Snort mailing list archives

Re: FW: Beginner Help...

From: "Stevo" <checkpoint () ozbergs com>
Date: Fri, 1 Aug 2003 14:10:14 -0700

So which line is omitted??  And thanks for the link to the most current doc!

Stevo

----- Original Message -----
From: "Patrick S. Harper - CISSP" <lists () internetsecurityguru com>
To: "Erek Adams" <erek () snort org>; <support () nps-dc org>
Cc: <snort-users () lists sourceforge net>
Sent: Friday, August 01, 2003 12:53 PM
Subject: Re: FW: [Snort-users] Beginner Help...

That version has an omited line in it, the latest (as linked to in the top
of that doc) is located at
http://www.internetsecurityguru.com/documents/snort_acid_rh9.pdf

I try to keep it updated to the latest version of everything.  It has the
corect info in it.  I would love to get the newest version on the snort
site, a lot of people are not checking for upgrades to it before they

start

the install.

Patrick S. Harper

----- Original Message -----
From: "Erek Adams" <erek () snort org>
To: <support () nps-dc org>
Cc: <snort-users () lists sourceforge net>
Sent: Friday, August 01, 2003 7:57 AM
Subject: Re: FW: [Snort-users] Beginner Help...

On Thu, 31 Jul 2003 support () nps-dc org wrote:

I've set up 3 boxes in 10 days using that acid/rh9.0 howto (my first

3)-

and

each time the same thing happened to me.  Check your MySQL snort

dbase,

and

the table called 'events'  if (after running Nessus/NMAP at your

sensor)

the

table's empty, it's that snort isn't writing to the dbase. (this was

the

case for me)

I double checked everything to no avail (i did have a MySQL user named
snort who has/had INSERT rights like the howto said...)

as a work-around:  in the snort.conf file, if i switch the mySQL user

to

'root' instead of 'snort'  and then snort can write to MySQL, and ACID

has

some data to display.


You probably don't have the permissions set right for the user.  Make

sure

that the snort user has SELECT, INSERT, UPDATE and DELETE according to

the

chart here [1].

OT: -how big a security issue is this?


Well....  If you want someone to be able to grep thru your snort.conf

file

and get his password to the DB, then it's not an issue.  :)  Just keep

in

mind that the root user usually has full rights to the DB.  One good
SELECT and DELETE and all your data goes away...

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[1] http://acidlab.sourceforge.net/acid_config.html


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.

http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.

http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Beginner Help..., (continued)
- - Re: Beginner Help... Stevo (Aug 01)
    - Re: Beginner Help... Erek Adams (Aug 01)
    - Re: Beginner Help... Stevo (Aug 01)
    - Re: Beginner Help... Patrick S. Harper - CISSP (Aug 01)
- FW: Beginner Help... support (Jul 31)
  - Re: FW: Beginner Help... Erek Adams (Aug 01)
    - Re: FW: Beginner Help... Stevo (Aug 01)
    - RE: FW: Beginner Help... Brian Gregorcy (Aug 01)
    - Re: FW: Beginner Help... Erek Adams (Aug 01)
    - Re: FW: Beginner Help... Patrick S. Harper - CISSP (Aug 01)
    - Re: FW: Beginner Help... Stevo (Aug 01)
    - Re: FW: Beginner Help... Patrick S. Harper - CISSP (Aug 01)
- FW: Beginner Help... support (Jul 31)
- FW: Beginner Help... support (Aug 01)
- RE: FW: Beginner Help... SRH-Lists (Aug 01)
- FW: FW: Beginner Help... support (Aug 01)