[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: Re: [security-onion] Re: SO install on Ubuntu12.04, MySQL still prompt for password, snorby not inst
From: Heine Lysemose <lysemose () gmail ! com>
Date: 2013-03-29 19:46:41
Message-ID: CAN4C-DmMzUz96w3cUo1HE8XQVh=+aUeuKyFnc_mxLpi_X70jMQ () mail ! gmail ! com
[Download RAW message or body]
Hi Rehn
Try following the installation step by step.
https://code.google.com/p/security-onion/wiki/Installation
/Lysemose
On Mar 29, 2013 8:15 PM, <rehnquest@gmail.com> wrote:
> Apologies. It appears that mysql's password was set. I've revert to a
> snapshot before running sosetup, gone in with
>
> "mysql -u root -p" and done
>
> "set password = password('');"
>
> And run sosetup. Is that sufficient?
>
> On a separate but faster VM (let's call this SO2), I've reran the entire
> setup described in the wiki to install SO on top of Ubuntu, but upon
> discovering that Ubuntu had no mysql, I neglected to do the command for
> mysql to not prompt for password, but when prompt (4 times) I specified
> both mysql client's & server's password to be null. Is that going to be a
> problem?
>
> Sorry I'm a bit of a newbie.
>
> On Friday, March 29, 2013 11:26:53 AM UTC-4, rehn...@gmail.com wrote:
> > Hi all,
> >
> > Not being able to use 64-bit, I'm trying to install the latest security
> onion package on top of either a Ubuntu 32-bit or Xubuntu 32-bit
> installation. I've tried both distros, following the instruction here:
> https://code.google.com/p/security-onion/wiki/Installation#If_you_want_to_quickly_evaluate_Security_Onion_on_your_preferred.
>
> >
> > I've run into two problems (not sure if one is caused by another).
> >
> > 1) I've run the command so MySQL would not prompt for password:
> >
> > echo "debconf debconf/frontend select noninteractive" | sudo
> debconf-set-selections
> >
> > However, based on the sosetup.log, it still seems to want the password
> (unless my interpretation is incorrect). I've attached the sosetup.log at
> the end of this email, as attachment doesn't seem to be working. It cuts
> off at PulledPork downloading the rules because this is from my latest
> attempt to redo the setup and it hasn't completed yet.
> >
> > 2) The other thing is Snorby doesn't seems to be installed at all after
> finishing all the setup. I've looked around to see if people have similar
> problems and tried the solutions suggested in their posts to no avail.
> There's not a /usr/local/share/snorby/ folder, where most people are
> directed to to check logs. When I do "locate snorby", there is no output,
> nor is snorby in "ps aux | grep snorby", or "sostat | grep snorby".
> >
> > Weirdly, https://localhost:444 actually does bring up the Snorby login
> page, which of course would not work.
> >
> > I've tried sosetup multiple times now, with different password
> complexities.
> >
> > Can someone help? It'd be much appreciated.
> >
> > Thanks,
> > Rehn
> >
> > sosetup.log
> >
> > Rules updated
> > Rules updated (v6)
> > Rules updated
> > Rules updated (v6)
> > Rules updated
> > Rules updated (v6)
> > Firewall is active and enabled on system startup
> > # Please wait while creating the Sguil server...
> > [1;34mCreating new server: securityonion [0;39m [0;39m
> >
> > Adding the tables requires the password of the database root user
> > # Please wait while configuring firewall...
> > Rule added
> > Rule added (v6)
> > Rule added
> > Rule added (v6)
> > Rule added
> > Rule added (v6)
> > Rule added
> > Rule added (v6)
> > # Please wait while configuring Squert web interface to connect to Sguil
> database...
> > ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
> password: NO)
> > ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
> password: NO)
> > ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
> password: NO)
> > ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
> password: NO)
> > ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
> password: NO)
> > ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using
> password: NO)
> > # Please wait while adjusting Sguil rule locations...
> > # Please wait while creating Sguil sensor(s)...
> > # Please wait while creating Sguil sensor: sensorname-redacted-eth1...
> > [1;34mCreating new sensor: sensorname-redacted-eth1 [0;39m [0;39m
> > * Configuring Bro to monitor eth1
> > warning: cannot read '/nsm/bro/spool/broctl.dat' (this is ok on first
> run)
> > warning: cannot read '/nsm/bro/spool/broctl.dat' (this is ok on first
> run)
> > creating policy directories ... done.
> > installing site policies ... done.
> > generating cluster-layout.bro ... done.
> > generating local-networks.bro ... done.
> > generating broctl-config.bro ... done.
> > updating nodes ... done.
> > # Please wait while setting IDS Engine to Snort...
> > # Please wait while configuring IDS Ruleset...
> > Configuring for Snort VRT and Emerging Threats NoGPL rulesets
> > # Please wait while executing PulledPork to download rules...
>
> --
> You received this message because you are subscribed to the Google Groups
> "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security-onion+unsubscribe@googlegroups.com.
> To post to this group, send email to security-onion@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion?hl=en-US
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
--
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion?hl=en-US. For more options, visit \
https://groups.google.com/groups/opt_out.
[Attachment #3 (text/html)]
<p dir="ltr">Hi Rehn</p>
<p dir="ltr">Try following the installation step by step. </p>
<p dir="ltr"><a href="https://code.google.com/p/security-onion/wiki/Installation">https://code.google.com/p/security-onion/wiki/Installation</a></p>
<p dir="ltr">/Lysemose </p>
<div class="gmail_quote">On Mar 29, 2013 8:15 PM, <<a \
href="mailto:rehnquest@gmail.com">rehnquest@gmail.com</a>> wrote:<br \
type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"> Apologies. It appears that \
mysql's password was set. I've revert to a snapshot before running sosetup, \
gone in with<br> <br>
"mysql -u root -p" and done<br>
<br>
"set password = password('');"<br>
<br>
And run sosetup. Is that sufficient?<br>
<br>
On a separate but faster VM (let's call this SO2), I've reran the entire \
setup described in the wiki to install SO on top of Ubuntu, but upon discovering that \
Ubuntu had no mysql, I neglected to do the command for mysql to not prompt for \
password, but when prompt (4 times) I specified both mysql client's & \
server's password to be null. Is that going to be a problem?<br>
<br>
Sorry I'm a bit of a newbie.<br>
<br>
On Friday, March 29, 2013 11:26:53 AM UTC-4, <a \
href="mailto:rehn...@gmail.com">rehn...@gmail.com</a> wrote:<br> > Hi all,<br>
><br>
> Not being able to use 64-bit, I'm trying to install the latest security \
onion package on top of either a Ubuntu 32-bit or Xubuntu 32-bit installation. \
I've tried both distros, following the instruction here: <a \
href="https://code.google.com/p/security-onion/wiki/Installation#If_you_want_to_quickly_evaluate_Security_Onion_on_your_preferred" \
target="_blank">https://code.google.com/p/security-onion/wiki/Installation#If_you_want_to_quickly_evaluate_Security_Onion_on_your_preferred</a> \
.<br>
><br>
> I've run into two problems (not sure if one is caused by another).<br>
><br>
> 1) I've run the command so MySQL would not prompt for password:<br>
><br>
> echo "debconf debconf/frontend select noninteractive" | sudo \
debconf-set-selections<br> ><br>
> However, based on the sosetup.log, it still seems to want the password (unless \
my interpretation is incorrect). I've attached the sosetup.log at the end of this \
email, as attachment doesn't seem to be working. It cuts off at PulledPork \
downloading the rules because this is from my latest attempt to redo the setup and it \
hasn't completed yet.<br>
><br>
> 2) The other thing is Snorby doesn't seems to be installed at all after \
finishing all the setup. I've looked around to see if people have similar \
problems and tried the solutions suggested in their posts to no avail. There's \
not a /usr/local/share/snorby/ folder, where most people are directed to to check \
logs. When I do "locate snorby", there is no output, nor is snorby in \
"ps aux | grep snorby", or "sostat | grep snorby".<br>
><br>
> Weirdly, <a href="https://localhost:444" \
target="_blank">https://localhost:444</a> actually does bring up the Snorby login \
page, which of course would not work.<br> ><br>
> I've tried sosetup multiple times now, with different password \
complexities.<br> ><br>
> Can someone help? It'd be much appreciated.<br>
><br>
> Thanks,<br>
> Rehn<br>
><br>
> sosetup.log<br>
><br>
> Rules updated<br>
> Rules updated (v6)<br>
> Rules updated<br>
> Rules updated (v6)<br>
> Rules updated<br>
> Rules updated (v6)<br>
> Firewall is active and enabled on system startup<br>
> # Please wait while creating the Sguil server...<br>
> [1;34mCreating new server: securityonion [0;39m [0;39m<br>
><br>
> Adding the tables requires the password of the database root user<br>
> # Please wait while configuring firewall...<br>
> Rule added<br>
> Rule added (v6)<br>
> Rule added<br>
> Rule added (v6)<br>
> Rule added<br>
> Rule added (v6)<br>
> Rule added<br>
> Rule added (v6)<br>
> # Please wait while configuring Squert web interface to connect to Sguil \
database...<br> > ERROR 1045 (28000): Access denied for user \
'root'@'localhost' (using password: NO)<br> > ERROR 1045 (28000): \
Access denied for user 'root'@'localhost' (using password: NO)<br> \
> ERROR 1045 (28000): Access denied for user 'root'@'localhost' \
(using password: NO)<br> > ERROR 1045 (28000): Access denied for user \
'root'@'localhost' (using password: NO)<br> > ERROR 1045 (28000): \
Access denied for user 'root'@'localhost' (using password: NO)<br> \
> ERROR 1045 (28000): Access denied for user 'root'@'localhost' \
(using password: NO)<br> > # Please wait while adjusting Sguil rule \
locations...<br> > # Please wait while creating Sguil sensor(s)...<br>
> # Please wait while creating Sguil sensor: sensorname-redacted-eth1...<br>
> [1;34mCreating new sensor: sensorname-redacted-eth1 [0;39m [0;39m<br>
> * Configuring Bro to monitor eth1<br>
> warning: cannot read '/nsm/bro/spool/broctl.dat' (this is ok on first \
run)<br> > warning: cannot read '/nsm/bro/spool/broctl.dat' (this is ok on \
first run)<br> > creating policy directories ... done.<br>
> installing site policies ... done.<br>
> generating cluster-layout.bro ... done.<br>
> generating local-networks.bro ... done.<br>
> generating broctl-config.bro ... done.<br>
> updating nodes ... done.<br>
> # Please wait while setting IDS Engine to Snort...<br>
> # Please wait while configuring IDS Ruleset...<br>
> Configuring for Snort VRT and Emerging Threats NoGPL rulesets<br>
> # Please wait while executing PulledPork to download rules...<br>
<br>
--<br>
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion%2Bunsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br>
To post to this group, send email to <a \
href="mailto:security-onion@googlegroups.com">security-onion@googlegroups.com</a>.<br>
Visit this group at <a href="http://groups.google.com/group/security-onion?hl=en-US" \
target="_blank">http://groups.google.com/group/security-onion?hl=en-US</a>.<br> For \
more options, visit <a href="https://groups.google.com/groups/opt_out" \
target="_blank">https://groups.google.com/groups/opt_out</a>.<br> <br>
<br>
</blockquote></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br /> To unsubscribe from this group and stop \
receiving emails from it, send an email to \
security-onion+unsubscribe@googlegroups.com.<br /> To post to this group, send email \
to security-onion@googlegroups.com.<br /> Visit this group at <a \
href="http://groups.google.com/group/security-onion?hl=en-US">http://groups.google.com/group/security-onion?hl=en-US</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/groups/opt_out">https://groups.google.com/groups/opt_out</a>.<br \
/> <br />
<br />
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic