[Snort-users] Snort start up on Multiple interface
milov at ...1467...
Thu Apr 29 07:24:19 EDT 2004
On Apr 28, 2004, at 4:23 PM, Matt Kettler wrote:
> At 04:40 PM 4/28/2004, Edin Dizdarevic wrote:
>> > You mean you don't chroot your snort instances? :)
>> Why should I do that on an SELinux? ;)
> Clearly you're not sufficiently paranoid, as a good SELinux user would
> chroot anyway. After all, mistakes can be made in MAC configurations
> They'd also:
> use a read-only network tap
> make sure the kernel is compiled without loadable module
> compile snort with some form of stack-overflow detector
> enhanced gcc
> make sure that snort box was not able to talk to hosts outside
> your network, not even for http download, no matter what user tries.
> (ie: firewall enforced)
> make sure the snort box cannot relay email through your
> mailserver to hosts outside your network.
> make sure the snort box cannot perform DNS resolution of
> outside zones (dig www.snort.org should fail).
> wrap the entire machine in 5 layers of copper foil, making
> sure to cover up the LEDs, monitor, and keyboard in the process
You left out the operator/sysadmin enhancements:
> disconnect the machine from all power or network connections
> and burry it in 6 feet of concrete with no cables coming out.
> But it's all a matter of how paranoid you want to be. My real point is
> that it never hurts to be oversecure unless you're loosing
> functionality you need.
> Clearly chrooting under selinux is a bit redundant, but it doesn't
> hurt useful functionality, and protects you from mistakes so it does
> add some security.
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle
> 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Milo Velimirović <milov "at" uwlax "dot" edu>
Unix Computer Network Administrator
University of Wisconsin - La Crosse
La Crosse, Wisconsin 54601 USA 43 48 05 N 91 14 22 W
There are 10 different types of people in the world.
Those who can read binary and those who can't.
More information about the Snort-users