Snort mailing list archives
Re: Snort on RedHat x.x
From: James Garrison <jhg () athensgroup com>
Date: Mon, 10 Dec 2001 15:03:46 -0600
We run it on RH7.1 with no problems. I'm not sure why people gripe about RH being difficult to secure. Sure, a few things come enabled by default, but you have to go through the hardening exercise exactly the same way on ANY distribution. I'd never trust the distribution's idea of what should and shouldn't be turned on. Someone who wants a hardened system out of the box without having to understand and verify it all is just lazy, IMHO. Besides, with RH's chkconfig-based setup it's trivial to turn things on and off. Just keep turning things off until "netstat -na" doesn't show any unexpected/unknown ports open :-) On our bastion host we disable all chkconfig-based services EXCEPT the following: atd keytable syslog kudzu network random rawdevices crond sshd reconfig linuxconf (not linuxconf web access) ntpd named snortd Note that xinetd is NOT enabled. named is up as a forwarding-only caching server for the internal network and isn't bound to the external IP address. sshd is running but requires RSA-based authentication and forbids root login. "Madziarczyk, Jonathan" wrote:
I've noticed a lot of gripes about how RedHat breaks stuff and how you have to disable a lot of stuff to get it secure.
-- James Garrison Athens Group, Inc. mailto:jhg () athensgroup com 5608 Parkcrest Dr http://www.athensgroup.com Austin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort on RedHat x.x Madziarczyk, Jonathan (Dec 10)
- Re: Snort on RedHat x.x GeEk (Dec 10)
- Re: Snort on RedHat x.x James Garrison (Dec 10)
- RE: Snort on RedHat x.x Ricardo Londono (Dec 10)
- Message not available
- Re: Snort on RedHat x.x J. Craig Woods (Dec 10)
- Re: Snort on RedHat x.x GeEk (Dec 10)
- Re: Snort on RedHat x.x J. Craig Woods (Dec 10)
- <Possible follow-ups>
- RE: Snort on RedHat x.x Madziarczyk, Jonathan (Dec 10)