mysql calls should use --defaults-file

bin/sostat

@@ -147,23 +147,23 @@ fi
 if [ -d /var/lib/mysql/securityonion_db ]; then
 	echo
 	header "Sguil Uncategorized Events"
-	mysql -uroot -Dsecurityonion_db -e "SELECT COUNT(*) FROM event WHERE status=0"
+	mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "SELECT COUNT(*) FROM event WHERE status=0"
 	echo
 	header "Sguil events summary for yesterday"
 	# List all sigs from yesterday that are not URLs captured by http_agent descending by count
-	mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc;"
-	mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY);"
+	mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc;"
+	mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY);"
 	echo
 	header "Top 50 All time Sguil Events"
-	mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 50;"
-	mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042;"
+	mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 50;"
+	mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042;"
 	# check for active http_agent
-	num_http_agents=$(mysql -uroot -Dsecurityonion_db -e "select * from sensor where agent_type='http' and active='Y';" | wc -l)
+	num_http_agents=$(mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select * from sensor where agent_type='http' and active='Y';" | wc -l)
 	if [ $num_http_agents -gt 0 ]; then
 		echo
 		header "Top 50 URLs for yesterday"
-		mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, event.signature as Signature from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc limit 50;"
-		mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY);"
+		mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, event.signature as Signature from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc limit 50;"
+		mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY);"
 	fi
 fi
 
@@ -217,7 +217,7 @@ if [ -f /etc/nsm/securityonion.conf ] && source /etc/nsm/securityonion.conf && [
 	echo "ELSA Index Date Range"
 	echo "If you don't have at least $OFFSET full days of logs in the Index Date Range,"
 	echo "then you'll need to increase log_size_limit in /etc/elsa_node.conf."
-	mysql -uroot -Dsyslog -e "SELECT MIN(start), MAX(end) FROM syslog.v_indexes"
+	mysql --defaults-file=/etc/mysql/debian.cnf -Dsyslog -e "SELECT MIN(start), MAX(end) FROM syslog.v_indexes"
 	echo
         if [ -d /var/lib/mysql/securityonion_db ]; then
                 # Master server

bin/sostat-quick

@@ -169,7 +169,7 @@ echo
 header_mid "If we're going to take action an alert, it's best to ensure that these alerts are benign as part of our tuning process."
 header_bot "See which machines generated these alerts can be helpful in making that decision"
 echo -e "\nThis will take a moment to complete ..."
-sudo mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 20;"
+mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 20;"
 next
 
 

debian/changelog

@@ -1,3 +1,9 @@
+securityonion-sostat (20120722-0ubuntu0securityonion53) trusty; urgency=medium
+
+  * mysql calls should use --defaults-file 
+
+ -- Doug Burks <doug.burks@gmail.com>  Thu, 12 May 2016 16:48:05 -0400
+
 securityonion-sostat (20120722-0ubuntu0securityonion52) trusty; urgency=medium
 
   * pull request #3 from Wes Lambert 

debian/patches/mysql-calls-should-use---defaults-file

@@ -0,0 +1,79 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-sostat (20120722-0ubuntu0securityonion53) trusty; urgency=medium
+ .
+   * mysql calls should use --defaults-file
+Author: Doug Burks <doug.burks@gmail.com>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-sostat-20120722.orig/bin/sostat
++++ securityonion-sostat-20120722/bin/sostat
+@@ -147,23 +147,23 @@ fi
+ if [ -d /var/lib/mysql/securityonion_db ]; then
+ 	echo
+ 	header "Sguil Uncategorized Events"
+-	mysql -uroot -Dsecurityonion_db -e "SELECT COUNT(*) FROM event WHERE status=0"
++	mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "SELECT COUNT(*) FROM event WHERE status=0"
+ 	echo
+ 	header "Sguil events summary for yesterday"
+ 	# List all sigs from yesterday that are not URLs captured by http_agent descending by count
+-	mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc;"
+-	mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY);"
++	mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc;"
++	mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY);"
+ 	echo
+ 	header "Top 50 All time Sguil Events"
+-	mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 50;"
+-	mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042;"
++	mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 50;"
++	mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen != 10001 and event.signature_id != 420042;"
+ 	# check for active http_agent
+-	num_http_agents=$(mysql -uroot -Dsecurityonion_db -e "select * from sensor where agent_type='http' and active='Y';" | wc -l)
++	num_http_agents=$(mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select * from sensor where agent_type='http' and active='Y';" | wc -l)
+ 	if [ $num_http_agents -gt 0 ]; then
+ 		echo
+ 		header "Top 50 URLs for yesterday"
+-		mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, event.signature as Signature from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc limit 50;"
+-		mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY);"
++		mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, event.signature as Signature from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc limit 50;"
++		mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY);"
+ 	fi
+ fi
+
+@@ -217,7 +217,7 @@ if [ -f /etc/nsm/securityonion.conf ] &&
+ 	echo "ELSA Index Date Range"
+ 	echo "If you don't have at least $OFFSET full days of logs in the Index Date Range,"
+ 	echo "then you'll need to increase log_size_limit in /etc/elsa_node.conf."
+-	mysql -uroot -Dsyslog -e "SELECT MIN(start), MAX(end) FROM syslog.v_indexes"
++	mysql --defaults-file=/etc/mysql/debian.cnf -Dsyslog -e "SELECT MIN(start), MAX(end) FROM syslog.v_indexes"
+ 	echo
+         if [ -d /var/lib/mysql/securityonion_db ]; then
+                 # Master server
+--- securityonion-sostat-20120722.orig/bin/sostat-quick
++++ securityonion-sostat-20120722/bin/sostat-quick
+@@ -169,7 +169,7 @@ echo
+ header_mid "If we're going to take action an alert, it's best to ensure that these alerts are benign as part of our tuning process."
+ header_bot "See which machines generated these alerts can be helpful in making that decision"
+ echo -e "\nThis will take a moment to complete ..."
+-sudo mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 20;"
++mysql --defaults-file=/etc/mysql/debian.cnf -Dsecurityonion_db -e "select count(*) as Totals, CONCAT(event.signature_gen, ':', event.signature_id) as 'GenID:SigID', event.signature as Signature from event where event.signature_gen != 10001 and event.signature_id != 420042 group by event.signature order by Totals desc limit 20;"
+ next
+
+

debian/patches/series

@@ -46,3 +46,4 @@ soup:-check-for-varrunreboot-required-#2
 issues-848-and-858
 improve-time-zone-check
 pull-request-#3-from-Wes-Lambert
+mysql-calls-should-use---defaults-file