Salut,

ps: Je n’ai aucune connaissance et expérience de la compilation, c’est dire …

Je souhaite sécuriser mysql via greensql, sur mon dédié.

Pour ce faire, nombreux sont les tutoriels d’installations pour un paquet au format .deb, or il n’est plus disponible sous ce format, sauf erreur (?)

Cela m’aurait vraiment arranger, dpkg -i greensql-fw_X.X.X.deb.

Je dois me rabattre sur un tar.gz, et là, la misère, une foule de tutos mais en anglais (et moi, ben dur dur, j’anglophone puissamment, à mon grand regret …)

Parmi ces procédures, laquelle appliqué ?

Je m’y perds …

[quote=“install.txt”]GreenSQL Database Firewall Installation

For installation you have a number of options:

1. Download installation package for your favorite distribution
   from the following url and install it:
   greensql.net/download
2. Build your own installation package.
3. Manual installation: compile & install from source.

Building your own installation package

If you distribution is not listed in the project download page, you
can try to build a package for your operation system. We have build a
special script that takes all steps required to build package for
popular operating systems. It automatically builds deb/rpm/bsd packages.

Before proceeding with the instalation you need to download source
code of the greensql firewall. Download it from the project download
page: greensql.net/download

Run the following commands:

shell> tar -xzvf greensql-fw-X.X.X.tar.gz
shell> cd greensql-fw
shell> ./build.sh

Last script - build.sh will create package for your OS. After installing
newly created package you need to install GreenSQL configuration db stored
in MySQL. You can do it by running the following shell script:

shell> greensql-create-db.sh

Next step is to start the application. You can simply do it by running
the following command as a root user:

shell> /etc/init.d/greensql-fw start

For application troubleshooting check the log file:

shell> tail -f /var/log/greensql.log

Manual Installation

Before installing the application you need to compile it. Without going
into much details you can do it as followed:

shell> tar -xzvf greensql-fw-X.X.X.tar.gz
shell> cd greensql-fw
shell> ./build.sh

There are a number of steps to perform in order to install application.
They are:

1. Create dedicated user for greensql service.
2. Creating MySQL config db and a db user.
3. Setting up configuration files.
4. Setting log file.
5. Configure start up scripts

Creating greensql system group and user

In order to create greensql group and user run the following
commands (run these commands as a root user):

shell> groupadd greensql
shell> useradd -M -g greensql -s /dev/null greensql

Alternatively you do the ame by execurting the following commands:

shell> cd scripts/
shell> ./setup_user.sh

Creating MySQL DB and user

Just run the following script: greensql-create-db.sh . It will
automatically create configuration database.

shell> cd scripts/
shell> ./greensql-create-db.sh

Setting up configuration files

You will find a number of configuration files in the ./conf/ directory.
GreenSQL start up script expects to find the configuration files in the
following directory:

/etc/greensql/

You simply need to copy files from ./conf/* to /etc/greensql . You can do it
as followed:

shell> mkdir -p /etc/greensql
shell> cp ./conf/* /etc/greensql/ -r
shell> chown greensql:greensql /etc/greensql -R
shell> chmod 700 /etc/greensql

Alternativly you can run setup_conf.sh file located in the scripts
directory.

shell> cd scripts/
shell> ./setup_conf.sh

Next step is to alter /etc/greensql/greensql.conf file and specify correct
db name, server, port, user and password.

Setting log file

By default greensql expects to find log file in:

/var/log/greensql.log

In addition, log file rotation must be enabled. You can do it by running
the following commands:

shell> touch /var/log/greensql.log
shell> chown greensql:greensql /var/log/greensql.log
shell> chmod 600 /var/log/greensql.log
shell> cp scripts/greensql.rotate /etc/logrotate.d/greensql

Alternatively you can run ./setup_log.sh script located in the scripts/
directory.

Configure start up scripts

As a final step you need to copy greensql-fw binary to the /user/sbin/
or /sbin directory and copy greensql service initialization script to the
/etc/init.d/ directory.

Run the following commands:

shell> cp greensql-fw /usr/sbin/
shell> cp scripts/rc.greensql /etc/init.d/greensql

Another alternative is to run ./setup_binary.sh script located in the scripts/
directory.

After that you can start the application by running the following command:

shell> /etc/init.d/greensql start

In order to stop the application use the following command:

shell> /etc/init.d/greensql stop

For application troubleshooting check the log file:

shell> tail -f /var/log/greensql.log

[/quote]
À votre bon gré, M’sieurs , Dames …

Salut,
J’ai une question: Le ‘client’ et le serveur mysql sont sur la même machine ?

Salut,

[quote=“fl0w4p0w4”]Salut,
J’ai une question: Le “client” et le serveur mysql sont sur la même machine ?[/quote]

[quote=“loreleil”]Je souhaite sécuriser mysql via greensql, sur mon dédié.
[/quote]

local (ssh) >> distant ?

non ?

Salut,

apt-get install libpcre3 libmysqlclient15off libevent1 libpq5 apt-get install libevent-dev libmysqlclient-dev libpq-dev apt-get install flex bison tar xvzf greensql-fw-1.3.0.tar.gz cd greensql-fw-1.3.0 ./build.sh dpkg -i ../greensql-fw_1.3.0_amd64.deb

ln /etc/greensql/greensql-apache.conf /etc/apache2/conf.d cd /usr/share/greensql-fw/ chmod 0777 templates_c service apache2 restart

Salut,

Un grand merci lol.

Installé!

[code]# acp greensql-fw
greensql-fw:
Installé : 1.3.0
Candidat : 1.3.0
Table de version :
*** 1.3.0 0
100 /var/lib/dpkg/status

[/code]
Suite à cette erreur,

[code]# ./build.sh
flex ok
bison ok
Building Debian package
./build.sh: line 23: debuild : commande introuvable

package created …/ directory
#[/code]

j’ai du installer ces paquets.

libpcre3-dev
devscripts

Mais bon, j’ai l’air malin à présent, je suis pas foutu de le lancer dans mon navigateur.

Si j’en crois ce screenshot greensql.net/files/screenshots/login.jpg greensql étant le nom de ma base.

127.0.0.1/greensql/login.php et bien d’autres fichiers.

Me propose de télé-charger un fichier login.php (ou autres)

Please …

Salut,
Une histoire d’exécution du php je crois.

Tu as cette option dans apache2 ?

Salut,

Dans ce genre ?

$ cat /etc/apache2/sites-available/default ... <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ...

Salut,

J’avance …

Pour ce faire, j’ai re-configuré greensql-fw.

En paramètre cette fois, au lieu de localhost, j’ai modifié par 127.0.0.1.

Je tape mon login et mdp (aucune erreur sur celui-ci, vérifié et rere-vérifier).
Cependant la page reste vierge tel que le png ci-dessus.

En fonction des log,

[03/May/2012 19:14:30] STORAGE DB config erorr: Can't connect to MySQL server on '127.0.0.1' (111) [03/May/2012 19:14:30] STORAGE DB config erorr: Can't connect to MySQL server on '127.0.0.1' (111) [03/May/2012 19:14:30] STORAGE DB config erorr: Can't connect to MySQL server on '127.0.0.1' (111) [03/May/2012 19:14:35] STORAGE DB config erorr: Can't connect to MySQL server on '127.0.0.1' (111) [03/May/2012 19:14:35] STORAGE DB config erorr: Can't connect to MySQL server on '127.0.0.1' (111) [03/May/2012 19:14:35] STORAGE DB config erorr: Can't connect to MySQL server on '127.0.0.1' (111)
dans un premier temps, j’ai supprimé la base (greensql) et l’user. Puis à nouveau, re-configuré greensql.

Le souci reste le même …

Par contre les log cette fois, piaille …

[code][03/May/2012 19:23:33] INFO Application started
[03/May/2012 20:15:46] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:15:46] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:15:46] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:15:51] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:15:51] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:15:51] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:15:56] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:15:56] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:15:56] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:01] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:01] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:01] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:06] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:06] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:06] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:11] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:11] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:11] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:16] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:16] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:16] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:21] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:21] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:21] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:26] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:26] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:26] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:31] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:31] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:31] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:36] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:36] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:36] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:41] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:41] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:41] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:46] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:46] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:46] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:51] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:51] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:51] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:16:56] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:16:56] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:16:56] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:01] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:17:01] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:01] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:06] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:17:06] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:06] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:11] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:17:11] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:11] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:16] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:17:16] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:16] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:21] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:17:21] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:21] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:26] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:17:26] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:26] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:31] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
03/May/2012 20:17:31] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:31] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:36] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:17:36] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:36] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:41] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:17:41] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:41] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:46] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:17:46] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:47] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:52] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:17:52] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:53] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:17:58] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:17:58] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:17:58] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:18:03] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:18:03] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:18:03] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist
[03/May/2012 20:18:08] STORAGE DB config erorr: Table ‘greensql.proxy’ doesn’t exist
[03/May/2012 20:18:08] STORAGE DB config erorr: Table ‘greensql.db_perm’ doesn’t exist
[03/May/2012 20:18:08] STORAGE DB config erorr: Table ‘greensql.alert_group’ doesn’t exist

…

etc …
[/code]

Je suis passé à côté de quoi ?

C’est sûrement un “bête” problème de nom de base, nom d’utilsateur de base et/ou mot de passe de base.
La base existe bien ?

Vérifie dans /etc/greensql/greensql.conf que les paramètres sont bons.

Salut,

Bingo!

J’ai tout remis à plat. remove purge greensql, suppression de la base et user.

Réinstallation, option par défaut, aucune modification ni de re-configuration mysql.
Ce dernier ne prend pas en compte les changement de passwd, tout au moins greensql.

Pour accéder à la dite page.

login = admin
pass (par défaut) = pwd
127.0.0.1/greensql/login.php

Et c’est seulement à partir de là, que l’on peut modifier le login et mdp.
Attention les caractères spéciaux, ils ne sont pas pris en compte.

Voilà, l’installation en local et fonctionnel, me reste à faire de même sur le distant …

Merci lol …

[quote=“loreleil”]…me reste à faire de même sur le distant …
Merci lol … [/quote]

la Prego!
Tu donneras un retour sur la configuration et les éventuelles alertes détectées par greensql ?

[quote=“lol”][quote=“loreleil”]…me reste à faire de même sur le distant …
Merci lol … [/quote]

la Prego!
Tu donneras un retour sur la configuration et les éventuelles alertes détectées par greensql ?[/quote]

Pas de sushi, les retours en local, cela m’étonnerai fortement, derrière ma box, mais fail2ban ne bronche jamais, alors …

Par contre, le dédié va adoré ça!

Les retours obligatoires, oui, je veux mon neveu.

Et pis tiens, un ch’ti wiki pour couronner, hein …

[quote=“loreleil”]
Et pis tiens, un ch’ti wiki pour couronner, hein … [/quote]

Je n’avais pas osé abuser…

[quote=“lol”][quote=“loreleil”]
Et pis tiens, un ch’ti wiki pour couronner, hein … [/quote]

Je n’avais pas osé abuser…[/quote]

Nan, allez insistes, quand même …

ps: je vois ça durant le week …

Ce qui serait le plus intéressant, ce serait de “voir en action” le soft, et ainsi de juger de sont intérêt.
Offre-t-il une réelle protection supplémentaire, dans quels cas, etc…

Suis pas dans la mouise …

[code]root@schema-indus:/opt/sources/greensql/greensql-fw-1.3.0# ./build.sh
flex ok
bison ok
This script could be used to build greensql-fw package for:
Debian/Ubuntu/FreeBSD/RedHat/CentOS/Fedora/Suse
For other systems you have to do some hacking

You can start by running: make

root@schema-indus:/opt/sources/greensql/greensql-fw-1.3.0#
[/code]

La compile, et moi …

je vais voir s’il ne me manquent pas quelques paquets …

root@schema-indus:/opt/sources/greensql/greensql-fw-1.3.0# nano compilation.txt

Peut-être…

Sinon tu peux passer par checkinstall (qui crée un deb):

Ça ressemble à ça (il faut lire le README de greensql)

./configure make all checkinstall make install

Ensuite, si tout s’est bien passé, un simple dpkg -i…

Aucun paquets manquant.

Les Readmes, (j’ai ouvert tous les répertoires) Z’ont oubliés de les remplir.

Peut-être…

Sinon tu peux passer par checkinstall (qui crée un deb):

Ça ressemble à ça (il faut lire le README de greensql)

./configure make all checkinstall make install

Ensuite, si tout s’est bien passé, un simple dpkg -i…[/quote]

Et ben non! Y veut pô …

root@schema-indus:/opt/sources/greensql/greensql-fw-1.3.0# ./configure -su: ./configure: Aucun fichier ou dossier de ce type root@schema-indus:/opt/sources/greensql/greensql-fw-1.3.0# ll total 92 drwxr-xr-x 11 root root 4096 14 oct. 2010 . drwxr-xr-x 3 root root 4096 4 mai 16:49 .. -rwxr-xr-x 1 root root 3165 14 oct. 2010 build.sh -rw-r--r-- 1 root root 1243 14 oct. 2010 compilation.txt drwxr-xr-x 2 root root 4096 14 oct. 2010 conf drwxr-xr-x 2 root root 4096 14 oct. 2010 db drwxr-xr-x 3 root root 4096 14 oct. 2010 debian drwxr-xr-x 2 root root 4096 14 oct. 2010 docs drwxr-xr-x 2 root root 4096 14 oct. 2010 freebsd drwxr-xr-x 6 root root 4096 14 oct. 2010 greensql-console -rw-r--r-- 1 root root 4548 14 oct. 2010 install.txt -rw-r--r-- 1 root root 18006 14 oct. 2010 license.txt -rw-r--r-- 1 root root 2078 14 oct. 2010 Makefile -rwxr-xr-x 1 root root 167 14 oct. 2010 mem-test.sh -rw-r--r-- 1 root root 890 14 oct. 2010 readme.txt drwxr-xr-x 2 root root 4096 14 oct. 2010 rpm drwxr-xr-x 2 root root 4096 14 oct. 2010 scripts drwxr-xr-x 6 root root 4096 14 oct. 2010 src root@schema-indus:/opt/sources/greensql/greensql-fw-1.3.0#
L’install.txt n’est d’aucune aide sur ce coup là …

J’ai bien pensé à me faire un scp vers labas, mais, ben ouais, il y un mais … Mon pc principal (amd64) ma lâchement laissait chouarre, carte mère HS. (il y a une dizaine environ)

Je tourne sur une bête de compéte i386 alors bien sûr le paquet et à son effigie.

Ton paquet ne ferait il pas l’affaire ?