[Snort-users] Two easy questions

Demetri Mouratis dmourati at ...3877...
Thu Apr 15 10:24:01 EDT 2004


On Thu, 15 Apr 2004 dlimanov at ...11654... wrote:
> 1. Does anyone have a list of steps necessary to harden the OS prior to
> installing Snort? Or will standard "Securing Linux" checklist is adequate
> enough?

There are several considerations here depnding on how you want to use
snort, and where in your network the snort box will run.  The standard
securing linux checklist is probably a good starting point.  Other steps
include using an interface without a IP address, logging to a remote box
(database or syslog), and preventing remote and unauthorized
physical access to the snort box.  The number of additional steps you take
should be roughly proportional to the sensitivity of the data snort is
looking at: e.g., snort running in NIDS mode in your DMZ should be more
secure than snort running on in packet sniffing mode on an intranet web
server.

> 2. Is there a IDSCenter alternative for Linux? I'm trying to get a
> user-friendly, no-nonsense GUI interface for managing snort and its
> configuration. I've looked at various free products and few commercial
> ones but they do appear a bit complicated for a non-Linux guru. I don't
> need advanced functionality of SourceFire or PureSecure; IDSCenter (the
> way it looks and operates on Windows) would be the optimal solution for my
> testing environment.

I've had very good results with acid:
http://acidlab.sourceforge.net/

Good luck.



---------------------------------------------------------------------
Demetri Mouratis
dmourati at linfactory.com





More information about the Snort-users mailing list