[Snort-users] [patch] snort with mysql+SSL support
rpsfa at ...15322...
Fri Jun 24 21:52:57 EDT 2011
I've thrown together a quick hack to require SSL use when logging to a mysql database. I've tested this against v126.96.36.199 and it seems to work fine.
A few notes:
-If you are chrooting snort, you'll need to have a devfs mount within the new root as the mysql client libs will want access to /dev/urandom.
-If you are chrooting snort, you will also need to have the certificates available within the chrooted environment as well.
-Once the patch has been applied, snort will require SSL for all mysql connections. To disable this you will need to revert the patch.
-Certificates must exist in /usr/local/etc/snort/certs and be named as follows:
--ca.pem: The CA's public key
--cert.pem: The client's public key
--key.pem: The client's private key
Ideally, this would be incorporated into future releases and include config knobs to allow for flexibility.
PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 715 bytes
Desc: not available
More information about the Snort-users