< Testing the New Snort Configuration | Java & Friends  | BASE, Snort Tables and PEAR >


 

 

MySQL, PHP Code, Basic Analysis and Security Engine (BASE) and ADODB

 

 

What do we have in this session?

  1. Testing mySQL Connection with PHP Code

  2. PHP and MySQL Error

  3. Snort and Basic Analysis and Security Engine (BASE)

  4. Download and Install

  5. Download and Install ADODB

  6. Editing PHP.ini File

 

 

 

 

 

 

 

Testing mySQL Connection with PHP Code

 

Provided that we have already install and do a basic configuration on PHP and MySQL, now, let test the connection to MySQL database using PHP code through Internet browser.

Create a php file (in this case testconnectmysql.php) with the following php code. We are using "127.0.0.1" instead of "localhost" because there is an issue regarding Windows cannot parse the localhost. This issue should be resolved if your server having real domain name.

 

<?php

$con=mysql_connect("127.0.0.1","root","this_must_be_your_mysql_root_password") or die("Could not connect");

$db=mysql_select_db("mysnort",$con) or die("Could not select DB");

echo "Success";

?>

 

The php code tries to connect to mySQL database named mysnort, with the following MySQL credential access (in real implementation, the user should be other than root!):

 

  1. Host: 127.0.0.2 or localhost (there are issues on using the 'localhost' for Windows machine)

  2. User: root

  3. Password (for root): this_must_be_your_mysql_root_password

 

You should change that information accordingly. If the connection is possible, "Success" will be displayed else "Could not connect" will be displayed. Put this file under the www root folder and open the file through Internet browser using the following URL:

 

http://localhost/testconnectmysql.php

 

Testing mySQL Connection with PHP Code

 

Testing mySQL Connection with PHP Code - successful mysql connection from PHP web page

 

PHP and MySQL Error

 

If you encounter the following crap errors, change/update the MySQL root’s password as shown in the following steps.

 

Warning: mysql_connect(): OK packet 6 bytes shorter than expected in C:\Inetpub\wwwroot\testconnectmysql.php on line 2 Warning: mysql_connect(): mysqlnd cannot connect to MySQL 4.1+ using old authentication in C:\Inetpub\wwwroot\testconnectmysql.php on line 2 Could not connectPHP Warning: mysql_connect(): OK packet 6 bytes shorter than expected in C:\Inetpub\wwwroot\testconnectmysql.php on line 2 PHP Warning: mysql_connect(): mysqlnd cannot connect to MySQL 4.1+ using old authentication in C:\Inetpub\wwwroot\testconnectmysql.php on line 2

 

MySQL stores username and passwords in user table inside MySQL database. You can directly update password using the following method to update or change password for user root (in this case we just change the password to the original password. What a weird thing!):

 

Login to mysql server, type following command at shell prompt or launch MySQL command line client:

 

Login to mysql server from Windows console

 

Use mysql database by issuing the following command at mysql> prompt.

 

mysql> use mysql;

 

Change password for user root (in this case we just change the password to the original which means we do not change the password at all!):

 

mysql> update user set password=PASSWORD("put_your_new_mysql_root_password_here") where User='root';

 

Reload privileges:

 

mysql> flush privileges;

mysql> quit

 

Changing mySQL root password using the UPDATE USER command

 

Then, reload the page using http://localhost/testconnectmysql.php URL.

 

Snort and Basic Analysis and Security Engine (BASE)

 

Now that Snort is running and logging alert data to MySQL, we can use the Basic Analysis and Security Engine (BASE), Snort GUI front-end to easily view that data and set up alert notification.

 

Download and Install

 

Firstly please download BASE at: Analysis and Security Engine (BASE). The current version is 1.4.5. We download BASE compressed file to the web root folder.

 

The Basic Analysis and Security Engine (BASE), snort front-end GUI gz file

 

The following steps will show step-by-step instructions on how to setup and configure BASE on Windows XP Pro SP2.

Before that, BASE also requires the ADODB PHP database abstraction library, which you can get here. We are using the current version, v5.0.6a. Simply extract the contents of the BASE compressed file to c:\inetpub\wwwroot\base-1.4.5 folder (if the base-1.4.5 folder is not under the c:\inetpub\wwwroot\, then it is better to create IIS virtual directory and map it to the physical/local path. In this case we do it manually)

 

Extracting the Basic Analysis and Security Engine (BASE) gz file using 7-zip

---------------------------------------------

 

 

 

 

 

 

 

 

 

------------------------------------------------------------

Extracting the Basic Analysis and Security Engine (BASE) tar file

 

The uncompressed BASE files are shown in the following screenshot.

 

The extracted Basic Analysis and Security Engine (BASE) files and folders put under default IIS web root folder

 

Download and Install ADODB

 

Next, extract the contents of the ADODB file to c:\php\adodb folder.

 

The ADODB ZIP file that will be extracted to c:\php\adodb folder

 

 

Extracting the ADODB ZIP file using 7-zip

 

The ADODB files and folders are shown in the following screenshot.

 

The extracted files and folders of the ADODB file to c:\php\adodb folder

 

Editing PHP.ini File

 

Now, it is modifying the config file. First, the following extension needs to be enabled in your c:\php\php.ini file, after which the IIS service (w3svc) needs to be restarted. Open php.ini file in any unformatted text editor.

 

Firstly, uncomment:

 

extension=php_gd2.dll

extension=php_mysql.dll

extension=php_pdo_mysql.dll

extension=php_tidy.dll

extension=php_xmlrpc.dll

extension=php_xsl.dll

 

Those extensions can be found in %PHP%ext subfolder shown below.

 

The PHP DLL extensions physical path

 

Then, set fastcgi.impersonate variable.

 

; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate

; security tokens of the calling client.  This allows IIS to define the

; security context that the request runs under.  mod_fastcgi under Apache

; does not currently support this feature (03/17/2002)

; Set to 1 if running under IIS.  Default is zero.

; http://php.net/fastcgi.impersonate

fastcgi.impersonate = 1;

 

Enable fastcgi.logging.

 

; Disable logging through FastCGI connection. PHP's default behavior is to enable

; this feature.

fastcgi.logging = 1

 

Enable cgi.rfc2616_headers.

 

; cgi.rfc2616_headers configuration option tells PHP what type of headers to

; use when sending HTTP response code. If it's set 0 PHP sends Status: header that

; is supported by Apache. When this option is set to 1 PHP will send

; RFC2616 compliant header.

; Default is zero.

; http://php.net/cgi.rfc2616-headers

cgi.rfc2616_headers = 1

 

Set the mysql.default_port.

 

; Default port number for mysql_connect().  If unset, mysql_connect() will use

; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the

; compile-time value defined MYSQL_PORT (in that order).  Win32 will only look

; at MYSQL_PORT.

; http://php.net/mysql.default-port

mysql.default_port = 3306

 

Set mysql.default_host.

 

; Default host for mysql_connect() (doesn't apply in safe mode).

; http://php.net/mysql.default-host

mysql.default_host = localhost

 

Set mysql.default_user.

 

; Default user for mysql_connect() (doesn't apply in safe mode).

; http://php.net/mysql.default-user

mysql.default_user = root

 

Enable mysql.trace_mode.

 

; Trace mode. When trace_mode is active (=On), warnings for table/index scans and

; SQL-Errors will be displayed.

; http://php.net/mysql.trace-mode

mysql.trace_mode = On

 

Save php.ini and close it. We just modify php.ini file just for the minimum requirement. Refinement can be done later after our BASE is running properly.

 

 

 

 

 


 

< Testing the New Snort Configuration | Java & Friends  | BASE, Snort Tables and PEAR >