[Snort-users] Snort Databse-Plugin: Deletion of Logs

Chris Eidem ceidem at ...5503...
Thu Aug 1 08:59:41 EDT 2002


that all depends on the security that you have set up on your database.
set it up so that the snort user has no ability to delete or change data
or tables, and you're fine

 - chris

> -----Original Message-----
> From: Olaf Gellert [mailto:og at ...6508...]
> Sent: Thursday, August 01, 2002 9:56 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort Databse-Plugin: Deletion of Logs
> 
> 
> Hi,
> 
> just a little question: If I use the database plugin
> for some sonsors to log into one central database, what
> about the security issues.
> 
> Ok, I can use STunnel or so to encrypt the log messages
> on their way to the database. If one of my Snort-Sensors
> get's hacked, is it possible for the hacker to delete
> the previously logged messages? Or are the logs written
> in some kind of append-only mode?
> 
> If it is possible to delete the logs from one hacked
> sensor, can only the messages from this sensor or
> even the logs from the other sensors be deleted?
> 
> Regards... Olaf
> 
> 
> -- 
> Dipl.Inform. Olaf Gellert                  PRESECURE (R)
> Consultant,                              Consulting GmbH
> Phone: (+49) 0700 / PRESECURE           og at ...6508...
> 
>        Check on European Security Incident Response Teams
>                                   http://www.ti.terena.nl
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list