Configuring MySql on Ubuntu inside VM

Discussion in 'Suggest HOWTO' started by Pzzldmom, Dec 6, 2007.

  1. Pzzldmom

    Pzzldmom New Member

    I am running Ubuntu inside VMware and trying to configure Snort. I have gotten to this portion:

    <
    Scroll down the list to the section with "# output database: log, mysql, user=", remove the "#" from in front of this line.
    Leave the "user=root", change the "password=password" to "password=YOUR_PASSWORD", "dbname=snort"
    Make note of the username, password, and dbname. You will need this information when we set up the Mysql db.
    Save and quit.
    11. Setup the Mysql database.

    Log into the mysql server.

    # mysql -u root -p

    Sometimes there is no password set so just hit enter.

    If you get a failed logon, try the above command again and enter YOUR_PASSWORD.

    If there is no password you need to create a password for the root account.

    Note: Once you are in mysql the # is now a mysql>

    mysql> SET PASSWORD FOR [email protected]=PASSWORD('YOUR_PASSWORD');

    Create the snort database.

    mysql> create database snort;
    mysql> exit

    >

    But no matter what I do I cannot log into mysql. I have tried logging into root when I first log on (so far I am unable to do so, even with changing the passwords in preferences.) I have tried to log in from terminal either under a user name and root.
    There are no errors in /var/log/mysql.log

    Is there another work around for this? I have heard that there is a package in the synaptic snap ins that would allow Ubuntu to read Debian programs that makes mysql easier to install...is that a better way to go?

    Thanks for any help.
     
  2. falko

    falko Super Moderator ISPConfig Developer

    What error message do you get when you try to log in? What's the output of
    Code:
    ps aux|grep mysql
    ?
     
  3. Pzzldmom

    Pzzldmom New Member

    When I enter the mysql -u root -p it brings up "password:" and I enter "password" or the other word I changed it to depending upon which time I tried it. and then it just says:


    "access denied to [email protected]"

    The rest will follow after I have popped into my VMware and run that command.
     
  4. Pzzldmom

    Pzzldmom New Member

    This is what I get when I run that particular command:

    root 4878 0.0 0.1 1752 528 ? S 09:48 0:00 /bin/sh /usr/bin/mysqld_safe
    mysql 5034 0.3 3.1 126920 16140 ? Sl 09:48 0:01 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock
    root 5035 0.0 0.1 1676 548 ? S 09:48 0:00 logger -p daemon.err -t mysqld_safe -i -t mysqld
    root 9155 0.0 0.1 2972 748 pts/0 R+ 09:55 0:00 grep mysql


    Thanks,

    Kyra
     
  5. falko

    falko Super Moderator ISPConfig Developer

    Are you sure you're using the correct password?
     
  6. Pzzldmom

    Pzzldmom New Member

    Of course, that must be it! :p

    *tilts head*


    It's not that hard...it's "password" since it is just VMware; I really do not need security. :(

    I am fairly sure I have typed it correctly at least once in the 30-40 times I have tried to get in. It was one of the first things I did think to try.


    I am sorry if my sarcasm is a bit much at this point. I am fairly frustrated at this point and need suggestions on how to get past this point. *edited to remove fairly snarky comment from a frustrated student on a deadline that really didn't need to be made.*

    Kyra
     
    Last edited: Dec 11, 2007
  7. falko

    falko Super Moderator ISPConfig Developer

    Just wanted to go sure - this has happened lots of times before.

    But now I'm at my wit's end... :(
     
  8. Pzzldmom

    Pzzldmom New Member

    ok I tooled around enough mysql that I got it running......however, it was enough to drive Ghandi to a steakhouse.

    Now I am hitting a wall with my snort.conf file.

    This is my file snort.conf file:

    PHP:
    root@kyra-desktop:/etc/snort/rules# snort -T -c /etc/snort/snort.conf
    Running in Test mode with config file: /etc/snort/snort.conf
    Running in IDS mode

            
    --== Initializing Snort ==--
    Initializing Output Plugins!
    Initializing Preprocessors!
    Initializing Plug-ins!
    Parsing Rules file /etc/snort/snort.conf
    PortVar 
    'HTTP_PORTS' defined :  [ 80]
    PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535]
    PortVar 'ORACLE_PORTS' defined :  [ 1521]
    ,-----------[
    Flow Config]----------------------
    Stats Interval:  0
    Hash Method:     2
    Memcap:          10485760
    Rows  :          4096
    Overhead Bytes:  16388(%0.16)
    `
    ----------------------------------------------
    Frag3 global config:
        Max frags: 65536
        Fragment memory cap: 4194304 bytes
    Frag3 engine config:
        Target-based policy: FIRST
        Fragment timeout: 60 seconds
        Fragment min_ttl:   1
        Fragment ttl_limit: 5
        Fragment Problems: 1
    Stream4 config:
        Stateful inspection: ACTIVE
        Session statistics: INACTIVE
        Session timeout: 30 seconds
        Session memory cap: 8388608 bytes
        Session count max: 8192 sessions
        Session cleanup count: 5
        State alerts: INACTIVE
        Evasion alerts: INACTIVE
        Scan alerts: INACTIVE
        Log Flushed Streams: INACTIVE
        MinTTL: 1
        TTL Limit: 5
        Async Link: 0
        State Protection: 0
        Self preservation threshold: 50
        Self preservation period: 90
        Suspend threshold: 200
        Suspend period: 30
        Enforce TCP State: INACTIVE  
        Midstream Drop Alerts: INACTIVE
        Allow Blocking of TCP Sessions in Inline: ACTIVE
    Stream4_reassemble config:
        Server reassembly: INACTIVE
        Client reassembly: ACTIVE
        Reassembler alerts: ACTIVE
        Zero out flushed packets: INACTIVE
        Flush stream on alert: INACTIVE
        flush_data_diff_size: 500
        Reassembler Packet Preferance : Favor Old
        Packet Sequence Overlap Limit: -1
        Flush behavior: Small (<255 bytes)
        Ports: 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 1433 1521 3306 
        Emergency Ports: 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 1433 1521 3306 
    PerfMonitor config:
        Time:           300 seconds
        Flow Stats:     INACTIVE
        Event Stats:    INACTIVE
        Max Perf Stats: INACTIVE
        Console Mode:   INACTIVE
        File Mode:      /var/snort/snort.stats
        SnortFile Mode: INACTIVE
        Packet Count:   10000
        Dump Summary:   No
    HttpInspect Config:
        GLOBAL CONFIG
          Max Pipeline Requests:    0
          Inspection Type:          STATELESS
          Detect Proxy Usage:       NO
          IIS Unicode Map Filename: /etc/snort/unicode.map
          IIS Unicode Map Codepage: 1252
        DEFAULT SERVER CONFIG:
          Server profile: All
          Ports: 80 8080 8180 
          Flow Depth: 300
          Max Chunk Length: 500000
          Inspect Pipeline Requests: YES
          URI Discovery Strict Mode: NO
          Allow Proxy Usage: NO
          Disable Alerting: NO
          Oversize Dir Length: 500
          Only inspect URI: NO
          Ascii: YES alert: NO
          Double Decoding: YES alert: YES
          %U Encoding: YES alert: YES
          Bare Byte: YES alert: YES
          Base36: OFF
          UTF 8: OFF
          IIS Unicode: YES alert: YES
          Multiple Slash: YES alert: NO
          IIS Backslash: YES alert: NO
          Directory Traversal: YES alert: NO
          Web Root Traversal: YES alert: YES
          Apache WhiteSpace: YES alert: NO
          IIS Delimiter: YES alert: NO
          IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
          Non-RFC Compliant Characters: NONE
          Whitespace Characters: 0x09 0x0b 0x0c 0x0d 
    rpc_decode arguments:
        Ports to decode RPC on: 111 32771 
        alert_fragments: INACTIVE
        alert_large_fragments: ACTIVE
        alert_incomplete: ACTIVE
        alert_multiple_requests: ACTIVE
    Portscan Detection Config:
        Detect Protocols:  TCP UDP ICMP IP
        Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
        Sensitivity Level: Low
        Memcap (in bytes): 10000000
        Number of Nodes:   36900

    Tagged Packet Limit: 256
    /etc/snort/snort.conf(449) unknown dynamic preprocessor "telnet_decode"
    ERROR: Misconfigured dynamic preprocessor(s)
    Fatal Error, Quitting..
    These are my rules for telnet:

    PHP:
    preprocessor telnet_decode

    # sfPortscan
    # ----------
    # Portscan detection module.  Detects various types of portscans and
    # portsweeps.  For more information on detection philosophy, alert types,
    # and detailed portscan information, please refer to the README.sfportscan.
    #
    # -configuration options-
    #     proto { tcp udp icmp ip_proto all }
    #       The arguments to the proto option are the types of protocol scans that
    #       the user wants to detect.  Arguments should be separated by spaces and
    #       not commas.
    #     scan_type { portscan portsweep decoy_portscan distributed_portscan all }
    #       The arguments to the scan_type option are the scan types that the
    #       user wants to detect.  Arguments should be separated by spaces and not
    #       commas.
    #     sense_level { low|medium|high }
    #       There is only one argument to this option and it is the level of
    #       sensitivity in which to detect portscans.  The 'low' sensitivity
    #       detects scans by the common method of looking for response errors, such
    #       as TCP RSTs or ICMP unreachables.  This level requires the least
    #       tuning.  The 'medium' sensitivity level detects portscans and 
    #       filtered portscans (portscans that receive no response).  This
    #       sensitivity level usually requires tuning out scan events from NATed
    #       IPs, DNS cache servers, etc.  The 'high' sensitivity level has
    #       lower thresholds for portscan detection and a longer time window than
    #       the 'medium' sensitivity level.  Requires more tuning and may be noisy
    #       on very active networks.  However, this sensitivity levels catches the
    #       most scans.
    #     memcap { positive integer }
    #       The maximum number of bytes to allocate for portscan detection.  The
    #       higher this number the more nodes that can be tracked.
    #     logfile { filename }
    #       This option specifies the file to log portscan and detailed portscan
    #       values to.  If there is not a leading /, then snort logs to the
    #       configured log directory.  Refer to README.sfportscan for details on
    #       the logged values in the logfile.
    #     watch_ip { Snort IP List }
    #     ignore_scanners { Snort IP List }
    #     ignore_scanned { Snort IP List }
    #       These options take a snort IP list as the argument.  The 'watch_ip'
    #       option specifies the IP(s) to watch for portscan.  The 
    #       'ignore_scanners' option specifies the IP(s) to ignore as scanners.
    #       Note that these hosts are still watched as scanned hosts.  The
    #       'ignore_scanners' option is used to tune alerts from very active
    #       hosts such as NAT, nessus hosts, etc.  The 'ignore_scanned' option 
    #       specifies the IP(s) to ignore as scanned hosts.  Note that these hosts
    #       are still watched as scanner hosts.  The 'ignore_scanned' option is
    #       used to tune alerts from very active hosts such as syslog servers, etc.
    #
    preprocessor sfportscanproto  all } \
                             
    memcap 10000000 } \
                             
    sense_level low }


    Any suggestions on how to edit these two so that I can get Snort to run would be helpful.


    Kyra
     

Share This Page