Intrusion Detection

[abrrymnvette]

no dice. If I use the user of root instead of -u snort, it works and says 0 rows affected.

[unutbu]

Try

Code:

% mysql -u root -p
mysql> use mysql
mysql> select user,host,password from user where user='snort';

Do you see something like this?

Code:

+--------+-----------+-------------------------------------------+
| user   | host      | password                                  |
+--------+-----------+-------------------------------------------+
| snort  | localhost | *XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | 
+--------+-----------+-------------------------------------------+

[abrrymnvette]

Try

Code:

% mysql -u root -p
mysql> use mysql
mysql> select user,host,password from user where user='snort';

Do you see something like this?

Code:

+--------+-----------+-------------------------------------------+
| user   | host      | password                                  |
+--------+-----------+-------------------------------------------+
| snort  | localhost | *XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | 
+--------+-----------+-------------------------------------------+

Error 1146 (42S02): Table 'mysql.usr' doesn't exist

[unutbu]

Change usr to user.

Code:

select user,host,password from user where user='snort';

[abrrymnvette]

Change usr to user.

Code:

select user,host,password from user where user='snort';

Rebooted and the user showed up. But I still get the access denied for user 'snort'@'localhost'

[unutbu]

Okay, you have a snort user on localhost, and it has a password.
I'm guessing the saved password is not the intended password. Perhaps an
invisible control character slipped in there too?

Try typing

Code:

grant all privileges on snort.* to 'snort'@'localhost' identified by 'snort_password';

in gedit, rather than openoffice. Maybe it is just my superstition, but I think gedit is more of a plain text editor, while openoffice is more of a "fancy" text editor.

When you copy and paste into the gnome-terminal, make sure your quotation marks look like
the one circled in green, rather than the one in red.

[abrrymnvette]

Okay, you have a snort user on localhost, and it has a password.
I'm guessing the saved password is not the intended password. Perhaps an
invisible control character slipped in there too?

Try typing

Code:

grant all privileges on snort.* to 'snort'@'localhost' identified by 'snort_password';

in gedit, rather than openoffice. Maybe it is just my superstition, but I think gedit is more of a plain text editor, while openoffice is more of a "fancy" text editor.

When you copy and paste into the gnome-terminal, make sure your quotation marks look like
the one circled in green, rather than the one in red.

That's actually what I did this time. But, I "think" I may have gotten it. I just used a different user instead of snort. So, wherever else it says snort, I used the other user name. I've got snort running according to ps and am logged into Base. Now it's time to test.

[bodhi.zazen]

Thank you unutbu

[abrrymnvette]

So, I have snort running somewhat. When I do a "ps -wef | grep 'snort' " I get the snort process, but it increments every second, like it's starting and immediately dying and restarting. But when I look at /var/log/messages or syslog there are no errors like snort is dying. Am I looking in the wrong spot?

[-_- Joseph -_-]

Thanks alot this was a really helpful thread. Keep up the good work