What do we have in this session?
Testing mySQL Connection with PHP Code
Provided that we have already install and do a basic configuration on PHP and MySQL, now, let test the connection to MySQL database using PHP code through Internet browser.
Create a php file (in this case testconnectmysql.php) with the following php code. We are using "127.0.0.1" instead of "localhost" because there is an issue regarding Windows cannot parse the localhost. This issue should be resolved if your server having real domain name.
$con=mysql_connect("127.0.0.1","root","this_must_be_your_mysql_root_password") or die("Could not connect");
$db=mysql_select_db("mysnort",$con) or die("Could not select DB");
The php code tries to connect to mySQL database named mysnort, with the following MySQL credential access (in real implementation, the user should be other than root!):
Host: 127.0.0.2 or localhost (there are issues on using the 'localhost' for Windows machine)
Password (for root): this_must_be_your_mysql_root_password
You should change that information accordingly. If the connection is possible, "Success" will be displayed else "Could not connect" will be displayed. Put this file under the www root folder and open the file through Internet browser using the following URL:
PHP and MySQL Error
If you encounter the following crap errors, change/update the MySQL root’s password as shown in the following steps.
Warning: mysql_connect(): OK packet 6 bytes shorter than expected in C:\Inetpub\wwwroot\testconnectmysql.php on line 2 Warning: mysql_connect(): mysqlnd cannot connect to MySQL 4.1+ using old authentication in C:\Inetpub\wwwroot\testconnectmysql.php on line 2 Could not connectPHP Warning: mysql_connect(): OK packet 6 bytes shorter than expected in C:\Inetpub\wwwroot\testconnectmysql.php on line 2 PHP Warning: mysql_connect(): mysqlnd cannot connect to MySQL 4.1+ using old authentication in C:\Inetpub\wwwroot\testconnectmysql.php on line 2
MySQL stores username and passwords in user table inside MySQL database. You can directly update password using the following method to update or change password for user root (in this case we just change the password to the original password. What a weird thing!):
Login to mysql server, type following command at shell prompt or launch MySQL command line client:
Use mysql database by issuing the following command at mysql> prompt.
mysql> use mysql;
Change password for user root (in this case we just change the password to the original which means we do not change the password at all!):
mysql> update user set password=PASSWORD("put_your_new_mysql_root_password_here") where User='root';
mysql> flush privileges;
Then, reload the page using http://localhost/testconnectmysql.php URL.
Snort and Basic Analysis and Security Engine (BASE)
Now that Snort is running and logging alert data to MySQL, we can use the Basic Analysis and Security Engine (BASE), Snort GUI front-end to easily view that data and set up alert notification.
Download and Install
Firstly please download BASE at: Analysis and Security Engine (BASE). The current version is 1.4.5. We download BASE compressed file to the web root folder.
The following steps will show step-by-step instructions on how to setup and configure BASE on Windows XP Pro SP2.
Before that, BASE also requires the ADODB PHP database abstraction library, which you can get here. We are using the current version, v5.0.6a. Simply extract the contents of the BASE compressed file to c:\inetpub\wwwroot\base-1.4.5 folder (if the base-1.4.5 folder is not under the c:\inetpub\wwwroot\, then it is better to create IIS virtual directory and map it to the physical/local path. In this case we do it manually)
The uncompressed BASE files are shown in the following screenshot.
Download and Install ADODB
Next, extract the contents of the ADODB file to c:\php\adodb folder.
The ADODB files and folders are shown in the following screenshot.
Editing PHP.ini File
Now, it is modifying the config file. First, the following extension needs to be enabled in your c:\php\php.ini file, after which the IIS service (w3svc) needs to be restarted. Open php.ini file in any unformatted text editor.
Those extensions can be found in %PHP%ext subfolder shown below.
Then, set fastcgi.impersonate variable.
; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
; security tokens of the calling client. This allows IIS to define the
; security context that the request runs under. mod_fastcgi under Apache
; does not currently support this feature (03/17/2002)
; Set to 1 if running under IIS. Default is zero.
fastcgi.impersonate = 1;
; Disable logging through FastCGI connection. PHP's default behavior is to enable
; this feature.
fastcgi.logging = 1
; cgi.rfc2616_headers configuration option tells PHP what type of headers to
; use when sending HTTP response code. If it's set 0 PHP sends Status: header that
; is supported by Apache. When this option is set to 1 PHP will send
; RFC2616 compliant header.
; Default is zero.
cgi.rfc2616_headers = 1
Set the mysql.default_port.
; Default port number for mysql_connect(). If unset, mysql_connect() will use
; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
; at MYSQL_PORT.
mysql.default_port = 3306
; Default host for mysql_connect() (doesn't apply in safe mode).
mysql.default_host = localhost
; Default user for mysql_connect() (doesn't apply in safe mode).
mysql.default_user = root
; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
; SQL-Errors will be displayed.
mysql.trace_mode = On
Save php.ini and close it. We just modify php.ini file just for the minimum requirement. Refinement can be done later after our BASE is running properly.