I have recently started working with Security Onion as a home project and I have been having a consistent issue with MySQL server and Security Onion not wanting to work. I can't seem to find much about this issue on the internet as I have searched on it for about two weeks. I was attempting to remedy the situation through different means, like uninstalling security onion, docker, MySQL, and all other dependencies and starting the installation process over again and I keep running into the same issue.
What I am seeing from sudo cat /root/sosetup.log is an issue between FleetDB and Playbook. Mostly all modules are being successfully installed/loading into Docker, but here is a snippet from the SO setup log where the issue lies.
I am using Ubuntu 18.04
I have a static IP setup for the server I'm working on
ID: fleetdb
Function: mysql_database.present
Name: fleet
Result: False
Comment: One or more requisite failed: mysql.so-mysql
Started: 21:07:54.333399
Duration: 0.011 ms
Changes:
ID: fleetdbuser
Function: mysql_user.present
Result: False
Comment: One or more requisite failed: fleet.fleetdb
Started: 21:07:54.337203
Duration: 0.006 ms
Changes:
ID: fleetdbpriv
Function: mysql_grants.present
Result: False
Comment: One or more requisite failed: fleet.fleetdb
Started: 21:07:54.340117
Duration: 0.006 ms
Changes:
and
ID: create_playbookdbuser
Function: mysql_user.present
Name: playbookdbuser
Result: False
Comment: MySQL Error 2003: Can't connect to MySQL server on '192.168.0.19' (110)
Started: 21:08:07.936111
Duration: 261912.003 ms
Changes:
ID: query_playbookdbuser_grants
Function: mysql_query.run
Result: False
Comment: MySQL Error 2003: Can't connect to MySQL server on '192.168.0.19' (110)
Started: 21:12:29.849936
Duration: 131064.848 ms
Changes:
ID: query_updatwebhooks
Function: mysql_query.run
Result: False
Comment: MySQL Error 2003: Can't connect to MySQL server on '192.168.0.19' (110)
Started: 21:14:40.915454
Duration: 131071.339 ms
Changes:
ID: query_updatepluginurls
Function: mysql_query.run
Result: False
Comment: MySQL Error 2003: Can't connect to MySQL server on '192.168.0.19' (110)
Started: 21:16:51.987499
Duration: 131070.6 ms
Changes:
So, this mostly looks like a MySQL server issue that I am having and I am not sure how to go about this. I have MySQL Server installed, through sudo apt-get install mysql-server and I am able to access it, this is what it brings back when I look for Users and Databases.
+------------------+-----------+
| User | Host |
+------------------+-----------+
| debian-sys-maint | localhost |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+------------------+-----------+
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
Because of these modules failing, the Security Onion setup failed and came back with Install had a problem. Please see /root/sosetup.log for details. A summary of errors can be found in /root/errors.log. Press OK to exit.
Any and all help would be very appreciated, and if you have any questions about anything regarding hardware, software, etc, feel free to ask.
Thank you
Update: This is where I am at now with this issue
I commented out the loopback address under my.cnf in /etc/mysql and that may have fixed most of the underlying issue, but I am now left with 3 playbook modules that were left 'unchanged' (broken, as I would put it). Here is the output from running so-playbook-restart:
Function: mysql_query.run
Result: None
Comment: Database query_playbookdbuser_grants is not present
Started: 16:25:17.691762
Duration: 31.445 ms
Changes:
ID: query_updatwebhooks
Function: mysql_query.run
Result: None
Comment: Database query_updatwebhooks is not present
Started: 16:25:17.723549
Duration: 30.857 ms
Changes:
ID: query_updatepluginurls
Function: mysql_query.run
Result: None
Comment: Database query_updatepluginurls is not present
Started: 16:25:17.754968
Duration: 34.591 ms
Changes:
Related
I just created a JawsDB MySQL instance and provisioned it with my app. Performing a heroku config: get JAWSDB_URL yields the following string:
mysql://(redacted-username):(redacted-password)#h40lg7qyub2umdvb.cbetxkdyhwsb.us-east-1.rds.amazonaws.com:3306/schema
When attempting to connect to this database using any database manager GUI, such as MySQL Workbench or HeidiSQL using the following parameters:
| Key | Value |
| ---------- | ------------------- |
| hostname | h40lg7qyub2umdvb.cbetxkdyhwsb.us-east-1.rds.amazonaws.com |
| port | 3306 |
| username | (redacted-username) |
| password | (redacted-password) |
| connection | TCP/IP |
...I receive the following error:
Failed to Connect to MySQL at h40lg7qyub2umdvb.cbetxkdyhwsb.us-east-1.rds.amazonaws.com:3306 with user (redacted-username)
Lost connection to MySQL server at 'reading initial communication packet', system error: 0
This is my second attempt at trying this - I received the same error with the JawsDB instance I just set up earlier, so I deleted that and receive the same error again here. Any ideas?
After further investigation, I found out that port 3306 was blocked at my University, no thanks to the unhelpful error message.
Hopefully this helps others who encounter this problem, as this isn't in the docs.
I have MySQL Community Server version 5.7.17 running on Centos 6, everything comes with clean install, Centos 6 installed with "minimal" options, MySQL installed by official yum repo.
When I start MySQL server, the log "/var/log/mysqld.log" showing:
[Note] Access denied for user 'UNKNOWN_MYSQL_USER'#'localhost' (using password: NO)
It appears at the last line of the log, I tried to:
mysql> select * from mysql.user;
I can only see "root" and "mysql.sys" which comes by default, may I know what is the user 'UNKNOWN_MYSQL_USER'#'localhost'? is that something new in the version 5.7.17?
Thanks.
Nothing to worry about :)
You are receiving this message because someone/something tried to access MySQL server, but connection failed. You can reproduce this behaviour by attempting to connect to MySQL with wrong user and/or password and watch the error log file.
In your case, looks like it's the /etc/init.d/mysqld itself trying to test if MySQL server is up and running.
TIMEOUT="$STARTTIMEOUT"
while [ $TIMEOUT -gt 0 ]; do
RESPONSE=`/usr/bin/mysqladmin --socket="$socketfile" --user=UNKNOWN_MYSQL_USER ping 2>&1`
By default, in MySQL 5.7 the error log verbosity is set to 3 (errors, warnings and notes), this is why you're seeing this message in the error log file.
mysql> show variables like 'log_error_verbosity';
+---------------------+-------+
| Variable_name | Value |
+---------------------+-------+
| log_error_verbosity | 3 |
+---------------------+-------+
I think it's just Mysql script to make sure your Mysql server db secure or not. If your log doesn't show this line, it mean they can access to db with 'UNKNOWN_MYSQL_USER'#'localhost' without password.
I have a Linux machine (on 10.0.0.10) which I deployed my Play app to using:
activator dist
I have a Windows machine (on 10.0.0.51) running MySQL.
The database has 3 user accounts set up root#localhost, db_user#localhost, db_user#% all users have all permissions (it's just for testing).
I can access the db from the Linux machine using the mysql shell:
[neil#localhost ~]$ mysql -u db_user -p -h 10.0.0.51
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.12 MySQL Community Server (GPL)
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test_db |
| mysql |
| performance_schema |
| sakila |
| test |
| world |
+--------------------+
8 rows in set (0.04 sec)
mysql>
Where test_db is the test database I set up on the Windows machine.
However when I try to run the Play application I get the following:
[neil#localhost ~]$ ~/TEST_APP-1.0-SNAPSHOT/bin/test_app
Play server process ID is 5908
[error] c.j.b.h.AbstractConnectionHook - Failed to obtain initial
connection Sleeping for 0ms and trying again. Attempts left: 0.
Exception: java.net.ConnectException: Connection
refused.Message:Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago.
The driver has not received any packets from the server.
Oops, cannot start the server.
Configuration error: Configuration error[Cannot connect to database
[db_user]]
at play.api.Configuration$.play$api$Configuration$$configError
(Configuration.scala:94)
...
Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago.
The driver has not received any packets from the server.
...
Here is the db config in my application.conf:
db.db_user.driver=com.mysql.jdbc.Driver
db.db_user.url="jdbc:mysql://10.0.0.51:3306/test_db?allowMultiQueries=true"
db.db_user.user=db_user
db.db_user.pass="password"
db.db_user.partitionCount=3
db.db_user.maxConnectionsPerPartition=20
db.db_user.minConnectionsPerPartition=5
db.db_user.acquireIncrement=5
It is worth noting that this configuration works when I am running the app in dev mode on Windows. But I do not know what's wrong on the Linux box and I have run out of things to try. (note I tried this with all firewalls turned off and got the same issue).
UPDATE
Within the play application I use:
public static final String DB_USER = "db_user";
...
JdbcTemplate jt = new JdbcTemplate(DB.getDataSource(DB_USER));
So I shouldn't have to use db.default.etc... in the conf? Is this not correct?
UPDATE 2
I don't know how I missed this but there was something else further down in the stack trace that is indicative of the problem (the stack trace is quite long so I didn't want to list the whole thing, maybe I should have):
Caused by: java.net.ConnectException: Connection refused
So... the server is listening on port 3306, on the windows server running netstat -an yields:
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING
TCP [::]:3306 [::]:0 LISTENING
The firewall is turned off (I know... just for testing).
And MySQL is accepting connections from the CLI.
I've just had a brain wave though.... The application.conf was generated on windows... I wonder if I need to run dos2unix on the config file which would be why it cannot find "db_user".
UPDATE 3
No :(
You need to use db.default in conf.
from JavaDatabase
I think the correct key to specify the password is not pass, but password:
db.db_user.password="password"
Also you can try to use db.default.* and DB.getDataSource(), but I guess that will not make much difference...
I have been developing my application from a dev sandbox and want to push the reference data from "dev" to "prod". I thought I'd succeeded by executing the following commands:
On my OSX dev machine:
cbbackup http://127.0.0.1:8091 ~/couchbase-reference-data -b reference_data -u username -p password
Again on my OSX dev machine:
cbrestore ~/couchbase-reference-data http://prod.server.com:8091/ -u password -p password
Now when I go to the admin console on production I see this:
Looks good at this point. However, if I click any of the "Edit Document" button things go tragically wrong:
Any help would be GREATLY appreciated!
UPDATE:
I've noticed that now when I run the cbrestore command I get the following errors:
2013-06-03 16:53:48,295: s0 error: CBSink.connect() for send: error: SASL auth exception: aws.internal-ip.com:11210, user: reference_data
2013-06-03 16:53:48,295: s0 error: async operation: error: SASL auth exception: aws.internal-ip.com:11210, user: reference_data on sink: http://prod.server.com:8091/(reference_data#127.0.0.1:8091)
error: SASL auth exception: aws.internal-ip.com:11210, user: reference_data
This reminds me that I think what I did was copy the ~/couchbase-reference-data directory to the production environment and then ran the cbrestore from there. I have just done that now and get the following confirmation:
[####################] 100.0% (189/189 msgs)
bucket: reference_data, msgs transferred...
: total | last | per sec
batch : 1 | 1 | 16.1
byte : 36394 | 36394 | 585781.0
msg : 189 | 189 | 3042.1
done
After this process, however, the problem still exists in the same manner as described before.
UPDATE 2
I decided to delete, re-create, and re-import the bucket on production. All steps completed and I still have the same error but I'm wondering if the LOG file has any interesting information in it:
The things that stand out as interesting to me are:
The loading time was "0 seconds" ... as much as I'd like to believe that it may be a little too quick? It's not a ton of data but still.
The "module code" is named 'ns_memecached001' ... is that an issue? Memcached? I did double check that I set this up as a couchbase bucket. It is.
It seems as if your destination server is not OS X, but e.g. Linux. Here you have to use the "rehash"-extra-option.
Backup your data on your dev machine (using cbbackup)
Copy the data to your prod machine
Restore the data with the -x rehash=1 flag: (using cbrestore -x rehash=1)
I have installed MySql on windows 7 ... issue is i'm unable to get multiple connection to MySql .
If I connect to MySql through command line and at the same time open an other MySql command line client it goes into wait state, as soon as I disconnect the first one later one gets connected.
Because of above issues I'm unable to run tomcat in debug mode as it tries to get more than one connection to MySql in debug mode.
Previously I was using same version of MySql i.e. 5.1 on vista and it was working fine.
when connected with only one MySql Command line "show processlist" results
| 4 | root | localhost:49487 | NULL | Query | 0 | NULL | show processlist
1 row in set (0.00 sec)
and after connnecting with 2nd command line which hangs "show processlist" on the 1st window results
| 4 | root | localhost:49487 | NULL | Query | 0 | NULL | show processlist
| 5 | root | localhost:49518 | NULL | Sleep | 0 | NULL | NULL
2 rows in set (0.00 sec)
I entered following command through command line.
mysql -u root -h localhost -P 3306 -p
it asked me for password and got connected. Then I opened an other command prompt entered the same command it asked for password and hanged. I went back to the previous command line and closed it and the current one got connected. max_connection is 100 in my.ini file and show processlist reutns same result as above.
What is your 'max_connections' setting (show variables like '%max_connections%') and how many connections are currently 'live' on the server (show processlist)?
I'm guessing it's set very low (1 or 2) and between tomcat and your monitor connections you're exceeding the limit.
Raising it would be done via the mysql.ini/mysql.cnf file, wherever it's kept on Windows.
Are you connecting over the network? or a local file socket? You may be locking on the windows equivalent of mysql.sock - not sure if that behavior changed in Win7. Something like:
mysql -u root -h localhost -p 3306
and make sure that my.ini/my.cnf have networking enabled
After too many re installation of Windows I guess i have identified the root cause ... On every fresh installation MySql use to work fine but after a while I use to get stuck with this issue.
The cause was my voip messenger "Wizton" after installing it MySql work fine but when i restart my machine ... same Connection issue.
But wizton was working perfectly fine with Vista Business .. don't no what happens in Windows 7.