[Snort-users] System hardening

Van Oosterom, Peter Peter.vanoosterom at ...2990...
Fri Sep 5 06:00:13 EDT 2003


Or Titan, which supports most varients of *nix

Regards
Peter

-----Original Message-----
From: Matthew Thomas [mailto:mthomas at ...9794...]
Sent: Thursday, 4 September 2003 5:19 AM
To: 'John Creegan'; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] System hardening


You might checkout the Bastille-Linux project, too.  Their plan is to add
solaris support in their 2.2 release.  I'm not sure how close they are to
that being ready, though.

Regards,
Matt Thomas

> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net 
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of 
> John Creegan
> Sent: Wednesday, September 03, 2003 7:28 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] System hardening
> 
> 
> I've got the basic snort and reporting systems up and running 
> (snort, ACID, MySQL) and I'm ready to turn my attention to 
> protecting/hardening my system (Solaris 8 on SPARC) before I 
> do any more with snort (barnyard, oinkmaster, etc.)
> 
> I'm looking at a tool (yassp) for going beyond the system 
> hardening described in the docs.  I can't find any mention of 
> it (so far) in the archives, FAQ or the recommended three 
> books.  Yassp seems a bit old. 
> It may work well for Solaris 8, but it appears there's been 
> no recent support for it.
> 
> Does anyone think it's worth hardening a system so much?  
> I've already got tripwire running but that, to me, is a 
> reactive approach.  I'd rather prevent someone from changing 
> my system files than to know they already did it.
> 
> I'm aware that unless I proceed carefully I can make the 
> system useless for its intended purpose, running snort.
> 
> 
> This message (including any attachments) contains confidential 
> information intended for a specific individual and purpose, 
> and is protected by law.  If you are not the intended 
> recipient, you should delete this message and are hereby 
> notified that any 
> disclosure,copying, or distribution of this message, or the taking 
> of any action based on it, is strictly prohibited.
> 



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

This e-mail is privileged and may contain confidential information intended only for the person(s) named above. If you receive this e-mail
in error, please notify the addressee immediately by telephone or return e-mail. Although the sender endeavours to maintain a computer
virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from
any virus transmitted.




More information about the Snort-users mailing list