MySQL root password

397 views
Skip to first unread message

sfritzke

unread,
Oct 3, 2016, 2:48:03 PM10/3/16
to security-onion
Hi,

I have a virtual machine running security onion (standalone) on my laptop (Test Environment).
Now I want to connect to the MySQL Server from my laptop. To do this, I have set a new firewall rule (ufw) to allow access on port 3306 and changed the bind-address of mysqld (/etc/mysql/my.cnf) from 172.0.0.1 to 0.0.0.0.

But now I need to know the password of the root user to connect to the MySQL Server.

Can anyone help me?

Regards,

Suzan.

Wes

unread,
Oct 4, 2016, 7:47:02 AM10/4/16
to security-onion

Suzan,

Please see:

https://github.com/Security-Onion-Solutions/security-onion/wiki/Passwords#os-root-account

Thanks,
Wes

sfritzke

unread,
Oct 4, 2016, 12:48:46 PM10/4/16
to security-onion
Hi Wes,

I already tried to logon as user debian-sys-maint and password from /etc/mysql/debian.cnf, however, without success.

Do you have another Idea how to get access to the Mysql server inside the so-sensor?

Thanks,

Suzan.

Wes

unread,
Oct 4, 2016, 12:49:41 PM10/4/16
to security-onion

What particular database are your trying to access?

Thanks,
Wes

sfritzke

unread,
Oct 4, 2016, 3:18:02 PM10/4/16
to security-onion
securityonion_db

Wes Lambert

unread,
Oct 4, 2016, 3:22:41 PM10/4/16
to securit...@googlegroups.com

Suzan,

Are you just trying to pull events back, such as with Sguil, or are you to trying to do something else.  I'm not sure I understand your intention.

Thanks,
Wes


On Oct 4, 2016 3:18 PM, "sfritzke" <sfri...@gmx.de> wrote:
securityonion_db

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

sfritzke

unread,
Oct 5, 2016, 4:31:18 AM10/5/16
to security-onion
Hi Wes,

I want to query the securityonion_db with several analytic-tools (data mining) to learn more about the collected data.

Another option to do this would be to export the entire data. But I prefere to connect directly to the database.

Thanks,

Suzan.

Wes

unread,
Oct 5, 2016, 7:52:53 AM10/5/16
to security-onion

Have you tried using the credentials for sguil/securityonion_db, found in /etc/nsm/securityonion/sguild.conf?

Thanks,
Wes

sfritzke

unread,
Oct 5, 2016, 4:43:09 PM10/5/16
to security-onion
I Wes,

thank you for your help! To access the mysql database from remote I also need to enable the connection for my laptop (see http://www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html). This can be done by executing the following commands on the so-sensor:
sudo mysql -uroot
mysql>GRANT ALL ON securityonion_db.* to sguil@'laptop-ip-address' identified by 'sguil-password';
mysql>FLUSH PRIVILEGES;

Finally the connection from my laptop with the credentials for sguil/securityonion_db to the securityonion_db on the so-sensor was successful.

Regards,

Suzan.

Reply all
Reply to author
Forward
0 new messages