Snort mailing list archives
Re: System hardening
From: Erek Adams <erek () snort org>
Date: Thu, 4 Sep 2003 02:49:05 -0400 (EDT)
On Wed, 3 Sep 2003, John Creegan wrote:
I've got the basic snort and reporting systems up and running (snort, ACID, MySQL) and I'm ready to turn my attention to protecting/hardening my system (Solaris 8 on SPARC) before I do any more with snort (barnyard, oinkmaster, etc.)
[...snip...] Skipping the other good suggestions you already have.... Edit /etc/inetd.conf. Comment out _EVERYTHING_. That's a good start. :) Make sure you have a good source of enthropy for SSH. I tend to go back and wipe the Sun version and install my own OpenSSH verison. (note the Sun verison has some stuff specific to Solaris... Make sure you don't need it before you whack it). Solaris 9 has /dev/random, but you don't have it on 8. Check out SUNrand [0] (works quite well!) or the official Sun patch to add it [1]. Kill everything in the /etc/rc?.d/ directories that you don't need. Enable Strong Sequence numbers for TCP [2]. Install IPF [3]. Configure it to disallow all connections except for your management boxes. Remove/Don't install the _any_ packages you don't need. Since you're going to be building on a development server and building packages there that you will install on your box you don't need a compiler--You are doing this aren't you? ;-) Do you have remote access via a term server? If so, don't disable your STOP-A, you might need it. Only worry about that if the box has a keyboard/monitor connected and other people have access. And no, I haven't done this for 10 years. ;-) ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.cosy.sbg.ac.at/~andi/SUNrand/ [1] http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=112438&rev=01 [2] add to /etc/default/inetinit : TCP_STRONG_ISS=2 [3] http://coombs.anu.edu.au/~avalon/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- System hardening John Creegan (Sep 03)
- Re: System hardening Cory Stoker (Sep 03)
- Re: System hardening twig les (Sep 03)
- Re: System hardening Erek Adams (Sep 04)
- RE: System hardening Matthew Thomas (Sep 04)
- <Possible follow-ups>
- RE: System hardening Slighter, Tim (Sep 03)
- RE: System hardening Slighter, Tim (Sep 03)
- RE: System hardening James R. Hendrick (Sep 03)
- RE: System hardening twig les (Sep 03)
- Re: System hardening Paul Greene (Sep 03)
- RE: System hardening Grime, Richard S (Sep 03)
- RE: System hardening Van Oosterom, Peter (Sep 05)