Re: Snort 2.3

[James Riden <j.riden () massey ac nz>]

SN ORT <snort_on_acid () yahoo com> writes:

> Ha! If you don't have time to "patch manually" you don't have time
> to try and "trim down" a distro. The point is you don't need to
> patch and you don't need any newer OS, especially if you're just
> going to "trim it down" anyways. Besides, those OSes you mentioned
> aren't going to trim down very much, what with all that gui and junk
> that comes with it. Many people here probably don't patch their
> Snort boxes at all. I don't. It has ACL'd access per host, I don't
> need to worry about patching every other day and wondering, "Now
> what options did I last compile that with?" !!  "Oh now everything's
> broke!...etc"

AFAIK you can install any of the major modern distro's (Fedora, Red
Hat, Debian) without X and without GUIs. I'm trying to keep up with
100Mbit/s upwards and believe me, a basic 600Mb Fedora Core 3 install
doesn't make that much difference either way.

You can bet I keep all my IDS sensors up to date with patches; that is
SOP for any box that can receive any kind of IP traffic, ACLs or
no. What happens if someone compromises a box that is allowed to send
to that host?

-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/




-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users