[Snort-users] Snort With Base Access Without Delete

Galley, Daniel dgalley at ...14803...
Tue May 11 17:15:34 EDT 2010


One way to do this would be to create another DB user that only has read
privileges on the tables.  Then make a copy of your base folder and edit
the configuration to use this read-only DB user instead of the standard
DB user.  Give your helpdesk login rights to this instance of BASE and
not the other.  Does that make sense?

Daniel S. Galley 

-----Original Message-----
From: IT Security [mailto:itsecurity at ...14863...] 
Sent: Friday, May 07, 2010 11:54 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort With Base Access Without Delete

This may be a silly question and more related to BASE than to Snort, but
we can't seem to figure it out, so here goes...

We're running Snort 2.8.6 and sending alerts to a mysql DB with BASE
1.4.5 as the frontend and would like to provide read-only access to BASE
to our Helpdesk staff.

The problem is that any BASE user can delete alerts. We've configured
the sensor access and BASE access DB permissions per the documentation.
We've tried adding plain users to BASE, but it seems anyone who can log
into BASE have access to the underlying DB as the BASE DB user, and that
user has DELETE on most all snort.* tables.

Have others dealt with this? Are we over-looking something obvious?

We looked at Snorby and Squil, but prefer to stick with BASE.

Thanks for any suggestions.

------------------------------------------------------------------------
------

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list