[Snort-users] Snort With Base Access Without Delete

Jeff Kell jeff-kell at ...6282...
Wed May 12 10:41:13 EDT 2010


On 5/11/2010 5:15 PM, Galley, Daniel wrote:
> One way to do this would be to create another DB user that only has read
> privileges on the tables.  Then make a copy of your base folder and edit
> the configuration to use this read-only DB user instead of the standard
> DB user.  Give your helpdesk login rights to this instance of BASE and
> not the other.  Does that make sense?
>   

IIRC, you need "some" rights for BASE to function.  I tried adding a
read-only user, but you have to write the cache entries and post-indexed
items which BASE normally does on each page update (e.g., Added 'xx'
alerts to the alert cache).

You can even try doing reduced SQL GRANTs to a second user, but I never
quite got the right combination without hosing some functionality.

If anyone succeeds, there is certainly an audience of at least two now
for that ability.  :-)

Jeff




More information about the Snort-users mailing list