Thread: [Secureideas-base-user] restricting base usage... role ID seem redundant
Brought to you by:
secureideas,
sinukas
From: navin <in...@ad...> - 2006-02-10 10:05:32
|
Hi all, I'd been using ACID for some time and came to know that BASE is currently the project which was picked up from ACID. And it sure is good. My problem... In my organisation, i maintain the SNORT server and have given access to the BASE page to a few users. But whatever role IDs i may select for them, it does not seem to have much effect except that others are not allowed to create/modify users. They can still delete alerts!!! I intend to give _only_ read access to the snort database to these few privilaged users having access to BASE. I tried creating a mysql user with only 'select' permission on the snort database... but that does not work. Any ideas as to how i can go about this? Is there an option in BASE for this? TIA, Regards, Navin. -- View this message in context: http://www.nabble.com/restricting-base-usage...-role-ID-seem-redundant-t1098227.html#a2867099 Sent from the secureideas-base-user forum at Nabble.com. |
From: <pa...@in...> - 2006-02-10 12:27:29
|
You can also create a separate user in mysql that has only read privileges and make a second base dir for them to use -----Original Message----- From: sec...@li... [mailto:sec...@li...] On Behalf Of navin Sent: Friday, February 10, 2006 4:05 AM To: sec...@li... Subject: [Secureideas-base-devel] [Secureideas-base-user] restricting base usage... role ID seem redundant Hi all, I'd been using ACID for some time and came to know that BASE is currently the project which was picked up from ACID. And it sure is good. My problem... In my organisation, i maintain the SNORT server and have given access to the BASE page to a few users. But whatever role IDs i may select for them, it does not seem to have much effect except that others are not allowed to create/modify users. They can still delete alerts!!! I intend to give _only_ read access to the snort database to these few privilaged users having access to BASE. I tried creating a mysql user with only 'select' permission on the snort database... but that does not work. Any ideas as to how i can go about this? Is there an option in BASE for this? TIA, Regards, Navin. -- View this message in context: http://www.nabble.com/restricting-base-usage...-role-ID-seem-redundant-t1098 227.html#a2867099 Sent from the secureideas-base-user forum at Nabble.com. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Secureideas-base-user mailing list Sec...@li... https://lists.sourceforge.net/lists/listinfo/secureideas-base-user ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Secureideas-base-devel mailing list Sec...@li... https://lists.sourceforge.net/lists/listinfo/secureideas-base-devel |
From: navin <in...@ad...> - 2006-02-11 08:29:47
|
I had already created the MySql user with only 'select' permissions. While trying to access the tables through the mysql prompt, i could use show and select commands for the tables in database 'snort'. But the same did not work with BASE. It gave the error message Database ERROR:Database ERROR:Access denied for user 'testbase'@'localhost' to database 'snort' Can you elaborate on creating the 'second BASE dir' ? because i have one 'base' directory in /var/www/html directory. Where is the second one going to be? Thanks for your reply, Navin -- View this message in context: http://www.nabble.com/restricting-base-usage...-role-ID-seem-redundant-t1098227.html#a2883188 Sent from the secureideas-base-user forum at Nabble.com. |
Re: [Secureideas-base-user] RE: [Secureideas-base-devel] restricting base usage... role ID seem redu
From: nikns <ni...@se...> - 2006-02-11 10:23:44
|
Well, the idea of second BASE was that one is with delete privilegies but second read only. Yes, you shoud grant only 'select' privileges on all tables, but on `acid_event` and probably `acid_ip_cache` tables you should grant 'insert' and 'delete' privileges too, since you would like to let update/rebuild alert and ip cache. I guess thats was the reason of ERROR:Access denied... Nikns Siankin On Sat, Feb 11, 2006 at 12:29:38AM -0800, navin wrote: > >I had already created the MySql user with only 'select' permissions. While >trying to access the tables through the mysql prompt, i could use show and >select commands for the tables in database 'snort'. But the same did not >work with BASE. It gave the error message Database ERROR:Database >ERROR:Access denied for user 'testbase'@'localhost' to database 'snort' >Can you elaborate on creating the 'second BASE dir' ? because i have one >'base' directory in /var/www/html directory. Where is the second one going >to be? > >Thanks for your reply, >Navin >-- >View this message in context: http://www.nabble.com/restricting-base-usage...-role-ID-seem-redundant-t1098227.html#a2883188 >Sent from the secureideas-base-user forum at Nabble.com. > > > >------------------------------------------------------- >This SF.net email is sponsored by: Splunk Inc. Do you grep through log files >for problems? Stop! Download the new AJAX search engine that makes >searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 >_______________________________________________ >Secureideas-base-user mailing list >Sec...@li... >https://lists.sourceforge.net/lists/listinfo/secureideas-base-user |
From: navin <in...@ad...> - 2006-02-11 11:12:25
|
Thanks a lot Nikns. It worked. I granted select,insert,delete to my MySql user for tables acid_event and acid_ip_cache. Now i am not able to delete alerts as a normal MySql user. Thanks again, Navin -- View this message in context: http://www.nabble.com/restricting-base-usage...-role-ID-seem-redundant-t1098227.html#a2884213 Sent from the secureideas-base-user forum at Nabble.com. |
From: Kevin J. <kjo...@se...> - 2006-02-11 01:04:58
|
On Feb 10, 2006, at 5:05 AM, navin wrote: > Hi all, > I'd been using ACID for some time and came to know that BASE is > currently > the project which was picked up from ACID. And it sure is good. > My problem... > In my organisation, i maintain the SNORT server and have given > access to the > BASE page to a few users. But whatever role IDs i may select for > them, it > does not seem to have much effect except that others are not > allowed to > create/modify users. They can still delete alerts!!! I intend to > give _only_ > read access to the snort database to these few privilaged users having > access to BASE. I tried creating a mysql user with only 'select' > permission > on the snort database... but that does not work. Any ideas as to > how i can > go about this? Is there an option in BASE for this? > > TIA, > Regards, > Navin. Hi- I am sorry but currently the user system does not have that feature. We are hoping to enable it, but I am not sure when it will be done... Kevin --------------------- BASE Project Lead http://sourceforge.net/projects/secureideas http://base.secureideas.net The next step in IDS analysis! |
From: navin <in...@ad...> - 2006-02-11 08:32:18
|
Kevin Johnson wrote: > > Hi- > > I am sorry but currently the user system does not have that feature. > We are hoping to enable it, but I am not sure when it will be done... > > Kevin > --------------------- > BASE Project Lead > http://sourceforge.net/projects/secureideas > http://base.secureideas.net > The next step in IDS analysis! > > Thanks. I'll be looking out for it :-) Navin. -- View this message in context: http://www.nabble.com/restricting-base-usage...-role-ID-seem-redundant-t1098227.html#a2883195 Sent from the secureideas-base-user forum at Nabble.com. |