[Snort-users] Snort 2.3
j.riden at ...11179...
Thu Feb 3 11:45:23 EST 2005
SN ORT <snort_on_acid at ...131...> writes:
> Ha! If you don't have time to "patch manually" you don't have time
> to try and "trim down" a distro. The point is you don't need to
> patch and you don't need any newer OS, especially if you're just
> going to "trim it down" anyways. Besides, those OSes you mentioned
> aren't going to trim down very much, what with all that gui and junk
> that comes with it. Many people here probably don't patch their
> Snort boxes at all. I don't. It has ACL'd access per host, I don't
> need to worry about patching every other day and wondering, "Now
> what options did I last compile that with?" !! "Oh now everything's
AFAIK you can install any of the major modern distro's (Fedora, Red
Hat, Debian) without X and without GUIs. I'm trying to keep up with
100Mbit/s upwards and believe me, a basic 600Mb Fedora Core 3 install
doesn't make that much difference either way.
You can bet I keep all my IDS sensors up to date with patches; that is
SOP for any box that can receive any kind of IP traffic, ACLs or
no. What happens if someone compromises a box that is allowed to send
to that host?
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
More information about the Snort-users