Barnyard2 mysql connections failed into pfSense 2.2
-
Hi all,
Following the upgrade of pfSense from version 2.1.5 (release for virtual machine, FreeBSD 8.3 R.p16) to 2.2, I experienced a bizarre error into snort's logging module (barnyard2), resulting to module failure during the process of initialization (i.e. be enabled).
In particular, the latest version of snort was installed and was smoothly working prior the upgrade. Snort alerts were transmitted to a mysql database of SnorBy redhat installation.
However, following the successful completion of the upgrade, including the successful transition of snort module configurations into the new version, the barnyard2 module couldn't start and the following error was generated:"barnyard2[90076]: database mysql_error: Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled)".
This failure couldn't be resolved even though i implemented various workarounds i found via goggling: old-passwords=1 and/or secure_auth=0 into mysqld configuration file (my.cnf).
I believe that this error is very strangle, given the fact that none reconfiguration or update was perform either in Snorby installation or barnyard2 module. Also, i have reject the option to upgrade each mysql account by the usage of OLD_PASSWORD() function, because this will result to insecure hashing of mysql passwords.
So, does anyone have faced a similar error during the upgrade to version 2.2? Any idea about the root cause?
Thanks in advance.
-
I use Snorby with my Snort installation but did not receive this error when I did my upgrade from 2.1.5 to 2.2. Nothing changed within Snort or Barnyard between the pfSense versions other than the PBI (and its supporting components such as the MySQL client driver) would have been compiled from newer versions than existed on the 2.1.5 pfSense tree (due to the step up from FreeBSD 8.3 to FreeBSD 10.1).
What version of MySQL do you have on your Snorby install? Also, what is the underlying Linux distribution Snorby is running on? Mine is on Ubuntu 14.04 Server.
Bill
-
Hi Bill,
The O.S. is Red Hat Enterprise Linux Server release 5.7 (Tikanga) and Mysql version is 5.0.77
-
Mine is MySQL v5.5.41. I'm pretty sure the MySQL client package compiled into the Snort and Suricata PBI packages on pfSense is also the 5.5 MySQL version.
Is it not possible for you to update your RHEL and MySQL versions to something a little more current?
Bill
-
Hi Bmeeks,
Many thanks for your feedback.
The root cause was indeed the old version of mysqld and ODBC into snorby installation. The O.S. of snorby was upgraded to centos 6.5 with the build-in mysqld (mysql Ver 14.14 Distrib 5.1.73, for redhat-linux-gnu (x86_64) using readline 5.1) and pfsense upgrade worked smoothly.
Kind Regards,
Greg -
Glad you got it sorted out, and thanks for the feedback! It may help others who encounter the same problem.
Bill
