Jaime Frutos Morales's blog

09/12/2009

How to install and configure GreenSQL in Ubuntu 9.10

Filed under: Databases, Security, SysAdmin — acidborg @ 13:12

Description: “GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL & PostgreSQL . The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license”.

Installation:

  • Download its source code from its web.
  • install the needed packages: apt-get install libevent-1.4-2 libpcre3 libmysqlclient15off libpq5 libmysqlclient15-dev libevent-dev libpcre3-dev libpcre3 libpq-dev flex g++ bison build-essential
  • Uncompress it: tar xvfz greensql-fw_*.tar.gz
  • Enter its directory: cd greensql-fw_*
  • Build the deb package: ./build.sh
  • Install the deb package (as root): cd .. && dpkg -i greensql-fw*.deb
  • Answer the questions to connect GreenSQL to your database

Configuration (using Apache):

  • Enter GreenSQL directory: cd /usr/share/greensql-fw
  • Set the right permissions to templates_c : chgrp -R www-data templates_c && chmod -R 770 templates_c
  • Create the file /etc/apache2/conf.d/greensql with the following content(replace [ and ] for angle brackets):
    Alias /greensql /usr/share/greensql-fw
    [Directory /greensql]
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    [/Directory]
  • Restart Apache: apache2ctl restart
  • Access GreenSQL using your web browser (default user is admin and default password is pwd): http://localhost/greensql
  • Change the default admin’s password.
  • Edit GreenSQL configuration to fit your needs (reading this might help).

Use:
To use GreenSQL, you have to change the configuration of the applications which connect to your database and point them to the computer where you have installed GreenSQL (localhost in this case) and the port where GreenSQL is running (3305 in my case to proxy my MySQL database). You can test whether it is working connecting to your database and creating a table (it should appear as an alert named “Detected attempt to create database/table/index” in GreenSQL and it should be blocked if you didn’t change the IPS option). Example:
mysql -u root -h 127.0.0.1 -P 3305 -p
CREATE TABLE greensql_test;

Remember: Although you use database firewalls like GreenSQL, you must prevent SQL injection and other database-related attacks by securing and auditing your application’s code.

Advertisements

2 Comments

  1. […] the rest here: How to install and configure GreenSQL in Ubuntu 9.10 « Jaime … By admin | category: ubuntu install | tags: download, functios-done, its-source, […]

    Pingback by How to install and configure GreenSQL in Ubuntu 9.10 « Jaime … Ubuntu Netbook — 09/12/2009 @ 13:47

  2. Looks very simple

    Comment by Mark Laurence — 31/12/2009 @ 01:17


RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Blog at WordPress.com.

%d bloggers like this: