[Snort-users] System hardening

Slighter, Tim tslighter at ...5174...
Wed Sep 3 10:38:20 EDT 2003


Sorry about that on the eeprom security.  if you are booted into the OS you
will need to do this:

eeprom security-mode=full

otherwise if using OpenPROM then you would issue the setenv security-mode
full

-----Original Message-----
From: John Creegan [mailto:jcreegan at ...9729...]
Sent: Wednesday, September 03, 2003 8:28 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] System hardening


I've got the basic snort and reporting systems up and running (snort,
ACID, MySQL) and I'm ready to turn my attention to protecting/hardening
my system (Solaris 8 on SPARC) before I do any more with snort
(barnyard, oinkmaster, etc.)

I'm looking at a tool (yassp) for going beyond the system hardening
described in the docs.  I can't find any mention of it (so far) in the
archives, FAQ or the recommended three books.  Yassp seems a bit old. 
It may work well for Solaris 8, but it appears there's been no recent
support for it.

Does anyone think it's worth hardening a system so much?  I've already
got tripwire running but that, to me, is a reactive approach.  I'd
rather prevent someone from changing my system files than to know they
already did it.

I'm aware that unless I proceed carefully I can make the system useless
for its intended purpose, running snort.


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient,
you should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list