[Snort-users] Snort With Base Access Without Delete

IT Security itsecurity at ...14863...
Fri May 7 14:53:30 EDT 2010


This may be a silly question and more related to BASE than to Snort, but
we can't seem to figure it out, so here goes...

We're running Snort 2.8.6 and sending alerts to a mysql DB with BASE
1.4.5 as the frontend and would like to provide read-only access to BASE
to our Helpdesk staff.

The problem is that any BASE user can delete alerts. We've configured
the sensor access and BASE access DB permissions per the documentation.
We've tried adding plain users to BASE, but it seems anyone who can log
into BASE have access to the underlying DB as the BASE DB user, and that
user has DELETE on most all snort.* tables.

Have others dealt with this? Are we over-looking something obvious?

We looked at Snorby and Squil, but prefer to stick with BASE.

Thanks for any suggestions.




More information about the Snort-users mailing list