frameloss

Snort, Barnyard, MySQL and SSL: Very annoying.

So for years I have just Stunnel wrapped my database connections when setting up Snort sensors. (Perhaps you have noticed how most of the howto guides on setting up Snort with Base or ACID or whatever remote console puts so much emphasis on ensuring you have SSL configured for your webserver, but somehow fails to provide instructions on setting up SSL for the database connection? Ya, I noticed that too.)

Stunnel generally works, but I am kinda picky about how I do things and I like tidy configurations. Well I’ll be honest, the last time I built a remote snort sensor was during the Mysql 4.10 days–ya, its been a few years. So this week I am working on doing some cleanup and decided to upgrade to Mysql 5.1, which has some nice features, one of which is native SSL support. So after setting it up and testing it, recompiling everything linked to my old Mysql libraries I manually test and confirm that SSL works. Sweet. Now to test Barnyard . . . nope, no SSL. Bummer, how about Snort’s Mysql capabilities? Nope, that doesn’t work either. So, if you are trying this out and have succeeded drop me a note! Otherwise, well, stick to Stunnel!