[Snort-users] mysql error prevails...

AllowOverride allowoverride at ...11827...
Sat Oct 6 14:51:14 EDT 2012


ok, beenph, i did what you suggested, here are new grants for snort
user:

mysql> show grants for 'snort'@'localhost';
+-----------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for snort at ...274...
|
+-----------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON *.* TO
'snort'@'localhost' IDENTIFIED BY PASSWORD '*hidden-sorry' |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO
'snort'@'localhost'
|
+-----------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

1. 
just for good measure restarting mysql service:

# service mysql restart
mysql stop/waiting
mysql start/running, process 2114

# service mysql status
mysql start/running, process 2114


2.
my.cnf unchanged:

[client]
port            = 3306
socket          = /var/run/mysqld/mysqld.sock

[mysqld_safe]
socket          = /var/run/mysqld/mysqld.sock
nice            = 0

 localhost which is more compatible and is not less secure.
bind-address            = 127.0.0.1
(i changed this before, per email suggestions, now its back to default
127...

3. 

/etc/mysql/debian.cnf  defaults:

# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host     = localhost
user     = debian-sys-maint
password = sorry-hidden
socket   = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host     = localhost
user     = debian-sys-maint
password = sorry-hidden
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr


3. 

now, trying to connect again by running barnyard2:

a. start snort:

/usr/local/bin/snort -A fast -q -u snort -g snort
-c /etc/snort/etort.conf -i eth0 &
[1] 2276

# tail -f /var/log/syslog
Oct  6 11:36:57 hidden kernel: [ 2423.983662] device eth0 entered
promiscuous mode


b. start barnyard2:

/usr/local/bin/barnyard2 -c /etc/snort/etc/barnyard2.conf
-d /var/log/snort -f snort.log -w /var/log/snort/barnyard2.waldo -D &
[2] 2296


Oct  6 11:38:17 jupiter barnyard2[2296]: Running in Continuous mode
Oct  6 11:38:17 jupiter barnyard2[2296]: 
Oct  6 11:38:17 jupiter barnyard2[2296]:         --== Initializing
Barnyard2 ==--
Oct  6 11:38:17 jupiter barnyard2[2296]: Initializing Input Plugins!
Oct  6 11:38:17 jupiter barnyard2[2296]: Initializing Output Plugins!
Oct  6 11:38:17 jupiter barnyard2[2296]: Parsing config file
"/etc/snort/etc/barnyard2.conf"
Oct  6 11:38:25 jupiter barnyard2[2296]: Log directory
= /var/log/barnyard2
Oct  6 11:38:25 jupiter barnyard2[2296]: Initializing daemon mode
Oct  6 11:38:25 jupiter barnyard2[2297]: Daemon initialized, signaled
parent pid: 2296
Oct  6 11:38:25 jupiter barnyard2[2297]: PID path stat checked out ok,
PID path set to /var/run/
Oct  6 11:38:25 jupiter barnyard2[2297]: Writing PID "2297" to file
"/var/run//barnyard2_eth0.pid"
Oct  6 11:38:25 jupiter barnyard2[2296]: Daemon parent exiting
Oct  6 11:38:26 jupiter barnyard2[2297]: FATAL ERROR: database:
mysql_error: Access denied for user 'snort'@'localhost' (using password:
YES)

... also 
Oct  6 11:39:01 jupiter CRON[2300]: (root) CMD (
[ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] &&
find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin
+$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \;
-delete)

interesting...

ok welp, as you can see, i am still unable to connect locally. i will
try this cmd at terminal... to rule out some networking issue,,

stand by....


nope, also tried running as snort user, which leads me to another
question,,, 

1. should i be running barnyard2 and snort processes with root, or snort
user?
the howtos mention chmoding perms chmod 777 /var/log/barnyard2 which
would imply barnyard2 should be run as non-root user...
but when i ran same cmd above logged in as snort user, i Fatal Error:

-== Initializing Barnyard2 ==--
Oct  6 11:43:58 jupiter barnyard2[2497]: Initializing Input Plugins!
Oct  6 11:43:58 jupiter barnyard2[2497]: Initializing Output Plugins!
Oct  6 11:43:58 jupiter barnyard2[2497]: Parsing config file
"/etc/snort/etc/barnyard2.conf"
Oct  6 11:44:07 jupiter barnyard2[2497]: Log directory
= /var/log/barnyard2
Oct  6 11:44:07 jupiter barnyard2[2497]: FATAL ERROR: OpenAlertFile() =>
fopen() alert file /var/log/barnyard2/barnyard2.alert: Permission denied

so.. 

2. which users can/should be running snort, barnyard2 services by
default just to get this working?
i think this might be the issue, for ubuntu servers have everything
involved set as root:root and the howtos mention chmod on some dirs..
just thinking outloud,,, any suggestions about perms for dirs as well?
what works easiest and consistently with default ./configure installs.

thanks...




~# 
[2]+  Done                    /usr/local/bin/barnyard2
-c /etc/snort/etc/barnyard2.conf -d /var/log/snort -f snort.log
-w /var/log/snort/barnyard2.waldo -D

-------------- next part --------------
An embedded message was scrubbed...
From: beenph <beenph at ...11827...>
Subject: Re: [Snort-users] mysql error prevails...
Date: Sat, 6 Oct 2012 04:31:46 -0400
Size: 1451
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121006/fad7f3ed/attachment.mht>


More information about the Snort-users mailing list