Snort mailing list archives
RE: SNORT (Linux) / MySQL (Win32)
From: "Michael Steele" <michaels () winsnort com>
Date: Tue, 10 Feb 2004 08:28:53 -0800
Ditto... Ditto... Ditto... Find you another box and keep your firewall intact. Not a good idea. Is there some reason why you want to move Snort to Linux? Why not run Snort on the same box as MySQL. If your looking for something that is plug and play (except adding a few network settings): http://www.winsnort.com/index.php?module=pncommerce&func=catalogview Kindest regards, The WINSNORT.com Management Team -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of JP Vossen Sent: Monday, February 09, 2004 11:19 PM To: Snort Users List Cc: MVIBE Subject: Re: [Snort-users] SNORT (Linux) / MySQL (Win32)From: "MVIBE" <mvibe () sublimegrooves com> To: <snort-users () lists sourceforge net> Date: Mon, 9 Feb 2004 17:47:23 -0600 Subject: [Snort-users] SNORT (Linux) / MySQL (Win32) To keep it simple. I have a small network. MySQL is active on a WIN32Box,has been for sometime now for some web development. I am interested in running SNORT, but wish to do this from one of my Linux Firewall. I know that to compile SNORT with MySQL support I am to use the --with-mysql configure switch.OK, first, ideally a firewall is JUST a firewall. I know there is a great temptation to run Snort on it, since it's in a perfect place. Be aware that you are adding complexity and potentially reducing the security of the firewall if you do this. In some (perhaps many) cases running Snort on the FW may be entierly justified. Second, please tell me you don't have a compiler on the firewall! If you do, remove it. A firewall should be just a firewall, and having a compiler on it opens up all kinds of Evil Things should the box ever be compromised. The theory is that an Evil Cracker can download and compile all sorts of nasty things, so don't have a compiler on a security device. The same argument may be made for lots of other things, like Perl... YMMV, evaluate your risk, etc. In general, the first principal of hardening (and what should be more hardened than the firewall?) is--if it ain't installed it can't be cracked. Less is much better.The problem I am encountering is that for this switch to work,./configureneeds to find the mysql.h header file.<snip>What am I missing, Is this possible (ie running SNORT on Linux withMySQL onWin32)?Yes. My recommendation is to use the Snort RPMs (but I'm biased). See http://www.starken.com/snort/ for the latest RPMs that have not made it to the Snort.org site yet. Install snort and snort-mysql on the firewall (shudder) and you're all set. Later, JP ------------------------------|:::======|-------------------------------- JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org My Account, My Opinions |=========| http://www.jpsdomain.org/ ------------------------------|=========|-------------------------------- You used to have to reboot the Windows 9.x series every couple of days because it would crash. Now you have to reboot Windows 200x or XP every couple of days because of a patch. How is that better or more stable? ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNORT (Linux) / MySQL (Win32) MVIBE (Feb 09)
- <Possible follow-ups>
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 09)
- RE: SNORT (Linux) / MySQL (Win32) Michael Steele (Feb 10)
- Re: SNORT (Linux) / MySQL (Win32) MVIBE (Feb 10)
- RE: SNORT (Linux) / MySQL (Win32) Fred McFeeters (Feb 11)
- Re: SNORT (Linux) / MySQL (Win32) M. Salman Farisi (Feb 10)
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 12)
- Re: SNORT (Linux) / MySQL (Win32) AJ Butcher, Information Systems and Computing (Mar 25)
- RE: SNORT (Linux) / MySQL (Win32) robert schwartz (Feb 12)
- RE: SNORT (Linux) / MySQL (Win32) AJ Butcher, Information Systems and Computing (Mar 25)
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 11)