[Snort-users] Two easy questions
jcreegan at ...9729...
Thu Apr 15 10:31:07 EDT 2004
To manage rulesets and to start/stop/restart snort I find the snort
webmin module handy.
To harden the OS the advice I've seen is:
1. Install the OS
2. Install the latest security patches
3. Harden the system
4. Install apps (be careful about what hardening you do or you
might lose the ability to compile new apps!)
5. Keep up to date on security patch updates, both for
applications and the remaining elements of the OS (after it has been
There is a school of thought that suggests getting rid of any and all
compilers on your hardened boxes because hackers have an easier time
doing things with your system. I tend to agree with this school of
thought. However, doing that means you have to have a suitable system
in place on which you can compile new applications and port them, or
install binary pre-compiled apps (someone else has done the compiling
How much one hardens a system seems subjective to me. It depends on
how much/what damage could be caused by the system being compromised,
how likely it is that the system can/will be compromised, etc.
>>> <dlimanov at ...11654...> 04/15/04 11:34AM >>>
New to the list and tried archives but didn't get the answers I was
1. Does anyone have a list of steps necessary to harden the OS prior to
installing Snort? Or will standard "Securing Linux" checklist is
2. Is there a IDSCenter alternative for Linux? I'm trying to get a
user-friendly, no-nonsense GUI interface for managing snort and its
configuration. I've looked at various free products and few commercial
ones but they do appear a bit complicated for a non-Linux guru. I don't
need advanced functionality of SourceFire or PureSecure; IDSCenter (the
way it looks and operates on Windows) would be the optimal solution for
Thanks in advance!
This message (including any attachments) contains confidential
information intended for a specific individual and purpose,
and is protected by law. If you are not the intended recipient,
you should delete this message and are hereby notified that any
disclosure,copying, or distribution of this message, or the taking
of any action based on it, is strictly prohibited.
More information about the Snort-users