Snort, Barnyard, MySQL and SSL: Very annoying.
So for years I have just Stunnel wrapped my database connections when setting up Snort sensors. (Perhaps you have noticed how most of the howto guides on setting up Snort with Base or ACID or whatever remote console puts so much emphasis on ensuring you have SSL configured for your webserver, but somehow fails to provide instructions on setting up SSL for the database connection? Ya, I noticed that too.)
Stunnel generally works, but I am kinda picky about how I do things and I like tidy configurations. Well I’ll be honest, the last time I built a remote snort sensor was during the Mysql 4.10 days–ya, its been a few years. So this week I am working on doing some cleanup and decided to upgrade to Mysql 5.1, which has some nice features, one of which is native SSL support. So after setting it up and testing it, recompiling everything linked to my old Mysql libraries I manually test and confirm that SSL works. Sweet. Now to test Barnyard . . . nope, no SSL. Bummer, how about Snort’s Mysql capabilities? Nope, that doesn’t work either. So, if you are trying this out and have succeeded drop me a note! Otherwise, well, stick to Stunnel!
Requesting Suggestions for MyNmap Enhancements
I am brainstorming on where the project should go. There are a few bugs that need fixing, the most glaring of these is a race condition where a scan doesn’t complete and the file is perpetually trying to be parsed by the back end loader. I have been toying with the idea of rewriting the PERL code so that the application is entirely written in PHP, I just feel the whole architecture of mixing programming languages is a little ugly. The scheduling interface, while functional, is very clunky. And finally there have been a lot of improvements in Nmap that the tool doesn’t take advantage of, like LUA scripts.
I am open for suggestions and feature requests right now, please comment if you have an idea!