[Snort-users] SNORT (Linux) / MySQL (Win32)

JP Vossen vossenjp at ...8683...
Mon Feb 9 23:20:02 EST 2004


> From: "MVIBE" <mvibe at ...11173...>
> To: <snort-users at lists.sourceforge.net>
> Date: Mon, 9 Feb 2004 17:47:23 -0600
> Subject: [Snort-users] SNORT (Linux) / MySQL (Win32)
>
> To keep it simple. I have a small network. MySQL is active on a WIN32 Box,
> has been for sometime now for some web development. I am interested in
> running SNORT, but wish to do this from one of my Linux Firewall. I know
> that to compile SNORT with MySQL support I am to use the --with-mysql
> configure switch.

OK, first, ideally a firewall is JUST a firewall.  I know there is a great
temptation to run Snort on it, since it's in a perfect place.  Be aware that
you are adding complexity and potentially reducing the security of the
firewall if you do this.  In some (perhaps many) cases running Snort on the FW
may be entierly justified.

Second, please tell me you don't have a compiler on the firewall!  If you do,
remove it.  A firewall should be just a firewall, and having a compiler on it
opens up all kinds of Evil Things should the box ever be compromised.  The
theory is that an Evil Cracker can download and compile all sorts of nasty
things, so don't have a compiler on a security device.  The same argument may
be made for lots of other things, like Perl...  YMMV, evaluate your risk, etc.
In general, the first principal of hardening (and what should be more hardened
than the firewall?) is--if it ain't installed it can't be cracked.  Less is
much better.


> The problem I am encountering is that for this switch to work, ./configure
> needs to find the mysql.h header file.

<snip>

> What am I missing, Is this possible (ie running SNORT on Linux with MySQL on
> Win32)?


Yes.  My recommendation is to use the Snort RPMs (but I'm biased).  See
http://www.starken.com/snort/ for the latest RPMs that have not made it to the
Snort.org site yet.

Install snort and snort-mysql on the firewall (shudder) and you're all set.

Later,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?





More information about the Snort-users mailing list