[Snort-users] Snort logging to encrypted MySQL (ssl) server

Jason Monroe "JC" monroe at ...5738...
Tue Nov 4 12:37:13 EST 2003


Hi Dave,

Short answer: Native Mysql/Snort crypto NOT RIGHT NOW!
snort-2.0.2/src/output-plugins/spo_database.c doesn't provide the stubs
to do what you're trying to do. Snort v2.0.3 is the same story.

I think you want something like (or at least places to fill the
following values in) 

from mysql-4.0.16/include/sslopt-longopts.h

{"ssl", OPT_SSL_SSL,
   "Enable SSL for connection (automatically enabled with other flags).
Disable with --skip-ssl",
 (gptr*) &opt_use_ssl, (gptr*) &opt_use_ssl, 0, GET_BOOL, NO_ARG, 0, 0,
0,
   0, 0, 0},
  {"ssl-key", OPT_SSL_KEY, "X509 key in PEM format (implies --ssl)",
   (gptr*) &opt_ssl_key, (gptr*) &opt_ssl_key, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-cert", OPT_SSL_CERT, "X509 cert in PEM format (implies --ssl)",
   (gptr*) &opt_ssl_cert, (gptr*) &opt_ssl_cert, 0, GET_STR,
REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-ca", OPT_SSL_CA,
   "CA file in PEM format (check OpenSSL docs, implies --ssl)",
   (gptr*) &opt_ssl_ca, (gptr*) &opt_ssl_ca, 0, GET_STR, REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-capath", OPT_SSL_CAPATH,
   "CA directory (check OpenSSL docs, implies --ssl)",
   (gptr*) &opt_ssl_capath, (gptr*) &opt_ssl_capath, 0, GET_STR,
REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},
  {"ssl-cipher", OPT_SSL_CIPHER, "SSL cipher to use (implies --ssl)",
   (gptr*) &opt_ssl_cipher, (gptr*) &opt_ssl_cipher, 0, GET_STR,
REQUIRED_ARG,
   0, 0, 0, 0, 0, 0},


snort/src/output-plugins/spo_database.c
/* Snort Database Output Plug-in
 *
 *  Maintainer: Roman Danyliw <rdd at ...241...>, <roman at ...438...>
 *
 *  Originally written by Jed Pickel <jed at ...153...> (2000-2001)
 *
 * See the doc/README.database file with this distribution
 * documentation or the snortdb web site for configuration
 * information
 *
 * Web Site: http://www.andrew.cmu.edu/~rdanyliw/snortdb/snortdb.html
 */

Be aware the the link for "web site" produces a 404, but as Marty told
me you're encouraged to mail the maintainer to add a tally to the board
of people who would like to make use of various crypto functionality
that is provided natively by their various database engines. 

In the mean time you can make use stunnel a fairly good tutorial is
provided for you by Mr. Jason Chan @
http://www.samag.com/documents/s=1147/sam0108b/0108b.htm

If by chance this article doesn't provide you with enough information I
have a more in depth step by step for stunnel if you're interested. 

Thanks,

JC






More information about the Snort-users mailing list