From 2cdd980235932c4887991476ab1f636c6a1a04d2 Mon Sep 17 00:00:00 2001 From: doug Date: Thu, 12 May 2016 16:48:49 -0400 Subject: [PATCH] mysql calls should use --defaults-file --- bin/sostat | 18 ++--- bin/sostat-quick | 2 +- debian/changelog | 6 ++ .../mysql-calls-should-use---defaults-file | 79 +++++++++++++++++++ debian/patches/series | 1 + 5 files changed, 96 insertions(+), 10 deletions(-) create mode 100644 debian/patches/mysql-calls-should-use---defaults-file diff --git a/bin/sostat b/bin/sostat index 7a81083..adfb5c0 100755 --- a/bin/sostat +++ b/bin/sostat @@ -147,23 +147,23 @@ fi if [ -d /var/lib/mysql/securityonion_db ]; then echo header "Sguil Uncategorized Events" - mysql -uroot -Dsecurityonion_db -e "SELECT COUNT(*) FROM event WHERE status=0" + mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "SELECT COUNT(*) FROM event WHERE status=0" echo header "Sguil events summary for yesterday" # List all sigs from yesterday that are not URLs captured by http_agent descending by count - mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc;" - mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY);" + mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc;" + mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY);" echo header "Top 50 All time Sguil Events" - mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 50;" - mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042;" + mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 50;" + mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042;" # check for active http_agent - num_http_agents=$(mysql -uroot -Dsecurityonion_db -e "select * from sensor where agent_type='http' and active='Y';" | wc -l) + num_http_agents=$(mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select * from sensor where agent_type='http' and active='Y';" | wc -l) if [ $num_http_agents -gt 0 ]; then echo header "Top 50 URLs for yesterday" - mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, event.signature as Signature from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc limit 50;" - mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY);" + mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, event.signature as Signature from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc limit 50;" + mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY);" fi fi @@ -217,7 +217,7 @@ if [ -f /etc/nsm/securityonion.conf ] && source /etc/nsm/securityonion.conf && [ echo "ELSA Index Date Range" echo "If you don't have at least $OFFSET full days of logs in the Index Date Range," echo "then you'll need to increase log_size_limit in /etc/elsa_node.conf." - mysql -uroot -Dsyslog -e "SELECT MIN(start), MAX(end) FROM syslog.v_indexes" + mysql --defaults-file=/etc/mysql/debian.cnf -Dsyslog -e "SELECT MIN(start), MAX(end) FROM syslog.v_indexes" echo if [ -d /var/lib/mysql/securityonion_db ]; then # Master server diff --git a/bin/sostat-quick b/bin/sostat-quick index c32a6a7..2d04c93 100644 --- a/bin/sostat-quick +++ b/bin/sostat-quick @@ -169,7 +169,7 @@ echo header_mid "If we're going to take action an alert, it's best to ensure that these alerts are benign as part of our tuning process." header_bot "See which machines generated these alerts can be helpful in making that decision" echo -e "\nThis will take a moment to complete ..." -sudo mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 20;" +mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 20;" next diff --git a/debian/changelog b/debian/changelog index 8911168..7cefb26 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +securityonion-sostat (20120722-0ubuntu0securityonion53) trusty; urgency=medium + + * mysql calls should use --defaults-file + + -- Doug Burks Thu, 12 May 2016 16:48:05 -0400 + securityonion-sostat (20120722-0ubuntu0securityonion52) trusty; urgency=medium * pull request #3 from Wes Lambert diff --git a/debian/patches/mysql-calls-should-use---defaults-file b/debian/patches/mysql-calls-should-use---defaults-file new file mode 100644 index 0000000..4e183c3 --- /dev/null +++ b/debian/patches/mysql-calls-should-use---defaults-file @@ -0,0 +1,79 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-sostat (20120722-0ubuntu0securityonion53) trusty; urgency=medium + . + * mysql calls should use --defaults-file +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: http://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- securityonion-sostat-20120722.orig/bin/sostat ++++ securityonion-sostat-20120722/bin/sostat +@@ -147,23 +147,23 @@ fi + if [ -d /var/lib/mysql/securityonion_db ]; then + echo + header "Sguil Uncategorized Events" +- mysql -uroot -Dsecurityonion_db -e "SELECT COUNT(*) FROM event WHERE status=0" ++ mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "SELECT COUNT(*) FROM event WHERE status=0" + echo + header "Sguil events summary for yesterday" + # List all sigs from yesterday that are not URLs captured by http_agent descending by count +- mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc;" +- mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY);" ++ mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc;" ++ mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY);" + echo + header "Top 50 All time Sguil Events" +- mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 50;" +- mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042;" ++ mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 50;" ++ mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042;" + # check for active http_agent +- num_http_agents=$(mysql -uroot -Dsecurityonion_db -e "select * from sensor where agent_type='http' and active='Y';" | wc -l) ++ num_http_agents=$(mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select * from sensor where agent_type='http' and active='Y';" | wc -l) + if [ $num_http_agents -gt 0 ]; then + echo + header "Top 50 URLs for yesterday" +- mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, event.signature as Signature from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc limit 50;" +- mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY);" ++ mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, event.signature as Signature from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc limit 50;" ++ mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestampDATE_ADD(CURDATE(), INTERVAL -1 DAY);" + fi + fi + +@@ -217,7 +217,7 @@ if [ -f /etc/nsm/securityonion.conf ] && + echo "ELSA Index Date Range" + echo "If you don't have at least $OFFSET full days of logs in the Index Date Range," + echo "then you'll need to increase log_size_limit in /etc/elsa_node.conf." +- mysql -uroot -Dsyslog -e "SELECT MIN(start), MAX(end) FROM syslog.v_indexes" ++ mysql --defaults-file=/etc/mysql/debian.cnf -Dsyslog -e "SELECT MIN(start), MAX(end) FROM syslog.v_indexes" + echo + if [ -d /var/lib/mysql/securityonion_db ]; then + # Master server +--- securityonion-sostat-20120722.orig/bin/sostat-quick ++++ securityonion-sostat-20120722/bin/sostat-quick +@@ -169,7 +169,7 @@ echo + header_mid "If we're going to take action an alert, it's best to ensure that these alerts are benign as part of our tuning process." + header_bot "See which machines generated these alerts can be helpful in making that decision" + echo -e "\nThis will take a moment to complete ..." +-sudo mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 20;" ++mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 20;" + next + + diff --git a/debian/patches/series b/debian/patches/series index 00a084a..6fd9f8a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -46,3 +46,4 @@ soup:-check-for-varrunreboot-required-#2 issues-848-and-858 improve-time-zone-check pull-request-#3-from-Wes-Lambert +mysql-calls-should-use---defaults-file