[Snort-users] security of acid

Bill Marquette wlmarque at ...8...
Thu Mar 8 08:45:57 EST 2001


You can still .htaccess the ACID directory and use password and/or host ACLs to
limit access to ACID itself.  I believe it's also possible to have php in apache
default to off and turn it on directory by directory.  I personally run PHP as a
cgi on my box as I only need ACID to use it so can have a fair degree of control
on what does and doesn't get interpreted via PHP.  Of note, Roman has said in
the past that he hasn't put alot of effort in making ACID secure as he's still
working on feature development to make it a more useable product.  Having said
that, I would have recommended password protecting it and ACLing it...I also run
mine on a SSL server for just a little added security (in the case of sniffers).

--Bill



From: Ragnar Beer <rbeer at ...1214...> on 03/08/2001 06:45 AM

To:   snort-users at lists.sourceforge.net
cc:
Client:
Subject:  Re: [Snort-users] security of acid



That's certainly the best way to do it. Only in this case I need to
run snort on the protected machine which is connected to the internet
only and is a webserver.
So I wonder what happens to security when I add PHP.

Ragnar

>Hi Ragnar,
>
>>  I was thinking about using acid with snort but when I went to the
>>  website I read that it uses php. I've heard that php has quite a bad
>>  security record. Could anybody perhaps comment on that? I wouldn't
>>  like to open up a gaping hole, of course.
>
>even if so, you wouldn't want to give everyone access to your
>IDS's statistics page, do you? I mean, I keep it
>password-protected in my internal switched network ;o))
>
>Bye, Jan
>
>--
>Radio HUNDERT,6 Medien GmbH Berlin
>- EDV -
>j.muenther at ...206...


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users










More information about the Snort-users mailing list