De uma verificada nos logs de conexão do mysql, e verifique tambem se os
dados estão dentro das tabelas!
É bom verificar se o snort esta no ar também, mesmo depois do start!
[ ]'s Fernando Guimarães
----- Original Message -----
From: "caio ferreira" <[EMAIL PROTECTED]>
To: "debian" <debian-user-portuguese@lists.debian.org>
Sent: Sunday, January 29, 2006 11:10 AM
Subject: Snort+acid+MySQL
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All
Estou tendo problemas com o trio snort, acid e mysql.
Fiz o a instalação e configuração do snort, acid e mysql seguindo o
roteiro[1], mas infelizmente no acid não esta aparecendo nada. Não tive
nenhum problema durante a instalação do snort e do acid, mas aparentemente
o snort não esta logando nada. Alguém por acaso teria alguma idéia do que
eu fiz de errado ?
Obrigado.
1-roteiro
# Dados Técnicos #
##################
gateway = servidor MySQ = localhost = netrino
# Instalacao #
$ aptitude install snort-common snort-mysql snort-rules-default
mysql-client mysql-server acidlab -y
# Criacao da base de dados #
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 3.23.36-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer
mysql> create database snort;
Query OK, 1 row affected (0.01 sec)
mysql> grant insert, select on snort.* to [EMAIL PROTECTED]
identified by 'senha123';
Query OK, 0 rows affected (0.02 sec)
mysql> grant insert, select, delete, update, create on snort.* to
[EMAIL PROTECTED] identified by 'acid_senha';
Query OK, 0 rows affected (0.01 sec)
mysql> quit;
# cp /usr/share/doc/snort-mysql/create_mysql.gz /tmp
# gunzip /tmp/create_mysql.gz
# mysql -u root -p snort < /tmp/create_mysql
$ vi /etc/snort/reference.config
output database: log, mysql, dbname=snort user=snort host=localhost
password=snort_user_password
# Criando o usuario acid
$ mysql -u root -p
mysql> grant insert,select,delete,update,create on snort.* to
[EMAIL PROTECTED] identified by 'acid_user_password';
mysql> quit;
$ vi /etc/mysql/my.cnf
# Comentar a linha abaixo
#skip-networking
$ vi /usr/share/acidlab/acid_conf.php
$alert_dbname = "snort";
$alert_host = "stargate";
$alert_port = "";
$alert_user = "snort";
$alert_password = "snort_user_password";
/* Archive DB connection parameters */
$archive_dbname = "snort";
$archive_host = "stargate";
$archive_port = "";
$archive_user = "snort";
$archive_password = "snort_user_password";
ln -sf /usr/share/acidlab/ /var/www/acidlab
- --
.''`. Caio Abreu Ferreira
: :' : GNU/Linux Debian
`. `'` fingerprint 0B5 0357 B80C E53C 5EF6 9D58 2D1B 0602 45E5 183A
`- Key ID 0x45E5183A
Linux Couter 327834
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD3L6oLRsGAkXlGDoRAsRwAJ482QwmFtRlVzC5gpTWzdgUqtj49wCgk3Lq
8d1by60x3uoRTLPVsUzlN4k=
=GB9f
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
