Snort mailing list archives
Re: Two easy questions
From: Demetri Mouratis <dmourati () cm math uiuc edu>
Date: Thu, 15 Apr 2004 12:23:07 -0500 (CDT)
On Thu, 15 Apr 2004 dlimanov () sct com wrote:
1. Does anyone have a list of steps necessary to harden the OS prior to installing Snort? Or will standard "Securing Linux" checklist is adequate enough?
There are several considerations here depnding on how you want to use snort, and where in your network the snort box will run. The standard securing linux checklist is probably a good starting point. Other steps include using an interface without a IP address, logging to a remote box (database or syslog), and preventing remote and unauthorized physical access to the snort box. The number of additional steps you take should be roughly proportional to the sensitivity of the data snort is looking at: e.g., snort running in NIDS mode in your DMZ should be more secure than snort running on in packet sniffing mode on an intranet web server.
2. Is there a IDSCenter alternative for Linux? I'm trying to get a user-friendly, no-nonsense GUI interface for managing snort and its configuration. I've looked at various free products and few commercial ones but they do appear a bit complicated for a non-Linux guru. I don't need advanced functionality of SourceFire or PureSecure; IDSCenter (the way it looks and operates on Windows) would be the optimal solution for my testing environment.
I've had very good results with acid: http://acidlab.sourceforge.net/ Good luck. --------------------------------------------------------------------- Demetri Mouratis dmourati at linfactory.com ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Two easy questions dlimanov (Apr 15)
- Re: Two easy questions Demetri Mouratis (Apr 15)
- <Possible follow-ups>
- Re: Two easy questions John Creegan (Apr 15)