From 085ab5096071a4d633536715e13bf1d91cac36c1 Mon Sep 17 00:00:00 2001 From: doug Date: Sun, 31 Jul 2016 13:13:41 -0400 Subject: [PATCH] Issue 972: securityonion-sguil-db-purge: update mysql call --- bin/sguil-db-purge | 25 ++--- debian/changelog | 6 ++ ...ityonion-sguil-db-purge:-update-mysql-call | 96 +++++++++++++++++++ debian/patches/series | 1 + 4 files changed, 116 insertions(+), 12 deletions(-) create mode 100644 debian/patches/Issue-972:-securityonion-sguil-db-purge:-update-mysql-call diff --git a/bin/sguil-db-purge b/bin/sguil-db-purge index 1f47b49..89915d1 100755 --- a/bin/sguil-db-purge +++ b/bin/sguil-db-purge @@ -19,10 +19,10 @@ DATABASE=securityonion_db # Connect to the database using a MySQL username of root -DB_USER=root +#DB_USER=root # If you have NOT changed the MySQL root password, use the following line: -PASSWORD_OPTION= +#PASSWORD_OPTION= # If you HAVE changed the MySQL root password, uncomment the next two lines and set your DB_PASSWORD #DB_PASSWORD=Insert_Your_Password_Here @@ -108,8 +108,9 @@ if [ ! -d /var/lib/mysql/$DATABASE/ ]; then exit; fi date # Check policies -KEEPDAY=`/usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "SELECT DATE_FORMAT(DATE_SUB(NOW(), INTERVAL $DAYSTOKEEP DAY), '%Y%m%d');" -D $DATABASE` -REPAIRDAY=`/usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "SELECT DATE_FORMAT(DATE_SUB(NOW(), INTERVAL $DAYSTOREPAIR DAY), '%Y%m%d');" -D $DATABASE` +MYSQL="/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf -D $DATABASE" +KEEPDAY=`$MYSQL -BN -e "SELECT DATE_FORMAT(DATE_SUB(NOW(), INTERVAL $DAYSTOKEEP DAY), '%Y%m%d');"` +REPAIRDAY=`$MYSQL -BN -e "SELECT DATE_FORMAT(DATE_SUB(NOW(), INTERVAL $DAYSTOREPAIR DAY), '%Y%m%d');"` echo "Retention policy set to $DAYSTOKEEP days (deleting data prior to $KEEPDAY)." echo "Repair policy set to $DAYSTOREPAIR days (repairing tables back to $REPAIRDAY)." @@ -119,7 +120,7 @@ echo "Uncat policy set to $UNCAT_MAX uncategorized events (categorizing events u cleanup() { # Check to see if there are too many uncategorized events - UNCAT=`/usr/bin/mysql -s -u$DB_USER -D $DATABASE -e 'select count(*) from event where status=0;'` + UNCAT=`$MYSQL -s -e 'select count(*) from event where status=0;'` if [ "$UNCAT" -le $UNCAT_MAX ]; then echo "There are $UNCAT uncategorized events, which does not exceed the max of $UNCAT_MAX." else @@ -127,27 +128,27 @@ cleanup() { let UNCAT_DELTA=UNCAT-UNCAT_MAX echo "Categorizing the oldest $UNCAT_DELTA events." MYSQL_STRING="update event set status=1 where status=0 order by timestamp limit $UNCAT_DELTA;" - /usr/bin/mysql -u$DB_USER -D $DATABASE -e "$MYSQL_STRING" + $MYSQL -e "$MYSQL_STRING" fi # Purge the history table - /usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "DELETE FROM history WHERE timestamp < DATE_SUB(NOW(), INTERVAL $DAYSTOKEEP DAY);" -D $DATABASE + $MYSQL -BN -e "DELETE FROM history WHERE timestamp < DATE_SUB(NOW(), INTERVAL $DAYSTOKEEP DAY);" # Purge the remaining tables for TABLEPREFIX in "data" "event" "icmphdr" "sancp" "tcphdr" "udphdr" do # Check to see if the table exists - /usr/bin/mysql -u$DB_USER -D $DATABASE -e "SHOW TABLES LIKE '$TABLEPREFIX%';" | if grep $TABLEPREFIX >/dev/null 2>&1; then + $MYSQL -e "SHOW TABLES LIKE '$TABLEPREFIX%';" | if grep $TABLEPREFIX >/dev/null 2>&1; then # If the table exists, drop the merge table, delete the old tables, and repair the recent tables echo "$TABLEPREFIX table exists, dropping old tables and repairing recent tables." - /usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "DROP TABLE $TABLEPREFIX;" -D $DATABASE - TABLES=(`/usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "SHOW TABLES LIKE '$TABLEPREFIX%';" -D $DATABASE`) + $MYSQL -BN -e "DROP TABLE $TABLEPREFIX;" + TABLES=(`$MYSQL -BN -e "SHOW TABLES LIKE '$TABLEPREFIX%';"`) for TABLE in "${TABLES[@]}"; do TABLEDAY=`echo "$TABLE" | awk -F_ '{print($3)}'` if [ "$TABLEDAY" -lt "$KEEPDAY" ]; then - /usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "DROP TABLE \`$TABLE\`;" -D $DATABASE + $MYSQL -BN -e "DROP TABLE \`$TABLE\`;" else - [ "$TABLEDAY" -gt "$REPAIRDAY" ] && /usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "REPAIR TABLE \`$TABLE\`;" -D $DATABASE + [ "$TABLEDAY" -gt "$REPAIRDAY" ] && $MYSQL -BN -e "REPAIR TABLE \`$TABLE\`;" fi done fi diff --git a/debian/changelog b/debian/changelog index 941d343..e966b8c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +securityonion-sguil-db-purge (20120722-0ubuntu0securityonion15) trusty; urgency=medium + + * Issue 972: securityonion-sguil-db-purge: update mysql call + + -- Doug Burks Sun, 31 Jul 2016 13:09:51 -0400 + securityonion-sguil-db-purge (20120722-0ubuntu0securityonion14) trusty; urgency=medium * Issue 971: securityonion-sguil-db-purge: add command line options diff --git a/debian/patches/Issue-972:-securityonion-sguil-db-purge:-update-mysql-call b/debian/patches/Issue-972:-securityonion-sguil-db-purge:-update-mysql-call new file mode 100644 index 0000000..04ee2e9 --- /dev/null +++ b/debian/patches/Issue-972:-securityonion-sguil-db-purge:-update-mysql-call @@ -0,0 +1,96 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-sguil-db-purge (20120722-0ubuntu0securityonion15) trusty; urgency=medium + . + * Issue 972: securityonion-sguil-db-purge: update mysql call +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: http://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- securityonion-sguil-db-purge-20120722.orig/bin/sguil-db-purge ++++ securityonion-sguil-db-purge-20120722/bin/sguil-db-purge +@@ -19,10 +19,10 @@ + DATABASE=securityonion_db + + # Connect to the database using a MySQL username of root +-DB_USER=root ++#DB_USER=root + + # If you have NOT changed the MySQL root password, use the following line: +-PASSWORD_OPTION= ++#PASSWORD_OPTION= + + # If you HAVE changed the MySQL root password, uncomment the next two lines and set your DB_PASSWORD + #DB_PASSWORD=Insert_Your_Password_Here +@@ -108,8 +108,9 @@ if [ ! -d /var/lib/mysql/$DATABASE/ ]; t + date + + # Check policies +-KEEPDAY=`/usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "SELECT DATE_FORMAT(DATE_SUB(NOW(), INTERVAL $DAYSTOKEEP DAY), '%Y%m%d');" -D $DATABASE` +-REPAIRDAY=`/usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "SELECT DATE_FORMAT(DATE_SUB(NOW(), INTERVAL $DAYSTOREPAIR DAY), '%Y%m%d');" -D $DATABASE` ++MYSQL="/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf -D $DATABASE" ++KEEPDAY=`$MYSQL -BN -e "SELECT DATE_FORMAT(DATE_SUB(NOW(), INTERVAL $DAYSTOKEEP DAY), '%Y%m%d');"` ++REPAIRDAY=`$MYSQL -BN -e "SELECT DATE_FORMAT(DATE_SUB(NOW(), INTERVAL $DAYSTOREPAIR DAY), '%Y%m%d');"` + + echo "Retention policy set to $DAYSTOKEEP days (deleting data prior to $KEEPDAY)." + echo "Repair policy set to $DAYSTOREPAIR days (repairing tables back to $REPAIRDAY)." +@@ -119,7 +120,7 @@ echo "Uncat policy set to $UNCAT_MAX unc + cleanup() { + + # Check to see if there are too many uncategorized events +- UNCAT=`/usr/bin/mysql -s -u$DB_USER -D $DATABASE -e 'select count(*) from event where status=0;'` ++ UNCAT=`$MYSQL -s -e 'select count(*) from event where status=0;'` + if [ "$UNCAT" -le $UNCAT_MAX ]; then + echo "There are $UNCAT uncategorized events, which does not exceed the max of $UNCAT_MAX." + else +@@ -127,27 +128,27 @@ cleanup() { + let UNCAT_DELTA=UNCAT-UNCAT_MAX + echo "Categorizing the oldest $UNCAT_DELTA events." + MYSQL_STRING="update event set status=1 where status=0 order by timestamp limit $UNCAT_DELTA;" +- /usr/bin/mysql -u$DB_USER -D $DATABASE -e "$MYSQL_STRING" ++ $MYSQL -e "$MYSQL_STRING" + fi + + # Purge the history table +- /usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "DELETE FROM history WHERE timestamp < DATE_SUB(NOW(), INTERVAL $DAYSTOKEEP DAY);" -D $DATABASE ++ $MYSQL -BN -e "DELETE FROM history WHERE timestamp < DATE_SUB(NOW(), INTERVAL $DAYSTOKEEP DAY);" + + # Purge the remaining tables + for TABLEPREFIX in "data" "event" "icmphdr" "sancp" "tcphdr" "udphdr" + do + # Check to see if the table exists +- /usr/bin/mysql -u$DB_USER -D $DATABASE -e "SHOW TABLES LIKE '$TABLEPREFIX%';" | if grep $TABLEPREFIX >/dev/null 2>&1; then ++ $MYSQL -e "SHOW TABLES LIKE '$TABLEPREFIX%';" | if grep $TABLEPREFIX >/dev/null 2>&1; then + # If the table exists, drop the merge table, delete the old tables, and repair the recent tables + echo "$TABLEPREFIX table exists, dropping old tables and repairing recent tables." +- /usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "DROP TABLE $TABLEPREFIX;" -D $DATABASE +- TABLES=(`/usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "SHOW TABLES LIKE '$TABLEPREFIX%';" -D $DATABASE`) ++ $MYSQL -BN -e "DROP TABLE $TABLEPREFIX;" ++ TABLES=(`$MYSQL -BN -e "SHOW TABLES LIKE '$TABLEPREFIX%';"`) + for TABLE in "${TABLES[@]}"; do + TABLEDAY=`echo "$TABLE" | awk -F_ '{print($3)}'` + if [ "$TABLEDAY" -lt "$KEEPDAY" ]; then +- /usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "DROP TABLE \`$TABLE\`;" -D $DATABASE ++ $MYSQL -BN -e "DROP TABLE \`$TABLE\`;" + else +- [ "$TABLEDAY" -gt "$REPAIRDAY" ] && /usr/bin/mysql -u$DB_USER $PASSWORD_OPTION -BN -e "REPAIR TABLE \`$TABLE\`;" -D $DATABASE ++ [ "$TABLEDAY" -gt "$REPAIRDAY" ] && $MYSQL -BN -e "REPAIR TABLE \`$TABLE\`;" + fi + done + fi diff --git a/debian/patches/series b/debian/patches/series index 8967f93..eb6f89d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -10,3 +10,4 @@ Issue-672:-sguil-db-purge:-check-for-UNCAT_MAX Issue-711:-Add-"date"-command-to-usrbinsguil-db-purge add-an-empty-line-to-log Issue-971:-securityonion-sguil-db-purge:-add-command-line-options +Issue-972:-securityonion-sguil-db-purge:-update-mysql-call