[Snort-users] SNORT (Linux) / MySQL (Win32)

Michael Steele michaels at ...9077...
Tue Feb 10 08:29:02 EST 2004


Ditto... Ditto... Ditto...

Find you another box and keep your firewall intact. Not a good idea.

Is there some reason why you want to move Snort to Linux? Why not run Snort
on the same box as MySQL. If your looking for something that is plug and
play (except adding a few network settings): 

http://www.winsnort.com/index.php?module=pncommerce&func=catalogview

Kindest regards, 

The WINSNORT.com Management Team
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of JP Vossen
> Sent: Monday, February 09, 2004 11:19 PM
> To: Snort Users List
> Cc: MVIBE
> Subject: Re: [Snort-users] SNORT (Linux) / MySQL (Win32)
> 
> > From: "MVIBE" <mvibe at ...11173...>
> > To: <snort-users at lists.sourceforge.net>
> > Date: Mon, 9 Feb 2004 17:47:23 -0600
> > Subject: [Snort-users] SNORT (Linux) / MySQL (Win32)
> >
> > To keep it simple. I have a small network. MySQL is active on a WIN32
> Box,
> > has been for sometime now for some web development. I am interested in
> > running SNORT, but wish to do this from one of my Linux Firewall. I know
> > that to compile SNORT with MySQL support I am to use the --with-mysql
> > configure switch.
> 
> OK, first, ideally a firewall is JUST a firewall.  I know there is a great
> temptation to run Snort on it, since it's in a perfect place.  Be aware
> that
> you are adding complexity and potentially reducing the security of the
> firewall if you do this.  In some (perhaps many) cases running Snort on
> the FW
> may be entierly justified.
> 
> Second, please tell me you don't have a compiler on the firewall!  If you
> do,
> remove it.  A firewall should be just a firewall, and having a compiler on
> it
> opens up all kinds of Evil Things should the box ever be compromised.  The
> theory is that an Evil Cracker can download and compile all sorts of nasty
> things, so don't have a compiler on a security device.  The same argument
> may
> be made for lots of other things, like Perl...  YMMV, evaluate your risk,
> etc.
> In general, the first principal of hardening (and what should be more
> hardened
> than the firewall?) is--if it ain't installed it can't be cracked.  Less
> is
> much better.
> 
> 
> > The problem I am encountering is that for this switch to work,
> ./configure
> > needs to find the mysql.h header file.
> 
> <snip>
> 
> > What am I missing, Is this possible (ie running SNORT on Linux with
> MySQL on
> > Win32)?
> 
> 
> Yes.  My recommendation is to use the Snort RPMs (but I'm biased).  See
> http://www.starken.com/snort/ for the latest RPMs that have not made it to
> the
> Snort.org site yet.
> 
> Install snort and snort-mysql on the firewall (shudder) and you're all
> set.
> 
> Later,
> JP
> ------------------------------|:::======|--------------------------------
> JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
> My Account, My Opinions       |=========|       http://www.jpsdomain.org/
> ------------------------------|=========|--------------------------------
> You used to have to reboot the Windows 9.x series every couple of days
> because it would crash.  Now you have to reboot Windows 200x or XP every
> couple of days because of a patch.  How is that better or more stable?
> 
> 
> 
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list