[Snort-users] System hardening

Matthew Thomas mthomas at ...9794...
Thu Sep 4 11:59:08 EDT 2003


You might checkout the Bastille-Linux project, too.  Their plan is to add
solaris support in their 2.2 release.  I'm not sure how close they are to
that being ready, though.

Regards,
Matt Thomas

> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net 
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of 
> John Creegan
> Sent: Wednesday, September 03, 2003 7:28 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] System hardening
> 
> 
> I've got the basic snort and reporting systems up and running 
> (snort, ACID, MySQL) and I'm ready to turn my attention to 
> protecting/hardening my system (Solaris 8 on SPARC) before I 
> do any more with snort (barnyard, oinkmaster, etc.)
> 
> I'm looking at a tool (yassp) for going beyond the system 
> hardening described in the docs.  I can't find any mention of 
> it (so far) in the archives, FAQ or the recommended three 
> books.  Yassp seems a bit old. 
> It may work well for Solaris 8, but it appears there's been 
> no recent support for it.
> 
> Does anyone think it's worth hardening a system so much?  
> I've already got tripwire running but that, to me, is a 
> reactive approach.  I'd rather prevent someone from changing 
> my system files than to know they already did it.
> 
> I'm aware that unless I proceed carefully I can make the 
> system useless for its intended purpose, running snort.
> 
> 
> This message (including any attachments) contains confidential 
> information intended for a specific individual and purpose, 
> and is protected by law.  If you are not the intended 
> recipient, you should delete this message and are hereby 
> notified that any 
> disclosure,copying, or distribution of this message, or the taking 
> of any action based on it, is strictly prohibited.
> 





More information about the Snort-users mailing list