[Snort-users] Snort Security ? How to ?

Always Bishan bishan4u at ...1396...
Sat Apr 19 23:58:02 EDT 2003


Hi Snorters,

I am installing a RH8 Linux machine in my network
which will serve the purpose of a snort sensor and the
main snort manager.There will be 3 other snort
sensors(all in linux) which will be logging into the
snort manager.

Now I want this Snort Manager and the 3 sensors to be
extremely secure. 
This can be done by:
1. Installing minimum number of packages on all the
boxes.
2. Running Snort as non-root.
3. Logging to the database as non-root.
4. Running Snort in a CHROOT environment.
5. Tight privileges to snort files.

Now, for making above possible, I don't have answers
to the following questions:

1. What are the dependencies of Snort and what minimum
packages do I need to install on the machine whose
purpose is only as a snort sensor? 
2. How do I run snort as a non-root user ?
3. What permissions like SELECT,INSERT,DELETE do I
need to give to snort user for it to work seamlessly
with ACID ?
4. How do I run Snort in a Chroot environment ? (Is
there any document explaining this)

I think if we can answer these, we will have a very
secure snort box.

Please drop in your valuable comments.

Regards,
Bishan


=====
Celebrating Happiness
email: bishan at ...8634...
company: www.sumerusolutions.com

__________________________________________________
Yahoo! Plus
For a better Internet experience
http://www.yahoo.co.uk/btoffer




More information about the Snort-users mailing list