[Snort-users] Two easy questions

John Creegan jcreegan at ...9729...
Thu Apr 15 10:31:07 EDT 2004


To manage rulesets and to start/stop/restart snort I find the snort
webmin module handy.

To harden the OS the advice I've seen is:
     1. Install the OS
     2. Install the latest security patches
     3. Harden the system
     4. Install apps (be careful about what hardening you do or you
might lose the ability to compile new apps!)
     5. Keep up to date on security patch updates, both for
applications and the remaining elements of the OS (after it has been
hardened).

There is a school of thought that suggests getting rid of any and all
compilers on your hardened boxes because hackers have an easier time
doing things with your system.  I tend to agree with this school of
thought.  However, doing that means you have to have a suitable system
in place on which you can compile new applications and port them, or
install binary pre-compiled apps (someone else has done the compiling
for you).

How much one hardens a system seems subjective to me.  It depends on
how much/what damage could be caused by the system being compromised,
how likely it is that the system can/will be compromised, etc.

>>> <dlimanov at ...11654...> 04/15/04 11:34AM >>>
New to the list and tried archives but didn't get the answers I was 
looking for..
1. Does anyone have a list of steps necessary to harden the OS prior to

installing Snort? Or will standard "Securing Linux" checklist is
adequate 
enough?
2. Is there a IDSCenter alternative for Linux? I'm trying to get a 
user-friendly, no-nonsense GUI interface for managing snort and its 
configuration. I've looked at various free products and few commercial

ones but they do appear a bit complicated for a non-Linux guru. I don't

need advanced functionality of SourceFire or PureSecure; IDSCenter (the

way it looks and operates on Windows) would be the optimal solution for
my 
testing environment. 
Thanks in advance!

Dimitri


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient,
you should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.





More information about the Snort-users mailing list