PHP 5.5+ Transparent switch to mysqli DB driver fails on Windows.

Question

PHP 5.5+ Transparent switch to mysqli DB driver fails on Windows.

mesteele opened this issue a year ago · comments

Item	Description
File(s):	`base_db_common.php`
Class:
Function:	`verify_php_build(()`
Similar Issues:
Depends on Issue(s):	#149
Dependency Type:	Hard
Misc. Info.:	Usaing PHP 5.6.40 there is a PHP error when loading the main page?

Update documentation RE: enabling appropriate DB driver extensions on PHP for Windows.
- Wiki.
- Documentation.

Expected Behavior:
Already fixed in Commit ccfd56b in the devel branch.
Current Behavior:

Apache PHP Log:
php_errors.log

Nathan Gibbs · Answer 1 · Sun May 07 2023 22:41:47 GMT+0800 (China Standard Time)

This has already been fixed.
If the latest commit from devel does the same thing, then we have a real bug, otherwise, it's #190 all over again.

mesteele · Answer 2 · Mon May 08 2023 02:54:52 GMT+0800 (China Standard Time)

I changed the PHP 5 config from mysql to to mysqli and it is now running on PHP5.

Nathan Gibbs · Answer 3 · Mon May 22 2023 05:08:37 GMT+0800 (China Standard Time)

I changed the PHP 5 config from mysql to to mysqli and it is now running on PHP5.

Quick question, was that a PHP configuration specific change?

On PHP5.5+ BASE transparently switches over to using the mysqli driver, as the mysql, mysqlt, & maxsql drivers are deprecated. On PHP 7+, these drivers are removed. The transparent switch over is intended to make it easier for end users to migrate a BASE install to PHP7+ without having to change their base_conf files.

In your case, it looks like the switch over was less than transparent.
Is there something we need to know about PHP 5.5+ installs that makes this not transparent?

mesteele · Answer 4 · Mon May 22 2023 07:02:21 GMT+0800 (China Standard Time)

In Windows, the extensions are activated in the php.ini file. To use mysqli I have to enable the extension in the php.ini configuration file.

I guess in the Unix world these extensions are compiled into PHP so if mysqli was missing you would have to go back and compile in where all I would need to do was to enable it in the php.ini file.

I can have the old and new BASE running and they would automatically use the correct extension as long as it was enabled in the PHP configuration file.

Nathan Gibbs · Answer 5 · Mon May 22 2023 09:21:34 GMT+0800 (China Standard Time)

OK, thanks,

I'll definitely have to put something in the wiki & documentation about that. It's a minor snag on windows installs. end users need to know it's there.

In the Linux world, it depends on how PHP is installed, if building from source, you've pretty much summed it up, go back & rebuild PHP with the necessary options. If using vendor packaged PHP, it's either built in or available via additional packages. And of course, each Unix / Linux variant does everything just a little bit differently. 😄

mesteele · Answer 6 · Mon May 22 2023 23:45:19 GMT+0800 (China Standard Time)

I guess some direction could be added to the below that could inform users that whichever database is selected would need to be either compiled into Unix / Linux or in Windows enabled in the php.ini file. I think there is an error message if the selected $DBtype is not found.

/* The type of underlying alert database
 * 
 *  MySQL       : 'mysql'
 *  PostgresSQL : 'postgres'
 *  MS SQL Server : 'mssql'
 *  Oracle      : 'oci8'
 */
$DBtype = 'mysql';

In the above it mentions mssql and MSSQL was never supported in Barnyard2. While BASE has all the programming built in for MSSQL, it will never be used. The original Snort did natively support MSSQL through an ODBC connection. There was a licensing issue (money) that made it prohibitive for MSSQL to be added to Barnyard2.

In the below it is assuming that MySQL is being used so that could be changed to something more generic, removing MySQL as it is only one of three databases available.

/* Alert DB connection parameters
 *   - $alert_dbname   : **MySQL** database name of Snort alert DB
 *   - $alert_host     : host on which the DB is stored
 *   - $alert_port     : port on which to access the DB
 *   - $alert_user     : login to the database with this user
 *   - $alert_password : password of the DB user

In the above the port does not need to be set if it is the default database port.

It was not supposed to be normal to setup the database outside of BASE but that is all I have ever done. That process is completely unknown to me. I'm assuming it requires the selected database to be installed and then it automatically creates all the necessary bits and pieces based on the database options in the base_conf.php file. That process may not be complete as Barnyard2 has tables that needs to be inserted and BASE may not do that. Seeing that barnyard2 will never be updated the tables could be moved into the BASE tables? The archive database should also be created, configured and populated if it is enabled. I think there is some work to be done on the automated process to make it complete and reliable.

Nathan Gibbs · Answer 7 · Tue May 23 2023 08:43:11 GMT+0800 (China Standard Time)

In the above it mentions mssql and MSSQL was never supported in Barnyard2. While BASE has all the programming built in for MSSQL, it will never be used. The original Snort did natively support MSSQL through an ODBC connection. There was a licensing issue (money) that made it prohibitive for MSSQL to be added to Barnyard2.

Snort 1.8.1 added MSSQL support.
Barnyard 2.0.2 ported the DB output plugin from snort and brought MSSQL support with it.
If the documentation that came over to BASE from ACID is to be believed, Silicon Defense & the Iowa National Guard had something up & running with MSSQL..

Basically, if ADOdb can support it, than theoretically, BASE can too.
Although I wouldn't want to run BASE on SQLite. 😄

mesteele · Answer 8 · Tue May 23 2023 10:04:40 GMT+0800 (China Standard Time)

Barnyard 2.0.2 ported the DB output plugin from snort and brought MSSQL support with it.

Barnyard2 only supports the MySQL and PostgreSQL databases. Snort, before Barnyard supported five databases.

This is from Barnyard2 README.database file.

The database output plug-in enables snort to log to

  - Postgresql,
  - MySQL,

# Currently unsupported.
#  - any unixODBC database,
#  - MS SQL Server and
#  - Oracle.

Nathan Gibbs · Answer 9 · Tue May 23 2023 23:37:02 GMT+0800 (China Standard Time)

Then their documentation is all screwed up. I was referencing their release notes.
Probably, the only way to be sure, is to try hooking it up to MSSQL and see if and/or how the wheels fell off.

Theoretically, if snort could do it, than any other GPL licensed software could.
Copy, paste, port, test, release.
That is what I "thought" happened in Barnyard 2.0.2.

mesteele · Answer 10 · Wed May 24 2023 01:02:26 GMT+0800 (China Standard Time)

It is all confusing when it comes to Barnyard2. I'm not seeing anything about MSSQL but I just saw references to compiling ODBC and Oracle.

As long as Barnyard2 can compile Base should be able to read. I'll let you know how it turns out trying to compile those two in.

The Barnyard2 code shows no referance to MSSQL.

Nathan Gibbs · Answer 11 · Wed May 24 2023 02:23:57 GMT+0800 (China Standard Time)

You might want to look in
src/output-plugins/spo_database*

The functional state of the MSSQL related code in those files is a whole new set of questions beyond the scope of BASE.

mesteele · Answer 12 · Wed May 24 2023 07:52:09 GMT+0800 (China Standard Time)

There is too much conflicting data out there regarding the other database plugins so I left a message to the programmer to see if he can clear this up.

Nathan Gibbs · Answer 13 · Wed May 24 2023 08:19:41 GMT+0800 (China Standard Time)

That's the beauty of Open Source, anyone can fork it, start fixing things and breath new life into a formerly dead piece of software.
BASE, for instance. 😄