White paper network ids and ips deployment Strategies Nicholas Pappas




Download 2,67 Mb.
Pdf ko'rish
bet18/25
Sana14.05.2024
Hajmi2,67 Mb.
#233760
1   ...   14   15   16   17   18   19   20   21   ...   25
MySQL Installation
First check to see if you already have the required package files
ls /usr/ports/packages/i386/ftp/mysql*
mysql-client-5.0.45.tgz
mysql-server-5.0.45.tgz
Nicholas Pappas
40
@ 2021 SANS Institute
Author Retains Full Rights

© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
If you have these files already, you can skip the next step, otherwise do the 
following:
cd /usr/ports/databases/mysql
make install
Before we install the server we need to install the p5-DBD-mysql package. To do 
that commit the following steps:
cd /usr/ports/databases/p5-DBD-mysql
make install
Ok now you should have the required package files.
cd /usr/ports/packages/i386/all
pkg_add mysql-server-5.0.45.tgz
pkg_add mysql-client-5.0.45.tgz
Initial MySQL setup steps for running on OpenBSD. First create the default database:
/usr/local/bin/mysql_install_db
Increase the kernel limit of open files by making the following modification to 
/etc/sysctl.conf.
echo "kern.maxfiles=4096" >> /etc/sysctl.conf
To automatically start MySQL during system boot append to /etc/rc.local. You will 
have to edit the file at /etc/rc.local in this case. At the bottom of the file, add the 
contents shown here.
#Added to start MySQL during boot.
if [ -x /usr/local/bin/mysqld_safe ]; then
su -c mysql root -c '/usr/local/bin/mysqld_safe --log-error >/dev/null 2>&1 &'
mkdir -p /var/run/mysql
ln -s /var/www/var/run/mysql/mysql.sock /var/run/mysql/mysql.sock
echo -n ' mysql'
sleep 5
echo ' done'
fi
Nicholas Pappas
41
@ 2021 SANS Institute
Author Retains Full Rights

© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
To make the above entry into /etc/rc.local work properly, we'll need to add to the 
/etc/login.conf and then rebuild the login.conf.db as described here:
First open /etc/login.conf and add:
# MySQL class
mysql:\
:openfiles-cur=1024:\
:openfiles-max=2048:\
:tc=daemon:
Then rebuild the login.conf with:
cap_mkdb /etc/login.conf
Fix some permissions issues so that we can get mysqld started and set a password.
mkdir -p /var/run/mysql
chown -R _mysql /var/run/mysql
Manually start the MySQL daemon for purposes of completing the install.
su -c mysql root -c '/usr/local/bin/mysqld_safe'
/usr/local/bin/mysqladmin -u root password 'secret-pass'
/usr/local/bin/mysqladmin -u root -h centaur.sci-fer.com password 'secret-pass'
At this time now MySQL is installed, it's now time to configure it specifically for our 
purposes. Shutdown the MySQL daemon.
mysqladmin shutdown -p

Next copy the configuration file we'll be using.
cp /usr/local/share/mysql/my-large.cnf /etc/my.cnf
Now do some preparatory steps for our my.cnf file.
mkdir -p /var/www/var/run/mysql
chown _mysql._mysql /var/www/var/run/mysql
Next step is to configure the MySQL Daemon such that it injects the socket in the 
proper location. To do this we need to make two subtle modifications. First change 
Nicholas Pappas
42
@ 2021 SANS Institute
Author Retains Full Rights

© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
the client section in /etc/my.cnf from this:
[client]
#password = your_password
port = 3306
socket = /var/run/mysql/mysql.sock
To this:
[client]
#password = your_password
port = 3306
socket = /var/www/var/run/mysql/mysql.sock
Likewise, the mysqld section needs to be changed from this:
# The MySQL server
[mysqld]
port = 3306
socket = /var/run/mysql/mysql.sock
To this:
# The MySQL server
[mysqld]
port = 3306
socket = /var/www/var/run/mysql/mysql.sock
Now when we force the Snort process into the chroot'd environment it will be able to 
reach the mysql.sock socket file. Ok time for a reboot to test the startup settings we 
have thus far. After the system boots, you should have the MySQL server running. 
Connect to the MySQL server with the following:
mysql -u root -p
Next we should tidy up a bit.
mysql> drop database test;
Nicholas Pappas
43
@ 2021 SANS Institute
Author Retains Full Rights

© SANS Institute 200
8
,
Author retains full rights.
© SANS Institute 200
8
, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Network IDS & IPS Deployment Strategies
Now we have a clean slate. Check for something very similar to the following output. 
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
+--------------------+
2 rows in set (0.00 sec)
mysql> quit;

Download 2,67 Mb.
1   ...   14   15   16   17   18   19   20   21   ...   25




Download 2,67 Mb.
Pdf ko'rish
Bosh sahifa
Aloqalar
    Bosh sahifa
Dərs
Mühazirə
Qaydalar
Referat
Xülasə
Yazı


White paper network ids and ips deployment Strategies Nicholas Pappas

Download 2,67 Mb.
Pdf ko'rish