The following document covers installation and basic configuration of the GreenSQL database firewall.

1. Download Application

In order to work with GreenSQL download greensql-fw package from the download page. We recommend that you download the most recent version.

For greensql-fw application, we supply packages for RedHat, CentOS, Fedora, SuSe, Mandriva, Debian, Ubuntu.

2. Install the GreenSQL Package

It is very easy to do. Just run the following command:

Debian Users
dpkg -i greensql-fw_X.X.X.deb

Ubuntu Users
sudo dpkg -i greensql-fw_X.X.X.deb

Redhat/Fedora/CentOS/SuSe/Mandriva Users
rpm -ihv greensql-fw-X.X.X.rpm

FreeBSD Users
pkg_add greensql-fw_X.X.X.tbz

Note for Debian / Ubuntu Users

During package installation, you will be asked several installation questions related to database configuration (GreenSQL uses a MySQL or PostgreSQL database to store the logs and internal configuration). The installation package automatically configures the database settings for you. For example:

GreenSQL Installation - Database Server

After changes are made and application is installed, you can use the following command to reconfigure database settings:
dpkg-reconfigure greensql-fw

3. Setting up the configuration database

GreenSQL uses a MySQL or PostgreSQL database to store alerts and configuration settings. Those of you who do not use Ubuntu/Debian will have to install the GreenSQL configuration database using the configuration script. Just run it as follows:

/usr/sbin/greensql-config

This script will guide you through the database configuration settings. The best practice is to run it as a root user. When run this way it will automatically update database settings in GreenSQL's configuration file /etc/greensql/greensql.conf. Otherwise you will have to do it manually.

4. Starting GreenSQL

You can start the GreenSQL firewall using the following command:
/etc/init.d/greensql-fw start

Application troubleshooting
Please check the log file (/var/log/greensql.log) for any error messages.

5. Configure GreenSQL Management Console

GreenSQL Console is a web-based management tool used to configure the GreenSQL firewall. By default, the application script is located in /usr/share/greensql-fw/ directory. There are a number of ways which can be used to configure the GreenSQL Console.

The simplest method is to create a directory link from your website to this directory:

cd /var/www
ln -s /usr/share/greensql-fw/ greensql


Next, make the templates_c directory writable by all. This directory is used to store cached pages.

cd /var/www/greensql
chmod 0777 templates_c


The last thing to check is that the config.php file has the correct database settings.

Now open GreenSQL management console. The login page has the default user "admin" and the password "pwd".

For advanced users, we supply configuration file /etc/greensql/conf/greensql-apache.conf that they can be used to configure Apache.

6. Validation

In order to verify that everything works correctly, run the following shell command:

mysql -h 127.0.0.1 -P 3305 -u root -p

In the above command, we connect to GreenSQL's default port - 3305. GreenSQL will filter all SQL queries and redirect good ones to 127.0.0.1:3306 (3306 - is a default MySQL port). You can alter this settings using GreenSQL Console.

Important Note
Do not connect to "localhost". Use "127.0.0.1" instead. If you use "localhost", connection is not established using the TCP/IP network stack. Instead so called Unix domain sockets are used. Currently GreenSQL does not support Unix domain sockets - you must use "127.0.0.1" as a "-h" parameter value.

For example in the next screenshot you can see that after connecting to MySQL server we perform a "show databases" command. This command should show a list of existing MySQL databases. GreenSQL will block it by default. As a result, an empty result is printed.

GreenSQL Installation - Validation

7. Proxy installed. What's next ?

You need to change your application settings and configure it to use GreenSQL server as Database server. Most web applications have a management tool that can be configured to use specific database settings. You can configure it to use "127.0.0.1" as a database server IP address and explicitly specify network port - 3305 (127.0.0.1:3305 are default settings used by GreenSQL- in your case it could be different).

If the web application you are using does not have a management tool, check if you have config.php or a similar file in your web application directory. Check the database settings in this file. If you can not find the configuration file, please check if you can find a PHP command like:

$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');

You need to change this to the following:
$link = mysql_connect('127.0.0.1:3305', 'mysql_user', 'mysql_password');