[Snort-users] System hardening
jcreegan at ...9729...
Wed Sep 3 07:29:04 EDT 2003
I've got the basic snort and reporting systems up and running (snort,
ACID, MySQL) and I'm ready to turn my attention to protecting/hardening
my system (Solaris 8 on SPARC) before I do any more with snort
(barnyard, oinkmaster, etc.)
I'm looking at a tool (yassp) for going beyond the system hardening
described in the docs. I can't find any mention of it (so far) in the
archives, FAQ or the recommended three books. Yassp seems a bit old.
It may work well for Solaris 8, but it appears there's been no recent
support for it.
Does anyone think it's worth hardening a system so much? I've already
got tripwire running but that, to me, is a reactive approach. I'd
rather prevent someone from changing my system files than to know they
already did it.
I'm aware that unless I proceed carefully I can make the system useless
for its intended purpose, running snort.
This message (including any attachments) contains confidential
information intended for a specific individual and purpose,
and is protected by law. If you are not the intended recipient,
you should delete this message and are hereby notified that any
disclosure,copying, or distribution of this message, or the taking
of any action based on it, is strictly prohibited.
More information about the Snort-users