Snort mailing list archives
Re: System hardening
From: twig les <twigles () yahoo com>
Date: Wed, 3 Sep 2003 15:54:03 -0700 (PDT)
One thing that I forgot to mention about your setup is that you set everything up before securing the box...and that is bad. Best practice dictates that you secure and patch the box before even hooking it up to the network, although that is sometimes really impractical so you do what you can. Especially with Solaris 8, I did a netstat -an on that OS after a default install and basically fell out of my chair. And it doesn't sound like you did a minimal install either (but I'm just playing a hunch here). --- John Creegan <jcreegan () questarweb com> wrote:
I've got the basic snort and reporting systems up and running (snort, ACID, MySQL) and I'm ready to turn my attention to protecting/hardening my system (Solaris 8 on SPARC) before I do any more with snort (barnyard, oinkmaster, etc.) I'm looking at a tool (yassp) for going beyond the system hardening described in the docs. I can't find any mention of it (so far) in the archives, FAQ or the recommended three books. Yassp seems a bit old. It may work well for Solaris 8, but it appears there's been no recent support for it. Does anyone think it's worth hardening a system so much? I've already got tripwire running but that, to me, is a reactive approach. I'd rather prevent someone from changing my system files than to know they already did it. I'm aware that unless I proceed carefully I can make the system useless for its intended purpose, running snort. This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure,copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Emo is what happens when the glee club goes punk. ----------------------------------------------------------- __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- System hardening John Creegan (Sep 03)
- Re: System hardening Cory Stoker (Sep 03)
- Re: System hardening twig les (Sep 03)
- Re: System hardening Erek Adams (Sep 04)
- RE: System hardening Matthew Thomas (Sep 04)
- <Possible follow-ups>
- RE: System hardening Slighter, Tim (Sep 03)
- RE: System hardening Slighter, Tim (Sep 03)
- RE: System hardening James R. Hendrick (Sep 03)
- RE: System hardening twig les (Sep 03)
- Re: System hardening Paul Greene (Sep 03)
- RE: System hardening Grime, Richard S (Sep 03)
- RE: System hardening Van Oosterom, Peter (Sep 05)