From owner-freebsd-security Mon Jul 16 15:56:24 2001 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id 121BF37B408 for ; Mon, 16 Jul 2001 15:56:19 -0700 (PDT) (envelope-from fasty@I-Sphere.COM) Received: (from fasty@localhost) by I-Sphere.COM (8.11.4/8.11.3) id f6GN02w80534; Mon, 16 Jul 2001 16:00:02 -0700 (PDT) (envelope-from fasty) Date: Mon, 16 Jul 2001 16:00:02 -0700 From: faSty To: Eric Sproul Cc: freebsd-security@FreeBSD.ORG Subject: Re: stunnel/mysql question Message-ID: <20010716160002.A80238@i-sphere.com> References: <3B53529F.A0DBDC48@ntelos.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B53529F.A0DBDC48@ntelos.net>; from esproul@ntelos.net on Mon, Jul 16, 2001 at 04:46:23PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org you need fix your hostname on MySQL under db table in mysql database. I.E. 1. mysql mysql 2. insert into db values(Host,User,Db) 3. values("hostname","username","snortdb"); 4. flush privileges; very important you find correct hostname, you must find exactly hostname when you are on tunneled and once you find correct hostname to replace "hostname" in values's parameters. I assumed values("127.0.0.1","snortdb","your snort db name here"); It should work for you and make sure you correct db name since you didnt tell me full information on database name. -trev On Mon, Jul 16, 2001 at 04:46:23PM -0400, Eric Sproul wrote: > Hi all, > I'm trying out a setup that was described in the latest Sysadmin issue-- > setting up Snort to log to a MySQL db over an stunnel-encrypted > connection. Anyone else tried this yet? > > I'm running the client on 4.3-STABLE, with mysql323-client from the port > (3.23.39) and stunnel 3.14, also from the port. The server is my Redhat > 7.1 workstation with mysql 3.23.36 from RPM and stunnel 3.14 from > source. As far as I can tell, both the mysql server and stunnel are > configured correctly. I followed all the setup guidelines and made sure > I had the access rights correct. > > The client has stunnel listening to localhost:3306 and forwarding to > :3307. The server is listening to port 3307 and forwarding to > its localhost:3306, where the mysql server is running. But when I try > to connect from the client over the stunnel-ed connection, I get > > client$ mysql -h 127.0.0.1 -u snortdb -p snortdata > Enter password: > ERROR 1045: Access denied for user: 'snortdb@localhost.localdomain' > (Using password: YES) > > I can connect the same way right on the server and get in. I've > eliminated host ACL's as the cause. On the network level everything is > fine. Could stunnel be somehow mangling the login process? I don't > have much experience with stunnel or SSL in general so I'm at a loss > here. > > Thanks in advance! > Eric > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Acid -- better living through chemistry. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message