[Snort-sigs] Rebuilding snort server and sensors

BassPlayer bassplayer at ...549...
Wed Oct 26 12:31:01 EDT 2005


I prefer to use Slackware because it's the closest Linux distro to BSD
while still being Linux, that I know of.  Snort works great on it and they
don't charge you for automatic package updates.

BP

Thompson, Jimi wrote:
> Item #1 - RH9 is obsolete.  You may not be able to harden the OS
> sufficiently to do what you need to do safely.
>
> Item #2 - RH, unless you go to a lot of extra trouble, tends to install
> a lot of things that really aren't ideal on any server, much less one
> being used a security appliance.
>
> Item #3 - The BSD's do a much better of job of only installing what's
> necessary to bring the box up (i.e. kernel and necessary bits of the OS)
> ..
>
>
>
> When I'm setting up a box to be used as a security appliance, I make
> sure that I have the lasted versions of everything, unless they have
> some known issue that makes them undesirable.  I also make sure that
> anything I can build from source, I do so since I prefer to do custom
> configs instead of pre-installed packages.  I also don't like having to
> either go in and uninstall a bunch of crap or spend a lot of valuable
> time configuring the OS installer in the first place.  When I first
> bring a box up, the ONLY thing I want is a blinking command prompt.  I
> really don't care about a GUI, games, web server, etc.  If I want them,
> I will install them.  The FIRST rule of security is that if it's not
> installed, it's not a problem.
>
>
>
> Just my 2 cents....
>
>
>
> Thanks,
>
>
>
> Ms. Jimi Thompson
>
> Manager of Web Operations
>
> SMU Cox School of Business
>
>
>
> If computers get too powerful, we can organize them into a committee --
> that will do them in. -- Bradley's Bromide
>
> ________________________________
>
> From: snort-sigs-admin at lists.sourceforge.net
> [mailto:snort-sigs-admin at lists.sourceforge.net] On Behalf Of Murali Raju
> Sent: Monday, October 24, 2005 7:05 AM
> To: Michael Mulholland
> Cc: Snort-sigs at lists.sourceforge.net
> Subject: Re: [Snort-sigs] Rebuilding snort server and sensors
>
>
>
> 1. Linux - if you want to use the libpcap that employs a shared mem ring
> buffer (http://public.lanl.gov/cpw/)..
> 2. FreeBSD - with device_polling configured can help speed up packet
> capturing in addition to speed and stability...
> 3. OpenBSD - lean with many security features, including the new heap
> protection and other defense against ICMP based attacks available on
> release 3.8....the de facto for security appliances in my opinon.
>
> I use and prefer the BSDs over Linux any day...
>
> Cheers,
>
> _Raju
>
> On 10/24/05, Michael Mulholland <Michael.Mulholland at ...3172...> wrote:
>
>
>
>
>
> folks
>
> i'm intent on rebuilding our existing snort setup from RH9 and was
> wondering what platform you'd recommend
>
> thanks
>
> michael mulholland
>
>
>
> ************************************************************************
> *******************
>   Any views expressed by the sender of this message are not necessarily
> those of the Department of Finance & Personnel or The Office Of the
> First
> Minister and  Deputy First Minister.  This email and any files
> transmitted
> with it are intended solely for the use of the individual or entity to
> whom
> they are addressed.  If you have received this email in error please
> notify
> the sender immediately by using the reply facility in your email
> software.
> All emails are swept for the presence of viruses.
> ************************************************************************
> *******************
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by the JBoss Inc.
> Get Certified Today * Register for a JBoss Training Course
> Free Certification Exam for All Training Attendees Through End of 2005
> Visit http://www.jboss.com/services/certification for more information
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
>
>
> --
> May the packets be with you.
>
>
>
> !DSPAM:435ee18e20921536413726!
>







More information about the Snort-sigs mailing list