[Snort-users] Minimal OS installation for a Snort sensor

sunzi sunzi at ...8646...
Mon Jun 30 06:36:17 EDT 2003


Guy Bruneau (http://www.whitehats.ca/main/members/Seeker/Seeker.html)
maintains an excellent distro called 'ShadowSlack' which is the Shadow IDS
on hardened Slackware 9.0.0. The docs state that the install (using Shadow,
not Snort) is only ~150mb. Version 3.0 includes Snort 2.0.0. I've used it
for over a year now with excellent results on 486-grade systems.

You can get the ISO and Install instructions from www.whitehats.ca

hth,
sunzi
----- Original Message ----- 
From: "Donofrio, Lewis" <donofrio at ...1052...>
To: <snort-users at ...382...>
Sent: Monday, June 30, 2003 8:37 AM
Subject: RE: [Snort-users] Minimal OS installation for a Snort sensor


I've used my smoothie for years, enjoy.
______________________________________________________________________
Lewis Donofrio at ...1052...      College of Literature, Science, & Arts
1007 East Huron, Room 201,    BetaID:243340     Cell: (734) 323-8776
Ann Arbor,MI 48104-1690 www.umich.edu/~donofrio Fax: (734) 647-8333

-----Original Message-----
From: tim.otten [mailto:tim.otten at ...1296...]
Sent: Tuesday, June 24, 2003 10:16 AM
To: 'Francesco'
Cc: snort-users at ...382...
Subject: RE: [Snort-users] Minimal OS installation for a Snort sensor

Try: http://www.smoothwall.org/
Or:  http://www.ipcop.org/cgi-bin/twiki/view/IPCop/WebHome

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Francesco
Sent: 24 June 2003 06:16
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Minimal OS installation for a Snort sensor

I remember a 20 months old document at SANS by Mr. Metcalf that is a
very
detailed guide for a  mixed Linux/Windows configuration where there are
useful indication for a minimal (Linux RH) OS installation to be used
for
the sensor.
By reducing the number of unnecessary components we can avoid waste of
resources and also reduce the chance that weak components can be a cause
of
failure (vulnerability at first).

Does anyone have his own indication for such configuration with recent
OS
releases (Linux as well as BSD)?

Hope this question can be useful to newbies, but also to experts to
review
their "defaults"

Francesco



-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users





More information about the Snort-users mailing list