[Snort-users] Snort 2.3

James Riden j.riden at ...11179...
Thu Feb 3 11:45:23 EST 2005


SN ORT <snort_on_acid at ...131...> writes:

> Ha! If you don't have time to "patch manually" you don't have time
> to try and "trim down" a distro. The point is you don't need to
> patch and you don't need any newer OS, especially if you're just
> going to "trim it down" anyways. Besides, those OSes you mentioned
> aren't going to trim down very much, what with all that gui and junk
> that comes with it. Many people here probably don't patch their
> Snort boxes at all. I don't. It has ACL'd access per host, I don't
> need to worry about patching every other day and wondering, "Now
> what options did I last compile that with?" !!  "Oh now everything's
> broke!...etc"

AFAIK you can install any of the major modern distro's (Fedora, Red
Hat, Debian) without X and without GUIs. I'm trying to keep up with
100Mbit/s upwards and believe me, a basic 600Mb Fedora Core 3 install
doesn't make that much difference either way.

You can bet I keep all my IDS sensors up to date with patches; that is
SOP for any box that can receive any kind of IP traffic, ACLs or
no. What happens if someone compromises a box that is allowed to send
to that host?

-- 
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/






More information about the Snort-users mailing list