[Snort-users] System hardening

Cory Stoker cstoker at ...8929...
Wed Sep 3 09:13:08 EDT 2003


As far as hardening a Solaris 8/9 server I would implement JASS instead 
of YASSP.  Although the JASS tool is not supported by Sun the 
configurations that JASS does to the server you are hardening are 
supported so you will not lose support if you run JASS.  Most hardened 
configurations that JASS supports will not affect Snort as far as my 
expierence although JASS is updated frequently to incorporate new scripts.

-Cory

John Creegan wrote:

>I've got the basic snort and reporting systems up and running (snort,
>ACID, MySQL) and I'm ready to turn my attention to protecting/hardening
>my system (Solaris 8 on SPARC) before I do any more with snort
>(barnyard, oinkmaster, etc.)
>
>I'm looking at a tool (yassp) for going beyond the system hardening
>described in the docs.  I can't find any mention of it (so far) in the
>archives, FAQ or the recommended three books.  Yassp seems a bit old. 
>It may work well for Solaris 8, but it appears there's been no recent
>support for it.
>
>Does anyone think it's worth hardening a system so much?  I've already
>got tripwire running but that, to me, is a reactive approach.  I'd
>rather prevent someone from changing my system files than to know they
>already did it.
>
>I'm aware that unless I proceed carefully I can make the system useless
>for its intended purpose, running snort.
>
>
>This message (including any attachments) contains confidential 
>information intended for a specific individual and purpose, 
>and is protected by law.  If you are not the intended recipient,
>you should delete this message and are hereby notified that any 
>disclosure,copying, or distribution of this message, or the taking 
>of any action based on it, is strictly prohibited.
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>  
>





More information about the Snort-users mailing list