Ok.
I will repeat that I am far form a snort/mysql guru, but this what I think you should
try.
1) Try connecting to the lan address (192.168.0.1) using putty instead of the ethernet
address. Are you working locally? If so you shouldn't need to use your exposed ip
address. The show grants command shows permissions for [EMAIL PROTECTED] Does it
also show permissions for [EMAIL PROTECTED]?
2) Temporarily grant wide open access to sensor1 by using the command..
mysql> GRANT ALL PRIVILEGES ON *.* TO sensor1@'192.168.0.%'
-> IDENTIFIED BY 'enter password' WITH GRANT OPTION;
This will allow sensor1 to connect from any machine on your internal LAN.
I am pretty sure this is a permissions issue.
You can also try http://www.mysql.com/doc/en/Access_denied.html
Regards,
Wil McGilvery
Manager, Digital Media
416-744-7191
416-716-3964 (cell)
1-888-622-3729
416-744-0406� FAX
www.LynchDigital.com
-----Original Message-----
From: mike Hughes [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 10, 2003 9:34 PM
To: [EMAIL PROTECTED]
Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
Here is some real results: Ok im going to just give you all my interface ip
addys soo it might clear what im trying to do up:
Internet IP Linux Machine
eth0 - 142.173.77.22-
Linux Machine LAN interface
eth1 - 192.168.0.1 -
Windows Machine on my LAN
- 192.168.0.69 -
I installed all the packages on the linux machine that i was suppose to
folowing the reference but didnt do anything to MYSQL didnt touch any
setting just installed the RPM on the LINUX machine ONLY the WINDOWS machine
i have set users and database and stuff:
Here is the output of commands from my WINDOWS mysql:
mysql> SHOW DATABASES;
+----------+
| Database |
+----------+
| mysql |
| snort |
| test |
+----------+
3 rows in set (0.00 sec)
mysql> SHOW GRANTS FOR root@localhost
-> ;
+---------------------------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> SHOW GRANTS FOR [EMAIL PROTECTED]
-> ;
+-------------------------------------------------------------------------------
-------+
| Grants for [EMAIL PROTECTED]
|
+-------------------------------------------------------------------------------
-------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `snort`.* TO
'sensor1'@'192.16
8.0.1' |
+-------------------------------------------------------------------------------
-------+
1 row in set (0.00 sec)
mysql>
Soo then the intructions say connect to the LINUX machine from WINDOWS
machine using PUTTY and PORT 22 Soo here is what i plug into PUTTY
IP: 142.173.77.22 Port 22
login as: root
password: rootpassword
Then i run this command
snort-mysql+flexresp -v -c /etc/snort/snort.conf
I get this error:
database: mysql_error: Can't connect to MySQL server on '192.168.0.69' (110)
Fatal Error, Quitting..
Can you see whats wrong yet? with my settings? Maybe i got the ip address
messed up i cant tell..any help from that?? Thanks again for any help
>From: "Wil McGilvery" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: <[EMAIL PROTECTED]>
>Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
>Date: Mon, 10 Feb 2003 21:17:52 -0500
>
>I am really very sorry for my poor typing skills.
>
>I omitted one very important thing - every mysql command ends in ';'
>
>Therefore SHOW DATABASE should be SHOW DATABASE;
>
>The SHOW GRANTS should be SHOW GRANTS FOR sensor1@localhost; (or ip
>address)
>
>My apologies for this mistake.
>
>Regards,
>
>Wil McGilvery
>Manager, Digital Media
>
>
>
>416-744-7191
>416-716-3964 (cell)
>1-888-622-3729
>416-744-0406� FAX
>www.LynchDigital.com
>
>
>-----Original Message-----
>From: mike Hughes [mailto:[EMAIL PROTECTED]]
>Sent: Monday, February 10, 2003 6:25 PM
>To: [EMAIL PROTECTED]
>Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
>
>Ok from my "windows machine (management)" i ran these commands and here is
>the output:
>
>C:\mysql\bin>mysql -u sensor1 -p snort
>Enter password:
>Welcome to the MySQL monitor. Commands end with ; or \g.
>Your MySQL connection id is 1 to server version: 3.23.55-nt
>
>Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
>
>mysql> SHOW DATABASE
> ->
>
>mysql> SHOW GRANTS
> ->
>
>This shouldnt be like this im guessing? ;( HOw can i fix this?
>
>
>
>
>
>
>
> >From: "Wil McGilvery" <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: <[EMAIL PROTECTED]>
> >Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
> >Date: Mon, 10 Feb 2003 16:40:02 -0500
> >
> >I believe the syntax is the same regardless of what O/S you have.
> >
> >Have you tried connecting from your shell?
> >
> >shell> mysql -u (user_name) -p (name of database use mysql or test)
> >
> ><enter password when prompted or leave blank if no password>
> >
> >To see your databases use ..
> >
> >mysql> SHOW DATABASES
> >
> >To see priviledges for sensor1@"ipaddress" use..
> >
> >mysql> SHOW GRANTS FOR sensor1@"ipaddress"
> >
> >I noticed that you used [EMAIL PROTECTED] when you granted privileges
> >and the snort error used @192.168.0.1. You may want to check this out.
> >
> >
> >There are some very good admin tools that will assist you in the
> >administration of mysql.
> >
> >Try:
> >
> >http://www.phpwizard.net/projects/phpMyAdmin/
> >
> >http://www.webyog.com/sqlyog/index.html
> >
> >HTH
> >
> >Regards,
> >
> >Wil McGilvery
> >Manager, Digital Media
> >
> >
> >
> >416-744-7191
> >416-716-3964 (cell)
> >1-888-622-3729
> >416-744-0406� FAX
> >www.LynchDigital.com
> >
> >
> >-----Original Message-----
> >From: Net Llama! [mailto:[EMAIL PROTECTED]]
> >Sent: Monday, February 10, 2003 3:57 PM
> >To: [EMAIL PROTECTED]
> >Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
> >
> >I've never used mysql on a windoze box, so its really hard to say if what
> >you did was right or wrong.
> >
> >On Mon, 10 Feb 2003, mike Hughes wrote:
> > > Hey whats up?
> > >
> > > when i created the mysql database on my windows machine this is what i
> >did:
> > >
> > > cd c:\mysql\bin
> > >
> > > MySQL grant INSERT,SELECT,CREATE,DELETE on snort.* to snort;
> > >
> > > grant INSERT,SELECT,CREATE,DELETE on snort.* to [EMAIL PROTECTED];
> > >
> > > ## IS THIS right was it suppose to be named sensor1@my inetrnet ip or
> >was it
> > > suppose to be named my LAN ip og my LINUX machine??
> > > Well then i did:
> > >
> > > exit
> > >
> > > MySQL -u snort snort < c:\SnortM\snortdb\create_mysql
> > >
> > > Exit ( To exit the shell window)
> > >
> > > >From: Net Llama! <[EMAIL PROTECTED]>
> > > >Reply-To: [EMAIL PROTECTED]
> > > >To: [EMAIL PROTECTED]
> > > >Subject: RE: Access denied for user: '@192.168.0.1' -SNORT-
> > > >Date: Mon, 10 Feb 2003 10:30:44 -0500 (EST)
> > > >
> > > >In deed, that sounds like the problem to me as well. "@192.168.0.1"
> > > >sounds like a really strange name for a mysql user. You sure that
>you
> >set
> > > >it up properly?
> > > >
> > > >On Mon, 10 Feb 2003, Wil McGilvery wrote:
> > > >
> > > > > I am not an expert on snort, but it looks like the user that is
> >trying
> > > >to log onto your database does not have permission to access it.
> > > > >
> > > > > Have you tried to access your database with that user outside of
> >snort?
> > > > >
> > > > > www.mysql.com has very good documentation about setting up and
> > > >configuring a database.
> > > > >
> > > > >
> > > > > Wil McGilvery
> > > > > Manager, Digital Media
> > > > >
> > > > >
> > > > >
> > > > > 416-744-7191
> > > > > 416-716-3964 (cell)
> > > > > 1-888-622-3729
> > > > > 416-744-0406� FAX
> > > > > www.LynchDigital.com
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: mike Hughes [mailto:[EMAIL PROTECTED]]
> > > > > Sent: Monday, February 10, 2003 6:13 AM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: Access denied for user: '@192.168.0.1' -SNORT-
> > > > >
> > > > > whaaats up guys...
> > > > >
> > > > > I have worked at this for a while now but cant figure it out...I
> >have
> > > >been
> > > > > trying to get snort working using this as my reference but am
>stuck
> >on
> > > >the
> > > > > send to last step HELP!
> > > > > here is my reference:
> > > > > http://www.sans.org/rr/intrusion/practical_guide.php
> > > > > Fragment Problems: 0
> > > > > telnet_decode arguments:
> > > > > Ports to decode telnet on: 21 23 25 119
> > > > > ERROR spp_arpspoof /etc/snort/snort.conf(39) => Cannot initialize
> > > > > arpspoof_detect_host without arpspoof
> > > > > database: compiled support for ( mysql )
> > > > > database: configured to use mysql
> > > > > database: database name = snort
> > > > > database: user = sensor1
> > > > > database: host = 192.168.0.69
> > > > > database: port = 3306
> > > > > database: sensor name = Sensor1
> > > > > database: detail level = full
> > > > > database: mysql_error: Access denied for user: '@192.168.0.1' to
> > > >database
> > > > > 'snort'
> > > > > Fatal Error, Quitting..
> > > > >
> > > > > How can i debug this and try to figure out what setting is
>wrong???
> > > > > Im a newbie to mysql soo im not too sure how to see those
>settings:
> >but
> > > >i
> > > > > followed the directions properly.
> >
> >--
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >Lonni J Friedman [EMAIL PROTECTED]
> >Linux Step-by-step & TyGeMo http://netllama.ipfox.com
> >
> >_______________________________________________
> >Linux-users mailing list
> >[EMAIL PROTECTED]
> >Unsubscribe/Suspend/Etc ->
> >http://www.linux-sxs.org/mailman/listinfo/linux-users
> >
> >_______________________________________________
> >Linux-users mailing list
> >[EMAIL PROTECTED]
> >Unsubscribe/Suspend/Etc ->
> >http://www.linux-sxs.org/mailman/listinfo/linux-users
>
>
>_________________________________________________________________
>MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
>http://join.msn.com/?page=features/virus
>
>_______________________________________________
>Linux-users mailing list
>[EMAIL PROTECTED]
>Unsubscribe/Suspend/Etc ->
>http://www.linux-sxs.org/mailman/listinfo/linux-users
>
>_______________________________________________
>Linux-users mailing list
>[EMAIL PROTECTED]
>Unsubscribe/Suspend/Etc ->
>http://www.linux-sxs.org/mailman/listinfo/linux-users
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
