Snort mailing list archives
Re: Two easy questions
From: "John Creegan" <jcreegan () questarweb com>
Date: Thu, 15 Apr 2004 12:29:57 -0500
To manage rulesets and to start/stop/restart snort I find the snort webmin module handy. To harden the OS the advice I've seen is: 1. Install the OS 2. Install the latest security patches 3. Harden the system 4. Install apps (be careful about what hardening you do or you might lose the ability to compile new apps!) 5. Keep up to date on security patch updates, both for applications and the remaining elements of the OS (after it has been hardened). There is a school of thought that suggests getting rid of any and all compilers on your hardened boxes because hackers have an easier time doing things with your system. I tend to agree with this school of thought. However, doing that means you have to have a suitable system in place on which you can compile new applications and port them, or install binary pre-compiled apps (someone else has done the compiling for you). How much one hardens a system seems subjective to me. It depends on how much/what damage could be caused by the system being compromised, how likely it is that the system can/will be compromised, etc.
<dlimanov () sct com> 04/15/04 11:34AM >>>
New to the list and tried archives but didn't get the answers I was looking for.. 1. Does anyone have a list of steps necessary to harden the OS prior to installing Snort? Or will standard "Securing Linux" checklist is adequate enough? 2. Is there a IDSCenter alternative for Linux? I'm trying to get a user-friendly, no-nonsense GUI interface for managing snort and its configuration. I've looked at various free products and few commercial ones but they do appear a bit complicated for a non-Linux guru. I don't need advanced functionality of SourceFire or PureSecure; IDSCenter (the way it looks and operates on Windows) would be the optimal solution for my testing environment. Thanks in advance! Dimitri This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure,copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Two easy questions dlimanov (Apr 15)
- Re: Two easy questions Demetri Mouratis (Apr 15)
- <Possible follow-ups>
- Re: Two easy questions John Creegan (Apr 15)