnyard and postgresql without encryption.
this didn´t work, because in the source of barnyard postgresql is not
completed yet.
how should i use postgresql with openssl use if barnyard not work with
postgresql?

thx for help
jo

> -----Ursprüngliche Nachricht-----
> Von: Hutchinson, Andrew [mailto:andrew.hutchinson at ...759...]
> Gesendet: Freitag, 27. Juni 2003 17:39
> An: Joerg Weber; SnortUsers
> Betreff: RE: [Snort-users] encrypt barnyard connections
> 
> 
> You could do that, or...
> 
> <ShamelessPostgreSQLPlug>
> 
> you could use PostgreSQL, compiled with the --with-openssl option, and
> use ssl natively and bypass stunnel altogether.  The PostgreSQL
> installation/configuration documentation explain how to set this up.
> 
> </ShamelessPosgreSQLPlug>
> 
> 
> 
> :-)
> 
> Andrew
> 
> Andrew Hutchinson - Network Security
> Vanderbilt University Medical Center
> (615) 936-2856
> 
> 
> > -----Original Message-----
> > From: Joerg Weber [mailto:j.weber at ...8292...] 
> > Sent: Friday, June 27, 2003 6:31 AM
> > To: SnortUsers
> > Subject: Re: [Snort-users] encrypt barnyard connections
> > 
> > 
> > Hi,
> > 
> > 
> > > i would to encrypt the barnyard connection to the the mysql 
> > database.
> > > -is this possible over stunnel?
> > This works just fine for me without any issues.
> > You can run Stunnel with certificates and strict cert checking.
> > 
> > On the snort-box do something like
> > stunnel -c -d 127.0.0.1:3306 -r mysql-server-here:3307 -s stunnel -g
> > stunnel
> > 
> > and on the remote mysql box
> > /usr/sbin/stunnel -p /usr/share/ssl/stunnel/server.pem 
> -P/tmp/ -d 3307
> > -r 127.0.01:3306 -s stunnel -g stunnel
> > 
> > or, with strict cert checking, something like this on the client
> > /usr/sbin/stunnel -c -d 127.0.01:3306 -r 
> > mysql-server-here:3307 -v 3 -A
> > /usr/share/ssl/stunnel/server.cert -p 
> > /usr/share/ssl/stunnel/client.pem
> > -P /var/run/stunnel.pid -s stunnel -g stunnel
> > 
> > on the remote mysql box
> > /usr/sbin/stunnel -A /usr/share/ssl/stunnel/all.cert -p
> > /usr/share/ssl/stunnel/server.pem -d 3307 -r 127.0.0.1:3306 -v 3 -P
> > /var/run/stunnel.pid -s stunnel -g stunnel
> > 
> > Now, if you distribute the proper certs to the client and 
> the server,
> > your connection is ssl-encrypted and connections are 
> allowed with the
> > proper certs only.
> > 
> > Works like a charm for me.
> > 
> > Oh, it's very possible I goofed up on the pasted lines, you 
> > gotta check
> > the parameters of course ;)
> > 
> > Cheers!
> > 
> > -- 
> > Joerg Weber
> > Network Security
> > 
> > infoServe GmbH
> > Nell-Breuning-Allee 6
> > D-66115 Saarbruecken
> > 
> > T: (0681) 8 80 08 - 0
> > F: (0681) 8 80 08 - 59
> > www.infos.de
> > E: j.weber at ...8292...
> > 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: INetU
> Attention Web Developers & Consultants: Become An INetU 
> Hosting Partner.
> Refer Dedicated Servers. We Manage Them. You Get 10% Monthly 
> Commission!
> INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list