[Snort-users] [patch] snort with mysql+SSL support

Ryan Steinmetz rpsfa at ...15322...
Fri Jun 24 21:52:57 EDT 2011


I've thrown together a quick hack to require SSL use when logging to a mysql database.  I've tested this against v2.9.0.5 and it seems to work fine.

A few notes:
-If you are chrooting snort, you'll need to have a devfs mount within the new root as the mysql client libs will want access to /dev/urandom.
-If you are chrooting snort, you will also need to have the certificates available within the chrooted environment as well.
-Once the patch has been applied, snort will require SSL for all mysql connections.  To disable this you will need to revert the patch.
-Certificates must exist in /usr/local/etc/snort/certs and be named as follows:
--ca.pem: The CA's public key
--cert.pem: The client's public key
--key.pem: The client's private key

Ideally, this would be incorporated into future releases and include config knobs to allow for flexibility.


Ryan Steinmetz
PGP: EF36 D45A 5CA9 28B1 A550  18CD A43C D111 7AD7 FAF2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sslpatch.diff
Type: text/x-diff
Size: 715 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110624/eb3c7a18/attachment.diff>

More information about the Snort-users mailing list