Ubuntu Security :: Snort Init Errors Mysql Logging?
Feb 23, 2011I have just complied Snort 2.9.0.4 under Ubuntu 10.10 x86_64 installed with all Lamp package.The syntax i used to compile Snort as follows below
[Code]...
ADVERTISEMENT
Ubuntu Security :: Snort Not Starting - ERROR: "/etc/snort/rules/exploit.rules(264) => 'fast_pattern' Does Not Take An Argument"
May 12, 2011I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
[Code]...
Ubuntu Security :: Snort: Convert From IDS To IPS
Feb 4, 2011I am currently running snort as an IDS on the same machine that acts as our gateway. I installed it using sudo apt-get install snort. However, I'd like to make it run as an IPS. Is it possible to convert that currently running snort instance from running as an IDS to an IPS without having to download the snort tar balls and install it? I do not want the tar balls because during updates and upgrades, I'd like the whole OS and installed apps (such as snort) to be upgraded.
View 1 Replies View RelatedUbuntu Security :: How To Enable Ipv6 In Snort
Sep 1, 2011How to enable ipv6 in snort. I read that it must compilate with --enable-ipv6 but still don't know how?
View 2 Replies View RelatedFedora Security :: How To Setup Snort On F13
Dec 5, 2010want to set up snort on my F13 home computer.Is there a simple way to do it or do I have to do it the hard way (compiling and stuff) ?I want to use snort for intrusion prevention and detect possible threats from internet.
View 3 Replies View RelatedUbuntu Security :: No Alert Found In Result From Snort
Mar 3, 2010I have installed snort + mysql + acid base, I add some rules into /etc/snort/rules/local.rules to test the alert:
alert icmp 192.168.1.20 any -> 192.16.1.21 any (flags:A;ack:0;msg:"NMap icmp ping")
alert icmp 192.168.1.20 any -> 192.16.1.21 any (content:"abcdefgh";;msg:"ping de windows")
alert icmp 192.168.1.20 any <> 192.16.1.21 any (flags: S; msg: "HOULA SYN Packet!"
After I restart snort and I tied 2 pc by cross cable (192.168.1.20 for windows and the victim is 192.168.1.21 for Linux where the snort is installed), my HOME_NET 192.168.1.21 and the EXTEREL_NET !$HOME_NET. The problem is when I run:
snort -dvi eth0 -c /etc/snort/snort.conf
I see the packet transmitted and received (the received conten "abcdefgh" ), when I stopped snort CTRL+C I don't found any alert in the result!!! Run time prior to being shutdown was 218.523030 seconds.
Packet Wire Totals:
Received: 1346
Analyzed: 1342 (99.703%)
Dropped: 0 (0.000%)
Outstanding: 4 (0.297%) .....
dcerpc2 Preprocessor Statistics
Total sessions: 0
database: Closing connection to database "snort"
database: Closing connection to database "snort"
Snort exiting
Ubuntu Security :: Snort Maxing A CPU On Return From Suspend?
May 10, 2010I am running Lucid on this machine, but I have had this problem on every machine with Snort. When I awaken the system from suspend or hibernation, snort pegs out one of the CPUs.
View 4 Replies View RelatedUbuntu Security :: Setup And Configure Snort 2.8.5.2 On A 10.10 System?
Dec 11, 2010does anyone know of a good tutorial on how to set up and configure snort 2.8.5.2 on a ubuntu 10.10 system.I have been trying to set up snort and have run into alot of problems setting up the config file and the rules. It works in sniff and packet log mode but i cannot seem to set up IDS mode correctly. There is alot of different info on the net but not much help. There seems to be alot of work involved in setting this up which i do not mind provided i can find the proper documentation to configure the set up.
View 9 Replies View RelatedSecurity :: Snort And MS Threat Protection Manager?
Feb 24, 2011I work in a relatively small organisation of about 30 people (but with a complex network) and we've been looking to move our firewall to Microsoft's Threat Protection Manager on a mostly Windows network. I've been thinking we should have an IDS/IPS inside the firewall and I've been thinking about Snort in NIDS mode but have some basic questions:
1. Can anyone recommend a good web GUI for Snort?
2. Is it advisable to run both on the same machine? (Both from a POV of security and resources.)
3. Would Snort add any real benifit to using TPM?
Ubuntu Security :: Terminal Commands For Snort / Network Snoop?
Jan 24, 2010I am running karmic koala with a recent install of snort 2.4.8.1(build 3 and i am at a loss for useful commands in solving an internal problem(within the network).All i have is `"sudo snort -v -i wlan0" on my very short list of useful commands regarding ids.It is doing little to no good in resolving my problem with a network snoop besides showing that it is running;i need some more weight (knowledge) in order to rectify the problem?
View 4 Replies View RelatedFedora Security :: Snort Dead But Subsys Locked
Mar 4, 2009I am trying to get snort running but I get this with service snortd status:
snort dead but subsys locked
service snortd restart
Stopping snort: [FAILED]
Starting snort: [ OK ]
[root@Fedora tylerm]# tail -f /var/log/messages
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:17:54 Fedora snort[3280]: Initializing daemon mode
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora snort[3282]: PID path stat checked out ok, PID path set to /var/run/
Mar 4 05:17:54 Fedora snort[3282]: Writing PID "3282" to file "/var/run//snort_eth0.pid"
Mar 4 05:17:54 Fedora snort[3282]: Daemon initialized, signaled parent pid: 3280
Mar 4 05:17:54 Fedora snort[3280]: Daemon parent exiting
Mar 4 05:17:54 Fedora snort[3282]: FATAL ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:18:42 Fedora ntpd[2300]: synchronized to 128.10.19.24, stratum 1
Mar 4 05:18:42 Fedora ntpd[2300]: time reset +0.906114 s
Mar 4 05:18:42 Fedora ntpd[2300]: kernel time sync status change 0001
Ubuntu Security :: Install And Run Snort On A Single Laptop With A Wireless Router?
Mar 25, 2010I was wondering whether or not it is possible/advisable to install and run Snort on a single laptop with a wireless router (firewall enabled)? Does Snort require root privileges and are there any other issues one needs to be aware of when installing and running software like this?
View 6 Replies View RelatedSecurity :: Make Use Of Snort And Its Packet Filtering/inspection Abilities
Jul 26, 2010I'm looking to possibly need to make use of snort and its packet filtering/inspection abilities to help cover for PCI. I've searched Amazon, but nothing really stand out, there is a new one (2007 - Snort Intrusion Detection and Prevention Toolkit), or slightly older ones... Managing Security with Snort & IDS Tools - 2004, Snort Cookbook - 2005, Snort for Dummies - 2004.
Now i'm tempted in just going for the latest one, but i'm completely new to snort so perhaps it needs another book like snort for dummies to get started ;-P
General :: Troubleshooting File I/O Errors And Logging?
Jun 14, 2011I have an oracle database that is getting file i/o errors. I don't think it is the fault of oracle, but the nfs mounted filesystems. So ... to troubleshoot my next step is to see if Linux is having trouble with i/o. These are nfs mounted and there are many files located on the filesystem which is having the error. The error only occurs on one file.Does anyone know how to turn on logging for any errors received? I assume I need need logging for nfs daemon, but not sure. Please correct me if I'm wrong.
View 1 Replies View RelatedUbuntu / Apple :: PowerPC 9.10 - Numerous Gnome Errors After Logging In
Feb 20, 2010I'm getting numerous Gnome errors after logging in... Previously everything was working fine; perhaps a software update messed things up? I have looked around for potential solutions, but none that I have tried have made any difference. The errors I get are: The panel encountered a problem while loading:
[code].....
how I can fix this? This is Ubuntu 9.10 PowrePC installed on a PowerBook G4 -- I'd really love to be able to see the battery level remaining (and seeing the time would be nice, too ).
Ubuntu Servers :: How To Enable Mysql Logging
Oct 26, 2010I'm trying to enable MySQL's General Query Log.
I'm running version 5.0.51a of MySQL on Ubuntu 8.04 64-bit server.
The MySQL documentation found here [url] says to "start mysqld with the --log[=file_name] or -l [file_name] option".
But when I issue the following command:
Code:
I get the following error message:
Code:
How to enable MySQL logging since the above is not working?
Server :: Why Mysql Automatically Logging In Without .my.cnf Or My.cnf Sections
May 16, 2010I've checked and double checked that there is no user and password directive in /etc/my.cnf and ~/.my.cnf but it seems that every time I issue mysql it will drop me into the command line without prompting for a password or giving any pause. Of course, the only table I have access to when doing this is information_schema with read only on most of it and no access on the rest, but I was just wondering where else an auto-login style authentication could be coming from.
View 11 Replies View RelatedSoftware :: Mysql Logging For Specific Table Activity?
Sep 21, 2009How do you guys to do just that? I know the option for global logging, with parameters --log on service run or log-bin and err-log for inside my.cnf. But what i am looking for is a way to log specifically a table activity, any activity, be it select or update queries.
View 1 Replies View RelatedUbuntu :: Mysql Errors Can't Logon As Root?
Jan 11, 2010I went away this weekend and everything with my mysql server was working great. I got home on sunday, and I found that my web pages couldn't be displayed because they were unable to gain access to the mysql database.
I am now not able to log into mysql using root or debian-sys-maint. I get error messages.
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
I have tried loading mysql in safe mode, and changing the passwords, but this does little to help me.
I am unable to retart my services without them failing, so after making the changes i have to manually kill the processes for mysql to get it to stop. After doing that i try to start mysql up, and it gives me a .sock error. I will post some of the errors in my next post, but if anyone has a general idea what i can try to manually override the passwords or reset them. I did read that i can reset the debian-sys-maint password using the msql/rm.conf , but i am unable to log on as root to change the password
Ubuntu Servers :: MySQL Not Starting - No Errors
Jan 15, 2010My mysql server won't start on my machine. It simply fails with no errors.
Code:
sudo /etc/init.d/mysql restart
* Stopping MySQL database server mysqld [ OK ]
* Starting MySQL database server mysqld [fail]
When I run cat /var/log/mysql.err the file is empty, thinking this might be a permissions issue
I tried chowning to a mysql user. Here's the current permissions.
Code:
ls -alh /var/log/mysql*
-rw-r----- 1 mysql adm 0 2009-09-30 11:08 /var/log/mysql.err
-rw-r----- 1 mysql adm 0 2010-01-15 09:07 /var/log/mysql.log
-rw-r----- 1 mysql adm 20 2009-11-25 07:35 /var/log/mysql.log.1.gz
-rw-r----- 1 mysql adm 20 2009-11-24 07:59 /var/log/mysql.log.2.gz
-rw-r----- 1 mysql adm 20 2009-11-23 07:56 /var/log/mysql.log.3.gz
-rw-r----- 1 mysql adm 20 2009-11-22 07:54 /var/log/mysql.log.4.gz
-rw-r----- 1 mysql adm 20 2009-11-21 07:47 /var/log/mysql.log.5.gz
-rw-r----- 1 mysql adm 20 2009-11-20 07:43 /var/log/mysql.log.6.gz
-rw-r----- 1 mysql adm 20 2009-11-19 07:35 /var/log/mysql.log.7.gz
/var/log/mysql:
total 8.0K
drwxrwsrwx 2 mysql adm 4.0K 2009-09-30 11:08 .
drwxr-xr-x 16 root root 4.0K 2010-01-15 10:24 ..
Still having the same issue, mysql server is still failing and /var/log/mysql.err is still empty.
Ubuntu Installation :: How To Start MySQL In 11.04 Without Errors
Aug 4, 2011I am new to ubuntu. I want to start mysql but its not working! error occurs!
"
root@drazer-GA-MA785GM-US2H:/etc/init.d# mysql.server start
mysql.server: command not found
root@drazer-GA-MA785GM-US2H:/etc/init.d# mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
root@drazer-GA-MA785GM-US2H:/etc/init.d# mysql start
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
root@drazer-GA-MA785GM-US2H:/etc/init.d#
"
I have installed mysql client and server packages.
Ubuntu Security :: Disable Root From Logging In Via GDM?
Mar 11, 2010I've enabled the root account on Ubuntu 9.10, however I want to stop it from being used to login via GDM. 9.10 seems to have a different GDM version, how can I carry this out under 9.10
View 9 Replies View RelatedUbuntu Security :: Logging Into The Secure Website?
Oct 8, 2010A friend of mine has a private forum setup so he and I can communicate back and forth so we don't have to send emails. The link is a "https://" so I'm assuming it's secure. I'm a newbie to ubuntu and I have already switch 3 of my computers at home to ubuntu.
I'm using Ubuntu 10.04 and google chrome as my browser. When I log into his forum it pops up with a screen saying "The site's security certificate is not trusted" and I always click proceed anyways. I'm not worried about this because I'm 110% sure that it's his website that I'm trying to access. My question/problem is it also pops up with a little box telling me to enter my Username and Password every time. When I was using WindowsXP, I had to enter this info once and then I wouldn't have to enter it again.
Programming :: MySQL Syntax And Code Errors
Feb 10, 2010I am reading Sams Teach Yourself SQL in one hour a day. In this book they work with both Oracle and MySQL to teach you SQL. So I installed mysql on my box and I am creating the empty database they use in this book so I can follow along as I read. I have noticed a few typos in the book and now I have noticed some code errors too. I just don't know enough to fix em. I am working on creating the empty database and I am getting syntax errors when I create certain tables. I have checked both the printed version of the book and the electronic version (which differ slightly) and both give me the same synatax errors. First is Creating the first table of the database. Here is the code given to me to enter. The Electronic version
[code]...
how I can correct this error and create these tables?
Ubuntu Security :: AppArmor Enforce Program Without Logging?
Apr 19, 2011I have a program that generates large amounts of apparmor log messages. I'm happy to enforce restrictions on the program but I really don't want it to fill my log with messages every time it attempts to read a file.
Is there a way to let it enforce restrictions but not log denials?
Security :: System Logging And Auditing?
Oct 19, 2010As part of server hardening process i would like to know the Best way of System Logging and Auditing.Following pointould be taken into consideration.Logging of critical eventsLogging access to critical accountsSecure storage and availability of logsReview of logsSecurity of logs
View 2 Replies View RelatedSecurity :: Logging/Blocking LAN Traffic?
Apr 26, 2010Where I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)
I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.
Ubuntu Security :: UFW Stopped Logging Blocked Packets / Solution For This?
Mar 17, 2010On April 10, 2010, I upgraded some packages on my Ubuntu 9.04 server. This included an upgrade to "ufw 0.27-0ubuntu2". I rebooted the server, and all appeared to be fine.
Now I've noticed that UFW is not logging blocked packets since that reboot. It used to do this. It is still logging the allowed packets that I've configured it to log.
Here's what a "ufw status verbose" says code...
Security :: Console Users Logging In Without Passwords?
Jul 19, 2010Sitting at the console, I log in with any user name and NO PASSWORD IS REQUESTED. I get logged in automatically without entering the user's password.
I did:
passwd joeuser
To change his password and still he goes right in without being asked for a password!
Possibly related- 10 days ago, my smtp server was breached as a spam relay. The username they cracked was deleted. I added fail2ban for postfix. The logs show no further intrusion.
Security :: Iptables - Logging All Protocols - Not Just Tcp - Udp - Icmp
Jun 21, 2010Brief overview of my current setup:
Code:
The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.
I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.
How to get iptables to log all the other protocols (or whatever is being caught by the default policy)?
