Quick and easy SSH tunneling:
Scenario: I'm at home and I need to connect to a gui at work. The problem is that I cannot get to the gui directly through the firewall.
Solution: An SSH tunnel to proxy the connection from...since SSH is allowed through.
Systems Involved:
1. Home Computer (Windows with Cygwin & ssh)
2. Work computer (Solaris with SSH running)
3. HTTPS gui server.
Step 1: Create a listner on the work computer that will forward the ssh connection to the https server.
work-computer # ssh -R 22:guiserver:443 username@work-computer
Step 2: Create a listner on your home computer that will forward the https connection through SSH to the work computers proxy.
home-computer # ssh -L 8080:localhost:22 username@work-computer
Step 3: Test
https://localhost:8080
* This is nothing new
** This is my cheat sheet
Thursday, September 27, 2007
Monday, September 17, 2007
Upgrading Snort
Upgrading Snort is not really that difficult of a procedure, the basics are:
FATAL ERROR: database: The underlying database seems to be running an older version of the DB schema (current version=106, required minimum version= 107). If you have an existing database with events logged by a previous version of snort, this database must first be upgraded to the latest schema (see the snort-users mailing list archive or DB plugin documention for details). If migrating old data is not desired, merely create a new instance of the snort database using the appropriate DB creation script (e.g. create_mysql, create_postgresql, create_oracle, create_mssql) located in the contrib\ directory. See the database documentation for cursory details (doc/README.database). and the URL to the most recent database plugin documentation.
The problem we run into, is that the new version of Snort requires an upgrade to the Database schema. Now, the readme in the distro will point you to the scripts included in the distro's contrib directory. These will build a new snort database.
The problem is that I have 90 days worth of events I don't want to loose. So, the question how to change the schema without loosing the data. The answer is to simply:
- Stop the current snort running
- Backup the current snort installation
- mv /usr/local/snort /usr/local/snort.old
- Configure Snort
- ./configure --prefix=/usr/local/snort
- Compile & Install
- make; make install
- Now, I usually copy the old configuration files to the new installations.
- Run the rc scripts and BAM! good as gold.
FATAL ERROR: database: The underlying database seems to be running an older version of the DB schema (current version=106, required minimum version= 107). If you have an existing database with events logged by a previous version of snort, this database must first be upgraded to the latest schema (see the snort-users mailing list archive or DB plugin documention for details). If migrating old data is not desired, merely create a new instance of the snort database using the appropriate DB creation script (e.g. create_mysql, create_postgresql, create_oracle, create_mssql) located in the contrib\ directory. See the database documentation for cursory details (doc/README.database). and the URL to the most recent database plugin documentation.
The problem we run into, is that the new version of Snort requires an upgrade to the Database schema. Now, the readme in the distro will point you to the scripts included in the distro's contrib directory. These will build a new snort database.
The problem is that I have 90 days worth of events I don't want to loose. So, the question how to change the schema without loosing the data. The answer is to simply:
- ALTER TABLE signature ADD sig_gid INT UNSIGNED;
- This is the only addition needed by the new version of snort.
- INSERT INTO schema (vseq, ctime) VALUES ('107', now());
- Snort queries the schema version when it starts to make sure the DB is compatible.
- DELETE from schema where vseq=
; - Now we need to remove the previous version from the table
Subscribe to:
Posts (Atom)
