[Snort-users] System hardening

twig les twigles at ...131...
Wed Sep 3 15:55:03 EDT 2003


One thing that I forgot to mention about your setup is that you
set everything up before securing the box...and that is bad. 
Best practice dictates that you secure and patch the box before
even hooking it up to the network, although that is sometimes
really impractical so you do what you can.  Especially with
Solaris 8, I did a netstat -an on that OS after a default
install and basically fell out of my chair.  And it doesn't
sound like you did a minimal install either (but I'm just
playing a hunch here).

--- John Creegan <jcreegan at ...9729...> wrote:
> I've got the basic snort and reporting systems up and running
> (snort,
> ACID, MySQL) and I'm ready to turn my attention to
> protecting/hardening
> my system (Solaris 8 on SPARC) before I do any more with snort
> (barnyard, oinkmaster, etc.)
> 
> I'm looking at a tool (yassp) for going beyond the system
> hardening
> described in the docs.  I can't find any mention of it (so
> far) in the
> archives, FAQ or the recommended three books.  Yassp seems a
> bit old. 
> It may work well for Solaris 8, but it appears there's been no
> recent
> support for it.
> 
> Does anyone think it's worth hardening a system so much?  I've
> already
> got tripwire running but that, to me, is a reactive approach. 
> I'd
> rather prevent someone from changing my system files than to
> know they
> already did it.
> 
> I'm aware that unless I proceed carefully I can make the
> system useless
> for its intended purpose, running snort.
> 
> 
> This message (including any attachments) contains confidential
> 
> information intended for a specific individual and purpose, 
> and is protected by law.  If you are not the intended
> recipient,
> you should delete this message and are hereby notified that
> any 
> disclosure,copying, or distribution of this message, or the
> taking 
> of any action based on it, is strictly prohibited.
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Emo is what happens when the glee club goes punk.       
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com




More information about the Snort-users mailing list