Re: Request for advice

[Sean Brown <sblinux () shaw ca>]

On June 29, 2004 05:09 pm, Nicholas Bernstein wrote:
> On Tue, 2004-06-29 at 15:58, Sean Brown wrote:
> > On June 28, 2004 11:55 pm, Nicholas Bernstein wrote:
> > > Hello all:
> > > I've been asked to do a presentation on snort for a local users group
> > > in Los Angeles; Nothing too in depth, just a basic tutorial on how to
> > > get snort/acid/mysql setup. I was hoping that some of you might take a
> > > look and tell me if there is anything I missed putting down, or if
> > > there are any inaccuracies. I hope this is not too much to ask, but I
> > > would appreciate it a lot if anyone was willing to give some advice.
> > >
> > > It's located at:
> > > http://nicholasbernstein.com/uuasc_snort/
> > >
> > > Anyway, thanks in advance.
> > > Nick
> >
> > I looked through your presentation since I'm new to snort to see if there
> > was anything there I didn't know, and while it seems well put together
> > and does seem to be a good starting tutorial.
> >
> > I can really only say one thing, and that is your assertion that there is
> > little reason to use packages provided by the distro/project and just
> > simply compile it yourself. The packages are there to provide a simple
> > way to upgrade, and keep track of all files required to run an
> > application. Eventually your going to need to upgrade Snort, and the
> > easiest way is by a package. If the system is just a test bed, then
> > building it yourself, by simply configure, make and make install isn't
> > much of a problem, but if the system is a 'production' machine, even if
> > its just a home firewall, the packages are a better solution. The only
> > time to favor making your own is if the package for a specific app lags
> > significantly behind the current release, in which case its better to
> > build a package and install that, instead of simply installing.
> >
> > Just some thoughts.
> >
> > -Sean
>
> Sean:
>
> Thanks for the input. The reason I chose to emphasize using source as
> opposed to packages is that I did not want to favor one version of unix
> over another. The group I am presenting to is the "Unix Users
> Association of Southern California" and the people who are likely to be
> attending this event may be using many different versions of unix. Also,
> while I expect the majority of users to implement this on OpenBSD, or
> Linux, I'm presenting @ Sun Microsystems... wouldn't want to offend the
> hosts. :)
Well then you can highlight the absolute ease on creating Sun packages to be 
distributed to a system that will act as a production sensor. 
www.sunfreeware.com also has snort packages for download, illustrating the 
need to build your own package considering while there is a package for Snort 
2.1.0 for Solaris 9 SPARC, the Solaris 8 package is at version 1.8

-Sean Brown


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users