From 08afde0858a03b4b1a7c1d7002ee24e99cc494ba Mon Sep 17 00:00:00 2001
From: Henri DF <henridf@gmail.com>
Date: Thu, 24 Mar 2016 18:34:30 -0700
Subject: [PATCH] Add mysql rules

---
 rules/base.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/rules/base.txt b/rules/base.txt
index 3d8e8e83..b74af830 100644
--- a/rules/base.txt
+++ b/rules/base.txt
@@ -237,3 +237,6 @@ mongodb_configserver_port: fd.sport = 27019
 mongodb_webserver_port: fd.sport = 28017
 
 user.name = mongodb and inbound and not (mongodb_server_port or mongodb_shardserver_port or mongodb_configserver_port or mongodb_webserver_port) | %evt.time: Unexpected MongoDF inbound port (%user.name %proc.name %evt.dir %evt.type %evt.args %fd.name)
+
+# MySQL ports
+user.name = mysql and inbound and fd.sport != 3306 | %evt.time: Unexpected MySQL inbound port (%user.name %proc.name %evt.dir %evt.type %evt.args %fd.name)